Tuesday, April 04, 2006

Warning to Election Officials: Diebold Making Unannounced Visits To Their Machines

Please forward to your local elections officials:


Warning: Black Box Voting has received credible first-hand reports from multiple states that Diebold is making unannounced visits to counties, sometimes when the elections supervisor is out of town. Diebold has prevailed on assistants and managed to gain access to the voting equipment.

Elections employees report to us that their questions to Diebold are not being answered to their satisfaction.


Here is what to look out for, and why this is so important:


1. Program changes: Watch very carefully whether Diebold puts a card into your machine and boots it up. Alert your staff to be on the lookout for this. By inserting one card, either the operating system or the voting software can be altered. Inserting two cards can change both.

Such changes can hide evidence of the kind of security vulnerabilities found by Harri Hursti and Security Innovation Inc. in Emery County, Utah. However, replacing the operating system and programs does not ensure the integrity of your machines, since the security vulnerabilities found appear to be able to survive overwriting both the operating system and the programs.


2. Swapping out equipment or components: We have credible reports that Diebold has swapped motherboards in some machines. We have less firm reports that Diebold has made reference to repartitioning memory and/or other adjustments. Either swapping the motherboard or repartitioning could obscure evidence of programming that shouldn't be there, and/or introduce new vulnerabilities to your system.


3. Swapping or recording serial numbers. The Diebold serial numbers do not appears to be burned into the machine/motherboard itself, but are simply affixed with a plate that can be replaced.

You should, immediately, photograph each of your machines' serial numbers.

Diebold denies that they have sold used equipment. However, a recent response from Deborah Seiler, the former Diebold sales rep who is now Elections Registrar for Solano County, California, gives a perception that someone is not being forthcoming.

Solano County used the Diebold TSx for one election and then rejected the system. Seiler, who took office shortly after Solano rejected the Diebold equipment, has reportedly responded to a public records request for the Solano County TSx documents containing the serial numbers that the documents were given back to Diebold and that Solano County no longer has them.

Diebold's odd explanation in Utah, that there were perhaps Chinese or Asian fonts on touch-screens delivered to Utah, would be consistent with selling machines from California. There were some 800 to 900 TSx machines, apparently, rejected by Solano County.

Black Box Voting encourages all recipients of "new" Diebold TSx machines to log serial numbers immediately, photograph or videotape them, and do so before Diebold arrives to visit your machines if at all possible.

It would be a good idea to take the keys to the voting machine storage facility with you when you are not in the office. Advise your staff not to allow Diebold to access your machines without your presence.


If Diebold comes to visit your machines, you are advised to tape record, videotape, and have several witnesses present to observe exactly what they do.

Better yet, tell them you need a written work order specifying what they will be doing in detail before you authorize it, and stand over them to observe during any access to any part of your system.

Diebold is a private company. As soon as you took delivery on your system, you have the responsibility to be in control of it and observe at all times. You are under no obligation to allow a vendor access (even if your state has mandated that you take these machines).


The upcoming security report, along with the testimony of Wyle Labs at the California Senate Elections Committee hearing last week, provide clear indications as to why preservation of your system AS IT WAS DELIVERED TO YOU should remain "as is."

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home