FC: Scoop.co.nz: Huge problems with U.S. elections technology

From: Declan McCullagh (declanat_private)
Date: Wed Jul 09 2003 - 23:13:08 PDT

  • Next message: Declan McCullagh: "FC: Reply to Cincinnati residents watching "crime cams""

    [I'm not in a position to vouch for the authenticity of this report but am 
    forwarding it along because Alastair (an enthusiastic, splendid muckraker) 
    has been a reliable source in the past. --Declan]
    
    ---
    
    From: "Scoop Editor - Alastair Thompson" <alastairat_private>
    To: alastairat_private
    Date: Tue, 8 Jul 2003 18:36:07 +1200
    Subject: U.S. Election Security Scoop Of The Century.... VERY IMPORTANT
    
    Dear All,
    
    Apologies about the BCC, this is going out to a very select and very 
    powerful list of individuals and I do not want the list distributed more 
    widely.
    
    I am writing to you because you are either a reporter, columnist, list 
    owner or website who has in the past dealt with Scoop.co.nz. You are our 
    friends and we want your help.
    
    We have just broken probably the biggest story in the history of Scoop and 
    possibly one of the biggest stories in the history of the Internet. We want 
    your assistance and attention.
    
    To cut to the chase, working with Bev Harris we have just revealed a hole 
    in the U.S. Electoral system through which you could drive a mack 
    truck.  The details follow below and are at the following two links… with 
    pictures….
    
    This story is extremely sensitive and potentially explosive.
    
    There can be no doubt whatsoever that powerful commercial interests will be 
    acting swiftly to either put a lid on this story, neutralise it via 
    misinformation or take legal action. It is vital therefore that it receive 
    as much exposure as possible as quickly as possible.
    
    Here is what I want you to do.
    
    If you are a columnist or reporter:
    Please either write about this yourself – perhaps linking to our source 
    materials – or bring this to the attention of your editor(s) and attempt to 
    get your news organisation to carry a matching or followup story.
    
    If you are a webmaster:
    Please either repost the stories linked below and included at the foot of 
    this email, or post links to them.
    
    If you are a list owner:
    Please post an item on this to your list and encourage your list members to 
    further distribute this story;
    
    Finally, and I appreciate we are asking a lot here. Can I encourage you all 
    to talk about this story with your colleagues and email it to friends and 
    acquaintances, particularly politically active people in the United States.
    
    Thanks and regards
    Alastair Thompson
    Scoop Media
    New Zealand
    
    ARTICLES ATTACHED THESE ARE LOCATED AT
    
    Inside A U.S. Election Vote Counting Program
    <http://www.scoop.co.nz/mason/stories/HL0307/S00065.htm>http://www.scoop.co.nz/mason/stories/HL0307/S00065.htm 
    
    
    &
    Sludge Report #154 – Bigger Than Watergate!
    <http://www.scoop.co.nz/mason/stories/HL0307/S00064.htm>http://www.scoop.co.nz/mason/stories/HL0307/S00064.htm 
    
    
    Sludge Report #154 – Bigger Than Watergate!
    
    In This Edition: Bigger Than Watergate! - How To Rig An Election
    In The United States - Fantasy vs Reality - How We Discovered
    The Backdoor - Evidence Of Motive - Evidence Of Opportunity -
    Evidence Of Method  - Evidence Of Prior Conduct - Consistent
    Unexplained Circumstantial Evidence
    
    IMPORTANT NOTE: Publication of this story marks a watershed
    in American political history. It is offered freely for publication
    in full or part on any and all internet forums, blogs and noticeboards.
    All other media are also encouraged to utilise material. Readers
    are encouraged to forward this to friends and acquaintances in
    the United States and elsewhere.
    
    [snip --see urls above --declan]
    
    ---
    
    From: "Scoop Editor - Alastair Thompson" <alastairat_private>
    To: alastairat_private
    Date: Thu, 10 Jul 2003 11:47:00 +1200
    
    Dear All.
    
    A followup story on the Voting machine story. This article is useful as it 
    fills in some of the gaps in the logic in the first one.
    
    Firstly it shows that Diebold is in the habit of lying about its systems to 
    election supervisors.
    
    Secondly it shows - quoting people working on the Georgia election system 
    installation programme -  that the FTP site from which the data is now 
    available was being used extensively in the run-up to the 2002 mid-term 
    election.
    
    Thirdly it illustrates that "quality control" and "testing" are dirty words 
    at Diebold Elections Systems.
    
    <http://www.scoop.co.nz/mason/stories/HL0307/S00078.htm>http://www.scoop.co.nz/mason/stories/HL0307/S00078.htm 
    
    Bald-Faced Lies About Black Box Voting Machines
    
    and
    The Truth About the Rob-Georgia File
    
    By Bev Harris *
    
    
    The Full text is copied below. You know what to do... Post, inform, 
    illuminate...
    
    Bald-Faced Lies About Black Box Voting Machines
    
    Bald-Faced Lies About Black Box Voting Machines
    and
    The Truth About the Rob-Georgia File
    By Bev Harris *
    * Bev Harris is the Author of the soon to be published book "
    Black Box Voting: Ballot Tampering In The 21st Century "
    Pre order at… <http://www.blackboxvoting.com>http://www.blackboxvoting.com
    
    Scoop.co.nz has now revealed for the first time the location
    of a complete online copy of the original data set. As we anticipate
    attempts to prevent the distribution of this information we encourage
    supporters of democracy to make copies of these files and to
    make them available on websites and file sharing networks.
    
    <http://users.actrix.co.nz/dolly/>http://users.actrix.co.nz/dolly/
    Download the Diebold files
    
    (See also... 
    <http://www.scoop.co.nz/mason/stories/HL0307/S00065.htm>http://www.scoop.co.nz/mason/stories/HL0307/S00065.htm 
    
    Inside A U.S. Election Vote Counting Program
    and
    <http://www.scoop.co.nz/mason/stories/HL0307/S00064.htm>http://www.scoop.co.nz/mason/stories/HL0307/S00064.htm 
    
    Sludge Report #154 – Bigger Than Watergate!**)
    
    
    A Diebold touchscreen voting machine
    Makers of the walk right in, sit right down, replace ballot
    tallies with your own GEMS vote counting program.
    
    CONTENTS
    LIES
    TRUTH ABOUT ROB-GEORGIA
    
    Someone needs to get their story straight.
    
    Diebold voting machines are used in 37 states. The entire state
    of Ohio is considering dumping its old system to buy Diebold.
    Georgia already did.
    
    The Diebold files, supposedly secret voting machine files left
    on an unprotected web site for nearly six years, are unlocking
    the truth.
    
    Official stories about voting machine security, acceptance testing
    and last-minute program changes are beginning to slide around
    like hot grease on a Georgia griddle.
    
    What was the program patch known as rob-georgia.zip used for?
    What were they doing with that ftp site, anyway? Hang in for
    the first part of this article, the finger-pointing and obfuscating
    part, because it concludes with a straightforward explanation
    of what went on in Georgia that has never been made public before.
    
    **************
    
    DO ANY OF THESE PEOPLE TELL THE TRUTH?
    
    "We protect the Bill of Rights, the Constitution and the Declaration
    of Independence. We protect the Hope Diamond," [Diebold CEO Wally]
    O'Dell told The Plain Dealer in May 2002. "Now, we protect the
    most sacred treasure we have, our secret ballot."
    
    If they can't tell us the truth about simple things like "does
    it connect to modems," can we really be confident that they are
    protecting our vote?
    
    CNBC asked Diebold CEO Wally O'Dell this question on election
    day, Nov. 5, 2002: "How tamper proof are these voting machines?
    That seems to be a concern of some who feel that it only takes
    one person, one hacker who can screw up an entire election. How
    valid is that criticism Mr. O`Dell?"
    
    "Well, there`s always risks," replied O'Dell, "but, you know,
    these things are not connected to the Internet. They`re individual
    precinct by precinct, location by location. They`re double checked
    before they`re sent out. We think the technology is fabulous
    and very bulletproof. (Come back here after reading rob-georgia,
    ask him to repeat this.)
    
    "The GEMS computers are not connected to any communication system,
    including the Internet, and contain no software other than the
    Windows operating system and the Global Election Management System
    object code," wrote Dr. Brit Williams on Apr. 23, 2003. He is
    the official voting machine certifier for the state of Georgia,
    and a key member of the panel that chooses national Independent
    Testing Labs for voting machines.
    
    Lies.
    
    "The central host system (GEMS Software) is generally a stand-alone
    system so that no physical access via network is allowed...This
    computer can download files for the Internet with dial-out only
    capability, but is generally not allowed to be linked to the
    Internet for obvious security concerns. This, in documents submitted
    during a purchasing decision, answering questions from Santa
    Clara County, California on Feb. 7, 2003.
    
    If the GEMS computer isn't connected to anything, why is the
    following diagram found in a file named GApresentation3-02.zip,
    found on the Diebold ftp site? This diagram depicts the GEMS
    computer connecting directly to the Internet on election night.
    
    
    
    
    CLICK IMAGE FOR BIG VERSION
    
    Not connected to any communication system are they, Dr. Williams?
    I spoke with James Rellinger, the technician who installed all
    159 GEMS host computers in Georgia.
    
    Harris: "I understand that you worked for Diebold Election Systems
    in Georgia. Can you tell me what you did?"
    
    Rellinger: "They contracted us here in Georgia to basically follow
    a recipe book and we ran down and built these things."
    
    Harris: "By 'build these things' -- I think of build, like a
    hammer and a screwdriver -- What do you mean by build, what were
    you building?"
    
    Rellinger: "Oh, that's a good point.  There were 159 of these
    servers that went out.  All we did was run through a series of
    tests to make sure they could log on and communicate and make
    sure everything jived with the touch screen.
    
    "When you say build they were actually just a Dell server and
    we added some hardware to it for instance CD burners, a tape
    came in them already, but we'd add things to make them modem
    capable.
    
    "When you say build a server it's not physically assembling a
    hardware. We added a component or two to make it do what we needed
    to do, modems, we load the Windows 2000, put the software in
    then we test it against their touch-screen machines."
    
    Let's look at just how big a whopper Dr. Williams told when he
    said they aren't connected to anything: Sandy Baxter, Elections
    Supervisor for San Juan County, Washington, also says she had
    modems and Internet capability:
    
    "I think it was about 1999 we bought a new server. They gave
    us recommendations for servers, like Dell. They had Dell ship
    them to McKinney, Texas and they loaded the systems on and various
    modems, digiboards and stuff...The server can handle multiple
    PCs, but I only have one at this time, so my PC is also my server...I
    have two modems. I have a modem that is for going out and it
    is not connected to the GEMS system. So I can go to the web.
    I have what's called a digiboard on my server that allows multiple
    modem connections. I have a second modem on the GEMS system but
    its only for the AccuVote systems. My precincts modem me the
    results on that. The second modem is the only one that goes to
    my GEMS system. It doesn't have the capability to go in and out.
    I just plug it in when I use it."
    
    The User Manuals are filled with references to modems, ports,
    uploading, downloading, TCP/IP protocols, transmissions, and
    ways to use "JResults" to upload to the web continuously on election
    night. Technical specifications, including manufacturer's components
    lists, show that not only are there modems, but wireless communications.
    
    
    All right, so they lied to us about modem hook-ups. Shall we
    let this cloud our trust in everything else they are telling
    us? Consider this:
    
    Diebold's official spokesman, Joseph Richardson assures us that
    the open ftp site was inactive. In interviews with Salon.com
    and the Baltimore City Paper, he said the site was old and the
    files were out of date. Was this the truth?
    
    Not at all. The site was taken down on Jan. 29, 2003. The most
    recent file on the ftp site is dated Jan. 23, 2003. How much
    information was in the files? See for yourself by visiting the
    download site at the top of this article.
    
    Michael Barnes, of the elections division with the Georgia Secretary
    of State's office, said "That ftp site did not affect us in any
    way shape or form because we did not do any file transferring
    from it."
    
    Let's have Dr. Brit Williams weigh in. In Feb. 2003, he said
    "I'm not familiar with that site." On April 23, he wrote a letter
    that was a bit more precise:
    
    "Apparently, there was an FTP site that Diebold employees used
    to store and transfer versions of the system that were under
    development. The contents, or even existence, of the 'rob georgia'
    folder has not been established. However, for the sake of this
    discussion, we will assume that the FTP site existed...
    This would have had absolutely no effect on the election system
    as implemented in Georgia. The State does not obtain its election
    system code from an FTP site or even from Diebold."
    
    Dr. Williams went on to outline an elaborate scheme whereby he
    claimed that the program files are obtained solely from ITAs
    (Independent Testing Labs).
    
    What about the Secretary of State? A memo by Chris Riggall, spokesperson
    for Georgia Secretary of State Cathy Cox, stated that last minute
    "patches" were installed on all 22,000 voting machines in Georgia.
    Dr. Williams admitted to me that they were never examined --
    not by a testing lab, not by him, not by anyone outside of Diebold.
    Suddenly, no one could get their stories straight on the patches
    either.
    
    The patch was from Microsoft and it was for Windows, said the
    Secretary of State's office. But wait -- Dr. Williams says it
    came directly from the ITA. What does Diebold say? Diebold says
    they have no indication there ever was a patch.
    
    We're going to meet one of the guys who actually installed that
    patch in a minute, but first let us observe the art of evasion
    from Diebold's Joe Richardson:
    
    Harris: "Did you say, when interviewed by Salon.com, in reference
    to whether patches were put on the machines in Georgia, "We have
    analyzed that situation and have no indication of that happening
    at all."
    
    Richardson: "Well, that is what I said at the time, however,
    we have continued to investigate the matter and … (very, very
    long pause) Yes that is what I said to Salon.com."
    
    Harris: "Do you stand by that now?"
    
    Richardson: "We have continued to look into the matter."
    
    Harris: "As you have continued to investigate this, do you have
    any new information as to whether patches were put on in Georgia?"
    
    Richardson: "No."
    
    Harris: "Has anyone thought to just call them up and ask? The
    Secretary of State's office?"
    
    Richardson: "I can't say."
    
    Harris: "What was the rob-georgia file? Who is responsible for
    it?"
    
    Richardson: "I'm not privy to that information."
    
    Harris: "Who would be able to answer that question?"
    
    Richardson: "I can't tell you. I can look into it."
    
    Harris: "Yes, could you do that please? In two publications,
    you are quoted as saying that the information on the open FTP
    site was old and out of date. Yet, I can tell you the most recent
    file on it was dated January 16, 2003. Did you do any checking
    to see whether the site had been used recently when you made
    that statement?" (A more recent file, dated Jan. 23, was later
    discovered.)
    
    Richardson: "The site had already been taken down."
    
    Harris: "Surely Diebold has access to its own site?"
    
    Richardson: "I'm saying I didn't have access."
    
    Harris: "Did you ask anybody?"
    
    Richardson: (sound of shuffling papers) "Our ongoing investigation
    has found no merit to the insinuations of security breaches in
    our election solutions."
    
    Harris: "So if there were up to 20,000 files including hardware,
    software specs, testing protocols, source code, you do not feel
    that is a security breach?" (more files have since been discovered
    inside a mammoth zipped directory, bringing the estimated total
    up to nearly 40,000 files)
    
    Richardson: "Our ongoing investigation has found no merit to
    the insinuations of security breaches in our election solutions."
    
    And now, Dr. Brit Williams on the Georgia patch:
    Harris: What was the security around the creation of the cards
    used to implement the patch?
    
    Williams: "That's a real good question. Like I say, we were in
    the heat of the election. Some of the things we did, we probably
    compromised security a little bit -- Let me emphasize we've gone
    back since the election and done extensive testing on all this."
    Dr. Williams latest 180 degree reversal (This link leads you
    to a forum discussing files from the ftp site, which contains
    several absurd statements from Dr. Williams).
    
    And now, Michael Barnes on the Georgia patch:
    Barnes: "Wyle said it did not affect the certification elements.
    So it did not need to be certified." (at the above-referenced
    link, you can also find information from a Freedom of Information
    Act request, in which officials admitted they did not have any
    certifying documents on the patch).
    
    Harris: "Where's the written report from Wyle on that? Can I
    have a copy?"
    
    Barnes:  "I'd have to look for it I don't know if there was ever
    a written report by Wyle. It might have been by phone."
    
    **************
    
    
    The Truth About Rob-Georgia
    
    Everyone assured me they knew of no one named Rob. Move along.
    
    But I received an e-mail: "I think I may be the Rob in rob-georgia,"
    it said. And now I know why they didn't want us to interview
    him. I think you'll agree that his interview is worth the length,
    for the picture you get of what was really going on. If you prefer
    to skim, check the sections in blue. Citizens, meet Rob Behler,
    straight talker:
    
    Harris: What was the FTP site for?
    
    Behler:One of problems we had was an issue with the GEMS database.
    They had to do an update to it, so they just post the update
    to the web site.
    
    Harris: What was rob-georgia?
    
    Behler: I believe what that file was for, I did a -- well, there
    were a ton of holes with the programs on those machines. When
    they all came into the warehouse, I did a quality check, this
    was something I did on a Saturday. I found that 25% of the machines
    on the floor would fail KSU testing --
    
    Harris: "What is KSU testing?"
    
    Behler: "Kennesaw State University. We knew basically what they
    would be testing and the trick was to make sure the machines
    would pass the testing. So I went and checked a pallet and found
    it was bad. And I checked another, and another, and I knew we
    had a problem."
    
    
    Harris: "Was that both you and James Rellinger?"
    
    Behler: "James dealt with the network, but I was dealing with
    the touchscreen machines themselves.
    
    Harris: "What kind of problems were you seeing?"
    
    Behler:  "…One of the things we had wrong was the date wasn't
    sticking in the Windows CE. The real time clock would go to check
    the time on the motherboard, and it would have an invalid year
    in it, like 1974 or something, and basically the machine would
    continue to keep checking. Every time it checked, it saw that
    the date was not right and this put it into a loop.
    
    "They had to do an update in CE to fix all those dates. So the
    way we did that in the warehouse was, they would post whatever
    the update was  on the FTP site. James would go get the file
    and put it on the [memory] cards. Because you load everything
    through the PCMCIA cards. You boot it up using the card and it
    loads the new software.
    
    "This was done in the warehouses -- once the machines were sent
    out to the county, these updates were done just to make sure
    the machines were running correctly. I went over to Dekalb [County].
    We updated 1800 machines in basically a day and a half. I still
    remember ol' Rusty, down at the warehouse, we ended up touching
    every single machine off the pallet, booting 'em up, update it,
    we had a couple hundred machines done when in comes a new update
    over the phone.
    
    Harris: "You mean you used a modem or they called you on the
    phone?"
    
    Behler:  "No. A phone call. They'd say 'Oh no no, the way we
    had you do, that's not going to work, here's another thing to
    do. Okay, we just did a few hundred machines, now we gotta do
    it this way -- But we got it done.
    
    Harris: "Did you personally ever download anything at all from
    the FTP site?"
    
    Behler:  [it was] mostly James.
    
    Harris: "Did you work for Diebold, or James Rellinger?"
    
    Behler:  "I worked for ABSS. So did James."
    
    Harris: "What about the rob-georgia file?"
    
    Behler:  "I think they put it out there for me when we were doing
    the Dekalb thing, but I was busy managing the whole crew so,
    I had my laptop out, and one of the engineers used my laptop
    -- or maybe it was James -- one of them had to go in and get
    it from the FTP, put it on a card, make copies of the cards and
    then we used them to update the machines."
    
    Harris: "So one of the people downloaded the patch and then made
    copies of it?"
    
    Behler:  "They use my laptop. It was not secure, either. They
    just used the laptop to repro the cards. Diebold never gave us
    anything with a PCMCIA slot, then they'd tell us, 'Go download
    this,' so we'd have to get out our own laptop to do it."
    
    Harris: "Who instructed you about the FTP site?  Was it a Diebold
    employee?"
    
    Behler:  "It was Diebold."
    
    Harris: "Was it the people in Ohio or the people in Texas?"
    
    Behler:  "The people in McKinney [Texas]."
    
    Harris: "Who were some of the Diebold people? Do you remember
    any names?"
    
    Behler:  "Ian. I remember one of the guys, Ian, I can't remember
    his last name. One of the main guys we dealt with was a guy named
    Ian. He was actually involved in the design of the motherboard.
    He was very much involved in trying to figure out how to fix
    the problems. So they sent us upgrades, but then after we did
    it KSU still failed a ton of machines."
    
    Harris: "As I understand it, they send the system to Wyle labs
    for certification, and also to Ciber to test the software. But
    from what you are describing, I can't understand how the machines
    got through what they are telling us is 'rigorous testing.'"
    
    Behler:  "From what I understand they ended up figuring out that
    the cards that we were loading that fix that Diebold provided
    for us, well they were never tested, they just said 'Oh here's
    the problem, go ahead and fix it.'
    
    Harris: "So what is your opinion about the certification testing?"
    
    Behler:  "No, it's not just that. NOBODY even tested it! When
    I found that out -- I mean you can't not test a fix -- I worked
    for a billing company, and if I'd put a fix on that wasn't tested
    I'd have gotten FIRED! You have to make sure whatever fix you
    did didn't break something else. But they didn't even TEST the
    fixes before they told us to install them.
    
    "Look, we're doing this and 50-60 percent of the machines are
    still freezing up! Turn it on, get one result. Turn it off and
    next time you turn it on you get a different result. Six times,
    you'd get six different results."
    
    Harris: "Can you give me an example of different results?"
    
    Behler: "Meaning the machine does something wrong different each
    time you boot it up. One time and it would freeze on you, next
    time it would load the GEMS program but have a completely different
    type of error, like there'd be a gray box sitting in the middle
    of it, or you couldn't use a field."
    
    Harris: "Was this all due to the clock?"
    
    Behler:  "I don't know for sure. They [the machines] were not
    originally doing it. Then they fixed the real time clock, and
    it was supposed to make it work normal. It fixed the clock problem
    -- the clock problem had caused it to come up and not show the
    battery at one point. It was supposed to say either 'low battery,'
    'high battery' or 'charging.' But when the real time clock was
    messed up, you'd boot the machine and it would say 'No battery!'
    I mean, you don't have the machine plugged in, you boot it up,
    and it starts, and says it 'has no battery.' That's like saying,
    'this morning I got out of bed and I stood up and I had no brain.'
    
    "And that's how they ended up finding it, the problem. What it
    was doing was it was checking for the right time, and kept going
    back trying to get a better time, and while it was doing that,
    it was supposed to get the battery status but it was still busy
    trying to get the time.
    
    "And then when we loaded the software to fix that, the machines
    were still acting RIDICULOUS!
    
    "I was saying, 'This is not good! We need some people that know
    what this stuff is supposed to do, from McKinney, NOW! These
    machines, nobody knows what they're doing but Diebold, you need
    some people to fix them that know what's going on! They finally
    brought in guys, they ended up bringing in about 4 people.
    
    "When they left, they still did not know why it was still sporadic.
    My understanding is, after I was dismissed, they came back the
    following week. That's when they figured out what the real problem
    was. But they'd already had us do their 'upgrade' on thousands
    of machines by then."
    
    Harris: "How did this work? Did Dr. Brit Williams get the machines
    first and do acceptance testing, or did you guys get them first?"
    
    Behler:  "When the machines came in, they came to us first. They
    were in the warehouse. We assembled them. They'd come in a box
    with a touchscreen, and another box with the booth. We assembled
    the machine and we ran it though series of tests. We'd check
    the power cord, boot up the machine, check the printer, bar code
    it, update Windows CE,  then send it on to Brit. He did the KSU
    testing the L&A [Logic & Accuracy] was done at the county level,
    right before the election."
    
    Harris: "So…the L&A was not done at acceptance testing?"
    
    Behler: "It got so there wasn't time. They did it before the
    election."
    
    Harris: "How long does it take to do a Logic & Accuracy test?
    Doesn't it take like, 15 minutes per machine?"
    
    Behler:  "When we did the updates in Dekalb, they kept saying
    it would take a really long time. But they don't think about
    the different overlapping things. You can update a bunch of machines
    simultaneously. Same thing with an L&A test. You have a whole
    group of cards, they have to touch every machine. What we had
    done before, we had 10 material handlers throw the machines up
    there, use the key to open it up, stick 10 cards in, boot 'em
    all up which installs the patch."
    
    Harris: "But what about the L&A testing?"
    
    Behler:  "The L&A testing -- You would just enter, like, one
    vote and -- you just choose one -- you don't need to be specific
    on which one. When they did this L&A testing, that's when they
    did the FINAL update to the software."
    
    ...
    Harris: "So the touchscreens came and had to be assembled?"
    
    Behler:  "Of course you have to have the touchscreens assembled
    in the warehouse, and do some testing. It turned out that there
    were a lot of problems that needed to be dealt with, and they
    simply weren't dealing with them."
    
    Harris:  "How long did you work there?"
    
    Behler:  "They let me go only one month into it. The Project
    Manager let me go. He didn't like my management style. I'm very
    matter of fact. If this is wrong, fix it. I'm a simple person
    --  if something is broke, do you stand around and talk about
    why its broke for a month, or do you solve the problem?"
    
    Harris: "After your experience with Diebold, how confident are
    you that the machines count votes accurately?"
    
    Behler:  "If you were to ask me to tell you how accurate I thought
    the vote count was, I'd have to say 'no comment' because after
    what I saw, I have an inherent distrust of the machines.
    
    "I was absolutely astounded that they functioned at all in the
    election. Here's me, I'm at the polling place looking around,
    waiting for someone to get frustrated...
    
    "I took this because of  James, who is my friend, and because
    I'm A-plus certified. But when I came in there was a bunch of
    internal bickering. They had no inventory control in the warehouse.
    I guarantee you that the state of Georgia can't accurately reflect
    where each machine is.
    
    "Diebold was impressed with what I accomplished, and asked me
    if I was available for some other states they'd be doing...
    
    "The problem, what they were doing with the inventory on the
    machine was this: Inside the case is the serial number. They
    would hand write the serial number on a post-it, stick it to
    the front of the machine, and there would be a sheet hand-written
    from that list. Now, you've got 20 machines sitting on a pallet.
    The guy making the list would look at the post-its and he'd record
    all the post-it numbers on a list. Look, if you're writing numbers
    by hand, twice, by two different people, there is a real good
    chance you'll transpose some numbers.
    
    Then, they used the list for bar codes, but I would say probably
    1-2% of the machines are incorrectly bar coded. They couldn't
    track them in the Access database, because they'd punch in and
    it would say 'that number's already been used.' Then they'd check
    the machines, and they had the right number, so the wrong bar
    code was sitting on some machine that had already been shipped
    out to the counties.
    
    "Ironically, they would send a spreadsheet of all the numbers
    of the machines that they shipped straight from the factory.
    This was from the same computer that generated the labels. They
    had copies of it all along. I said, 'Hey guys, if you check these
    when they come in the door you'll never miss a label.'"
    
    "I was very down on Diebold, because they were very sluggish
    and didn't move well. I worked there from mid-june to mid-july.
    The whole time they were upgrading the software and doing some
    sort of fix to it. This was supposed to be prior to KSU testing."
    
    Harris: "What about the program patches begun in August?"
    
    Behler:  "Aug 20,  they started to put these teams together and
    go out and update the machines. You have to understand that the
    patching all started when I did the first quality check that
    Saturday. They'd never have done it. They had shipped us 6,000
    machines and NO ONE had ever done a quality check. I'd come in
    on a Saturday, I had two of my sons with me, and I thought I'm
    going to just look. And it was bad.
    
    "Then first thing Monday morning I raised the question, I said,
    'Hey guys, we've got a problem -- there's 20-25% of the machines
    that are palletized that are failing, and then  they had a new
    update come out and I was doing an update, and then they sent
    a new one. I updated a whole bunch of machines. Then they finished
    about the time I left. But later they put in another one, I guess.
    In August.
    
    "You've gotta go take care of this JS [junk shit] equipment,
    I told them. Finally, I raised it as high as you go, I raised
    it to Bob Urosevich, he's the head of it. I told him personally,
    'This is bad, I don't see us putting an election on with these
    machines!'
    
    "That's where they finally assembeld the teams. They got some
    big ol' vans we loaded up as many people as could fit in.
    
    "They were actually swapping parts out of these machines that
    were on site. They'd cannibalize a machine with a bad printer
    or whatever, they'd grab the screen off of that to put on another
    machine with a failing screen, they'd retest it. They were not
    just breaking them down, they were taking pieces off and putting
    it back together.
    
    "Even the machines that are updated, that had the right release
    of the software, exactly like the company wanted it, you'd boot
    it up and all kinds of crazy things would happen. That led to
    my belief that when voting took place, there would be problems."
    
    Harris: "Do you remember what release number it was? What version
    of GEMS?"
    
    Behler:  "Release -- I don't remember the number because what
    they did was it was always the date. I had to take it to the
    level of these testers, they knew that the machine either did
    pass the test or didn't. We'd check the date to make sure it
    was the right version.
    
    "The date was…let me see…June 28. No, the last one, the date
    that was supposed to be on there was July 5. (Note: a patch labeled
    Georgia062802.zip is on the ftp site, and when you review it,
    you will see that it contains much more than just the "Windows
    updates" claimed by Georgia officials.)
    
    "There was about three updates, the CE software, the date that
    would come up would be the last. After that they came up with
    another fix, that's the August one at that point.
    
    
    "I told Darryl Graves, the Project Manager, I told everyone at
    Diebold, 'I have zero confidence in the ability of these machines
    to perform.'
    
    Harris: "I understand that they go through Wyle testing labs
    and so forth. How in the world do so many critical errors get
    through certification?"
    
    Behler:  "When I was handling these machines, they were coming
    straight from a factory in North Carolina. That's where the actual
    touch screen was manufactured. Booths came out of California.
    We assembled the booth with the machine. That's all I know."
    
    Harris: "What do you know about the ROM chip, or whatever?"
    
    Behler:  "There's the eprom, or the flash as they call it. A
    lot of the fixes they did they could do in the flash memory.
    
    
    "If they said they tested it I'm going to tell you right now
    the software that I installed on the machine myself, they found
    out that that was NEVER tested. Okay, I don't want to get other
    people involved, but you should talk to Rellinger.
    
    "Anyway, that they had never tested it, that made complete sense
    to me, watching what was going on.
    
    "This is an example we did: We would plug it in, boot it 3 times,
    unplug it, boot it three more times. I wrote a sheet on this.
    This guy came in from McKinney, he was about the second in command.
    He's a good friend of Bob Urosevich. About second to Bob, at
    least now, he got a promotion. Greg? Something like that. He
    flew in and I went to Dekalb and I tested and together we went
    through, and we wrote down every single error, and he booted
    them himself, and was looking at the results and seeing how sporadic
    they were. and we found out of the machines we tested, about
    75% of the machines had different sporadic things. He was working
    with me and we were writing them down, we literally wrote everything
    down."
    
    Harris: "Do you have a copy of that?"
    
    Behler:  "I don't think I have it. I have some email. I'd have
    to look. I know we came back and he copied it and he -- Greg
    Lowe (spelling?) is his name. I drove him out there. Brit was
    there, KSU was doing their testing. They were bombing these machines
    out left and right."
    
    "I'm telling him, 'They're all like this.' At this time I was
    working 150 hours in 2 weeks I was there all the time with these
    machines, that's the reality of it. The techs were working overtime
    trying to fix them. We couldn't get enough from the factory because
    so many were bad. You'd get a shipment of 300, but 75 were bad,
    they couldn't put them out fast enough to replace all the defects.
    
    "It was the software, not the hardware, that's where the problem
    was.
    
    "If they're telling you they tested that, well they did NOT test
    the fixes that they did to the windows CE software.
    
    Harris: "Do you know who was writing the fixes?"
    
    Behler:  "He had a weird name. He came out of Canada."
    
    Harris: "Guy Lancaster? Josh …Talbot Iredale?"
    
    Behler:  "That's it! Talbot Iredale would actually fix it and
    say, 'Oh, here's the problem,' and stick it on the FTP site we'd
    grab it stick it on the card and make a bunch of copies and use
    it." (NOTE: You'll see the initials "tri" in the source code
    files. Talbot R. Iredale is one of the main programmers, and
    has been a stockholder.)
    
    Harris: "So you took the patches right off the FTP site and installed
    them on the machines?"
    
    Behler:  "That's what we did, he'd FTP it, and tell us to grab
    it, we'd put it on a laptop,  copy it and when you boot the machine
    --  it's just like a computer that looks at the "A" drive --
    these machines look at the card and then erase the flash, reprogram
    with whatever they said needed to be fixed -- I say, erase it
    and reprogram it with crap -- and then the whole thing would
    start all over again.
    
    "My understanding was that they figured out what was conflicting
    and James told me that Tab, well the team that came out after
    I left, they figured out what was going on, they figured out
    that when they fixed the real time clock problem they had never
    tested their fix.
    
    "The only people that that cost was Diebold, who had to pay all
    kinds of extra expenses. The rumor around the office was that
    Diebold lost maybe $10 million on the Georgia thing. I mean,
    they only sold the machines for what, $2,000, or $2,500, and
    then you have to build them and then you're paying people $30
    an hour and you are out touching 22,000 machines FOUR TIMES --
    there's no way they didn't lose money on this deal.
    
    Behler:  "You know one of the main things that really just made
    me so upset, they were just like, 'This Brit guy, don't even
    speak to him, it's a political game, you've gotta play the politics.'
    Well, he walks in and says 'What are you guys doing?'
    
    I said, 'We're putting in an update.' He said, 'Will it change
    what it does?'
    We said, 'Just do your normal test, we're supposed to get the
    machines ready for you.'
    
    He tells someone at the office and they freaked out. They were
    like, 'What the heck are you doing???'
    
    "I wasn't supposed to talk to him at all, I guess. The guy had
    a flannel shirt on, he was kicking it and he was very genuine
    and open and there we are in the same room together, but because
    I actually spoke to him I got reprimanded. They said, 'If they
    ask you any question, you gotta say 'Talk to Norma, to one of
    us.''
    
    "And then you know, ironically, later on right before I exited,
    they were scrambling for a date, they were trying to get us,
    the teams, into Fulton County to do Fulton County's 1,900 machines.
    
    "They were in the most horrific spot. The place they warehoused
    them was like 1900 machines in a little office space, there was
    no way we could get at them. The machines are like 58 pounds,
    and they had to bring them in unstack them off the pallet, restack
    on the pallet, talk about labor, talk about wasted money! It's
    like a warehouse and offices off 75, in Atlanta, I'm talking
    to this guy he's a great guy, he's from Fulton County. Him and
    I were scheduling this, figuring it out how to get to these machines
    and do the update before KSU has to test them. We cannot be doing
    this at same time as KSU because there was NO ROOM for that.
    
    Brit had been down there, he knew this. I'm talking to the Fulton
    County guy. He opens this one last door and here's this huge
    giant empty warehouse. Why didn't they put the machines out here?
    
    He says, 'Well you see over there's these boxes of county material,
    you can't be out here because there may be some sensitive stuff
    in these files. They don't want anybody near 'em. His name was
    Barney, the only Barney I've met who's black. He said, "Yeah,
    they were talking about putting a fence out here."
    
    "We could just get all the testing done at once, I thought. Whatever.
    Maybe someone could just get a security guard to watch us and
    make sure we don't get into the boxes. I go back to the office.
    Brit was there, and he says 'What's it look like for Fulton?'
    
    I said 'There's no way were going to able to get to Fulton County
    by Thursday.' I said we could probably be out there by Friday
    or Saturday. He said 'There's no way we can do it at the same
    time, you know that.'
    
    Behler:  "I think a lot of the problems they had ---- I've worked
    in billing software, and it's common to have this little thing
    wrong -- a simple little hardware change, you have to put some
    little line of code in Windows CE to make it work better. But
    the thing that blew me away was when I'm told me they'd NEVER
    TESTED THE FIX.
    
    "They produced it and got it to us in 24-48 hours. If I'd known
    they hadn't tested it I simply wouldn't have installed it! My
    background tells me that's a no-no.
    
    "I went into this Diebold thing with no real knowledge of the
    voting industry. When I left, I not only had a complete grasp,
    but I had a complete disrespect for these machines.
    
    "And with the folks in the office who were so -- you know, 'I'm
    the political person, you have to know how the system works'
    -- they were so much more concerned about their own self importance,
    they were losing track of DO THE MACHINES COUNT THE VOTE PROPERLY!
    
    "Because that's what the people in Georgia need. And I'm one
    of them!"
    
    Harris: "Who are some of the names working in that office?"
    
    Behler: "Norma Lyons and Wes Craven -- they're from Diebold,
    and Keith Long. Norma and Wes live in George, Keith was in Maryland
    before, then here, I think.
    
    "They sat in the weekly meetings on Monday. Norma had been a
    county worker doing voting for 10 years. She knew all these people
    in several counties. She was the liason between Diebold and the
    counties. They [Diebold] would tell you something important,
    and she may or may not tell you because she wouldn't know how
    important it was.
    
    "Wes was the kind of guy who needs to work for Sprint or a big
    company..."
    
    Harris: "How secure were the machines, from what you saw?"
    
    Behler:  "I'll tell you something else -- we didn't have badges
    -- people could just walk right in and get to the machines."
    
    Harris: "And that FTP site, anybody could walk right into it
    also. Even Diebold's competitors."
    
    Behler:  "Anybody who's in voting, you leave one company you
    go over there. Ooh yeah, we'll take you on. Someone comes in
    and says, 'By the way, I uploaded the source code, want to grab
    it?'"
    
    Harris: "Were there any protections to keep you from duplicating
    memory cards, or to have them serial numbered or whatever?"
    
    Behler:  "The memory cards, you can just duplicate them. You
    have to have the proper info on the card, for the machine to
    boot up, but you can just make copies of the cards."
    
    Harris: "Were there any passwords on those FTP files?"
    
    Behler:  "No."
    
    Harris: "Any passwords on the files themselves? Or the site?"
    
    Behler:  "What we got never had passwords. You just pick it up
    and use it."
    
    Harris: "Do you still have any records?"
    
    Behler:  "Emails. And James downloaded to his personal laptop,
    it's probably still on his. And probably still on mine too. Diebold
    didn't provide us with anything with a PCMCIA slot so we had
    to use our own laptops to transfer the files when they told us
    to.
    
    Harris: "When I asked Diebold if there was anyone named Rob in
    Georgia, they said no. Did they know about you?"
    
    Behler: "They knew me and they knew me well. I met Bob Urosevich
    a couple different times, and Ian, and then Greg Lowe, he got
    promoted to like almost the DFO, he was basically Bob's right
    hand man."
    
    "If you would have realized the scolding I got for actually speaking
    to Brit. The whole quality control issue, I kept having to remind
    them, I'm the one that pointed this out -- we want this to be
    right -- my goal is to just get it fixed and move on.
    
    ...
    Harris: "Do you think anybody could have tampered with a machine,
    if they wanted to?"
    
    Behler:  "Well, when we did the quality control check we'd open
    it up, they have a little box for the printer. We would find
    the key still in the printer. Someone could literally take that.
    We found cards left in the machine. I wondered what would happen
    if the wrong person got it."
    
    Harris: "I understand they did a big demonstration during the
    summer, with the machines."
    
    Behler:  "I was there when they told me I needed 1100 machines
    for a demo. I thought, 'The trick is coming up with 1100 machines
    that actually work.
    
    # # ENDS # #
    
    <http://www.blackboxvoting.com>http://www.blackboxvoting.com
    
    ** The email version of this report was distributed on Scoop's
    Sludge Report list.
    
    
    
    
    
    
    
    -------------------------------------------------------------------------
    POLITECH -- Declan McCullagh's politics and technology mailing list
    You may redistribute this message freely if you include this notice.
    -------------------------------------------------------------------------
    To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
    This message is archived at http://www.politechbot.com/
    Declan McCullagh's photographs are at http://www.mccullagh.org/
    Like Politech? Make a donation here: http://www.politechbot.com/donate/
    -------------------------------------------------------------------------
    



    This archive was generated by hypermail 2b30 : Thu Jul 10 2003 - 09:02:31 PDT