Reply #3: Watergate is the model. Who knew what and when [View All]

It seems the witchhunt has begun. Everything will boil down to who knew what and when. If the redacted portions of the SAIC Report contains information on the three-level built ins, congressional investigations will need to follow to determine why hundred of millions in taxpayer funds were invested in a system which contains "the nuclear bomb" of voting machine security problems.

Differences between what Bill Bored mentions and Hursti II

Discussion has been going on among election reform leaders about how to communicate the information in Hursti Report II so that the general public can understand its significance, and I have been somewhat close to the pulse on this but this is third hand, so please view it in that context. From what I understand, the activist who identified the most appropriate analogy is Susan Pynchon of Volusia County, who founded the Florida Fair Elections Coalition. I think I am correct on this, therefore I tip my hat to Susan Pynchon for this explanation:

As Black Box Voting writes, the problems found by Hursti are on three levels. Susan Pynchon's analogy, somewhat expanded, helps us all conceptualize the three level problem. As the Hursti II report points out, there are separate security problems in each of the three levels.

The deepest level can be conceptualized as the foundation of a house.
The next level up can be conceptualized as the house itself.
The level above that can be conceptualized as the furnishings in the house.

The foundation of the house = the bootloader
The house itself = the Windows CE operating system
The furnishings of the house = the application, in this case called Ballot Station

Add one more conceptualization to this. A hose runs into the land itself, and has the ability to pump either toxic waste or cleanup chemicals into the soil on which the foundation rests.

The hose = a specific hardware port which is redacted in the Hursti II report.

Now to apply the analogy

1. Suppose you want to buy a house with all its furnishings. When you inspect the house you notice that the furnishings (the application, the Ballot Station program) have structural flaws. Knowing you can't trust that bed not to collapse and knowing that the dishwasher leaks, you decide you'd better replace ALL the furnishings.

Hursti learned that the furnishings, the Ballot Station application, were not secure. The state of Pennsylvania says it is going to replace all the furnishings with furnishings that are new and authentic and checked out.

2. Now you get an inspection done on the house itself. You learn that it has a roof that leaks, a supporting wall eaten away by termites such that it cannot support the weight it is supposed to hold, and various other severe structural defects (mostly caused by an owner who decided to modify and customize the house). The house is the Windows CE operating system.

Hursti learned that the house had been modified and customized so that it had leaks and couldn't support the weight placed on it. The state of Pennsylvania says it is going to replace the Windows operating system software. This is the equivalent of renovating the house.

So now, we have an agreement to replace all the furnishings and renovate the house, supposedly.

The SAIC report, if it speaks to replacing software with a PCMCIA card, is speaking to the furnishings and the house, but not to the foundation.

3. Next we come to inspect the foundation (the bootloader). Suppose we find the foundation of the house to be filled with radioactive waste. Even if you replace all the furnishings (Ballot Station application) and renovate the house itself (Windows Operating System), would you buy this house if you knew the foundation was contaminated with radioactive waste?

The SAIC report (at least, the unredacted portion) does not speak to the issue of radioactive waste in the foundation. It deals only with the software (the house, Windows operating system, and the furnishings, the Ballot Station software).

Contamination of the foundation below the house and furnishings is very serious. How does one clean such contamination if it is found? Well, it turns out there is a hose leading into the land itself in which the foundation sits. (Hose = hardware connector). It turns out that you can decontaminate the foundation by pumping in a special environmental cleanup concoction through this hose (a specific connector on the motherboard). But this leads us to the fourth problem.

4. The hose (motherboard control connector). It turns out that this hose can easily pump in radioactive waste, or it can pump in environmental cleanup solutions. (It can be used to contaminate the bootloader or it can be used to clean up the bootloader, depending on who is using it).

Now, to make this analogy more accurate to the touchscreen situation, no one really knows whether the foundation contains radioactive waste or not. They only know it is hooked up to a couple of different hoses that can in turn be hooked up to the radioactive waste dumping site. They know that the hose is BUILT IN. They know that another delivery mechanism is also BUILT IN. And they know that the house has leaks and the furnishings have structural defects, but whether water is pouring in through the leaks at the moment, or the furnishings have collapsed on anyone yet is not known.

Besides the leaky house (operating system) and the structurally defective furnishings (Ballot Station application), at any time in the entire life cycle of the house, someone might have dumped some radioactive waste into the foundation (bootloader) using one or more of the hoses (PCMCIA card or special motherboard connector).

One can test for the structural problems with the furnishings (Ballot Station application). One can test for leaks and so forth in the house (Windows CE operating system). But no forensic testing method exists to test for whether the foundation (bootloader) has been contaminated with radioactive waste.

All you know is there are people who want to dump the toxic waste in there, and there are hoses those people can use to dump it, and if the toxic waste is in the foundation, the house should be deemed uninhabitable.

Remedies

So, to be on the safe side, you should decontaminate the foundation by using the hose to pump in a special environmental cleanup solution. (Open the case, use the special motherboard connector to gain control of the motherboard, overwrite the bootloader, Windows CE and Ballot Station application). No one is even discussing this cleanup operation at this time.

Here's the problem: After you decontaminate the foundation, anyone who gets control of the hose can recontaminate it without your knowing about it.

This is an elaborate analogy, but a fairly accurate one.

The furnishings (software) can be ruined through the PCMCIA card. They can be replaced, though.
The house (operating system) can be ruined through clumsy renovations that cause leaks and damage to the security of the structure. This Windows CE operating system can also ruined through the PCMCIA card, but it can also be replaced.
The foundation can contain radioactive waste, contaminating the whole structure, and there may be no outward sign of it. (Bootloader contamination). There are no forensics that will tell you whether it's contaminated or not. You cannot decontaminate the foundation by replacing it, because if it was contaminated it will just seep back in again. So you have to use a special hose.
The hose can decontaminate the foundation (ie. a special connector can take over the motherboard and get a clean bootloader into the system).

However, the hose can just as easily be attached to the toxic waste site and pump radioactive waste right back in, contaminating the whole thing again. (You can use the special hardware connector to recontaminate the boot loader.)

It is possible that the SAIC report contained this information. It is impossible to imagine why hundreds of millions in taxpayer funds were spent on these systems if this was known back in 2003.

////////////////////////////////////////////////////////////////

Does Hursti Report II contain new information? Certainly it contains new PUBLIC information, as the SAIC report says nothing about bootloader contamination. If citizens knew of this three years ago but chose to say nothing, they will certainly be questioned as to what they knew, when they knew it, and who they told. If governmental agencies knew about this three years ago, it needs to be determined who knew what and when.

The republic is at stake, so it is difficult to imagine any acceptable reason why any citizen or any government agency would permit elections to take place on machines with these vulnerabilities without going public with such devastating information.

If citizens have indeed known about the possibility of bootloader contamination since 2003, why didn't they say anything? If the SAIC report writes of this but redacts it, why did the state buy the voting machines anyway?

Who knew what and when. Get a good seat.