The Black Box Shuffle -- Latest Rebuttals to the Latest Talking Points [View All]

More here: http://www.blackboxvoting.org -- and for those who are new to this, all chapters of the book are online for free at that site. These are rebuttals to the latest set of talking points (spouted this time by Thomas Tully, an assistant from the Iowa Secretary of State's office):

"The important piece to remember is that in the 2000 general election there were approximately 4 to 6 MILLION Americans whose votes didn't count because of poor election technology and of inadequate voter registration practices."

According to the M.I.T./Caltech report, the only system currently being sold that disenfranchises more voters than the punch card system is the touch-screen system

"So, the desire by election officials is to capture the votes as the voter intended them and be able to count those votes accurately. There are some Secretaries that had "jumped the gun" to update their systems, but as the Secretary of State of California has communicated, it is the election practices and procedures that need to be overhauled in the wake of this new technology to safeguard the integrity of the process (check out their AD-HOC report)

True. Election procedures need to be overhauled, and that hasn't been done, so here are we are on the Titanic, hurtling toward the iceberg. We've got an election next week without safeguards in place.

"Before this gets out of hand on having a paper trail, let me start from the beginning. The fact of the matter is on voting equipment, that EVERY piece of voting equipment in use in the world is corruptible, provide me with any technology and I can give you the same argument that these computer and blackbox people are saying are so horrible...but it is the elections practices and procedures that maintains the integrity of any of these systems. Can corruption happen with any of these machines/technology? YES! Does it happen? YES! However, the practices and procedures keep these incidences few and far between.

Paper ballots are the most critical part of the audit trail. Getting rid of paper voter-verified ballots is exactly equivalent to burning your invoices, bank statements and cancelled checks and then relying exclusively on a computerized accounting program that only your bookkeeper has access to.

He is claiming that incidents of corruption are few and far between, but he actually has no clue how often it happens, because the touch-screen machines can't be audited, and the optical-scan machines are not audited, even though they could be. In most locations, they don't even take results reports at the polling place to compare them with results reports at the county. There are now hundreds of documented cases of machines miscounting.

"I just think that these "computer professionals" might be throwing the baby out with the bathwater. I am concerned that even if all of the new scrutiny is applied to these machines is achieved, but the public still doesn't trust these machine inherently...then they won't vote because they perceive the system is flawed or corrupt, then we are back to square one.... no one voting.

This is just a scare tactic, based on nothing. Show us a statistic that says people will stop voting if we scrutinize security of our voting system. We keep hearing this drivel, but this is just a talking point, prepared by the Election Center and the vendors. It is backed up by nothing.

"The other thing is, these are NOT computers as "WE" know them (as these people are making them out to be by comparing them to "your computer and losing data"), they are more like glorified calculators with a touchscreen, they do not have programs to manipulate data like our home and office computers do.

My goodness. This is a total lie. And why would a "glorified calculator" need a million lines of source code? (Why would any voting system, for that matter — but a source at Wyle Labs said that by 1996, ES&S source code was 900,000 lines long.) These computers absolutely do have programs to manipulate data. The above statement is an excellent example of elections officials who do not have sufficient expertise to do their job in a responsible way.

"They are not connected to the Internet, they are not connected to each other, they are not prone to viruses or attacks, and they do not fail like our computers do.

GEMS is set up with a java-script based program called jresults which is specifically designed to transmit vote data to the Internet.

The Sequoia machines we observed in Riverside were connected to each other, and the Diebold touch-screens can also communicate to each other wirelessly.

And excuse me, what is he smoking when he says they are not prone to viruses? Both Diebold and Sequoia are Windows-based, and any computer can be affected by a virus, especially if it is created by someone with inside knowledge.

And the all-time most idiotic comment: "they do not fail like our computers do." Huh? Again we refer you to Chapter 2 of Black Box Voting, where we document over 100 instances of machines failing to count correctly.

"For instance, just as I cannot hack into you desktop calculator or your fax machine, you cannot hack into individual touchscreen units.... plus there is a whole technical part of writing code for these touchscreens. These machines, like computers, are dumb.... they ONLY do what their code tells them to.

The ES&S machines in Florida are now equipped with wireless. So is the Diebold TSx. Is he seriously suggesting that no one can hack a wireless communication? This is considered to be one of the most insecure methods of data transmission there is.

And this should not inspire confidence: "Plus, there is a whole technical part to writing code."

Huh? Yes, and the world has about 10 million people who can do "technical stuff." He is correct that the machines can do only what their code tells them to do. However, since he is not qualified to evaluate the code, and four independent studies have now shown the code to be flawed, this statement can hardly be considered reassuring.

He attributed the following information to Doug Jones, but I'm sure this is not from Jones. I believe this actually comes from either Dr. Brit Williams or R. Doug Lewis:

"Here are the steps that a person would have to go through to be able to change the outcome of an election.

"You have to know the language the software was written in (not English, Spanish, etc., but rather the programming language)

Actually, with Diebold, all you need is access to the GEMS machine and the ability to double-click a file and type. Regular typing, regular numbers and words, not code.

..."You have to know the language AND VERSION of the compiler that was used to compile the program (it converts the program from a human readable form to machine language)... in order to "reverse engineer" the software you must have the identical version of the compiler in order to reverse engineer it;

You don't have to reverse engineer in order to tamper.

"You have to gain access to the software for a long enough period to actually replace it;

Review Chapter 12 of Black Box Voting and you'll see that the password could be replaced, vote totals changed, and audit log erased in just minutes. The machines are usually connected to a live "digiboard" modem bank for several hours on election night.

"You have to make the software ignore the pre-election test or tests and only initiate itself on election day;"

Solving this is as simple as hatching an egg. You can set a small piece of code that activates only when triggered, and the trigger can be as simple as casting a vote, or closing an election on Election Day. Or, you could tamper by hacking in through the phone lines or the wireless connection, and of course, the machine would pass the pre-election tests because no one would be hacking at that time.

"You have to have the software be able to actually change votes throughout the day and do so undetected;

Except that we don't have procedures in place to detect differences between polling place tallies and county tallies. And there are several tampering methods that rig the election before the first vote is cast. The above statement is simply false.

..."In many states, there is a requirement to escrow the software, so that you can compare the software in the units with the escrowed software. Even in states where this is not so, NASED requires the ITAs to escrow the software at the ITA (Independent Test Authority) so it can be compared to the originally qualified software.

Except that we now know they often put software on the machines that is not the same thing as that held in escrow (in California, it was found that Diebold was using the wrong software in every location that was audited.) Program modifications, patches, and fixes are done, which change the software from that held in escrow. There is no procedure by which the software being used is compared with that held in escrow. And worse, many county officials we have interviewed aren't sure what software versions are installed on their systems, and don't know which version numbers are certified either, so they can't even monitor their own systems.

"You now have to have the involvement not just of one or two people but significant numbers of folks to make all this happen undetected, actually change the outcome, and get someone elected who should not have been elected.

Nope. All it takes is ONE person. And in Georgia, in 2002, we now know that one man modified software that counted a million votes, and no one looked at what his modified code actually did. Then they overwrote it with something else, so no one will ever know.

"A piece of paper that the voter sees does not guarantee that the same results will be recorded within the machine - if you want to manipulate the election, show the voter whatever the voter wants to see and still manipulate it later. Security experts will still argue the value of having paper for recounts.

Actually, security experts are pretty much of one mind that the ONLY way to create a secure system is to make sure it provides a voter-verified paper ballot and use robust auditing procedures which compare the voter-verified paper ballot against the machine results.

"The current solutions presented by the vendors as a result of their concerns for the validity of the results have their own limitations, because:

"They add a printer, which can run of ink, ribbon, or paper.

The average number of voters for touch-screens is about 275 per machine. The printer currently in the Diebold touch-screens is similar to the robust printer used by retail outlets like WalMart. Are they honestly trying to tell us that you can't print 300 pages without running out of ink? Goodness. WalMart would have to shut down its operations every hour or so if this was true.

"Paper can jam.

In a recent test of the Avante system, thousands of votes were processed without any jams. Most of these systems use thermal printers which use an inexpensive paper roll which is not prone to jamming (and you can buy long-lasting thermal paper, so let's not go there either...)

"Printer can be disconnected from power source.

Yes, you can disconnect a printer from its power source. You can disconnect a touch-screen from its power source. You can disconnect an optical-scan from its power source. If we are going to use this excuse, we have to toss out the machines altogether.

"They add weight to the units (complicating precinct setup, shifting control of delivery and setup from poll workers to expensive delivery services along with quality control and security efforts over those services).

Diebold already has printers built in. Sequoia's touch-screens are hooked up to printers via a port. Someone needs to bring a printer in -- much less strenous than getting two beefy guys and a flatbed truck to move a lever machine, but they did that for a hundred years. We are really grasping at straws here, folks. I'll bet we could easily find citizen volunteers to carry a printer into a polling place, if only we could have a voter-verified paper ballot!

"Voters can, and probably will, walk off with ballots with some of the solutions presented (vote buying?)

You know, for the last 200 years when we've used paper ballots, we just didn't hear of this obsession of voters to take their ballot and run out of the polling place with it. All of the solutions require putting the ballot in a ballot box at the polling station. And by the way, if this argument had any merit, we'd have to dump optical-scan machines, because voters would be scampering out of the polling place with their optical-scan ballots too.

"Inability of blind voters to check their ballots (Braille printing only covers 10 percent of the blind).

This is another red herring. A simple solution is to produce a printed ballot that can be read with a standard book-reader, a device which scans the ballot and reads it into headphones for the blind. Such a solution has the very significant added benefit that it can be used also with absentee ballots, enabling sight-impaired to vote at home if they cannot find someone to take them to the polling place. The visually-impaired voters I have spoken with say they prefer the option to vote in privacy either at the polling place or absentee, and paper ballots compatible with a book reader can achieve this inexpensively.

"Or, once printed receipts leave the polling site (which will be difficult to prevent at the precinct level) do you now introduce the ability of fraudulent reproduction of printed receipts intended to confuse and contrive the process?

The Avante system produces a voter-verified ballot behind Plexiglass and the voter cannot remove it. This is such balderdash. Provide any study or scientific data that indicates voters will try to escape the polling place clutching their ballot! Such evidence does not exist.

"The point is simply this: do not be misled into believing that elections are reliant upon technology that can be manipulated. The real question of whether there "are sufficient and proper safeguards to make it highly improbable?" And the answer to that is yes. It may be possible to do many things, but like time travel (which is theoretically possible), it is highly unlikely at this time.

This guy has no idea how likely or unlikely it is, and apparently has not read the four consecutive independent studies that show it is relatively easy to tamper with these systems. Added to that, the procedures would help a lot, BUT THEY ARE NOT IN PLACE YET!

"Another allegation made by some is that the software should be in the public domain rather than proprietary, leaving the impression that the software is secretly controlled by a company or individual. Simply because the software is not open to every hacker in the world, does not mean the software is not reviewed and exposed to public scrutiny.

The software for these machines is not exposed to public scrutiny at all, and its review and certification has been so flawed that it has allowed machines to be used which lose votes, and contain back doors to do "end runs" around the system.

"The national testing program for the National Association of State Election Directors (NASED) requires that the manufacturer's software must be escrowed with its written source code. The difference here is that the source code is NOT secret. It is simply unavailable to the general public -- and that is a significant difference. There are many technologically advanced people who would love to have the opportunity to examine all kinds of software (not just that used in voting) but it is not within their purview to be able to do so. Should we open all of the software available simply because they are interested?

Please review Chapter 12 and Chapter 13 of Black Box Voting and you'll see that these systems are actually reviewed by very few people, whose credentials we are not allowed to know, and no one really knows what tests they do either — and they have passed astonishing flaws through certification.

"Since the source code is escrowed with our national Independent Testing Authorities, and additionally as a condition of approval in many states or local jurisdictions, it is not secret code. In an appropriate governmental investigation or court inquiry, it can be compared from the machine to the escrowed versions. This is an appropriate safeguard for the public interest.

The escrowed version often is not the same, and when California compared the machines to the escrowed versions, the code was found to be NOT the same.

"Additionally, the nation's ITAs REQUIRE that they witness the build of the software so they can assure an added layer of precaution is built into software security.

The worthlessness of the ITA process is shown in two ways: Four independent reviews found the software to be severely flawed, but the ITAs had given it a passing grade, and the ultimate failure of ITA testing comes when you have a machine that can't count -- again, see Chapter 2 of Black Box Voting, and Appendix A.

"The genius of the American democratic process is its diversity. Since we use so many different types of voting equipment, provided by so many different vendors, and because elections are controlled by so many local elections offices, it makes manipulating an election in America very difficult.

Four vendors control about 90 percent of the electronic voting market, and these vendors are often interrelated. For example, Todd and Bob Urosevich co-founded ES&S. Todd is now an executive of ES&S and Bob runs Diebold Election Systems. Sequoia Voting Systems shares identical hardware and software with ES&S on its optical scan system.

"The ability to manipulate an election with DREs, combined with election practices and procedures, means it is highly unlikely to be able to do this and get away with it. You can still manipulate an election easiest with hand-counted paper ballots.

The danger is in the scale of manipulation. When you have programming controlling millions of votes, set up by unnamed programmers who aren't even living in the USA, you have a security problem of much bigger scale than any localized manipulation of paper ballots. (See Chapter 13 which demonstrates that a Russian immigrant to Canada uploaded more software into the Diebold system than any other programmer, and that five Canadians got access into the machines without anyone looking at their handiwork).

..."I just wish these reporters would get their facts straight before they make a "call to arms" and also that they understand the process of elections before they "issue the obvious solution" because there is no one fix to this issue and a paper trail is only a band-aid to a wound that requires stitches.

We would very much like for Mr. Tully to get his own facts straight. Failing that, he'll end up on our list called "You've gotta be replaced."

Bev Harris