Cites Extraordinary Security Flaws Recently Discovered in Touch-Screen Systems Used in State...
By John Gideon on 7/12/2006, 3:10pm PT  

A press conference to announce the filing of a lawsuit in Georgia by a group of voters and organizations on behalf of all voters in the state will take place tomorrow.

The suit, according to a press release (posted in full below), calls for action that will "Immediately decertify the state’s Diebold Election System" due to the extraordinary vulnerabilities found in the system by computer scientist Harri Hursti over the last several months.

Georgia, along with the state of Maryland, was one of Diebold's original "showcase" states. They first employed their systems in 2002, and continue to use the paperless touch-screen Diebold AccuVote TS system which has been shown to be extraordinary susceptible to tampering, according to leading computer scientists, in just two minutes time with no password necessary.

A media advisory announcing a press conference tomorrow, and another describing the action being taken in detail both follow in full...

Media Advisory

New Lawsuit Challenges Georgia E-Voting Legality

WHO: Voters Organized for Trusted Election Results in Georgia, VoterGA, is a new, diverse, non-partisan coalition of Georgia voters and organizations.

WHAT: VoterGA will announce the filing of a voting rights lawsuit on behalf of all Georgia voters to seek relief from Georgia’s current method of electronic voting that they contend is illegal and unconstitutional.

WHEN: Thursday July 13, 2006 at 10:00 am

WHERE: Sheraton Atlanta Hotel

165 Courtland St. N.E. at the corner of International Blvd.

DESCRIPTION: The press conference will explain why this action is necessary and discuss content of the lawsuit. Upon completion of the conference, (weather permitting) we will take the lawsuit to the courthouse for filing. Please join us for this historic event.

Media Contacts:
Garland Favorito (404) 664-4044
Mark Sawyer (404) 325-2835

Other information:

For Immediate Release - July 12, 2006

Georgia election integrity groups are calling on the Georgia State Election Board and the Office of the Secretary of State to:

1) Immediately decertify the state’s Diebold Election System (DES).
2) Begin immediate preparations for the deployment of an alternative means of voting in time for the 2006 General Election;
3) To contract with an outside, independent source for parallel testing to be conducted randomly in precincts in 3 counties in Georgia --- Cobb, DeKalb, and Fulton –- for the primary on July 18, 2006, as recommended by the Brennan Report.

A security vulnerability recently exposed in the architecture of the DES is being called a "major national security risk" by computer science and security experts. The effect of this vulnerability is that voting systems could be infected throughout an entire state, enabling one attacker to alter election results statewide.

"It's the most severe security flaw ever discovered in a voting system," said Michael I. Shamos, a professor of computer science at Carnegie Mellon University who is an examiner of electronic voting systems for Pennsylvania.

This vulnerability represents an open backdoor that is part of the design of the Diebold TS-R6, which has been deployed in Georgia since 2002.

Diebold admits to this vulnerability but calls it a “feature.”

“Diebold Election Systems spokesperson David Bear says Hursti's findings do not represent a fatal vulnerability in Diebold technology, but simply note the presence of a feature that allows access to authorized technicians to periodically update the software. If it so happens that someone not supposed to use the machine—or an election official who wants to put his or her thumb on the scale of democracy—takes advantage of this fast track to fraud, that's not Diebold's problem. ‘[Our critics are] throwing out a 'what if' that's premised on a basis of an evil, nefarious person breaking the law,’ says Bear.

Not only did federal Independent Testing Agencies (ITA) miss this vulnerability when certifying the DES for Georgia, but Georgia’s state certifying agency, the Kennesaw Center for Elections, missed it as well.

It is clear that the state’s current mechanisms for detecting security vulnerabilities, including state and national certification and testing, are not sufficient to protect the state from election fraud.

Some aspects of this vulnerability were already known to the state of Georgia and Diebold from Maryland’s RABA report of January 20, 2004. Cathy Cox told Georgia voters not to be concerned, that Diebold had agreed to fix those vulnerabilities. Hursti’s tests indicate otherwise.

We believe there is enough evidence to warrant that the Secretary of State call on the State Attorney General to investigate whether Diebold has upheld its contract agreements with the state.

There are also indications that the state knowingly allowed voters to cast ballots in the last federal election on an insecure system. Case in point, in April 2004, Internet Security Systems (ISS) was called in by the governor to consult with the Georgia Technology Authority on the security of Georgia’s DES. They found that the system was not secure and could not be secured in time for the 2004 General Election. This information was not made public, which meant that voters unknowingly were allowed to cast their votes on an insecure system in that presidential election.

We do not consent to being forced to vote on an insecure, unauditable, voting system. Voting in a democracy is not about “trusting” that behind the curtain, individuals will do the right thing. It’s about systems of checks and balances, transparency, accuracy, security, and auditability. The state’s voting system fails on all counts.

“If Diebold had set out to build a system as insecure as they possibly could, this would be it," said Avi Rubin, computer science professor at Johns Hopkins University.

No election results held on Georgia’s DES can be considered legitimate.

We trust the Georgia State Board of Elections, the Secretary of State and the Elections Division will take the right action and immediately decertify the DES in Georgia.

John Fortuin
Director, Defenders of Democracy

Donna Price
Director, Georgians for Verified Voting

Share article...