A commenter over at DU asked which states used the ES&S iVotronic touch-screen voting system found vulnerable to an undetectable countywide vote-flipping virus which can be implanted by a single person, as we reported this morning.
Based on our quick review of a county-by-county database of voting systems, sorted by state, as made available by Common Cause (EXCEL spreadsheet downloadable here) just prior to the November 2006 elections, it looks like the answer is 16 states in total.
Since the EAC refuses, as our report detailed, to do their job in notifying Elections Officials about this incredibly serious vulnerability, it looks like it’s up to you to notify your state’s Secretary of State and/or county Election Officials! Details on the vulnerability and mitigating steps that may be taken are detailed in this brief report at VotersUnite.org as written by a computer scientist and voting system expert well familiar with the newly discovered flaw. Please refer your voting officials to both our original article, and that scientific report for more details at the following URLs:
The states which use the ES&S iVotronic affected (with firmware versions either 8 or 9, with or without a so-called “Voter Verified Paper Audit Trail”) are as follows:
- Arkansas
- Florida
- Indiana
- Iowa
- Kansas
- Kentucky
- Missouri
- New jersey
- North Carolina
- Ohio
- Pennsylvania
- South Carolina
- Tennessee
- Texas
- West Virginia
- Wisconsin
If we’ve missed any, or any of the states above do not use the system in at least one county, please let us know and we’ll amend the list.
The BRAD BLOG and You – Doing the EAC’s job for them. But without the $15 million budget (or the incomprehensible incompetence).
North Carolina…wow, who would have ever thought…
heh
Thanks Brad!
I am wondering how the author applies this statement about Sarasota voting machines to other states that don’t have the same version iVotronic?
Does the report says all other versions are affected, or is this all conjecture? It could be true, but we DONT know if for a fact that other versions are affected.
North Carolina and Ohio definitely do not have the same model of iVotronic as the machines studied in Sarasota. Any of the machines with the paper trail will have a different version than Sarasota.
Differences:
Ohio has one of the 9.+ versions as well.
We had audits, and we had manual recounts in several contests in the state.
I will be happy to contact my State about this if you can get a credentialed computer scientist to affirmatively state that this bug affects all models.
I can’t rely upon an anonymous computer scientist as advisor.
I believe that all voting systems should be examined, and when HR 811 is passed, we will finally have that opportunity.
Joyce,
The thing you need to do is ignore the information. Don’t warn your BOE that there may be a problem.
The vulnerability was found on Version 8 machines and there is no reason to believe it is not on Version 9. That’s according to the source.
But don’t say anything to anyone about it. The state might check and not find anything or they might check and find out the vulnerability is there.
Are John Edwards bashers allowed here?
For additional clarity, it was actually eight computer scientists who discovered the bug in the firmware v8.# systems, as opposed to a single “anonymous computer scientist” as Joyce suggested. It was that one scientist, however, who was kind enough to put together the specific warnings about what that bug actually meant, and how states who used both v8.# and 9.# could check and/or mitigate the problem on their own systems.
It’s a damned serious issue, and as ES&S has known about it, yet waited for someone else to find it (and only after an election contest, for which they fought any examination of their source code!), I’d suggest the onus is on ES&S to demonstrate that the prob isn’t still in v9.# systems and that the likelihood is that it is.
You guys fought for source code disclosure in escrow in N. Carolina. Your state could do the country a great service at this time by pulling it out of escrow and checking it for this issue.
It would be a service for the country whether the bug is there or isn’t there. So thank you in advance for pushing the NC folks to find out since they’ve got the access!
… Joyce McCloy pandered thusly…
“I believe that all voting systems should be examined, and when HR 811 is passed, we will finally have that opportunity.”
Actually, we can have the opportunity without enacting something as badly written as “Holt II” into law and screwing things up even worse than they are now for years to come.
I copied the post and sent it to my WV SoS.
She’s Republican, so there’s no telling whether it will be read, but there’s no excuse now for not knowing of the problem.
Thanks you, MarkH!
Senator Nelson’s S. 559 would assist in finding bugs in EVM software:
(Section 247, emphasis added).
Funny, that’s the exact same text as in Holt’s hr.811… so what’s up with that?
Oh, right… It’s Holt II part 2!… the two bills are almost identical in text, with s.559 having a couple of good ideas that hr.811 doesn’t have… neither of which applies to the text above.
The problem with that text, Dredd, is that it immediately decertifies every form of electronic voting machine in use in the U.S… every EVM. And every electronic voting aid as well…
http://www.bbvforums.org/forums...591/46677.html
…which means it becomes a multi-billion dollar unfunded mandate that requires technology that doesn’t currently exist to be implemented immediately.
ain’t gonna happen.
So the question becomes “What will the bill they actually pass do to fix this impossible demand?
And the answer is: remove the impossible provision. And the “e-voting or no voting” people at ACCURATE have already given their oh-so-helpful guidance on how to accomplish this… restrict any disclosure of source code to “qualified” people.
Do you want to place bets on just how qualified you’ll have to be to be allowed a glimpse of the machinery that runs our supposed democracy?
John Gideon said:
“COMMENT #3 [Permalink]
… John Gideon said on 4/16/2007 @ 8:53 pm PT…
John, why don’t you send your big news to the North Carolina State Board of Elections???
Do you think that I have to send it for you?
There’s no way that the NC SBOE is going to act upon information that no computer scientist will put his name on.
But please by all means, YOU should send it in. You have an organization, you send out daily news, you are the one that believes that your information is all that is needed in order for my SBOE to act. You know the computer scientist….
When computer scientists like David Jefferson have put their name to the information, like his opposition to the VVPAT on the ES&S iVotronic I have sent it to our SBOE and followed up.
Brad, you said:
And Brad, I advised you that the only computer scientists who wanted to review our source code in NC were not willing to work pro bono, they weren’t willing to follow the requirements of our law, and they weren’t willing to come to NC to do the work.
Everyone wants to do it if: we will pay them, they can publish a report on what they find, if they can do it in their home state, etc.
My SBOE is not going to give creditability to nameless sources for problems that exist with a different version machine. This same SBOE has already responded to my inquiries about other issues about Sarasota’s machines, and our SBOE has already made it clear to me that they consider these machines to be quite different.
You are welcome to send your information to the NC State Board of Elections if you wish. Its not a private organization, and I even link to their site from mine.
Brad, notice this nasty comment posted along with the others?
Its that type of nasty and low brow comments that have caused many people to stop dealing with you or fooling with this blog.
You let people trash other people in your comments section, you let it happen before, and people lose trust in you because of it. You lose part of your audience. I know I don’t forward the Brad Blog articles any more. I have had enough.
Its all about trust. When you allow people to trash others on your blog, YOU are responsible for it.
Unlike “the_zapkitty”, who smeared me on your blog, I use my real name.
I used to make it a point (over a year ago) to refer people to your blog, but not anymore.
Anyway, I saw the insults and smears (not new here) and in disgust posted this comment. I know that things wont change, I spoke to you about similar problem a year ago, and its still going on.