sad
you can't put people in charge of this stuff that don't understand it; it just wont work.
EVER.

Source code irrelevent???

Stalin lives! Taxpayers just pay Lamone's salary - It's not like she actually works for the people. We should trust or government officials as they trust the private voting machine vendors. Those who count the votes really do decide everything - including when to end the interview!

Lamone looks VERY uncomfortable about being asked ANYTHING that gets to the heart of the matter. Reminds me of a professor or an elected official who puts herself far above the pesky lowly "peons" who have the nerve to ask questions. She is either in bed with Diebold (Premier!) or just doesn't want to let the truth out, or just doesn't know. All scenarios are frightening. She claims great comfort with the scandal-wracked ITA system. I guess she thinks we're all morons drinking her Kool-Aid!

That's a really interesting point...these run on the executable code and therefore the source code is not available to them. So, the question is, "Who provides the executable code? Diebold? The Republican party?" These machines are computers. Come on, people, have you ever used a computer? You're using one now. Computers are dumb. They have to be told what to do. Have you ever pressed the icon for Internet Explorer and Firefox comes up instead? I don't think so. I would love to know the real numbers for our recent election. The landslide must have been tremendous to counteract the "executable code."

The woman being interviewed doesn't know how software works. The binary executables might as well be made from cake for all they tell you about the source code that compiled them. If the source code tells the executable to ignore every other vote for X nothing in the executable code (what ever that means) would tell anyone anything at all about it. I'd say it's a fair bet that Obama won considerably more votes if any of these tainted machines were used in the 2008 election.

That was a very interesting video. Watching Lamone was a learning experience.

Lamone did not want to have her faith in the integrity of the source code shaken. It was about to be. At one point she looked like she was going to cry, when she twisted her head away and vehemently refused to entertain any doubt about the source code. If she had used the brains in her head, I believe she would have had to entertain the doubts that the reporter was raising. If she kept listening to the reporter's questions, her brain would have had no choice but to work. Rather than that, she simply ended the interview.

Brainwashing is a powerful tool. Self-brainwashing is even more powerful, I'm guessing.

I think she is right. You test executable code not read source code to confirm the system is working right.

But ... I would much prefer a tablet computer with touch screen ballot that prints a completed paper ballot that is read by an optical scanning system. I would also like to be able to add an identifying code to my voted ballot and have each printed ballot add a unique key which allows me to confirm my vote from a web site tied to the voting database. After the election I could see how my vote was counted by entering the unique key and the website would return how I voted and my added identifying code. No else would know my identifying code or the unique key.

I find it fascinating listening to officials answer questions like these, It's a predictable pattern how they do the blame shifting game, oh the EAC and NIST, the Escrow, the this the that.
I remember the videos (there were quite a few) where Bowen had public comments, each time an election integrity person would come up their question about the machines were shown to be focused yet never answered.
Yet (almost) every time we'd hear an election judge this same pattern in these videos is followed, along with complaints about how it would be too expensive to use paper pencils and people instead of electronics.

Then we could visit say BlackBoxVoting.Org and find the interesting video about the construction workers who started digging into King Co., Washington elections and found all kinds of bad stuff going on behind the scenes. Lots of agencies, lots of red tape, even changes in the law to hide stuff.

That regular Americans can and do show these technologies are vulnerable in cases, unvalidatable in cases, and even illegal in cases, is amazing in an of itself, but when these same regular Americans try to stop these activities they are met with locked doors, armed law enforcement, un-returned calls, monetary barriers, backdoor legislation, crammed legislation, bad legislation, blackouts in media, and a cold shoulder from most representatives, hardly any punishment for crimes or worse punishment of the wrong people for exposing and whistleblowing.

Even their websites are designed to not be friendly to feedback. (A complaint I have had which I have not heard around here) Forcing issues to be classified under pre meditated drop down lists, automated replies, no replies, bad searching / grep tools, proprietary formatted pdf's, doc's, which are not listed in searches, numeric coded documents vs. plain english filenames, etc. You literally have to download every document to find what your after sometimes. Some of this is not possible on a modem. I was just talking about government websites, should we look at the errors on Diebold's own website? I ain't even going to bother to look that up, you can find in the vast pile here on bradblog somewhere. Which is another thing back to government websites again. The data involved in this since these horrid machines were introduced has multiplied insanely, it's not even proportional to growth for example on my own Secretary of State website ss.ca.gov, where "other business" was most of the website, now I would have to bet that electronic voting machine problems are the most of the website. If these machines were outlawed nationally, all of that legal, technical, research, security crap could be deleted, and the people could again focus on "other business."

Add in monetary barriers, non disclosure agreements, legal expenses, the lies, the media spin. (Just when you think the media are going to crack open this pandora's box, they stab us in the back again, under reporting, misreporting, outright lies, and blacklisting topics.)

And finally add in fast-tracking of the swearing in process via jet aircraft, recounts that are aborted, meaningless recounts, expensive recounts, candidates that quit, recounts that prove the wrong candidate is in office but no action is taken, no legislation or law to do the right thing and remove that person, jurisdiction problems, and the plethora of nonsense laws, terminology, operating procedures, results, feedback paths, each local precinct, state, city, county has across the nation.

You'd think these electronic devices would be nationally outlawed by now. Common sense.

Instead we get more of them, so I don't think it's their brainpower that is at fault, it's their rubber stamp that this activity is okay, and rarely punished. They knowingly and willingly force voters harshly out into that dark night.

But as the video clearly shows, they do not like "shining bright lights."

I doubt the interviewee would allow them self to be put into that situation again, I be she even has a security barrier, a phone tag barrier, a automated email barrier, a scheduling barrier, etc. I could be wrong, but I doubt it.

Their insolence and arrogance is never punished, in fact they are now masters at manipulating live situations with public citizens into a domestic terror threats. You can't ask a question when your locked up in solitary. They also use timing as a weapon. examples are: Which day what document get's released. Which day laws take effect, which days things happen. It's all control. And we are at a disadvantage. They have pre-planned this, we always react after it's too late.

On a much much deeper level, technically what she said could be interpreted as correct e.g.,

"who care's about the source code"

She just didn't fill in the rest...

THE CHIPS CAN BE SPECIALLY CRAFTED BY THE MANUFACTURER AT THE DOPING LEVEL!!! WHAT THE DATA BOOK SAY'S ABOUT THE SPECIFIC PART NUMBER AND THE ACTUAL LOGIC INSIDE **CAN BE DIFFERENT**

How are YOU going to test every semi-conductor device at that level that without destroying the device itself!?

But the programming part of me also can say, "BS."
That lady probably don't even know html for god sake. Let alone what ASM is. And when you get to that level we are back at LOGIC again and back to electronic signals again which are PHYSICALLY INVISIBLE. (Common sense physics 101.) Being invisible, no public oversight is possible,

(Sorry for the second post, I was going to say that big block of bold wasn't supposed to be bold, but like usual my mind wanders when I hear such arrogance.)

Oh god I Left an open bold TAG again CRAP!!! This post CLOSES THEM

{Ed Note - No, it didn't. But I did it for ya, Phil. You're welcome --- BF}

... Chris said in comment #7...

"I think she is right."

Then you are wrong.

"You test executable code not read source code to confirm the system is working right."

Wrong. You must have the source code, the exact build environment, and the exact same compiled executables using that build environment running in the machines used for voting... and you can't be sure.

And electronic voting machines (evms) labor under an additional requirement not found in ordinary applications in that the input must not be able to be matched against the output i.e. the voter must not be able to be connected to their vote... both to protect the vote and to protect the voter.

The source code is hundreds of thousands to millions of lines of code, depending on the evm... and Windows, that paragon of security, adds millions of more lines of hiding places. And Clint Curtis, Ed Felten etc etc rigged vote-flipping programs in just a couple of dozen extra lines of code.

The build environment... the compiler and machine and exact settings used... these also must be verified identical in all cases... because there are clever hacks that can cause the source code to compile apparently clean on a certain test machine and yet compile with malicious code under different conditions.

As for just testing the binaries themselves... all you know to test is what the people who sold you the binary told you to test.

You can try to probe for built-in weaknesses... but where to start? And perhaps more importantly... where to end? In the end you wind up effectively reverse-engineering the source code... which is VERBOTEN!

And even if you had source, build environment, and compiled binaries under some fantastical control regime (and I literally mean fantastic) even then it all goes out the window when somebody sticks the first memory card in.

Hint: Lamone does not utilize any control regime... much less a fantastic one. Control is held, in ascending order of authority, by the voters, by the polling station pets, by the election bureaucrats, by the polling station techs, by the evm corporations, and above them all... by whoever had access to the system last (directly or indirectly.)

"But ... I would much prefer a tablet computer with touch screen ballot that prints a completed paper ballot"

This is workable, it still exposes the disabled to the malware hazards already discussed, but there's currently no real solution to that.

" that is read by an optical scanning system."

You are aware, are you not, that optical scanners were the first evm's to be publicly hacked in tests?

"I would also like to be able to add an identifying code to my voted ballot

And this again... you're not the first to venture this, and you will not be the last to venture this as it seems a simple answer to the problem... but in many ways is the worst possible answer.

We, the electorate, cannot allow you to do this because it enables you to sell your vote... whether or not you actually want to sell it.

To paraphrase my response to this suggestion in another thread:

Because you really, really don't want that...

Because you really, really don't want Dick Cheney and every CEO on the planet able to know exactly how you just voted against their best interests.

Because you really, really don't want to hear the following: "Nice family you have here. Be sure to drop by my office with your receipt after the election."

No. Not unless you're willing to put us and yourself and your loved ones at risk.

"No else would know my identifying code or the unique key."

Until sufficient pressure is brought to bear....

Does anyone have a complete list of Diebold Lobbyists and their connections to Elections officials / Secretaries of State? Betcha that would be enlightening.

I noticed this post: ECOALEX said “I stoped voting at my precint Mt Ranch, because they segregate the voters by party affiliation..”

Let's say they program one set of memory cards for Democrats and the other set for republicans. If so inclined a poll worker or elections official could pocket one or two here & there. Unless there's a checks & balances procedure on the memory cards ...

OK ... Then Let's have a gander at the Executable Code!
~

Wilbburrr... ~ The executable code may actually be more interesting as long as it's the real McCoy in all.

Disgusting. She reminds me of Czech bureaucrats and politicians, who think they're the bosses. She needs ner memory refreshed: she works for the taxpayers and is 100% answerable to them. Her behavior in this "interview" should disqualify her from ever holding another position as a public servant. It's sick, how far down from its head the fish has rotted. Even that video clip gives off a vile odor...

I've seen that (or one just like it) before, her politburo handler didn't want her answering more questions
...did you see that look over her shoulder? She actually started getting nervous.
I even remember at the time asking who was she looking at before she ended the interview.

I guess when I read the p=3719 link by Abrahams a couple of years ago it was just like I had imagined it to be...good copy for me to remember it that long ago...scary even

Executable code can be decompiled. Imo ...For $$$ mfg's would stamp obscenities on chips . . .

Who is the off-camera person she was talking to?

... Bamboo Harvester said...

"Executable code can be decompiled."

But decompilation is reverse engineering the binary and that is why such things are strictly forbidden.

And decompilation still can't give you the original source code and current decompilers still leave large gaps where things like statically-linked Windows libraries are concerned.

ZAP reversing gone wild!!! ;o) how many hex editors do you use? (My answer is about three)

BRAD, Thanks!!! (For fixin my screwed up code)

I know I am badly behaved here from time to time, but I hope you know I love you and I know if I do completely bad, MY own post go belly up. I completely authorize it!

ZTREE www.ztree.com can ruin a compiled executable's day --- old school, hard core. and no this ain't an advertisement. Although KIM kicks ass!! Where are the hard core people on this issue?

The interviewer would be Ms.Rebecca Abrahams. Then of ABC News. Ms. Abrahams did a huge amount of work on election integrity issues. Almost none of it ever aired on ABC at the time.

I saw this footage just after it was shot. It's not less shocking to see it today. I still marvel at the willing and mean ignorance of it all.

Paper Ballots. Uniform Design for all Federal elections. It is not that hard.

Zapkitty # 11

Great!

HaHaHa...laughing as I cry...that BITCH is still here? Someone, please tell me when WE the People will consider our election systems a national security issue?

Good reason to hold his feet to the fire...the fix could have been in?

Brad, why don't Websites save these videos before posting them? A lot of these videos get deleted by YouTube shortly after they're included in an article. For example, this one is no longer available.

Phil ~ There's nothing like a good spanking from agent 99 to relieve you of any feeling of guilt...

This video and posting is really odd on a number of counts.

First of all, who was the interviewer? And who is Lamone leaning back and talking to? (A lawyer? Someone from Diebold?) Please instantiate.

Secondly, the interviewer's opening comment was that Avi Rubin has "asked to examine the Diebold machines", not the SOURCE CODE. Her question then was "should independent computer scientists be able to view the machines actually as a show of voter confidence?" Lamone replied "that's not my decision to make, I don't HAVE the source code other than through an escrow agent..." But that's NOT what the questioner asked --- she asked if the MACHINES could be reviewed. It was Lamone who turned the discussion into being about SOURCE CODE, when it was originally about asking to review the MACHINES.

Then, there's the whole misunderstanding about source code being a "layer underneath the machine code" that both Lamone and the interviewer misrepresented. This interviewer does NOT know what she's talking about or she would not have responded "right" when Lamone said "we have access to and can see all the executable code, that's entirely different from the source code." It's NOT right. The executable code CANNOT be SEEN (unless one looks at binaries, and MD doesn't look at those either). What they "examine" is the RUNTIME ENVIRONMENT, by performing blackbox testing. Further more, If the interviewer really understood what she was talking about, she would not have parroted back Lamone's INCORRECT assertion that the source code is the "layer beneath the executable code." The source code IS NOT A LAYER.

And finally, with regard to Brad's "good news" on this story --- please note that in NJ there is a state law as well as a court case that mandated paper ballots for 2008. Thanks to Governor Corzine's extensions, NJ didn't see 'em in any of the 2008 elections, and there seems to be no indication that they'll be put into place at any time in the future. The lawsuit winds on, the law stands, but so do the paperless Sequoia DREs. So, if you think a state law really means that MD will be getting paper ballots in 2010, I suggest you don't just wait around and see if it happens, but keep after 'em to make sure it DOES.

After the election I could see how my vote was counted by entering the unique key and the website would return how I voted and my added identifying code. No else would know my identifying code or the unique key.

There you go, total automation and faith-based trust in a bunch of machines to tell you if/how your vote was counted. Complicated, unsecured and a complete waste of time and money. How about we just vote on paper ballots and count them. I like computers as much as the next guy, but today I'll be taking one apart and reformatting the HDD because IT'S NOT WORKING PROPERLY!

Why must you misrepresent otherwise interesting stuff?? She did not "storm off". I agree with her that I would have ended the interview with annoying repeated questions about sourcecode. The interviewer annoyed her and she said she was done. Not a big story there.

Rebecca is right they needed to ask about review of executable. For one thing, HOW DO YOU KNOW your executable matches the escrowed sourcecode? The ITA tells you? She talked about bugs and patches and fixes, but who is controlling all those changes get into the sourcecode?

It is a faith-based system that the executables match anything. And how is this QA person handling all the patches? Diebold says trust us we made this fix for this executable version... Ok. Now, I wonder if the escrow people ever get that update.

And to anyone who thinks it matters what the legislation says, it turns out in America, there are no penalties for not complying with election law. If an election administrator violates laws, such as not implementing required new system on time, there is no crime or penalty. No one enforces anything, except for vendors who demand payment or else. Election administrators violate HAVA all the time with voter purges or machine allocation or machine error rates. Election administrators violate Federal Law all the time by destroying ballots or memory cards or election materials in federal elections.

Not only is it faithbased machines and software, but faithbased administration. Has anyone even lost their jobs for violating HAVA? THe only people to lose their jobs are those that investigate their own systems.

Age of deferred prosecution. Only the little people go to jail.Those who ignore election laws should be prosecuted, as the mortage writers also should be, but no.So much for the age of personal responsibility.
It appears we need to copy Canada's ballot; a piece of paper and a pencil.Votes are counted by hand always.Why do neither party refuse to have secure elections?Our sacred right is a joke to the world.

I do not understand how these people can hate and undermine every thing this country stands for (like fair elections) and then turn around and say they are more American than you are...I understand hypocrisy, but this way of thinking, is more on the order of "plain old unadulterated, needs to be commited, for every ones safety" insanity

Here is a bit of "pseudo-code" that illustrates a simple hack that would be utterly undetectable by testing an executable:

IF date()="11/04/2008" AND (time()"12:00"
IF DEMOCRAT.count - REPUBLICAN.count) > 0
CHANGE 10% OF DEMOCRATIC VOTES TO REPUBLICAN
ENDIF
ENDIF

In this pseudo code, if the Republican has fewer votes than the Democrat, the code shifts 10% of the votes from the Democrat to the Republican... but only between noon and 3 p.m. on election day. If you're simply testing executables with sample data, it's highly unlikely that you'd trigger the malicious code (and this is the least sophisticated example possible). That's why validatin the executable is a FRIKKEN joke.