everyone missed the part in the RABA regarding the ability to change
files through using the PCMCIA card (p.19). That Diebold and Maryland
were aware of that fact, and other states, including California were
not. This latest story began with David Allen minimizing (actually
using it as a method by which to attack Bev Harris) at the Democratic
Underground website. Suffice it to say that on February 16, 2004, less
than a month after the RABA Report came out January 20), a lawsuit was
filed against the California SoS based upon his lack of adequately
responding to the security problems revealed in the RABA, Compuware,
and other reports and known vulnerabilities.
Among the plaintiffs were Bev Harris, Jim March, and myself. Included was a copy of the RABA
report, and a detailed chart showing the vulnerabilities and
recommended mitigations by the RABA "Red Team" compared with the
security mitigations being promulgated by the California SoS. We
pointed out the mitigation that was recommended by the RABA team for
the exploit involving the PCMCIA card was to physically secure the TS
unit with security tape. Even that was not done as of the date the suit
was filed. Diebold, and the State of California went into court and
convinced the judge that the vulnerabilities had been addressed.
The State of Maryland in a report issued in March 2004 stated the
vulnerabilities had been mitigated, including Diebold's assurances they
had corrected the problem, and the ITAs had done a subsequent "source
code"review. They also were to perform a new risk assessment after the
system changes were made.
We were aware of that particular vulnerability, but at that point were
relying upon the RABA Report, because we had not had access to an
actual machine. The access granted for a more thorough test in Utah in
March this year was unique because it finally enabled a truly
independent look at these machines more carefully. We knew the
mitigation was inadequate but had no further proof. The SoS and the
Elections Division were informed of the various security
vulnerabilities revealed by the various reports that came out during
2003 and early 2004.
remember how many times) testified at the VSPP hearings in October,
November, December 2003 and January 2004. We also wrote lengthy and
indepth comments and emails to the Elections Division outlining the
vulnerabilities known to exist at that time.
On November 5, 2003 I sent a faxed copy with a cover letter to the
California Undersecretary of State and Chairman of the VSPP of a
Diebold Memo that revealed that "uncertified software" was used in the
Alameda County November 2002 election. That prompted the SoS to begin
an investigation to find out if that was true, and if Diebold had done
that in other counties too (they had). That same memo revealed that the
Alameda County central GEMS server was remotely accessed by a Diebold
technician with his laptop. He was able to dial the Alameda County
central GMS server's "bank of modems" by entering in the "pool" of IP
addresses for the modems. The RABA Report specifically talked about the
danger of remote access to the GEMS server. In our lawsuit we went into
depth regarding the dangers and the needed mitigations.
The memo also revealed that the technician was able to go into the TS
unit and go into the Windows CE operating system and modify the
"GEMSHOST" settings. That means in November 2003 the SoS (and the
State's technical consultant) would have been privy to the ability for
someone to go into Win CE and alter settings.
Black Box Voting has spent a lot of effort and resources, and building
of its credibility, in order finally obtain an objective look at these
voting systems. I am confident that if similar investigations were made
of other voting systems we would find very similar vulnerabilities.
Credit needs to be given where credit is due. It has been an ongoing
frustration that many election officials have known of many
vulnerabilities and yet keep trying to reassure the public that all is
well. Many of us in this movement have uncovered risks, problems, and
even evidence of fraud, reported it to the press and election
officials, and then been ignored or ridiculed. Many bits of evidence
were discovered, but the significance of some of those "glimpses" were
not really appreciated until the Hursti I & II Reports were issued. I
sent a copy of the Doug Jones paper urging the de-certification of
Diebold voting systems to the California SoS in the spring of 2004.
I support all the various groups and organizations that have sprung up
over the last few years in fighting for our voting integrity. I am sure
that tens of thousands of hours have been volunteered by patriots who
have been fighting an uphill battle against an entrenched election
industry that seems more intent on defending its incompetence and
self-interests than in providing a voting process that we can have
confidence in.
I have little patience with anyone who attacks or
misrepresents a voting integrity patriot. We all make mistakes, we have
our own idiosyncrasies that may create misunderstandings or even
offense, but we should have one ultimate goal; the right of the
citizens of this country to know for certain that our votes have been
recorded, counted, and reported as we intended, and the government that
is in place is a true reflection of the will of the people.
The fact is that too many election officials defend the indefensible.
The motivation for that fact is multi-faceted, but I would guess based
upon fear of appearing incompetent, self-interest, dependence upon
vendors, or corruption. The bottom line is this country is going into a
critical election season. Yet these voting systems are still being
sold, installed, and used despite all our efforts. This is not the time
to be fighting among ourselves.
Jody Holder is a California voting activist.
