California’s new Secretary of State, Debra Bowen, has flatly rejected a request from Riverside County, CA County Supervisor Jeff Stone to participate in a “hack test” challenge originally proposed to Election Integrity Advocates in response to their concerns about security and accuracy for the county’s electronic touch-screen voting machines, The BRAD BLOG has learned.
In a letter sent to Stone last week obtained by The BRAD BLOG (posted in full at the end of this article), Secretary Bowen found that though there was no state law to prohibit such a test, her office would not participate, in part due to the narrow restrictions initially insisted upon by Supervisor Stone.
In her reply to a letter sent in early January to outgoing Secretary of State Bruce McPherson just days before he would leave office, Bowen wrote, “I am not aware of any state law that would prohibit the type of security test that you described in your letter.” Unlike Bowen, the former SoS had been seen as far more favorable towards relaxed security issues for electronic voting.
As The BRAD BLOG originally reported last December, Stone had initially challenged local Election Integrity advocates “a thousand to one,” during a public hearing, that a programmer would be unable to “manipulate” the county’s voting system.
In her letter to McPherson Bowen joined other computer security professionals who had previously rejected Stone’s unilateral suggestions for ground rules, calling them “overly narrow,” potentially giving voters a “false sense of security.” Stone had written to the former SoS that just “15 minutes would be allotted” for the test and the programmer who accepted the challenge — noted computer security expert Harri Hursti — would be prohibited from using any tools or reaching around the back of the machine. “In every sense,” Stone wrote, “he would be like any voter on Election Day approaching a voting unit at the polls.”
Bowen, however, balked at Stone’s unilateral ground rules, writing in response…
As you know, voting equipment is subject to tampering in a wide range of settings.
This test you have proposed wouldn’t address the issue of whether a someone who can reach around the back of the machine undetected or can bring a tool into the voting booth without being noticed by a poll worker will be able to gain access to the machine.
As well, Bowen also highlighted the point made by Election Integrity Advocates, computer security professionals, and even the Baker/Carter “Blue Ribbon” National Election Reform Commission that made the point that the greatest threat to e-voting security likely comes from election insiders, such as officials or poll workers who have been allowed to take pre-programmed, election-ready systems home with them in the days prior to the election as allowed by Riverside County.
Such insider access is seen as a far greater threat to security than that from voters on Election Day. As Bowen wrote in reply…
Stone originally challenged the Election Integrity advocates from DFA-Temucula Valley’s “SAVE R VOTE” project during a public comment period, on video-tape, to bring in a programmer “to verify that they can manipulate” the county’s Sequoia touch-screen voting system. “I’m gonna bet a thousand to one that they cannot do it,” Stone said.
He went on: “Maybe we should bring the media in and let’s see if your programmer can manipulate that machine. My guess is that it is not gonna happen, but I’m willing to take a chance on that.”
Both The BRAD BLOG, and even the local media — we’re happy to report — has been covering the story ever since.
(Full text transcript of Stone’s challenge is here… All of our articles following the “Riverside Challenge” here…)
Days after Stone’s challenge, Hursti — who had previously hacked voting systems made by Diebold in several states, most famously in HBO’s documentary Hacking Democracy — stepped forward to accept the challenge along with a number of Election Integrity advocates who put up $1000 to meet Stone’s challenge.
Stone, the rest of the Board of Supervisors, and Sequoia Voting Systems, Inc., has been hemming, hawing, waffling, and attempting to create roadblocks, such as in Stone’s letter to McPherson, ever since, in apparent hopes of avoiding a much-needed and legitimate security penetration test.
Bowen’s letter will likely make it more difficult now for Stone to either avoid such a test or otherwise admit that even he has lost confidence in the security of Riverside County’s touch-screen voting system.
Riverside was the first county in the nation to introduce touch-screen voting. Sequoia’s systems have been found vulnerable to hackers and manipulation on a number of occasions, including an accidental hack by a pro E-voting professor in Pennsylvania and the revelation of a yellow button” on the back of each touch-screen voting machine that allows a voter to vote as many times as they wish, and more recently a Princeton University professor announced he was able to gain access to the internals of the company’s touch-screen voting systems in less than 10 seconds after purchasing an older system off the Internet for $16.
Earlier today The BRAD BLOG reported that undervote rates dropped some 69 to 85% in minority areas after the state of New Mexico moved from Sequoia touch-screen voting machines to paper ballots in the wake of their disasterous experience with the systems during the 2004 Presidential Election.
This story, no doubt, will continue…
Bowen’s February 20, 2007 letter to Stone may be download here [PDF]. The text of the letter follows in full below…
February 20, 2007
The Honorable Jeff Stone
Member, Board of Supervisors
County of Riverside
29995 Evans Road, Suite 103
Sun City, CA 92586
Dear Supervisor Stone
Thank you for your January 3, 2007, letter to former Secretary of State Bruce McPherson concerning your proposal to invite a programmer into Riverside County to test the security of a Sequoia Edge II voting unit with a VeriVote printer.
I am not aware of any state law that would prohibit the type of security test that you described in your letter. While California Elections Code Sections 18564 and 18564.5 prohibit tampering with voting equipment, these provisions only apply to voting equipment used in the context of an actual election, which would not be the case in the exercise you are proposing. I cannot provide formal legal advice, however, so you should seek the advice of your County Counsel if you have questions about the legality of your proposal.
As to your request that the Secretary of State’s office participate in this demonstration, I must respectfully decline. While I appreciate and applaud your goal of increasing the voters’ confidence in the systems they use to cast their ballots, an overly narrow test such as the one you have constructed would, at best, prove very little and, at worst, give voters a false sense of security. Your demonstration, if the results are as you expect, can prove only that it is difficult to successfully tamper with voting equipment in a limited time frame in polling place setting if poll workers have the ability to preclude voters from taking certain actions (e.g., reaching around the back of the machine) and/or bringing in certain items (e.g., tools) into the voting booth with them.
As you know, voting equipment is subject to tampering in a wide range of settings.
This test you have proposed wouldn’t address the issue of whether someone who can reach around the back of the machine undetected or can bring a tool into the voting booth without being noticed by a poll worker will be able to gain access to the machine.
More significantly, as I understand the test that you’ve constructed, it wouldn’t address the larger issue of whether someone who has access to the voting equipment before the polls opened or after they closed could interfere with the proper use of the equipment.
As Secretary of State, I intend to begin a thorough review of all voting systems currently certified for use in the State of California. I have asked county elections officials for their help as I develop the protocols for this review, and the public will also have the opportunity to review and comment on the proposed protocols before they’re formally adopted. I will make as much of the review public as possible. Unfortunately, given that much of the voting system software is proprietary in nature, that portion of the review will not be opened to the public.
I believe this review will benefit not only the voters of California, but all election administrators who rely on voting system technology as well, and I invite you to participate in the process.
I appreciate your interest in reassuring voters about the integrity of the election process, and I welcome your help in furthering this goal.
Sincerely,
Debra Bowen
Secretary of State
DGB:elg
More nonsense on a nonsense story. Clutter and chatter by people who don’t actually do anything anyway. I’ll stand by all my previous posts on this enormous waste of time and energy. Brad’s right, I’m right, you’re right, Bowen’s right, The Honorable Jeff Stone was right (he thought the problem was in the voting booth, now he’s getting his election education), everybody was right. Move on to the state review of systems and let this limp little story die.
Nice try, Howdy. What type of machines are you guys using up there in Santa Clara? Do you believe your voting systems are secure?
Because Riverside (and thousands of other counties around the country) have been running around lying to voters, telling them their vote is secure and/or accurately counted.
If this is what it takes to help both voters and officials like Stone realize they are putting OUR democracy at risk, then so be it.
They’ll get on with it (the State), but this story shows the lengths to which the county that is “the birthplace of e-voting” will go to bury its head in the sand and continue to insist it has a perfect system. It is a sham perpetrated on the voters in Riverside County and the hack test, if done under “real world” conditions would demonstrate to the universe that the system is vulnerable.
Until this is done, the county will continue to insist, without evidence, that all is well in the world of e-voting in RivCo (and hence in the rest of the Sequoia world).
This may seem like a limp story, but it is the underpinnings of getting the message out about how entrenched election officials and governing boards are about their huge investment in unreliable equipment delivering unreliable results and putting the whole issued of who is in office legitimately in doubt.
I, for one, thank Brad for staying on this continuing saga, as it will truly serve as a learning laboratory for other election integrity advocates.
It’s not just about Jeff Stone, or the RivCo BOS, it is about how one county continuously stonewalls all attempts to verify and validate an election system that is in shambles and tries to convince the public that “Mission Accomplished” – all is well here. Move along, just move along, nothing to see here…
This is a great bit of news. Debra Bowen has stepped up on this one, and I await her review of all Cal. voting systems is something that her predecessor should have done long ago. Go get ’em, Secretary Bowen!
As Gomer used to say, “golllly.” Looks like Bowen has seen through Stone’s ignorant attempt to make the test pointless. Why not restrict the hacker from being any closer to the machine than Australia? The loser made his bet and has done nothing since then but try and renege on it. He tried to get the industry lackey on board with him before he left office, but he left it for Bowen. With this letter to the coward of the county, Bowen has delivered for the people who elected her and the future of democracy. Makes me mighty proud that I’m one of those who voted for her.
Debra Bowen for President!
http://edition.cnn.com/2007/WOR....ap/index.html
SUICIDE ATTACK ON CHENEY
I stick to my guns.
JUST PLAIN HACKIN . ANY FUCKIN BOX . I WILL CHANGE THE RESULT
POP THE COVERS . I CAN DESTROY IT IN ONE SECOND
Howdy, this is a story which exposes the mentality of one of the election war lords, Jeff Stone, who sees democracy as a game of dare. And like any infantile he wants to control the rules to ensure he “wins”. Pathetic.
It may not be the biggest story, but it surely does work like the canary in the mine used to work for miners deep underground. The canary may not be a big part of the whole mining picture, but if that canary goes the whole mine will follow unless the miners heed canary reality.
Or perhaps it is like the story of the honeybee disappearances:
(Full Story, emphasis added).
When the health of a system is shown to be in danger on a small scale, that is the time when fixing it can be done without experiencing a great crisis.
It all comes down to how well trained the ears and eyes are to see the first small breakdown in a system … then put the thumb in the dike and signal an emergency … while it is just a small drip instead of a Katrina sized monster.
Bowen is right on the money. Any corrupt election official wishing to commit
VOTER FRAUDVOTING FRAUD would be able to wait until the polls were closed and go through the poll books to see who didn’t show up and replace their votes with something more “desirable” with time to spare, and THE YELLOW,(ballot stuffing), BUTTON.Bowen runs the state elections, not the county supervisors. Most of them are just trying to help their contractor buddies build more houses. That’s why I think this story is a waste of time just like the Secretary of State apparently does.
I think Mr. Stone has had his elections lesson. He’s found out he was confused. That’s why I initially said he wouldn’t want anyone to remove panels. I was scoffed at. (who’d have thunk it?)
See, I agree with Larry here. No one needs elaborate instruments or tape or tools or compliant pollworkers. Just fix the vote and move on. County supervisors wouldn’t have any more clue than my dog.
I think Santa Clara uses Sequoia so they’re in the same boat as the rest of the State.
This will help show the point I’m trying to make. http://www.gjsentinel.com/news/..._election.html THIS is the type of official we need to lean on. Not the County Supervisor but the elections supervisor. THIS gets the election people in CO’s attention. It’s things like this real-world list of problems not the peeing contest in Riverside.
Larry, I’ve come to believe that we can use the model of an open source machine which prints a ballot having human readable and barcoded information, including time stamps. That ballot would then be countable either by optical scan or by humans, and the data should be absolutely identical — tampering would be hard.
Also, I’ve linked this post here: Democracy in California.