San Diego County Registrar Admits to Security Lapses Which Would Nullify Legal Use of Systems According to Both State and Federal Requirements, Provisions!
Registrar of Voters Not Concerned, Says Poll Workers would 'have to want to commit a felony, which knocks out most of our poll workers'
By Brad Friedman on 6/14/2006, 3:11pm PT  

The electronic Diebold voting systems used in the special run-off election last week for California's 50th U.S. House district were effectively 'decertified' and invalidated for use in the election after massive security breaches in the storage of those systems were sanctioned by the San Diego County Registrar of Voters, The BRAD BLOG can now conclude.

Based on the review of several different very specific state and federal requirements, laws and provisions, the unsecured overnight storage of Diebold voting machines and their memory cards in poll workers houses, cars and garages in the days and weeks prior to the closely watched election between Republican Brian Bilbray and Democrat Francine Busby violated several federal and state provisions which, if not followed, would revoke the certification of use for the voting systems in any California election.

In the wake of discussions yesterday with SD County Registrar Mikel Haas, who admitted to The BRAD BLOG that storage in poll workers' cars could not be considered secure, it has now become clear that several violations of certified provisions of use for Diebold voting machines --- which have been found and confirmed in the past several months to be highly tamperable by dozens of methods and by the company's own admissions --- occurred in last week's race...

When it was discovered last December, after a security examination of Diebold optical scan systems in Leon County, FL, that both op-scan and touch-screen systems made by Diebold could be hacked via their memory cards --- due to the presence of so-called "interpreted code" which is banned by federal voting systems standards --- both federal and California officials instituted new security requirements concerning their use in elections. The violation of those requirements, as has clearly occurred in the CA-50 race, would effectively nullify their certification for use in the state of California.

Adding fuel to the concerns of the incredibly cavalier statements about the security issues related to this matter by Registrar Haas (read on below) is the fact that just last week, two different elections in an Iowa Republican primary revealed that the popular incumbents --- who had both apparently "lost" their races after paper ballots were optically-scanned --- had in fact won their races after a subsequent manual hand-count revealed the scanners were programmed incorrectly. Those revelations, along with the details of CA-50 that we have been reporting here, have led non-partisan election watchdog organization VoteTrustUSA to join us in demanding that SD County prove their reported results are accurate by carrying out a full manual hand-count of all paper ballots and "paper trails" in the race.

The National Association of State Elections Directors (NASED) the national body responsible for qualifying voting systems for use on the federal level, issued a warning about the severe tamperability of memory cards back on March 22nd, 2006, after the issue came to light during the December Leon County tests which revealed that exploitation of this vulnerability could be used to flip an election on a Diebold optical scan system. If exploited, the tampering would not be visible to vote tabulation witnesses and no trace of the hack would be left behind save for counting the paper ballots themselves for accuracy.

In another examination by computer security professionals in Emery County, Utah in March, it was discovered that Diebold's touch-screen systems could have their entire election software, operating system and even computer firmware ("BIOS") overwritten in less than two minutes time --- no password necessary --- should a sing malicious user have unfettered phyiscal access to the system. Such access could then affect every voting machine used across the entire county.

The result of all of this would be that if there had been malicious tampering with these voting systems, no amount of observations of the tabulation would reveal the tampering that had occured inside the machines. Unfortunately, candidate Francine Busby's own statement in regard to this matter, seems to reveal that she is wholly unaware of the incidiousness and invisibility of the points in question here and, as we'll show, the fact that the voting machines, as used in her own election, were in clear violation of the law.

As a blood sample taken at a crime scene and then stored in someone's garage for a week before delivery to the crime lab would be considered "contaminated" on its face --- even if there had been no actual tampering to the sample --- so must the world's most easily-hackable voting machines be considered as contaminated when such a massive breach of security in the chain of custody has taken place such as sending machines home, unprotected, with poll workers.

In light of the recently discovered concerns about the Diebold systems, the March 22, 2006 security memo issued by NASED in regard to the vulnerability of the memory cards, states requirements for use of these systems which are quite clear [emphasis ours]:

1. Throughout the life of the voting system, the election official shall maintain control of all memory cards and keep a perpetual chain of custody record for all of the memory cards used with the system. Programmed memory cards shall be stored securely at all times with logged accesses and transfers.
...
Failure to comply with this addendum negates the voting system’s status as a NASED-qualified voting system.

Since NASED-qualification is just one of the many conditions for certification of use of voting machines in California, the failure described above would decertify the systems concurrently on both the federal and California state levels.

As well, the so-called "conditional certification" on February 17th, 2006 of Diebold touch-screen systems in California, as issued by Sec. of State Bruce McPherson, also speaks to the memory cards issues. It spells out quite clearly that the "additional security measures" in regard to those memory cards are "conditions for use in the state of California."

If violated, the systems would no longer be approved for use here. Says McPherson's certification:

Any breach of control over a memory card shall require that its contents be zeroed, in the presence of two election officials, before it can be used again

While speaking with Haas yesterday, he confirmed once again that indeed both Diebold touch-screen and optical-scan systems, containing their programmed memory cards, were sent home with poll workers in the days and weeks prior to the election.

When asked if storage in garages or cars could be considered as "secure," the SD County Registar responded directly: "No. If kept in the car it would not be considered secure. We would advise them not to do that. No."

And yet, The BRAD BLOG has received, and reported on, several correspondences from nearly half a dozen poll workers who have admitted that they did precisely that.

After reading the special NASED and CA requirements to Haas, and asking him for comment on whether he would therefore confirm that sending these voting machines home with poll workers had nullified their certification for use in the election, he quickly changed his tune.

So I challenged him: "But you admitted that storage in cars could not be considered as 'stored securely at all times,' as the NASED requirements demand," I said.

"No, I didn't," he said.

"Yes, you did," I replied. And after reading back to him his exact quote, he wished to modify his statement to say instead that storage in cars "may be secure, but it's not the most secure."

There are further provisions in California state Elections Code (EC 19251) which require that all voting systems not just be certified by NASED before approval for use in CA, but that they also meet all federal Voting Systems Standards. According to that statute, systems may only be certified if "The system has been both certified by Federal Authorites and meets or exceeds the voluntary standards set by the Federal Election Commission."

But Section 1, paragraph 4.2.2 [WORD] of the FEC Voting System Standards of 2002 specifically ban certification for machines which contain the type of "interpreted code" which Diebold has now been forced to admit is present in all of their electronic voting machines.

"Self-modifying, dynamically loaded, or interpreted code is prohibited" says the pertinent part of those standards which should have been reason enough, upon discovery, for all Diebold systems to have their federal certification immediately revoked by NASED and the Election Assistance Commission (EAC).

After initially hiding the code from federal testers, Diebold officials were forced to admit in a letter to the CA Sec. of State, that their voting machines do contain that type of code, making them easily tamperable by hackers who might gain a short time of unsupervised physical access to the machines.

"As part of contemplating the AccuBasic changes to the various voting system components," the Diebold letter admits, "we have internally discussed changes to include removing the interpreters and interpreted code."

We could go on. CA Election Code section 19205 states that the secretary of state must declare in his/her certification that the system being certified is "safe from fraud or manipulation." McPherson was unable to make that declaration in Diebold's touch-screen certification, unlike he has done in certification for other California-qualified voting systems.

When McPherson signed the so-called "conditional certification" for these system, he issued a press release crowing about the security requirements which must be met for use of the Diebold system in the state. (The very security requirements which seem to now have been violated in the CA-50 race.)

The press release quoted Haas himself saying:

"I appreciate Secretary McPherson’s leadership in establishing what must be the most comprehensive and rigorous certification process in the nation. To comply with new federal and state laws regarding elections, we need a new and different set of tools and Secretary McPherson made sure we got those tools."

While stating appreciation for those "tools" it seems, based on Haas' actions in carrying out last week's CA-50 election and my subsequent conversations with him yesterday, that he's not all that concerned about actually using those "tools" in his elections.

Without getting too much further into the weeds on this issue for the moment, I'll just mention that Haas confirmed the touch-screen systems themselves were sent out without plastic security seal tape over either the power switch or the secondary external PCMCIA slot. That security breach alone would allow a would-be hacker to completely overwrite the entire system in less than two minutes with any software of their liking --- with no password necessary --- as revealed by the recent Emery County, UT analysis. (That full report, slightly redacted for security sake, has been published here by BlackBoxVoting.org). We've previously discussed the implications of that report in some detail in relation to the now-questionable CA-50 election.

But not to fear! When I asked Haas if that vulnerability alone might give him reason to be concerned about the integrity of the voting systems he then used in last week's election, he rejected the suggestion.

Since a PCMCIA card can be inserted with the necesssary files into that unsealed slot and the power button turned on (all that's needed to overwrite the software) doesn't that vulnerability trouble you, I asked him.

"I don't know....I think it's highly improbable," he said.

"Improbable?" I wondered. "I'm not asking if it's probable or not, but if it's possible..."

His reply blew me away: "I don't think so, because you'd have to want to commit a felony, which knocks out most of our poll workers."

(Pausing here for effect to let you think about that.)

When I mentioned several cases were poll workers recently have been indicted for election fraud, he stated he was unaware of any such cases. I pointed him towards three officials recently indicted in Cuyahoga County, OH and explained the situation to him. He was unphased and seemingly uninterested.

"I'm sure they could stick something in the system...Whether it's detectable or not, I'm pretty sure that it is. But again, you're tampering with election equipment, so it seems unlikely."

As well, Haas refused to recognize that there are millions, and perhaps billions of dollars, riding on such elections. If you were a poll worker who had a few machines in your garage (and it takes just one to potentially invalidate and/or flip the entire system for an entire county) and you were told, "Hey, why don't you leave your garage door open for a half hour and go get some lunch --- could be a million dollars in it for ya." Would you take such an offer?

After explaining how the optical-scan systems can be so easily flipped, without a trace left behind except for actually counting the paper-ballots, Haas flippantly replied, "It's a good thing we're not gonna use optical scan anymore." A cavalier reference to San Diego County's plans to go "all touch-screen" for this November's general election.

His responses during our conversation alone are enough for any sane citizen who gives a damn about democracy to declare "No Confidence" in any election run under such conditions by Registrar of Voters, Mikel Haas.

You can now share your feelings about that with him, and Busby both, via this petition calling for a full manual hand-count of the ballots and paper trails in the CA-50 race.

Share article...