www.blackboxvoting.org
California "Hack" test stalled as Diebold certification derails
BREAKING - Dec. 20, 2005: California Secretary of State Bruce McPherson
has laid a subtle and elegant trap. Today, California threw Diebold Election Systems'
pending certification into a tailspin, using Machiavellian logic designed to cast doubt
on the federal testing lab process, the upcoming HAVA deadline and Diebold voting
systems simultaneously (while standing neatly aside to watch the house of cards
collapse).
This move follows on the heels of a devastating hack demonstration by Harri Hursti
sponsored by Black Box Voting, which took place in Leon County, Florida on Dec. 13.
This hack manipulated memory cards by exploiting design defects and Diebold's
customized "AccuBasic" program code.
Here's how the California trap works: In a terse letter to Diebold, State elections
chief Caren Daniels-Meade writes, "Unresolved significant security concerns
exist with respect to the memory card used to program and configure the
AccuVote-OS
and the AccuVote-TSX components
of this system because this component was not subjected to federal source
code review and evaluation by the Independent Testing Authorities (ITA) who
examined your system for federal qualification. It is the Secretary of State's
position that the source code for the AccuBasic code on these cards, as well
as for the AccuBasic interpreter that interprets this code, should have been
federally reviewed.
".we are requesting that you submit the source code relating to the AccuBasic
code on the memory cards and the AccuBasic interpreter to the ITA for immediate
evaluation. We require this additional review before proceeding with further
consideration of your application for certification in California."
And herein lies the trap. Federal testing authorities are supposed to rely on
standards set by the Federal Election Commission. The FEC standards prohibit
"Interpreted code" - thus, the AccuBasic "interpreter" is illegal. (The entire
AccuBasic source code tree is written in a home-brewed language that Diebold
programmers made up themselves, making it more difficult for certifiers to examine.)
The Hursti memory card attack demonstrated in Leon County Florida manipulated
the voting system by passing code through -- drum roll please -- the Diebold
interpreter, using a set of programs called AccuBasic which was written in a
concocted computer language and (now it is revealed) was never examined at
all by federal testing labs.
The ITA dilemma: ITAs have the choice of either recommending code that explicitly
violates FEC standards (placing an unsupportable liability burden on them) or
admitting that the original certification was defective. If the ITAs retract their
recommendation, it will effectively strip Diebold of its federal certification, and
may also affect its older products.
The Diebold dilemma: Diebold can refuse to submit its code to the ITAs, but that
will lose the state of California, continuing a pattern initiated last week when
two Florida counties dumped their Diebold machines. Alternatively, Diebold can
submit its code and watch as the federal authorities sever their product line
from the U.S. market.
The position is made more unstable because Diebold is now fending off stockholder
suits by an armload of attorneys piling on to solicit clients for a voting machine-related
securities fraud lawsuit.
California Secretary of State letters to Diebold Election Systems:
http://www.bbvdocs.org/legal/Dumpty1.pdf
http