North Carolina...wow, who would have ever thought...

heh

Thanks Brad!

I am wondering how the author applies this statement about Sarasota voting machines to other states that don't have the same version iVotronic?

Does the report says all other versions are affected, or is this all conjecture? It could be true, but we DONT know if for a fact that other versions are affected.

North Carolina and Ohio definitely do not have the same model of iVotronic as the machines studied in Sarasota. Any of the machines with the paper trail will have a different version than Sarasota.

Differences:

Sarasota Florida machines are paperless:
ES&S Unity 2.4.4.2
Election Reporting Manager 6.4.2.0
iVotronic DRE Firmware 8.0.1.2
Certified to 1990 Guidelines
12" screen

North Carolina machines have a paper trail:
ES&S Unity 3.0.1.0
Election Reporting Manager 7.1.2.0
iVotronic DRE Firmware 9.1.4.1
15" screen

You can also see a sample DRE ballot for Sarasota and
comparison one for Moore County NC here

http://www.ncvoter.net/d...Ballot_Comparison_06.pdf

Ohio has one of the 9.+ versions as well.

We had audits, and we had manual recounts in several contests in the state.

I will be happy to contact my State about this if you can get a credentialed computer scientist to affirmatively state that this bug affects all models.

I can't rely upon an anonymous computer scientist as advisor.

I believe that all voting systems should be examined, and when HR 811 is passed, we will finally have that opportunity.

Joyce,

The thing you need to do is ignore the information. Don't warn your BOE that there may be a problem.

The vulnerability was found on Version 8 machines and there is no reason to believe it is not on Version 9. That's according to the source.

But don't say anything to anyone about it. The state might check and not find anything or they might check and find out the vulnerability is there.

Are John Edwards bashers allowed here?

For additional clarity, it was actually eight computer scientists who discovered the bug in the firmware v8.# systems, as opposed to a single "anonymous computer scientist" as Joyce suggested. It was that one scientist, however, who was kind enough to put together the specific warnings about what that bug actually meant, and how states who used both v8.# and 9.# could check and/or mitigate the problem on their own systems.

It's a damned serious issue, and as ES&S has known about it, yet waited for someone else to find it (and only after an election contest, for which they fought any examination of their source code!), I'd suggest the onus is on ES&S to demonstrate that the prob isn't still in v9.# systems and that the likelihood is that it is.

You guys fought for source code disclosure in escrow in N. Carolina. Your state could do the country a great service at this time by pulling it out of escrow and checking it for this issue.

It would be a service for the country whether the bug is there or isn't there. So thank you in advance for pushing the NC folks to find out since they've got the access!

... Joyce McCloy pandered thusly...

"I believe that all voting systems should be examined, and when HR 811 is passed, we will finally have that opportunity."

Actually, we can have the opportunity without enacting something as badly written as "Holt II" into law and screwing things up even worse than they are now for years to come.

I copied the post and sent it to my WV SoS.

She's Republican, so there's no telling whether it will be read, but there's no excuse now for not knowing of the problem.

Thanks you, MarkH!

Senator Nelson's S. 559 would assist in finding bugs in EVM software:

`(9) PROHIBITION OF USE OF UNDISCLOSED SOFTWARE IN VOTING SYSTEMS- No voting system used in an election for Federal office shall at any time contain or use any software not certified by the State for use in the election or any software undisclosed to the State in the certification process. The appropriate election official shall disclose, in electronic form, the source code, object code, and executable representation of the voting system software and firmware to the Commission, including ballot programming files, and the Commission shall make that source code, object code, executable representation, and ballot programming files available for inspection promptly upon request to any person.

`(10) PROHIBITION OF USE OF WIRELESS COMMUNICATIONS DEVICES IN VOTING SYSTEMS- No voting system shall contain, use, or be accessible by any wireless, power-line, remote, wide area, or concealed communication device at all.

`(11) PROHIBITING CONNECTION OF SYSTEM OR TRANSMISSION OF SYSTEM INFORMATION OVER THE INTERNET- No component of any voting device upon which votes are cast shall be connected to the Internet at any time.

(Section 247, emphasis added).

Funny, that's the exact same text as in Holt's hr.811... so what's up with that?

Oh, right... It's Holt II part 2!... the two bills are almost identical in text, with s.559 having a couple of good ideas that hr.811 doesn't have... neither of which applies to the text above.

The problem with that text, Dredd, is that it immediately decertifies every form of electronic voting machine in use in the U.S... every EVM. And every electronic voting aid as well...
http://www.bbvforums.org...essages/46591/46677.html
...which means it becomes a multi-billion dollar unfunded mandate that requires technology that doesn't currently exist to be implemented immediately.

ain't gonna happen.

So the question becomes "What will the bill they actually pass do to fix this impossible demand?

And the answer is: remove the impossible provision. And the "e-voting or no voting" people at ACCURATE have already given their oh-so-helpful guidance on how to accomplish this... restrict any disclosure of source code to "qualified" people.

Do you want to place bets on just how qualified you'll have to be to be allowed a glimpse of the machinery that runs our supposed democracy?

John Gideon said:
"COMMENT #3 [Permalink]
... John Gideon said on 4/16/2007 @ 8:53 pm PT...

Joyce,

The thing you need to do is ignore the information. Don't warn your BOE that there may be a problem.

The vulnerability was found on Version 8 machines and there is no reason to believe it is not on Version 9. That's according to the source.

But don't say anything to anyone about it. The state might check and not find anything or they might check and find out the vulnerability is there."

John, why don't you send your big news to the North Carolina State Board of Elections???

Do you think that I have to send it for you?

There's no way that the NC SBOE is going to act upon information that no computer scientist will put his name on.

But please by all means, YOU should send it in. You have an organization, you send out daily news, you are the one that believes that your information is all that is needed in order for my SBOE to act. You know the computer scientist....

When computer scientists like David Jefferson have put their name to the information, like his opposition to the VVPAT on the ES&S iVotronic I have sent it to our SBOE and followed up.

Brad, you said:

"You guys fought for source code disclosure in escrow in N. Carolina. Your state could do the country a great service at this time by pulling it out of escrow and checking it for this issue."

And Brad, I advised you that the only computer scientists who wanted to review our source code in NC were not willing to work pro bono, they weren't willing to follow the requirements of our law, and they weren't willing to come to NC to do the work.
Everyone wants to do it if: we will pay them, they can publish a report on what they find, if they can do it in their home state, etc.

My SBOE is not going to give creditability to nameless sources for problems that exist with a different version machine. This same SBOE has already responded to my inquiries about other issues about Sarasota's machines, and our SBOE has already made it clear to me that they consider these machines to be quite different.

You are welcome to send your information to the NC State Board of Elections if you wish. Its not a private organization, and I even link to their site from mine.

Brad, notice this nasty comment posted along with the others?

the_zapkitty said on 4/16/2007 @ 9:35 pm PT...

.. Joyce McCloy pandered thusly...

Its that type of nasty and low brow comments that have caused many people to stop dealing with you or fooling with this blog.

You let people trash other people in your comments section, you let it happen before, and people lose trust in you because of it. You lose part of your audience. I know I don't forward the Brad Blog articles any more. I have had enough.

Its all about trust. When you allow people to trash others on your blog, YOU are responsible for it.

Unlike "the_zapkitty", who smeared me on your blog, I use my real name.

I used to make it a point (over a year ago) to refer people to your blog, but not anymore.

Anyway, I saw the insults and smears (not new here) and in disgust posted this comment. I know that things wont change, I spoke to you about similar problem a year ago, and its still going on.