touch-screens to implement an emergency security measure. Several more
states are expected to follow Pennsylvania.
The state of Utah has known that a critical security risk exists in
its Diebold TSx touch-screens, but chose to punish the courageous
public official responsible for identifying the defect instead of
taking any efforts to learn what the problem is and correct it.
Below is an excerpt from a security alert faxed to the Utah Lt.
Governor, state elections director, Emery County attorney and Emery
County commissioners on March 24.
SHOOT THE MESSENGER
Utah officials ignored the warning entirely, and instead flew Diebold
attorneys to Emery County on the governor's airplane, where the
Diebold lawyers were allowed to sit into a private executive session.
In this session, a decision appears to have been made to block Emery
County Elections director Bruce Funk from executing his duties.
In Utah, the law requires that any employment decision be publicly
noticed (it was not) and the county attorney is the designated counsel
for county elections officials (County Attorney David Blackwell chose
to side with Diebold against Bruce Funk). According to a tape
recording of the public portion of the meeting, Bruce Funk repeatedly
requested an attorney, but this was denied to him.
Funk was an eye witness to the security testing by Harri Hursti and
Security Innovation, Inc. He knew first-hand that the machines
represented a significant security risk. County commissioners told him
he was going to be required to use the machines anyway, Diebold
refused to provide a letter in writing indicating that machines it
sold weren't used or loaded with inappropriate software; Diebold then
told Emery County that it was going to cost $40,000 to check over the
machines (the Diebold contract limits them to charging just over $1200
per day, Emery County has just 40 machines, and re-flashing all
machines with a new system takes no more than 10 minutes per machine).
Funk was told that he would not be permitted to watch Diebold
technicians work on the machines, and they had already "visited" his
machines while he was out of town for a day.
Because Funk was denied a lawyer, he didn't know that a little-known
1929 law in Utah was sometimes used by public officials to browbeat
each other out of office. If certain public officials gang up and
intimidate another public official, threatening punitive measures and
dire consequences, urging resignation, if the targeted official
tenders even a tentative and conditional resignation, under some
interpretations that is held to stick. Diebold and the county
succeeded in browbeating Funk into temporary submission; he quickly
notified them in writing that he had no intention of resigning, so
they locked him out of his office.
Black Box Voting has assisted Funk in securing qualified legal counsel
and is underwriting the public policy legal actions to defend Funk
against Diebold's actions -- ironically, with Diebold's own money, won
in a Diebold false claims suit in California. A $76,000 fee was paid
to Black Box Voting founder Bev Harris, and was subsequently
contributed as a restricted donation for public interest litigation.
The Diebold money is now helping support the fight by whistleblower
Stephen Heller, who is facing retaliatory action by Diebold's
attorneys. Diebold false claim funds are also underwriting legal
actions to help Bruce Funk fight Diebold's retaliation.
In Funk's case, the lack of public notice and failure to put his
employment matter on the agenda likely outweighs the 1929 law, as does
the county's refusal to provide him with counsel, failure to allow him
to sit in on the private meeting with Diebold lawyers concerning his
employment, and insistence that he take responsibility for elections
held on machines he knew to be insecure.
To date, Emery County has refused to provide Funk with either a
transcript or a tape or their behind-closed-doors meeting with Diebold
DIEBOLD'S BEHAVIOR WAS EVEN MORE PROBLEMATIC
Experts for the state of California and the state of Pennsylvanie have
now confirmed the seriousness of the vulnerabilities discovered in
Emery County. Diebold was cornered by Pennsylvania voting system
examiner Michael Shamos, and was given the choice of telling the truth
or lying. Shamos had already sequestered one of the machines and was
prepared to examine it himself it Diebold lied. Only after this did
Diebold admit to knowing about the security vulnerability, which is
designed into the system.
Black Box Voting is completing reports with Harri Hursti and
subsequently with Security Innovation (which will serve as peer review
for Hursti Report II). The Hursti Report on findings from Emery County
will detail multiple back doors built into the system. This report
will be released to the public in redacted form on May 10. The
unredacted version will be provided to federal and state regulators,
including the Dept. of Homeland Security's "CERT" alert system.
LETTER TO UTAH OFFICIALS
Here is a quote from the preliminary information which Utah officials
chose to ignore (except for locking Mr. Funk out of his office):
To: Gary Herbert, Lt. Governor of the state of Utah
Cc: David Blackwell, Emery County Attorney
Bruce Funk, Emery County Elections
Emery County Commissioners
Michael Cragun, Utah State Elections Director
Mar. 24, 2006
This is a formal notification that a security defect was found in the
Diebold TSx system in Emery County, Utah by professional security
experts from Security Innovation, Inc. and Mr. Harri Hursti. Because
of the severity of the defects, the formal reports are being prepared
with sufficient precision to garner the attention of the appropriate
authorities with jurisdiction over this matter. These authorities, of
course, include each of you who are receiving this notice, in addition
to federal authorities in the general area of computer security.
The security problems found in Emery County present potentially
catastrophic security defects for upcoming elections. The issue
extends outside of Emery County to additional states. The identified
security vulnerability appears to be:
1) Persistent, with the ability to survive through multiple elections;
2) Difficult to detect, not only for elections official but also for
security experts and even for Diebold technicians;
3) Flexible, in that the exploit can selectively affect any particular
election, candidate or ballot question;
4) Accessible, in that no password, supervisor access or special
equipment is needed to invoke the exploit;
5) Difficult to eradicate with any patch, reinstallation, or cleaning
6) Likely to be exploited, because the skills needed to exploit the
hole are possessed by many programmers and the information needed to
conduct the exploit is generally available to the public. The time
needed to exploit the security hole is in the range of a week's
planning time and 60 seconds for execution.
A PATTERN OF SECURITY FAILURES
The testing in Emery County follows another set of tests by Black Box
Voting in Leon County, Florida, which documented security flaws in the
GEMS central tabulator and the Diebold AccuVote optical scan system.
A PATTERN OF RETALIATION BY DIEBOLD
Like Bruce Funk, Leon County Supervisor of Elections Ion Sancho faced
retaliation by Diebold and other voting companies. Diebold refused to
honor its contract with Sancho, forcing him out of HAVA compliance.
The only other authorized vendors then blackballed Sancho, refusing to
sell to him.
The Florida Attorney General is now investigating Diebold, ES&S and
Sequoia for collusion and antitrust violations.
Diebold has also been participating in orchestrated smear campaigns
against Black Box Voting and its founder, Bev Harris, using fake
Internet "screen names," identity theft (posing as board members of
Black Box Voting to post defamation), organizing fake news Web sites
smearing election integrity advocates in general and Black Box
Voting/Bev Harris specifically. Some Diebold employees tag-team with
the Diebold smear squad to point elections officials toward the
cyberlibel. The Diebold Internet smear squad also includes an
individual from North Carolina.
Black Box Voting, together with a team of volunteer researchers, has
now obtained documents and photographs which directly tie these
Internet libel campaigns to Diebold. A more detailed article on the
Diebold Internet smearing, accompanied by documents and photographs,
will be published here after the dust has settled on the Diebold
touch-screen security failures.
PERMISSION TO REPRINT GRANTED, WITH LINK TO
* * * * *
Black Box Voting is a nonprofit, nonpartisan 501c(3) organization
fighting for citizen elections oversight, supported entirely by
to donate: http://www.blackboxvoting.org/donate.html
Black Box Voting
330 SW 43rd St. Suite K
Renton WA 98055
* * * * *