> touch-screens to implement an emergency security measure. Several more
> states are expected to follow Pennsylvania.
>
> The state of Utah has known that a critical security risk exists in
> its Diebold TSx touch-screens, but chose to punish the courageous
> public official responsible for identifying the defect instead of
> taking any efforts to learn what the problem is and correct it.
>
> Below is an excerpt from a security alert faxed to the Utah Lt.
> Governor, state elections director, Emery County attorney and Emery
> County commissioners on March 24.
>
> SHOOT THE MESSENGER
>
> Utah officials ignored the warning entirely, and instead flew Diebold
> attorneys to Emery County on the governor's airplane, where the
> Diebold lawyers were allowed to sit into a private executive session.
> In this session, a decision appears to have been made to block Emery
> County Elections director Bruce Funk from executing his duties.
>
> In Utah, the law requires that any employment decision be publicly
> noticed (it was not) and the county attorney is the designated counsel
> for county elections officials (County Attorney David Blackwell chose
> to side with Diebold against Bruce Funk). According to a tape
> recording of the public portion of the meeting, Bruce Funk repeatedly
> requested an attorney, but this was denied to him.
>
> Funk was an eye witness to the security testing by Harri Hursti and
> Security Innovation, Inc. He knew first-hand that the machines
> represented a significant security risk. County commissioners told him
> he was going to be required to use the machines anyway, Diebold
> refused to provide a letter in writing indicating that machines it
> sold weren't used or loaded with inappropriate software; Diebold then
> told Emery County that it was going to cost $40,000 to check over the
> machines (the Diebold contract limits them to charging just over $1200
> per day, Emery County has just 40 machines, and re-flashing all
> machines with a new system takes no more than 10 minutes per machine).
> Funk was told that he would not be permitted to watch Diebold
> technicians work on the machines, and they had already "visited" his
> machines while he was out of town for a day.
>
> LEGAL ISSUES
>
> Because Funk was denied a lawyer, he didn't know that a little-known
> 1929 law in Utah was sometimes used by public officials to browbeat
> each other out of office. If certain public officials gang up and
> intimidate another public official, threatening punitive measures and
> dire consequences, urging resignation, if the targeted official
> tenders even a tentative and conditional resignation, under some
> interpretations that is held to stick. Diebold and the county
> succeeded in browbeating Funk into temporary submission; he quickly
> notified them in writing that he had no intention of resigning, so
> they locked him out of his office.
>
> Black Box Voting has assisted Funk in securing qualified legal counsel
> and is underwriting the public policy legal actions to defend Funk
> against Diebold's actions -- ironically, with Diebold's own money, won
> in a Diebold false claims suit in California. A $76,000 fee was paid
> to Black Box Voting founder Bev Harris, and was subsequently
> contributed as a restricted donation for public interest litigation.
> The Diebold money is now helping support the fight by whistleblower
> Stephen Heller, who is facing retaliatory action by Diebold's
> attorneys. Diebold false claim funds are also underwriting legal
> actions to help Bruce Funk fight Diebold's retaliation.
>
> In Funk's case, the lack of public notice and failure to put his
> employment matter on the agenda likely outweighs the 1929 law, as does
> the county's refusal to provide him with counsel, failure to allow him
> to sit in on the private meeting with Diebold lawyers concerning his
> employment, and insistence that he take responsibility for elections
> held on machines he knew to be insecure.
>
> To date, Emery County has refused to provide Funk with either a
> transcript or a tape or their behind-closed-doors meeting with Diebold
> attorneys.
>
> DIEBOLD'S BEHAVIOR WAS EVEN MORE PROBLEMATIC
>
> Experts for the state of California and the state of Pennsylvanie have
> now confirmed the seriousness of the vulnerabilities discovered in
> Emery County. Diebold was cornered by Pennsylvania voting system
> examiner Michael Shamos, and was given the choice of telling the truth
> or lying. Shamos had already sequestered one of the machines and was
> prepared to examine it himself it Diebold lied. Only after this did
> Diebold admit to knowing about the security vulnerability, which is
> designed into the system.
>
> Black Box Voting is completing reports with Harri Hursti and
> subsequently with Security Innovation (which will serve as peer review
> for Hursti Report II). The Hursti Report on findings from Emery County
> will detail multiple back doors built into the system. This report
> will be released to the public in redacted form on May 10. The
> unredacted version will be provided to federal and state regulators,
> including the Dept. of Homeland Security's "CERT" alert system.
>
> LETTER TO UTAH OFFICIALS
>
> Here is a quote from the preliminary information which Utah officials
> chose to ignore (except for locking Mr. Funk out of his office):
>
> -------------------------------------------------quote:
> To: Gary Herbert, Lt. Governor of the state of Utah
> Cc: David Blackwell, Emery County Attorney
> Bruce Funk, Emery County Elections
> Emery County Commissioners
> Michael Cragun, Utah State Elections Director
>
> Mar. 24, 2006
>
> Dear Sirs,
>
> This is a formal notification that a security defect was found in the
> Diebold TSx system in Emery County, Utah by professional security
> experts from Security Innovation, Inc. and Mr. Harri Hursti. Because
> of the severity of the defects, the formal reports are being prepared
> with sufficient precision to garner the attention of the appropriate
> authorities with jurisdiction over this matter. These authorities, of
> course, include each of you who are receiving this notice, in addition
> to federal authorities in the general area of computer security.
>
> ...
>
> The security problems found in Emery County present potentially
> catastrophic security defects for upcoming elections. The issue
> extends outside of Emery County to additional states. The identified
> security vulnerability appears to be:
>
> 1) Persistent, with the ability to survive through multiple elections;
>
> 2) Difficult to detect, not only for elections official but also for
> security experts and even for Diebold technicians;
>
> 3) Flexible, in that the exploit can selectively affect any particular
> election, candidate or ballot question;
>
> 4) Accessible, in that no password, supervisor access or special
> equipment is needed to invoke the exploit;
>
> 5) Difficult to eradicate with any patch, reinstallation, or cleaning
> procedure;
>
> 6) Likely to be exploited, because the skills needed to exploit the
> hole are possessed by many programmers and the information needed to
> conduct the exploit is generally available to the public. The time
> needed to exploit the security hole is in the range of a week's
> planning time and 60 seconds for execution.
>
> -------------------------------------------------
>
> A PATTERN OF SECURITY FAILURES
>
> The testing in Emery County follows another set of tests by Black Box
> Voting in Leon County, Florida, which documented security flaws in the
> GEMS central tabulator and the Diebold AccuVote optical scan system.
>
> A PATTERN OF RETALIATION BY DIEBOLD
>
> Like Bruce Funk, Leon County Supervisor of Elections Ion Sancho faced
> retaliation by Diebold and other voting companies. Diebold refused to
> honor its contract with Sancho, forcing him out of HAVA compliance.
> The only other authorized vendors then blackballed Sancho, refusing to
> sell to him.
>
>The Florida Attorney General is now investigating Diebold, ES&S and
> Sequoia for collusion and antitrust violations.
>
> Diebold has also been participating in orchestrated smear campaigns
> against Black Box Voting and its founder, Bev Harris, using fake
> Internet "screen names," identity theft (posing as board members of
> Black Box Voting to post defamation), organizing fake news Web sites
> smearing election integrity advocates in general and Black Box
> Voting/Bev Harris specifically. Some Diebold employees tag-team with
> the Diebold smear squad to point elections officials toward the
> cyberlibel. The Diebold Internet smear squad also includes an
> individual from North Carolina.
>
> Black Box Voting, together with a team of volunteer researchers, has
> now obtained documents and photographs which directly tie these
> Internet libel campaigns to Diebold. A more detailed article on the
> Diebold Internet smearing, accompanied by documents and photographs,
> will be published here after the dust has settled on the Diebold
> touch-screen security failures.
>
> PERMISSION TO REPRINT GRANTED, WITH LINK TO
> http://www.blackboxvoting.org
>
> * * * * *
>
> Black Box Voting is a nonprofit, nonpartisan 501c(3) organization
> fighting for citizen elections oversight, supported entirely by
> citizen donations.
> to donate: http://www.blackboxvoting.org/donate.html
> Black Box Voting
> 330 SW 43rd St. Suite K
> PMB 547
> Renton WA 98055
>
> * * * * *
>