Pages

Friday, May 04, 2012

Brad Friedman Rips Apart Election Commissioner's Testimony

[Consider this a guest post, by Brad Friedman.]

L.A. based investigative journalist and the Brad Blog(ger) Brad Friedman specializes in election fraud and issues with Diebold machines and other voting machines.  Based on the bio on his website the Los Angeles Times called him:
"The state's most persistent blogger-watchdog on the dangers of voting technology."
The New York Times wasn't so parochial:
"Perhaps the most dogged critic of electronic voting machine technology in the blogosphere."
 --The New York Times
[Of course I checked these quotes.  The NYT quote is linked.  The LATimes blog Feb. 7, 2007 comes up with the quote on google, but I can't get to the link.]


He's been watching the Anchorage April 3, 2012 election carefully.  Since I wrote some posts on the election, I've been included in emails among a group of people concerned how the election was conducted.  Brad too is part of this group.

He watched the Assembly meeting (I'm assuming online) Thursday night.  He sent out an email which took her [Election Commissioner Gwen Mathew's] testimony apart paragraph by paragraph.  And he's given us permission to use it.  Thanks Brad for letting us post this, but more importantly applying your expertise to our election. His critique is so damning about the competence and knowledge of our local election commissioner that I'm posting it here for all to evaluate.

(I must confess I was committed to another event last night that was scheduled before the special Assembly meeting was.  But check Bent Alaska's comprehensive listing of links to the election coverage.)  

[UPDATE:  note the correct spelling is Mathew, not Matthews.]

Here's Brad's email:

"As Gwen Matthews told me personally on the phone, she had not read any of the many security analyses and reviews of Diebold (pronounced DEE-bold, since approximately 1859 when the company was founded) op-scan systems. That was apparent tonight in her testimony for the Assembly as she simply either made things up about Diebold in CA, or repeated what someone had told her.

"Here's part of what she said, which was so wrong in so many ways that I'll post what she said, and then respond line-by-line below it...

GWEN MATTHEWS: In 2003, in California, the Superior -- some court, I can't remember what it is -- they ruled that the Diebold machines were not good for elections. But that is the touch-screens in California. These are much different. The touch-screens, they had software, firmware, hardware issues -- which, by the way, were resolved --  and, but these machines are simple scanning machines and counters. They're very basic. The only security risk would be the memory card that is in each Diebold machine. 

Through the years, I have worked elections as well. And they do occasionally come off. I mean part of our procedure is the night of the election, we take the memory cards out of the Diebold machines, along with the tapes -- the zero report tapes -- and the election results and we put them in their own envelope. And we take them to City Hall and we hand them to people who 'do all that stuff'.  So, it's not unusual for the security seals to break, because they're supposed to that night.

If you're concerned about the security of this, you have to have a motive, you have to have opportunity, you have to have expertise to program that card, plus I don't think they sell that kind of equipment at Radio Shack. I think it's rather specialized. 

These machines are "overnighted" [she means sent home on "sleepovers" with poll workers], but I think it's unreasonable to assume that someone would want to break into that many precinct chairmen houses and get away with it and have no trail of that. 

One last thing. These machines are easy to check, because they have a paper trail. You can have another machines with -- and by the way Jacqueline [Duke] programs these, she's the only administrator, she has an observer when she does it -- um, and you can run through the same ballots through that machine.  It has a paper trail, which was a factor of the court case in California. 

"Good lord. Not even close. On any of it. Let's go graf-by-graf (sorry!)

GWEN MATTHEWS: In 2003, in California, the Superior -- some court, I can't remember what it is -- they ruled that the Diebold machines were not good for elections. But that is the touch-screens in California. These are much different. The touch-screens, they had software, firmware, hardware issues -- which, by the way, were resolved --  and, but these machines are simple scanning machines and counters. They're very basic. The only security risk would be the memory card that is in each Diebold machine. 

"The 2003 suit she's referring to doesn't actually have anything to do with security of the Diebold machines. It was a qui tam case, filed by Bev Harris of Black Box Voting, concerning the fact that Diebold had defrauded the state by lying about their touch-screen voting machines. This was discovered after Stephen Heller, a whistleblower at Diebold's law firm Jones Day, found that Diebold was planning to lie to state officials about having illegally inserted uncertified firmware into their machines in Alameda County (and one other, as I recall).

"The Secretary of State at the time, Kevin Shelley, decertified the touch-screen systems in the state entirely after that incident, and Diebold eventually paid $3.5m (as I recall) to settle the Qui Tam fraud lawsuit.  It had nothing to do with the actual security of the systems themselves, but the fact that Diebold had lied about it all to officials and installed uncertified firmware.

"Those issues were not "resolved," as Gwen says. Rather, a new Sec of State came in later, Bruce McPherson, appointed by Schwarzenegger and simply certified the same touch-screens (and had Diebold guys working out of his office -- literally) that Shelley had previously decertified.

"He did that in 2006, even after the December 2005 Leon County, FL Hursti Hack which showed how, not only could the Op-scan memory cards be gamed, but so could the memory cards in the touch-screens and, most disturbingly, the GEMS central tabulator itself.  That -- not the 2003 fraud case --  is what is referred to in the 2006 Security Analysis commission by McPherson, that I quoted from in my original report on the Anchorage election mess. As I wrote (but Gwen failed to read, I guess):
The findings of the post-Leon County Security Analysis in California [PDF] revealed, among other things:
Memory card attacks are a real threat. We determined that anyone who has access to a memory card of the [Diebold Accuvote op-scan], and can tamper it (i.e. modify its contents), and can have the modified cards used in a voting machine during an election, can indeed modify the election results from that machine in a number of ways. The fact that the the results are incorrect cannot be detected except by a recount of the original paper ballots.
The analysis went on to warn that the hacker "was indeed able to change the election results by doing nothing more than modifying the contents of a memory card."
"It would be safest if it is not widely used until these bugs are fixed (they never were) and until a modification is made to ensure that the...attack is eliminated." The scientists wrote that "strong procedural safeguards should be implemented that prevent anyone from gaining unsupervised or undocumented access to a memory card, and these procedures should be maintained for the life of all cards. ... Any breach of control over a card should require that its contents be zeroed (in the presence of two people) before it is used again."
"There would be no way to know that any of these attacks occurred; the canvass procedure would not detect any anomalies, and would just produce incorrect results. The only way to detect and correct the problem would be by recount of the original paper ballots," they found.
"That had nothing to do with the 2003 fraud case!

"When Matthews says, about her "amazing" machines that  "The only security risk would be the memory card that is in each Diebold machine," it's clear she hasn't bothered to read any of the security reports about these machines -- as she told me that she had not!

"That, of course, is just one report. There have been many many others finding all of the above and even much worse. In 2007, the newer CA Sec. of State Debra Bowen did a "Top-to-Bottom Review" of all e-voting systems in the state of CA. You can peruse the reports here which led her to decertify BOTH the touch-screen AND the op-scan, which was conditionally recertified with, among other security requirements, tamper-evident seals that, if broken, would de-certify the machine for use in an election.

"Here are those many reports -- often redacted for security reasons, to remove the most helpful stuff for hackers:

CA's "Top to Bottom Review" of E-voting systems:
Executive Summary

"A year later, the Sec of State of Ohio, Jennifer Brunner, commissioned another study by her own state. Here are those results (Diebold had been renamed "Premier" by then to try and shake off some of the taint they had earned from all the fraud suits and decertifications and whistleblowers, etc.)

"Back to Gwen's statement tonight:

Through the years, I have worked elections as well. And they do occasionally come off. I mean part of our procedure is the night of the election, we take the memory cards out of the Diebold machines, along with the tapes -- the zero report tapes -- and the election results and we put them in their own envelope. And we take them to City Hall and we hand them to people who 'do all that stuff'.  So, it's not unusual for the security seals to break, because they're supposed to that night.

"'Hand them to people who 'do all that stuff''". Love that. Anyway, no, the security are not supposed to break. They are supposed to be cut at the end of the night by the poll workers. If they just break on their own, it kinda defeats the purpose of security seals.  Yes, they are crappy, and actually can be gamed (removed without breaking them, and then re-applying them), but that's hardly the point.

If you're concerned about the security of this, you have to have a motive, you have to have opportunity, you have to have expertise to program that card, plus I don't think they sell that kind of equipment at Radio Shack. I think it's rather specialized. 

"Fair enough. You have to have "motive…opportunity [and] expertise".  There are plenty of folks who have all of the above. Take, for instance, Jacqueline Duke. Her motive would be clear: Make sure her old boss won the election and that the ballot measure he opposed (Prop 5) did too. Of course, she would have both the opportunity and the expertise to game the system, because, as Gwen says as well, " Jacqueline programs these, she's the only administrator".

"Not saying she did it. Just saying that she had all the requirements to game the entire system. Many others did as well. For example, the "people who 'do all that stuff'", as Gwen mentioned.  And yes, poll workers could do so as well. More on that in a moment.

"As far as the equipment required. Well, Harri Hursi programmed his memory card for the Leon County Hack seen in Hacking Democracy by purchasing a crop scanner off the Internet for less than $100 dollars. Pima County, AZ did the same thing when they wanted to test, they say, how easy it would be to do what Hursti did.

"But no equipment is needed at all to simply change results on the GEMS central tabulator. That is done with a few keystrokes by "the people who 'do all that stuff'", if they like.

These machines are "overnighted" [she means sent home on "sleepovers" with poll workers], but I think it's unreasonable to assume that someone would want to break into that many precinct chairmen houses and get away with it and have no trail of that. 

"As the Princeton Diebold Virus Hack of 2006 showed -- (I broke the story at Salon and in a more detailed version at The BRAD BLOG, the hack was later demonstrated, among many other places, live on Fox "News") -- a single memory card can be loaded with a virus that then passes itself either from machine to machine, or straight into the GEMS tabulator affecting all cards and results in the election.  One needn't "break into that many precinct chairmen houses" to do this.

"Gwen is absolutely clueless about which she speaks, and is clearly repeating what she's been told by the Diebold reps (who are now either ES&S or Dominion, whichever one Anchorage uses as their vendor since Diebold was sold off.)

One last thing. These machines are easy to check, because they have a paper trail. You can have another machines with -- and by the way Jacqueline [Duke] programs these, she's the only administrator, she has an observer when she does it -- um, and you can run through the same ballots through that machine.  It has a paper trail, which was a factor of the court case in California. 

"Nothing that she mentioned "was a factor of the court case in California." She simply made that up.

"A so-called "paper trail" is no good if you don't examine it. By refusing to allow the Assembly to hand count the paper ballots, it does no good whatsoever to have a "paper trail". In allowing someone like Jacqueline Duke (who worked for a guy on the ballot) to program the machines (with some unnamed "observer"), train the pollworkers to ignore broken security seals, and then take custody of the "paper trail" (the ballots) themselves for a month before anybody ever gets to examine even one of those ballots by hand, makes a mockery of the entire system.

"That Gwen Matthews is the author of the report used to determine whether that election should be certified or not is a joke. That she serves as the Election Commissioner of Anchorage is an insult. That she would blatantly mislead and/or lie to the Assembly in making her presentation by offering absurd "facts" that have absolutely nothing to do with reality is both an outrage, and merits a LOUD call for her to removed from her post -- along with Jacqueline Duke, by the way -- immediately.

"Good luck guys. You folks may use any or all of the above on the record any way you see fit. IF you have any questions, feel free to ask.

Brad

Again, thanks Brad for so generously sharing your expertise on this issue.

1 comment:

  1. I really appreciate your posting this very much, thank you, I will be sharing it.

    ReplyDelete

Comments will be reviewed, not for content (except ads), but for style. Comments with personal insults, rambling tirades, and significant repetition will be deleted. Ads disguised as comments, unless closely related to the post and of value to readers (my call) will be deleted. Click here to learn to put links in your comment.