What Are These People Doing Wrong?
Absolutely nothing. This is the way we conduct an audit after an election in Ohio.
Here is Ohio's new post-election audit so you can read it for yourself. click here It is a result of much work by our SOS office and by citizen activists dedicated to an audit in Ohio. I did not help with the creation of this audit, though I made recommendations early on, to the SOS office and to activists interested in audits. I was a citizen observer of the audit in two counties in December of 08.
By Ohio law this tape has the voters' actual "ballots," although no voter actually wrote, or made a check for any candidate on any part of this
tape. In fact, according to poll workers who have watched voters voting on the machines, fewer than 10% of voters actually even bother to read the tape that is used in the audit. In other words, the voter-verified paper audit trail is not voter-verified.
Many others said they didn't need to check the paper tape because they had checked the summary screen, and that would be the same, wouldn't it?
But why assume it would be? Numerous security tests by independent investigators from both major universities and industrial security firms have shown the same thing over and over: There is no proof that what the voter touches on the screen is what the machine records inside on its memory card, or in its internal memory, or is what the tape records. Sounds too conspiratorial?
Ohio, under the direction of Secretary of State Brunner conducted the "Everest Test" (click here ) in 2007, shortly after she took office. In very partisan attack she was blamed for wasting 1.9 million dollars of the taxpayers' money. The results that were published in the Columbus Dispatch said that the voting machines--both touch screens and optical scanners were tested--could be "hacked into by someone with a magnet or a hand-held [Blackberry-type device]," or the like. No particular worries there, the voting machine manufacturers and partisan election officials said, "We have physical security. No one will be able to get close to our voting machines with magnets or Blackberries." Here is just a small sample of the results of the Everest Report. This one is from MicroSolved, Inc, a corporation that is a leader in computer security:
"The second key finding of the review was the lack of integrity controls that have been applied to the systems and their components. Some systems were missing properly implemented encryption of the election files, allowing them to be edited or destroyed by an attacker or malware. Some systems failed to identify even trivial manipulations of the components or the data, including attacks ranging from write protection of the memory cards and other media to direct modification of the voting databases. Many components lacked basic security controls such as firewalls, antivirus and other mechanisms for providing protection for system integrity. "
It was reported that Secretary Brunner said she wanted to throw up after reading all the reports which make up the Everest Report.
Of course no one really wanted to read thirteen multi-paged technical reports of all the other ways the machines could be hacked. Or rigged.
Where and how does the software get rigged? Just about anywhere along the line: from manufacture of the guts of the machines, to uncertified "patches" from the manufacturer that might contain additional instructions, to someone slipping in a rigged "memory card" when the machines tabulate, to switching memory cards after the first tally is made at the precinct, or rigging the tabulation machines at the county level. This is why it is so important to make the machines run a tally of the contests at the precinct and post the results at the precincts, so that anyone and everyone can write them down and make sure they are not changed later--except for absentees and provisionals added in, which also need to be accounted for and overseen by citizens. The Ohio Secretary of State also directed that every polling location post the machine tallies, but some poll judges still did not comply.
It isn't just the Everest Test that showed these vulnerabilities. The 2006 California Top-to-Bottom review came up with basically the same ways to rig voting machines, as did the Princeton Hack, Harri Hursti's hack of both touch screen and optical scan machines, our government's GAO report in 2005, and several reviews in other states. The wonders of Google will give the reader You-Tubes and written reports and commentary on all of these studies. They all say basically the same thing: "Electronic voting machines can be rigged without leaving a trace."