We concur...

By Brad Friedman from Plano, TX, with help from Emily Levy of VelvetRevolution.us and Tom Courbat of SAVE R VOTE...

In a dramatic late-night press conference, California Secretary of State Debra Bowen decertified, and then recertified with conditions, all but one voting system used in the state. Her decisions, following her unprecedented, independent "Top-to-Bottom Review" of all certified electronic voting systems, came just under the wire to meet state requirements for changes in voting system certification.

Bowen announced that she will be disallowing the use of Direct Recording Electronic (DRE, usually touch-screen) voting systems made by the Diebold and Sequoia companies on Election Day, but for one DRE machine per polling place which may be used for disabled voters. The paper trails from votes cast on DREs manufactured by those two companies must be 100% manually counted after Election Day. DREs made by Hart-Intercivic are used in only one California county and will be allowed for use pending security upgrades.

The InkaVote Plus system, distributed by ES&S and used only in Los Angeles County, has been decertified and not recertified for use after the company failed to submit the system source code in a timely manner to Bowen's office. LA County is larger than many states, and questions remain at this time as to what voting system they will use in the next election.

As The BRAD BLOG has been reporting in great detail for the past week since the reports were released, the "Top-to-Bottom Review" had found that all Electronic Voting Systems certified in California were easily accessible to hacking. A single machine, the testers discovered, could be easily tampered with by an Election Insider, Voting Machine Company Employee, or other individual in such a way that an entire election could be affected without detection.

In Bowen's conditional recertification she re-iterated that "expert reviewers demonstrated that the physical and technological security mechanisms" for the electronic voting systems "were inadequate to ensure accuracy and integrity of the elections results and of the systems that provide those results."

The Certification/Recertification documents for each of California's voting systems, including security mitigation procedures and other requirements for use, are now posted on the CA SoS website. The documents, in and of themselves, offer devastating indictments against the security and usability of each of the systems as revealed during Bowen's independent University of California "Top-to-Bottom Review."

Bowen, a Democrat, was elected last November largely on her promise to re-examine the state's voting systems. In an upset victory, she defeated Republican Bruce McPherson who had been appointed as Secretary of State by Gov. Arnold Schwarzenneger. McPherson had been very friendly to the voting machine vendors, allowing for the continued use of virtually every e-voting system submitted for state certification. Several of those systems had been previously revealed to have had grave vulnerabilities and included source code which was in violations of federal voting systems standards and in violation of state law.

The late-night press conference, following Bowen's decisions, was held at the SoS's office in Sacramento at 11:45pm PT, just in time to meet the state law requiring a six-month notification, prior to an election, for changes to certification of voting systems. California's Presidential Election Primary was recently moved up several months by the state legislature to February of '08.

The BRAD BLOG was able to listen in to the presser via a poor cell phone connection out of Bowen's office. As best as we were able to transcribe, these are our notes from Bowen's announcement and the questions from the media which followed...

Direct Recording Electronic (DRE/touch-screen) voting systems decertified and recertified for use by disabled only.
100% manual count for Diebold and Sequoia DREs.
One machine per polling place.

Diebold – Optical scan system: – decertified and recertified only if meets certain requirements.

Diebold TSx DREs – decertified and recertified subject to certain conditions. Only one machine in a polling place for use by disabled voters. Reduces risk of viral attacks that could infect central equipment.

Sequoia – Optec optical scan: – decertified and recertified – subject to conditions

Sequoia AVC Edge I and II (DREs) – decertified and recertified with a number of security requirements including only one machine in each voting location to allow independent access by disabled voters – concern regarding corruption of software and source code

Hart Intercivic – eSlate DRE: Used only by one county – decertifying and recertifying subject to security requirements. Has the least risk of the three systems.

ES&S InkaVote Plus - optical scan: (LA County only) – ES&S ignored my March demand to submit source code. ES&S eventually submitted source code too late for t2b review. Therefore, "I am decertifying the InkaVote Plus without recertification."

Voters are victims of federal certification process that has not done a job of assuring machines are accurate, accessible, secure.

I reject the notion that I should not require changes in systems solely because we already own them. She compares it to a recall of cars....When NASA finds a problem, they don't continue just because they've already spent the money. They scrub the mission and spend the money to get it right. We must do same with elections.

Blogged by Brad from deep in the heart of Diebold Country Texas...

The Source Code Review sections of CA SoS Debra Bowen's independent "Top-to-Bottom Review" of voting machines were released yesterday after being scrubbed of some of the more dangerous, specific "road-maps" for hackers.

As expected, the reports are exceedingly troubling and damaging to the entire failed e-voting industry and Diebold, once again, is shown for the menace to democracy that its once-good name has now come to signify.

As reported by PCWorld...

Voting machine "sleepovers," anyone? (Yes, we're talking to you Mikel Haas, Deborah Seiler, and Michael Vu in San Diego!)

And finally, there's this --- bolding added so it can be seen easier by members of CONGRESS...

Got that, Mr. Holt and Ms. Feinstein?

And with that, we eagerly await Bowen's fateful decisions, due today, on what to do with California's electronic voting systems. She may choose to do a) nothing, b) decertify, or c) recertify with new conditional security elements. Today is Judgement Day. Stay tuned...

Blogged by John Gideon, VotersUnite.Org

"The problems we found in the code were far more pervasive, and much more easily exploitable, than I had ever imagined they would be." Matt Blaze 02 August

Today the California Source Code Review Reports were released by Secretary of State Bowen's office. Reports were released on the Diebold, Sequoia, and Hart Intercivic voting systems.

The lead researcher for the Sequoia source code team was Matt Blaze. In his blog, Exhaustive Search, Blaze discusses the results of all of the inspections.

Blaze then concludes with what may be a hint of decisions to come:

Blogged quickly by Brad from somewhere deep in the heart of Texas...

Color us shocked. Elections Officials who oversee their own elections or those of their party leaders...and then go to work for the Voting Machine Companies they do business with/apologize for. Hey, at least they're now getting paid (publicly) for the lobbying work they were doing for those companies already.

New York Times notices the problem we have with the way our electoral system "works" and how so many of those who run it seem to work for everyone but the voters...

And a note to NY Times' Ian Urbina: Good story. Though it would be a journalistic breath of fresh air if you avoided already discredited political operatives as quoted sources. E.g., folks like Robert Pastor of the hoax Baker/Carter National Election Reform Commission and the anti-democratic GOP wingnut SoS of Indiana, Todd Rokita. Consider it a friendly request with appreciation that you seem to be back on this beat...

Guest Blogged by John Washburn

Currently, the public portions of the top to bottom review published by California last week have rightly been the subject of banner headlines. A report from the University of Connecticut, however, which was entitled "Integrity Vulnerabilities in the Diebold TSx Voting Terminal" and released a few days prior with not quite as much fanfare, provides an excellent counter to the oft-repeated vendor talking point that the California testing is similar to "giving keys to a thief."

The University of Connecticut report is immune to this specious argument. The University of Connecticut team had no access to source code or any information which was not publicly available. These limitations are precisely what all three vendors defined as "realistic" in their testimony in California at the public hearing on Monday July, 30, 2007. Yet, under these vendor-approved conditions, the University of Connecticut found yet another set of new, serious, and election altering defects and was able to exploit them in a disturbingly effective manner.

Guest Blogged by John Gideon, VotersUnite.Org

In a recently released report, New York Attorney Andrea Novick, Esq., tells members of New York state government and now the world that the vendors of the voting machines that most of us use are NOT responsible citizens and why. This report was written for, and addressed to, Governor Spitzer, the State Board of Elections and the State Legislature.

In her report Novick explains that New York state has laws that should bar any of the vendors from doing business in the state.

New York State Law states the following about corporate integrity...

According to a story in the Miami Herald by Marc Caputo;

The study by the Florida State University Security and Assurance In Information Technology Laboratory (SAIT) has found that the issues discovered by Harri Hursti in the now famous Hursti I hack have not been addressed by Diebold. The SAIT Team also inspected the state's Diebold DREs and DRE Bootloader.

In a letter to David Byrd of Diebold, Secretary of State Kurt Browning gave Diebold until August 17 to correct the identified problems. Failure to do that will result in the system not being certified for use in the next election in the state.

Guest Blogged by John Gideon, VotersUnite.Org

To date the "Red Team" reports have been released; a preliminary report on audits has been released; and the accessibility report has been released. Our cup nearly runneth over.

But wait, there's more?

Yes, there are still 6 more reports that have not been released. There are three reports, one for each vendor, on the source code review. There are also three reports, one for each vendor, on the document review. All six of these reports are important to the total picture and all of them will be used in the final decision making process.

We encourage the Secretary of State to let the voters see those remaining reports. If the reports are 100 pages each, that's 600 pages of information that we need time to read and study.

Secretary Bowen, release the reports, please.

UPDATE 01 August: Today Princeton Prof. Ed Felten of Diebold Accuvote TS hack fame, asked on his blog, FreedomToTinker, "Where are the California E-Voting Reports". In his blog Prof. Felten says:

We ask again; Secretary Bowen, release the reports, please.

UPDATE 02 AugustAnother set of reports, source code review, has been released today. Thank you Secretary Bowen.

Blogged by Brad Friedman from somewhere in Texas...

If you've yet to find time to read the hundreds of pages from the landmark "Top-to-Bottom Review" of voting systems from California University, as commissioned by CA SoS Debra Bowen, we don't blame ya.

So after plowing through dozens of articles covering the reports, we'll make it easy for you, and recommend two short articles which will get you all quickly caught up with an overview of some of the most notable findings from all of the various reports as written in nearly human-being language.

As well, we're happy to sum up --- and destroy --- the pathetic, predictable, and lock-step Election Officials' and Vendors' response to Bowen's report in a few easy paragraphs....

Guest Blogged by John Gideon of VotersUnite.Org with input from Ellen Theisen, also of VotersUnite.Org

Now that the California Secretary of State's "Top-To-Bottom Review" testing is complete and the reports have been submitted, nearly everyone is falling over themselves to read and talk about the many startling vulnerabilities easily found by the "Red Teams" who performed hack testing on the systems.

However, there is another report that has been overlooked, for the most part, by the media and the public. That is the "Accessibility Review" which examined whether the Direct Recording Electronic (DRE) voting systems meet federal requirements to allow voters with disabilities to cast their votes privately and independently as required by the Help America Vote Act (HAVA). Maybe it's because, as some have pointed out, accessibility issues are not as "sexy" as hacking into voting machines. Or maybe it's because this report is 155 pages long as compared to less than 20 pages for the "Red Team" reports. Either way, the failures found in the accessibility report may pack more dynamite and leave more questions unanswered than the security reports.

The "Executive Summary" of that report says it all:

Notice that the researchers say, "none met the accessibility requirements of current law." That's federal and state law. The machines have been sold for years --- and, in fact, the use of DRE machines as a whole has been jammed down America's polling places --- on the basis that they meet federal HAVA mandates for an accessible means of voting in every polling place. And yet, the California analysts found, they are not accessible at all...

Guest Blogged from Sacramento by Emily Levy of VelvetRevolution.us (with assistance from Michelle Gabriel, photos by Bill Lackemacher of Sacramento for Democracy) from the public hearing on 7/30/07, called by California Secretary of State to receive comments on her landmark "Top-to-Bottom review" of the state’s electronic voting systems. No internet access was available in the hearing room, so I wasn’t able to live blog as I’d hoped. I did, however, take copious notes, which are posted in full below this brief summary.

ED NOTE: The video of the hearing, which was not easily available as it streamed live today, is now posted here and here. But I recommend Emily's detailed description below for a great deal of value-added content and perspective! And it's faster! - BF

Note: Story very slightly updated with some corrections in the spelling of names, plus one substantive correction regarding Jim Soper's testimony (the very last one in the entire article).

SACRAMENTO - California Secretary of State Debra Bowen made opening remarks, followed by an overview of the Top-To-Bottom Review by the chief investigator, Matthew Bishop, University of California Davis (UCD) Professor of Computer Science.

Following that, each of the three vendors whose machines went through the Top-To-Bottom Review were given 30 minutes to respond to the report. Diebold went first and only took about five of the 30 minutes, followed by Hart Intercivic and Sequoia.

I’m absolutely thrilled to report that Sequoia knows just how to solve the problems found in the Top-To-Bottom Review: California should just by newer systems from them!

After lunch was the public comment period, the longest part of the hearing. I’ve paraphrased and sometimes quoted the comments of just about every person who testified (including my own testimony). There were maybe 25 or 30 county election officials present, many of whom spoke. Freddie Oakley of Yolo County, an election integrity hero, spoke in favor of the Top-To-Bottom Review and said we bought these systems to accommodate voters with special needs and disabilities and “we have let them down in the most appalling way” by certifying systems with such obvious defects and continuing to use them despite those defects.

I believe every other elections official spoke critically of the Top-To-Bottom Review, most criticizing Bowen for not including county elections officials in the review, not reviewing policies and procedures as part of the Top-To-Bottom Review, and conducting the review in a laboratory setting rather than a real election setting. (I, in contrast, think our elections in recent years have been nothing but one giant beta test!)

It will take some scrolling to find my notes on the remarks of the many election integrity advocates who spoke. Most spoke late in the day, probably because they signed up later, after the pre-hearing press conference they held outside the Secretary of State’s office building. But it’s worth the scrolling, because many important things were said. Many of the EI advocates encouraged Secretary Bowen to decertify not just the three election systems tested, but all electronic voting systems. Many advocated for hand-counted paper ballots. Testimony was frequently backed up with credentials, experience, statistics and technical information. The depth and breadth of expertise in the election integrity movement continues to amaze me. (Note: I’ve posted my own comments in full because I had them available. If others who spoke would like their testimony posted in full, I invite them to paste them into the “comments” section of this blog item.)

Several people with disabilities and advocates for people with disabilities spoke. Some, notably Jennifer Kidder, spoke about the importance of election integrity. Kidder said, “The purpose of any equal opportunity legislation is to get marginalized voices heard,” and went on to note that this purpose is defeated if, after voting privately and independently, the vote of a disabled voter is changed by an electronic voting system.

Most of the people with disabilities and their advocates, however, cautioned against going “back” to paper ballots, saying that would be a move in the wrong direction in terms of the accessibility of voting systems. In general, they were supportive of the types of mitigations recommended by the accessibility team of the Top-To-Bottom Review, despite the findings that none of the systems tested actually met the federal accessibility standards as required by law.

Secretary of State Debra Bowen’s office is accepting public comments by email until Wednesday, August 1 at VotingSystems@sos.ca.gov On Friday, August 3, Bowen will announce what actions she will take in light of the Top-To-Bottom Review. We can only hope that she remembers why she was elected, and will take bold action to protect California's elections.

Detailed notes on the hearing appear below. Where I have paraphrased a speaker, I have done so in the first person, sometimes making my own [occasionally snarky] comments inside square brackets. I hope this isn’t confusing...

Blogged by Brad Friedman from somewhere in Texas...

"Publicly observable post-election audits are the single most important safeguard we can have for the integrity of elections in this era of computer-assisted voting," according to Livermore National Labs computer scientist David Jefferson.

"They allow everyone, winners and losers alike, to be satisfied that the races are correctly called, but without the need to trust any computers or software," he added in a press release from the California Sec. of State's office released just moments ago (posted in full at the bottom of this item) on the study he led for the SoS Debra Bowen, which examined the effectiveness of --- and made recommendations to improve --- the state's 40-year old 1% manual audit law.

In addition to her stunning announcement on Friday that her team of independent analysts at Univeristy of California, attempting to hack the states electronic voting systems as part of her promised "Top-to-Bottom Review," were able "to bypass both physical and software security measures in every system tested," Bowen has also convened a "Post-Election Audit Standards Working Group" in order to "examine whether California’s post-election audit standards should be strengthened."

Their report has now been released online [PDF].

Among recommendations made by the group (emphasis in original):

• Take a risk-based approach to conducting post-election audits by manually counting a higher percentage of precincts – above the 1% required by law – in close races and in races involving only a small number of precincts.
• Develop an adjustable sample model that fits California’s needs. With an adjustable audit, the size of the random sample for close elections and small races is not a flat percentage, such as California’s current 1%, but is calculated using the margin of victory, number of precincts in the race and other key factors to produce a desired confidence level (for example, 99%) that the winner of the election has been correctly declared.
• Develop a comprehensive approach to verifying election results, including rules for escalating an audit when errors in the machine counts are discovered during the manual count and rules for determining whether to trust the outcome of the election when small discrepancies are found between the manual and machine counts. In California, the law sets no standards when it comes to audit escalation.

"No matter what voting systems California counties use," Bowen said in the statement, "we have to make sure we’re doing meaningful audits of election results to provide voters with the confidence that every vote is counted as it was cast."

The complete press statement on the just-released finds of the "Post-Election Audit Standards Working Group" follows in full below...

CA SoS Debra Bowen's public hearing concerning her "Top-to-Bottom Review" of electronic voting systems carried out by the University of California, takes place at 10am today (Monday) in Sacramento. Her office has just let us know that the hearing will be webcast live here.

VelvetRevolution.us' Emily Levy will be at the hearings and is hoping to live blog them for The BRAD BLOG from the hearing room.

According to a statement from Bowen's office this morning, the hearing will be at "the Secretary of State’s Sacramento building auditorium at 1500 11th Street."

"Secretary Bowen’s decisions on system certifications will come on or before August 3, after her thorough review of the UC team reports and input from voters, voting system vendors and local elections officials," the state says. "Today, the independent UC review teams, led by nationally respected computer science experts David Wagner and Matthew Bishop, will provide an overview of their reports. Voting system vendors will have an opportunity to respond, then public comment will be welcome."

The landmark, independent reports from UC are available online right here.

UPDATE 1:00pm PT: The live webstream out of the hearing is almost completely unwatchable, as they must not have enough bandwidth to accommodate those trying to watch. As well, though Emily is at the hearings, there is no Internet access available in the room. So despite all best-laid plans, we'll have to wait for the her report to be posted here later tonight, and for a video archive of the hearing itself to hopefully be made available later.

UPDATE 11:27pm PT: Emily Levy's tremendous, detailed coverage of the hearing is now finally posted here...

Guest Blogged by Bob Bancroft of VotersUnite

Rep. Rush Holt's HR 811 Election Reform bill has become an enigma. After years of healthy dialogue with the election integrity community, Congressman Holt’s office now seems unresponsive. Just last week, rumors began to circulate that the Holt bill was adrift, its future uncertain. We later learned that the bill had entered into a series of secret negotiations, involving Majority Leader Hoyer, Speaker Pelosi, and other undisclosed parties.

Despite repeated attempts to contact anyone from the offices of Holt, Hoyer or Pelosi for a simple update, the week went by without a single call returned.

Now, we receive our first glimpse of the newly compromised Holt. We learn of the bill not from its author, nor Leader Hoyer, nor any elected, public official. Instead, it would seem that communications surrounding the bill flow through People For the American Way (PFAW), in the form of a late-Friday press release.

On Saturday, the New York Times confirmed that it was PFAW's President, Ralph Neas, in fact, who brokered the deal.

At a time when public confidence in our elected officials, and indeed the very process by which they are elected, is badly shaken, this is not helpful. VotersUnite will form an opinion of Hoyer-Holt only after careful reading of the text, which remains unavailable at the time of this writing. However, we are troubled that our Representatives would choose to conduct themselves in this circuitous manner, especially while considering something as fundamental as our right to vote.

Following is the full text of the original press release on the new, compromise version of HR-811, as issued by PFAW on Friday...