← Back to Archives

Content of Diebold memos sparks California audit

Kim Zetter of Wired drops another bomb. (I learned of this development through Joseph Holder... that man is on top of things!) In this article she reports that the California Office of the Secretary of the State is making Diebold pay "for an independent audit of all its hardware and software used in 13 other California counties to determine if uncertified components have been installed [...]."

Interestingly, the Diebold memo that sparked all of this is here (yup, that's SIMS student Ping Yee's mirror). It reads, in part:

_Hi,

Found something interesting here in Alameda County, and want to see if anyone has found this in the field. Especially those of you who are doing [...] modem upload from the precincts.

Running:
BS 4.3.11
GEMS 1.18.14
NT 4.0 6a

I am dialing the central computer's bank of modems (connected via Digi PCI
X/em) and connecting to NT's Remote Access Server.

[...]

_

_I tried pinging the AVTS unit and only get timeouts. I then tried
simulating the connection with my laptop and was able to successfully
upload. [...]
_

The relevant information here is the version number of the GEMS software (this version was not certified by the state of California yet) and the fact that this guy could transfer data and connect to one of the Diebold machines! This could be the source of strange activity in some elections and would allow someone with malicious political intent access to the pool of votes for a given election.

Other notables from the Zetter report: (read on)

_[...]

Diebold must also cooperate fully with the independent auditors and with the secretary of state's office during its investigation of the certification violation, and attend a voting system panel meeting in mid-December, when the state will review the results of the audit and determine what, if any, sanctions may be appropriate.

[...]

Kyle said the state would inventory the systems of other vendors and other counties once the Diebold investigation was complete. The state will also begin requiring all counties to maintain and submit logs of the hardware, firmware and software versions they use.

Starting in 2004, the state will also conduct random audits of voting systems to ensure that all software and hardware is certified. And in the future, the state will require CEOs of vendors to affirm under penalty of perjury that the company will not change systems without obtaining written approval from the secretary of state. Failure to do so may result in de-certification and possible criminal charges, Kyle said.

[...]

It's widely believed by voting machine makers that Secretary of State Shelley, who has previously stated his preference for electronic voting machines to offer a voter-verifiable receipt with their machines, may announce plans within a week or so to require this on voting machines used in the state.

A voter receipt would allow voters to verify that their ballot has been cast correctly before depositing the receipt into a secure ballot box to be used in case of a recount.

_

Posted by joebeone at Noviembre 11, 2003 06:19 PM