they will refuse to show up at the hearing on how certification is being
done. They don't want to be questioned.
Shawn Southworth (Ciber) has notified the investigating committee that he
will decline to appear. Jim Dearman (Wyle Labs) has notified the committee
that he will decline to appear.
No word yet from California voting machine examiner Steve Freeman or
California technical advisor David Jefferson, who have accepted at least
$150,000 and $50,000, respectively, in Calif. taxpayer money for their
roles in testing and certification and recommendation.
The hearing, scheduled for Feb. 16, was called by Calif. Senate Elections
Committee chairperson Debra Bowen. Thus far, no subpoenas have been issued.
The process for issuing a subpoena takes place in the Senate Rules
Committee, which Bowen is also a member of. Without subpoenas, it now seems
likely that not a single key witness will show up for questioning.
QUESTIONS NEED TO BE ASKED ABOUT THE BREAKDOWN IN VOTING SYSTEM
CERTIFICATION
It is clear by now that the prospect of having to answer how systems like
the defective Diebold GEMS central tabulator were recommended for
certification is simply a no-win situation for most of the voting machine
examiners.
The Diebold system has been recommended for certification over and over,
and according to time sheets obtained for the examiners, many hours have
been invested in examining its security. Yet two different hacks in
projects conducted by http://www.blackboxvoting.org, one by Dr. Herbert
Thompson and a different one by Harri Hursti, quickly penetrated the
system, altering election results.
It took Hursti only 24 hours to spot the fatal flaw in Diebold's memory
card architecture. Both federal and state certifiers should be asked why
they recommended this system for certification. Did they not notice the
problem, or did they ignore the problem, or did they think it was not a
problem?
It took Dr. Thompson less than five minutes to identify the fatal flaw in
the GEMS tabulator. Both federal and state certifiers should be asked why
they have repeatedly approved GEMS for certification. Did they not
understand that a Visual Basic Script can be used to hack a Microsoft
Access application? Did they not know GEMS uses Microsoft Access? Do they
believe that using a voting program that is hackable with a simple script
is secure?
The Steve Freeman time sheets reveal that he specifically billed the state
of California for testing in response to the RABA Technologies report and
the CompuWare report. His time sheets show an additional five-hour
examination of GEMS security. The August 18, 2004 CompuWare report rates
the GEMS risk High, High, High and the RABA report says that GEMS should be
rewritten entirely.
Freeman needs to be asked, under oath, why he repeatedly recommended GEMS
for certification even after numerous reports detailed its security flaws.
As recently as November 2005, Freeman recommended GEMS for certification
again, this time admitting that there were defects but saying they were
planning to find a way to mitigate them. (However, California has not yet
mitigated the defects, but will continue to use GEMS.)
Both federal and state certifiers should also be asked why they approved
interpreted code in Diebold machines, contrary to FEC standards. Do they
think there is no interpreted code? If so, why is there a program called
the "interpreter"? Do they think it is okay to have an interpreter running
code in a voting system during an election?
According to documents obtained from the state of California by Black Box
Voting, Diebold actually stripped out security measures on its absentee
ballot counting machines, removing the only safeguard against GEMS hacking
available, short of counting all of the ballots by hand. Both federal and
state examiners need to be asked why they approved this. Nearly 40 percent
of California votes are mail-in. Given the known risks with GEMS, was it
appropriate to remove the voting machine results tapes, leaving mail-in
vote security solely up to GEMS? Did the examiners not know this? Did they
not consider it to be a problem? (See also: Mail-in ballot risk )
TAXPAYER FUNDS PAYING FOR WHAT?
Here are some of the time logs and payment records for the voting examiners
who examined security on GEMS and the optical scan machine, but recommended
for certification anyway, saying nothing publicly about the defects:
http://www.bbvforums.org/forums/messages/2197/19300.html
(Note: You can view every article as one long page if you sign up as an Advocate Member, or higher).