Thursday, March 1, 2007

The Diebold EMP Folly

To left -Diebold's appearance at the CCBOE on 2/27. R-L - Bob Diekman (our salesman); Mike Rich(engineer, who had to admit they have no idea why the EMPs, with oh so few clients, failed so badly): and behind their ever present, ever quiet, ever writing lawyer.

Back in August, 06 when I heard our $180/hour Diebold "rep", Jessica Hiner, (a woman who historically has had few answers to anything - except the more millions of dollar costs that Diebold was to exact from Cuyahoga taxpayers; and who's "care" has made her completely ABSENT since her high paid contract ran out right before last November's election) blithely announced yet another massive cost, for another massive Diebold security loophole to our election results, I began asking questions...Neither Diebold nor the CCBOE has answered those.

In fact, they continue to skirt the issue.
And in our February '07 (thank goodness) small special election in only three suburbs, the matter is finally coming home to roost and revealing a bit more about what the latest, overpriced, dangerous, "proprietary" (secret) Diebold things- the EMPs are.

Back in August, 06 Hiner was telling the board that though the EMP's (election media processors) the CCBOE had already seemingly ordered, had not yet been federally certified, they had been seen by then "Sec. of State" Blackwell's office, and that Diebold was promised that as soon they were federally "certified" (by already-proven-useless vendor-paid EAC testing labs) the state would also certify this equipment. Then the CCBOE could finalize their buy and use 30-70 of them at a price quoted so far between $5500 and $7,000 each!

The stated purpose of the EMP's? To read 6 memory cards (PCMCIA cards with, each with the votes from one DRE machine) at one time, so they could be uploaded the Diebold server - thus speeding the woefully slow and almost impossible upload of Cuyahoga's approximate 5,500 cards on election night as shown in May, 06.

This new at least 1/4 million taxpayer dollars purchase, (including the always not mentioned, but necessary and expensive Diebold training, and yearly licensing fees, and "warranties", etc.) was of course, DIEBOLD'S idea - their answer to some of the major problems they presented with their first (much) more than $7 million hardware/software sale to Cuyahoga. In May their server showed it could not keep up with Cuyahoga's dense needs, (15-17th largest voting district in the nation) despite their pre-sale promises (luckily - for them - with no warranties, and little demanded compliance from our board - except with more purchases from them for their "help".). It was also Diebold's answer to allowing election people to finally do more than one operation at one time at their server on election night- the opposite an unexpected surprise in May. Also the attraction to the board seemed to be allowing the county to be a "winner" in the election night "speed race" in informing the public and media. (Accuracy certainly never holds such a high a priority.

Back in August'06, with every known piece of Diebold election equipment already nationally and expertly proven to have serious operational and huge security flaws, (Hursti, Berkely, Princeton, Rubin, etc.), my hearing that the CCBOE was planning to introduce another piece of Diebold equipment - a complete unknown - right at the end of our election tabulation process, naturally had me wondering just what dangers these EMP's were also capable of. Could they allow deliberate but undetectable insider changes to our results? conveniently at the last minute? And because of Diebold's constant "proprietary" cries we might never find out the truth of our election results with even another layer of opacity added in.

With no valid responses from the CCBOE or Diebold about their EMP specs, I put out a call for help to Black Box Voting as the purchase became more imminent.
http://www.bbvforums.org/forums/messages/73/44630.html#POST29348
(And this is a page you should keep on checking if interested, as the EMP discussion there is ongoing.)

It began
"...I asked for the specs on Aug. 7, when Diebold $180/hour person  (Hiner) explained how they would be "passed through" state "certification" after returning from second visit to federal ITA ("independent testing authority" - HAH!)

I asked again for specs (funny how they keep hearing sales brochure.....- stuff) and was told "sure" by Diebold and BOE board again and again in public -on 8/29, 9/6, 9/15, 10/2 and on 10/17/07 - while the completely ignoring even for sales ....stuff remained absent.
What BBV members pieced together became pretty informative, though no one seems to know exactly what these EMP's are/what they do. Nor is Diebold planning to tell anyone clearly - not even most election officials.

The latest events with EMP breakdowns in Cuyahoga's February '07 election is helping reveal a bit more info, and the real danger of EMP's; of federally "certifying" labs, whose "tests" these supposedly "passed"; and the danger of greedy, incompetent Diebold itself.

At the Feb. 27 & 28, 2007 board meetings, one item on the agenda was the IT manager's report of the failure of the EMPs in the February election. Through that discussion it became clear that these EMP's not only supposedly read 6 memory cards at one time for later upload to the server, as presented, they also can:
1. be used to format ballot cards - much like the GEMS server (a computer called the tabulator - but it's much more and can undetectably change results easily, very deliberately or even very accidentally.) That is a download process to our memory cards that hold election results. But that also means anyone there can put any code they want on those memory cards, even code that tells the cards to change results in favor of "a favored" candidate.

2. And these EMP's also have printer software and hardware hookups, that could allow new non-"voter verified" "paper trails" to be printed to match. (Reprints, falsely called "remakes," have been allowed by CCBOE, outside of public view, since the Diebold printers in the field often don't work, jam, tear the "voter verified paper trail", etc. )

3. Also these "readers" only "work" with Diebold's vendor-specific, and actually now highly outdated PCMCIA 128 kilobyte cards for which they charge counties $130/each. (Normal retail might be $10-25.)
Cuyahoga for instance needs to buy about 6,000 of these cards, for every countywide election - one for each machine. (Ohio election records retention rules are verging on board's inability to rid the original voting records on the cards. And who says paper ballots are more expensive???) Not bad pickings for more ongoing "revenue"

In fact, these EMP's seem almost a combo of the
• "voter smart card makers" that failed so greatly in California which led to Diebold decertification there;
• and special card reader/data compressors that are becoming so popular in "homeland security" ID equipment.
Who knows, maybe they can also read the bar codes that are on our "voter verified paper trails" - which we cannot - except to supposedly get all the information with another Diebold machine.
Who knows, maybe they are also capable of uploading our personal voting information to the server's "election database" via these bar codes as well? Who knows, maybe the bar codes are reading our "touchscreen" fingerprints too and passing that info along to the EMP's? All of that is VERY possible today. But , who knows?
Unlike our being able to review our anonymously made paper ballots, then turn them in for counting and checking - we just don't know. Is it any wonder why voting turnouts are plummeting?


I had presented a cobbled .pdf version of the CCBOE's "task force"Diebold EMP failings findings: http://adeleeisner.com/EMP.html, which has since gotten misplaced in website reshuffling over the years. But even back then I was amazed that Cuyahoga was actually spending more of citizen time and money helping Diebold figure out what to do, instead of just cutting our losses and demanding our money back.

Here's some film footage of the CCBOE 2/27 and 2/28 meeting and the coverage of the EMP February failures - including Diebold's ridiculous cover-ups.

Here is the IT Department's explanation of the EMP failures (about 20 mins.) Ed Coaxum (D) asks some good questions. But after giving tens of millions of taxpayer/voter dollars to Diebold for inoperable, insecure junk, notice they STILL do NOT insist on Diebold liability, accountability, or competence. What might they be protecting, since it does not appear to be the voters/taxpayers?


 (Michael Vu was still CCBOE "director", before he was finally forced out in late March '07)  






March 21, 2007 - Diebold returns
And here, you have Diebold trying ridiculously to explain their failures away. Notice Bennett pretending to not know Diebold is there, and pretending to protect taxpayers, not Diebold. And notice Diebold's "YOU just can't understand our complicated "procedural things."
Their trouble is - we DO get what's going on. Too bad they don't.
(The bits of laughter you might hear in the background are mine. It's hard not to.)

Diekmann's still at the lying. He states that the Cuyahoga staff should reformat all the cards, because, the formatting is the problem! Because when they come from the factory, they all have the same volume number! and when you put them in real fast (speed was the purported reason reason Cuyahoga got them!) they can't tell one from another! And the BOE is catching him in his lies, as he continues.
Just why oh why? did they not tell him to take his EMP's and all the rest of his junk back home and give our money back for PRINTING, years and years and years of PAPER Ballots.

Udar Koschka on a Black Box Voting forum on this subject, very saliently wrote of the above Diekmann clip and the dangers of yet another piece of high priced Diebold junk and election security loopholes,some of the following:
"Of course this method of adding bandwidth to e-voting operations adds yet another unneeded layer of complexity, completely trashes the idea of the voter verifying anything, and is also as insecure as hell and introduces multiple new attack vectors... But hey, that's Diebold.

Of course it all turned out to be a waste of time because it seems that the EMP's were writing to the media cards as they were loaded and were thus corrupting the cards... so what were these "absolutely non-interfereing non-tabulating" machines doing writing to the cards in the first place?

The problem could appently be prevented if the cards were formatted by Windows to FAT 16 before being used... but that opens up a whole other can of worms. Either the TSX's were incapable of telling that they were writing to bad (improperly formatted or set-up) media... or the EMP's were not capable of reading what the TSX's passed as good media."

and

"... just where were the supposed all-protecting all-pervasisive all-knowing "encryption" mechanisms (probably just CRC checks) that the Diebold shills have been screeching about nonstop since the Princeton hack was publicized?... Or will Diebold just say that Cuyahoga is still using "old and obsolete units"... Or do both types of Diebold machines just not bother to even check the CRC's of written media after all? "


So to Udar, and to everyone so passionately working to rightfully get rid of Diebold and all secret software, security swiss cheese, electronic junk in our nation's elections, this 3/21/07 one's for you!



__________________________________
In case you didn't make it over to the BlackBox Voting page about this, Udar looked at the immediately above clip and replied(all election officials and "certifiers", listen up!):

There it is. The much-vaunted "encryption", (whatever it really is) relies on Windows behaving properly to tell it what's been loaded rather than checking the media and the data for itself.

Therefore, by their own admission, Diebold's supposed protection is completely irrelevant... again... and the supposedly encrypted election results are actually as only secure as a standard Windows machine's software is secure... again.

And, by their own admission, this must apply to all current Diebold machines and not just the EMPs because all current Diebold machines must use the same security setup to communicate... and therefore they must share the vulnerabilities of that setup regardless of which particular machine or software package is used.



1 comment:

Anonymous said...

This is yet another example of Diebold deploying immature, insufficiently tested product to adequately trained users. As long as Diebold continues to use its clients as its field testers, then county governments should be prepared for election day failures and the financial costs associated with mitigating the consequences of these failures.