The BRAD BLOG can now reveal that a legal action will be filed tomorrow morning in California's Superior State Court in San Francisco in response to Secretary of State Bruce McPherson's recent re-certification -- in blatant violation of state law -- of Diebold's Electronic Voting Machines in the state.VoterAction.org is announcing their intention to file their suit "aimed at halting the use or purchase of Diebold electronic voting systems," in the state.
According to VoterAction, the legal action is being filed because "Diebold's TSx touch screen voting system is a severe security risk, and does not accommodate all disabled voters as required by law."
They also add that that "The Diebold system is difficult if not impossible to audit or recount, and has been proven vulnerable to malicious tampering in tests and studies. Diebold technology contains 'interpreted' code, which is easily hacked, and illegal for voting systems in the State of California."The same group recently carried out a similar action in the state of New Mexico, in regard to the use of Sequoia Touch-Screen voting machines there. That suit ultimately led to the ban of use of such machines, and a bill which was recently signed by Gov. Bill Richardson requiring a paper ballot with every vote cast in the state...
The background of situation as BradBlog points out is essentially this.
In 2004 Diebold was de-certified in California by then Secretary of State Kevin Shelley (D) after revelations found in documents provided by Stephen Heller that Diebold was in violation of California State election law and that they fully intended to remain so.
Last December Diebold admitted that they were still had the interpreted code problem discovered by Ion Sancho in Leon Country Florida.
[And just to note that the impending e-voting meltdown is rapidly approaching, last week another E-Voting Whistle-blower came forward with documentation of series "glitches" in the Texas Primary and Ohio Presidential elections of 2004.]
Despite the fact that the tests performed in Leon Country displayed obvious security holes in Diebold Systems, California's new Ah-nold appointed Republican Secretary of State Bruce McPherson temporarily certified them anyway.
Since then Diebold has admitted [pdf] that their systems still contain interpreted code which has been banned Federally, and California Law requires that all voting systems meet Federal standards.
In their press release - VoterAction.org argues the following in their response to the actions of Secretary McPherson.
"The Secretary of State's conditions are new, untested, regulations that were adopted without the benefit of appropriate expert analysis and public hearing. These new regulations are not the cure for the acknowledged vulnerabilities built into this voting system," said Mr. Eichhorst.As part of their case, the plaintiffs will present the expert testimony of computer security experts Douglas W. Jones of the University of Iowa and Dr. Aviel D. Rubin of Johns Hopkins University concerning the serious security problems inherent in the Diebold TSx technology.
This suit just might cause the decertification of Diebold machines until after the mid-terms -- which may be a crucial element to regaining Democratic Control of Congress as California remains a 2006 Battleground State.
Now, I happen to be a programmer and I can tell you that interpreted code in and of itself is not a problem if the proper security steps have been taken. But if not, It can be a problem when it isn't compiled, because it can be changed on the fly by anyone with access, even remote access, to the machine files using a simple text editing sofware - like MS Word. Certified testing results done before election day would go out the window if someone can make an on the fly edit. By comparison compiled programs can not be changed after the "Link-Edit" process is completed, however they can be "patched" and/or have modules replaced, even though that can be considerably more difficult to accomplish particularly without physical access to the system. It's still possible.
After 12 years experience working for a DOD Contractor in a Secure Enviroment, it's my opinion that a great many of these could be resolved by requiring C2 Level Security on all Electronic Voter Machines. C2 Security - when implemented properly - requires password authentication for all users, and includes an audit log for of all file accesses and updates - each and every one - whether they are interpreted, compiled, accessed locally or remotely. The implementation of C2 is done at the Operating System, rather than the applications level - so it shouldn't matter whether you're running voting software or running a microwave. But then of course you still need to address the issue of whether the voting software is actually counting accurately or not, and an audit trail of the votes themselves, which would be at the Applications level, is still a must. Systems manufacturers don't like to implement C2, it's costly -- but usually worth it and could be mandated Federally to pitch in my 2-cents on that...
Also, Bev Harris has a diary up on this from yesterday.
Vyan
No comments:
Post a Comment