The Case of the Diebold FTP Site

On Feb. 4, 2003, employees of Diebold Election Systems admitted that they had been using an insecure FTP server to exchange and update some part of Diebold's software. Bev Harris wrote this up in the on-line journal Scoop. This FTP server was taken offline on Jan 29, and it is alleged to have contained files with names like "rob-georgia.zip", large parts of GEMS (the Global Election Management System), and unknown other software.

Not surprisingly, this disclosure fueled considerable speculation about some vast conspiracy undermining democracy. On April 23, 2003, Britain J. Williams, chair of the NASED Voting Systems Board Technical Committee, wrote a rebuttal to the charges raised by Bev Harris. This letter is as a defense of the procedures used by the State of Georgia and the FEC/NASED certification process on which Georgia certification rests. It shows, among other things, that Georgia has stronger defenses, in some respects, than my own state of Iowa.

The Williams letter assures voters that whatever was found on Diebold's FTP site is irrelevant to the conduct of elections in Georgia because the only path from that site into a voting machine is through the FEC/NASED process and Georgia's certification tests. The letter also contains a bit of denial, for example, a statement that "the contents, or even existence, of the 'rob georgia' folder has not been established."

On July 8, 2003, Bev Harris posted the results of a preliminary examinaton of the files lifted from the Diebold FTP server. The accompanying editorial, by the operators of the web site, included the the Internet address of a server from which this material could be downloaded and advice on how to crack the passwords. The editorial urges people to make copies of the Diebold files and discuss what they find, and Harris created an on-line forum for this discussion of what was found. http://www.blackboxvoting.org/cgi-bin/dcforum/dcboard.cgi>

http://www.cs.uiowa.edu/~jones/voting/dieboldftp.html#whatcanwelearn

that's one hell of a paper.

If I recall correctly, in Bev's interview with the election admin in SLO County, she stated that the ballot count which somehow found it's way onto the Diebold web site 5 hours before the election closed, was absentee ballot counts.

From the Gems Manual pdf file:
Page 353 Item 3.1.4 Processing Ballots
It is essential that absentee and early voting ballots only be counted, but not tallied prior to election close. (This is so important that it was in italics)

Page 354 Item 3.1.4.1.3 Central Count
The central count client should be monitored in order to ensure that no tallying takes place prior to election close.

So, if this is the proceedure, according to the manual and also mandated by election law and Diebold had a rep (Sophia) there that day, then this should never have happened. If Bev talks to the election admin again, this would be a good point to bring up.

:bounce:

but the file on the Diebold FTP site DID contain the tally. It's a little more technical -- the jist of it is, GEMS looks like it does one thing while MS Access can be doing another.

The SLO election official was using GEMS, but the file on the Diebold site can be opened as an MS Access file when you unzip it.

I have been getting some questions answered by employees of Diebold, including some current and former techs. For the most part, the techs are quite idealistic and honest, but it is clear that they don't have a clue about the inner workings of the GEMS program.

A few years back, the techs started asking about MS Access and GEMS, and were told that Access was NOT used. However, not too long after that some of the techs had an epiphany of sorts and learned that they could easily open the GEMS files in Access. Then the head guys told them they should not open the GEMS databases in Access, implying that bad things would happen to the files.

Well maybe. But it's possible that no one wanted the techs to know how vulnerable the system has been.

Bev

WTF?