New Vulnerability Discovered on Touch-Screen Systems Made by One of Country's Largest Voting Machine Companies Will Affect Elections in Dozens of States!
California's Secretary of State Bruce McPherson Denies Knowledge of Vulnerability Well After His Office Had Been Notified...
By Brad Friedman on 11/2/2006, 3:32am PT  

"Just push the yellow button and you can vote as many times as you want," Tom Courbat, an Election Integrity advocate from Riverside County, California informed The BRAD BLOG tonight. Not that we're in any mood to report more such stories, but this seems to be a big one. A very big one.

It seems there's a little yellow button on the back of every touch-screen computer made by Sequoia Voting Systems, that allows any voter, or poll worker, or precinct inspector to set the system into "Manual Mode" allowing them to cast as many votes as they want.

Concerns about the flaw were first reported some thirty days ago to California Secretary of State Bruce McPherson's office by Ron Watt, a Tehama County, CA precinct inspector who has been a poll worker in the county for the last fifteen years. And yet, as recently as a radio interview last Tuesday, McPherson --- who has been crowing about having the country's most stringent security process for voting systems --- denied he was aware of any security issues with Sequoia systems.

"They didn't care about it," Watt told us tonight about his "late September or early October" discussion with McPherson's voting systems chief Bruce McDannold. "He said he didn't think it was an important issue. He said I don't believe this is really a vulnerability."

Watt and Courbat disagreed and placed another phone call to the SoS' office on Friday after Watt received a copy of Sequoia's "Poll Workers Guide, Booklet #5: Troubleshooting" via a public records request in Tehama. On pages 19 through 22 of the booklet --- which is marked as "Confidential and Proprietary" --- he confirmed the simple manual override to the system. He'd learned about it years earlier and the new manuals confirmed that button was still in place. Even in the latest models of the Sequoia Edge voting systems (both models 1 and 2).

The complete sequence to override the system and enter manual voting mode, along with the Sequoia booklet received via Watt's public records request, is now posted here at BlackBoxVoting.org.

Watt had been taught to be a poll worker trainer by De La Rue, the former parent company of Sequoia, years ago when the systems were first brought into the county. The two men placed a conference call with McDannold last Friday after receiving the booklet. McDannold again reportedly downplayed the concerns, but said "he'd look into it," according to Courbat.

He called Courbat back on Monday afternoon to say Sequoia technicians had been in the SoS office and had confirmed the vulnerability. (A complete transcript of McDannold's Monday phone message left on Courbat's cell phone, confirming the security issue and describing the actions --- or lack thereof --- being taken, is at end of this article.)

Sequoia's voting machines are perhaps the most widely used in California, in some 19 different counties, including both Tehama and Riverside, which is known as the "Home of E-Voting" as it was the first county in the nation to deploy such systems. But identical Sequoia machines are also used in dozens of other states around the country including Florida, Illinois and elsewhere.

Thanks to the diligence of Watt and Courbat, it is now confirmed that all such systems are completely vulnerable to virtually anyone who wishes to cast as many votes as they please.

"I can do it in 18 seconds," says Watt. "I can train you to do it in 3 minutes. Just push the yellow button, wait 3 seconds and it chimes. Push the yellow button again, wait 3 seconds and it chimes again. Then it's all on the screen prompts. You're asked 'Do you want to enter manual mode?' and you push 'Yes'...And then you're on your way."

"You can then vote as many times as you want. You won't ever have to stop until someone physically restrains you from voting," he explained.

"But wouldn't someone hear the chime?" we asked...

"No, it's barely audible. Quieter than the beep on your computer when it boots up. The systems are usually kept up against the wall to be near a power outlet and away from the poll workers for privacy. Plus, if you really wanted to pull it off, just come in with a friend and have them talk to the poll workers to distract them. Nobody would ever know."

McDannold's message left on Courbat's cell phone Monday confirming the issue. "Sequoia was actually in here this morning giving us a demonstration of the feature and how it works and how you would set it up and put it into that mode," said McDannold.

He claimed that the SoS office had then contacted all California counties using the Sequoia Edge and said "they are all doing poll worker training" and "putting signs up to warn people about the severe penalties for tampering with voting equipment uh which is would fall under---- most of them are putting signs actually on the machines."

"They are also being very conscious of the placement of the equipment so that they can observe, actually many of them are - have already planned to assign staff members to do nothing but just watch the machines for that purpose to make sure ah nobody is reaching around or doing anything," McDannold explained on the recorded message.

"It's not the voters we're worried about doing this," Courbat said. "It's the Precinct Captains and Elections Officials across thousands of precincts across the country. This isn't unique to Riverside or Tehama. Tens of thousands of votes can be stolen across the country," he added.

Courbat was furious at Sec. of State McPherson, who has been touting his record on security issues for voting systems on the campaign trail. A record, we might add, that seems to have little in common with McPherson's frequent public claims. He has certified system after system in the Golden State despite scores of vulnerabilities, inaccuracies, failures and malfunctions found in each of them.

McPherson is currently in a tight race with his Democratic challenger, State Sen. Debra Bowen, who has been a long time champion of Election Integrity and security issues, as well as transparency for such systems and in government as a whole. She has also been critical of McPherson's lax security standards, such as allowing hackable Diebold voting systems to be sent home with poll workers on "sleepovers" for days and weeks prior to elections despite serious vulnerabilities, more than 16, found by McPherson's own team of computer scientist advisors at UC Berkley.

From the radio debate on KCRW this Tuesday, the following exchange occurred concerning this development:

WARREN OLNEY [HOST]: Senator Bowen says that she discovered just today that Sequoia machines will deliver multiple votes if you just hold down a yellow button in the back for three seconds. Did you know that?

Secretary McPherson: I think she, uh, that has not been detected in two elections. It’s interesting that she should just bring that up a week before the election.

Olney: She said you just found it because of a Freedom of Information request and says you must have known it.

Secretary McPherson: No, that is not true. That is not true. I think she is throwing a lot of fear and doubt out there, and it’s unwarranted.

UPDATE 12:22pm: Bowen's campaign has just released a statement on this matter. We'll link up here as soon as it become available online...

"If McPherson says he didn't know about this on Tuesday during that interview, after his office had been notified long ago, then he's lying," Courbat charged. "McPherson had to know by Monday. He either knew about it or his staff never told him, in which case they need to be fired on the spot."

But if Watt knew about this vulnerability for years himself, why didn't he say something prior to 30 days ago?

"Ya know, I always thought people were honest. I really did," he told us during tonight's phone call. "I didn't really think anybody would exploit something like this. I just thought the best of people. But now I feel differently. After this last election, the Primary Election on June 6th, I saw things I couldn't believe. After all this talk about security for these systems, and chain of custody stuff...I saw the chain of custody issues just thrown right out the window in Tehama County," he said.

"Maybe it was naiveté before, I don't know. But after what I saw in that election, it just suddenly dawned on me. We've got a very serious problem here."

###

The transcript of the phone message left by Bruce McDannold on Tom Courbat's cell phone follows in full...

T-R-A-N-S-C-R-I-P-T

10-30-06 Voice Mail Message from Bruce McDannold – CA Secretary of State’s Office, 4:34 p.m. [2 minutes, 40 seconds duration] left on cell phone of Tom Courbat.

Yes, Mr. Courbat. Bruce McDannold from the uh Secretary of State’s office. We spoke Friday night and I just wanted to get back in touch with you.

Since we spoke, we have ah reviewed the information. Sequoia was actually in here this morning giving us a demonstration uh of the feature and how it works and how you would set it up and put it into that mode [the manual mode that allows continuous voting on any Sequoia Edge I or Edge II machine]. We’ve reviewed it with them and I have to at least notice or note that that’s not an easy thing to reach around and go through that sequence unobserved.

We’ve also spoken with all the counties ah that are Sequoia users today and verified they were all aware of that as a feature for the backup purposes, of course, that we discussed and why that feature was put in. Uh, they’re all aware of it, they have all of them been training their staff and are continuing to train their staff and their poll workers on observing that and watching the equipment um during the day for uh any use of that system or people reaching around certainly or too long in the voting booth or the audio beep that it automatically emits every time you try to put it in that mode there’s also an audio warning that goes with that so, you know, it’s an important kind of mitigation being aware.

They are all doing poll worker training ah they’re all putting signs up to warn people about the severe penalties for tampering with voting equipment uh which is would fall under---- most of them are putting signs actually on the machines. They are also being very conscious of the placement of the equipment so that they can observe, actually many of them are - have already planned to assign staff members to do nothing but just watch the machines for that purpose to make sure ah nobody is reaching around or doing anything.

And then of course, um a final important component is, they’re all required to do balloting accounting afterwards to verify and demonstrate that no one has ah tampered with the machines or put any extra votes on it. So ah we’re confident at this point that there are effective mitigation strategies out there --- everybody’s clear that the essential [potential?] danger and alert to it, confident that it won’t be affecting the election. Hopefully that answers your questions and puts you at a little more at ease. If you have any further questions or want to get back in touch with me, my number of course is 916-653-7244.

Thanks

Share article...