Top To Bottom Review : FAQs
The following are a few responses to criticisms of Secretary Bowen's top to bottom voting systems review.
Didn't the Red Team have access to the source code?
This is not a game of gotcha. These were serious, professional studies designed to find out fully and exactly what we are dealing with. To plug as many holes as possible, you have to know everything you can about the computers. This is what the UC team is trying to do, which is why they needed the source code. What is lacking was enough time to complete their professional work.
Secretary Bowen :
"The idea of analyzing the base of the system itself to determine, first, whether it's secure and then to determine whether the system can be made secure by adding non-technological safeguards is not a new concept. It's actually a concept we use in our everyday lives. And best analogy I can provide you with comes from something we're all familiar, the roofs over our head. If you have a leaky roof, you can certainly mitigate the problem by putting a tarp on the roof every time it rains or by running around setting up buckets in your house to catch the water, or in certain rooms this building when it rains. But if you call a roofer out to take a look, the roofer is not going to look at the areas where you have not mitigated the impact nor is the roofer going to look at the tarp and the buckets. The roofer is going to look at the structural integrity of the entire roof absent buckets and tarp. Then it will be up to you to determine whether you want to pay for a whole new roof, patch the roof, move, or take whatever actions you feel are necessary, so that you wind up with a roof that does the job that you need it to do. And that's what we've asked the UC teams to do, look at the structural and technological integrity of these systems to determine whether there are security flaws or vulnerabilities that prevent the systems from doing what we need them to do, conduct secure, accurate and reliable elections on equipment that is accessible to all voters."
- July 30, 2007 public hearing (transcript,
The Sequoia red team report stated at the end : "All the attacks described in this report can be carried out without any knowledge of the source code." (pg 12).
Diebold's source code is already out on the Internet. So the source code is available to anybody who wants it. The default encryption code has not changed for at least 10 years.
The most damaging type of attack is that of an insider on the central tabulator databases. This is relatively simple to do, can take less than 90 seconds, and traces of the attack can be erased. Sequoia and Diebold use standard Microsoft databases running on MS Windows. The Red Teams had no access to the Microsoft source code, yet ware able to change these critical databases anyway. Please note that former Monterey County registrar Anchundo is was sent to jail for being a crook as are two Ohio officials. Conclusion : insider threats are not just theoretical.
Screwdrivers and minibar keys have no source code, yet the red team was able to work their way around security tapes and locks and break into the machines, at which point they could control the entire machine. It would take at most a few minutes to plant a virus or trojan horse that could be carried back to the central tabulator. Since thousands of machines "sleepover" at polling stations at least one night before the election, that gives people with access to the garage or union hall where they are stored more unfettered access. To do real damage to democracy, you do not need a PhD in computer science to slip a card into a slot, only access to one single machine.
Was the testing conducted not using "real world" conditions? This is like seeing if you can break into a bank without guards and tellers.
A bank could be guarded by the US Marines. Yet they would do little good if there are holes in the bottom of the safe to tunnel into. This is what the computer scientists were looking for. They found so many holes the "safe" looks like swiss cheese. The "tunneling" part is not that hard; there are thousands of programmers who can do it. The "bank" it could look more like an ant hill.
Poll workers are overworked (15+ hour days) poorly trained, and overwhelmed (videos). We cannot rely on thousands of temps to keep track of tens of thousands of machines and cards all of the time. Over 400 memory cards were "lost" in Chicago in 2006, 70 memory cards were "lost" in Cleveland. All a hacker needs is 1 card for a few minutes.
A "real world" test would have to include thousands of cards and machines being kept overnight in garages and car trunks, 90 year old poll workers working a very long day (some of whom don't show up), cranky co-workers and voters, machines breaking down, slow boring periods, and periods with lines of 100 people waiting to vote. Oh, and you would have to give the attack team $1 million, to see if they can bribe or blackmail insider county election employees. Or maybe they could get a hacker at Diebold or Microsoft to do something "interesting" with one of the horribly cryptic patches that are regularly downloaded onto the voting machines. In other words, the only way to have real world conditions is during a real election. But that would be illegal.
Registrars have had plenty of opportunity to test these systems. Alameda and Riverside counties were offered free services to do so. They backed down because the registrars are not really interested in testing, only in complaining when a responsible official finally does her job right.
Won't the tamper-evident seals will show if a system has been broken into?
The red teams, as well as Bev Harris, have demonstrated that it is possible to sidestep or replace tamper-evident band-aids with new ones. With the proper resources (bribes), it should also be possible to obtain duplicates of seals with serial numbers on them and replace the previous ones after opening the machine up.
Experience has shown that poll workers themselves pull the seals off. (Watch about 30 seconds into this short PBS video.)
The machines are taken out to the polling places days or weeks ahead of the elections, giving potential hackers plenty of time to work into the machines.
Isn't the idea that elections can be stolen is just theoretical?
That the levees of New Orleans would break was just theoretical, until they broke. Then the politicians who ignored the engineers went into fingerpointing mode. We now have in Secretary Bowen a responsible public official
enough to understand the engineers, and wise enough to act before our elections are seriously broken.
While nobody has freely confessed yet to committing a felony when they can erase all the evidence, there is
so much smoke coming from so many different sources, that failure to act would put our government at risk.
Every time citizens want access to the computerized evidence, our government stonewalls them (eg:
Alameda County), claiming "trade secrets" are involved.
"... paper trails have never been used to check a disputed election result in California, primarily because they're so expensive to count. A challenger must put up $50,000 for a paper-trail count in any state legislative or congressional district, forfeited if the original outcome stands up. So no one has demanded a full paper-trail count in a state race since electronic voting began." (Daily Breeze)
When citizens finally got a recount in Cuyahoga County, Ohio, officials rigged the recount.
To make the wild claim that there is no proof that elections have been stolen is similar to claiming that is no proof that terrorists are bringing weapons through out ports, so everything is OK. This is both naive and irresponsible.
Doesn't the fact that Secretary Bowen recertified these machines means that they are safe?
That Secretary Bowen has ordered a 100% recount of every vote cast on a touchscreen DRE is not a vote of confidence in these machines. She has ordered the tightest security restrictions ever, and will require by far the most thorough auditing in the country. This is a compromise made necessary by the fact that the February, 08 elections must go forward. You can expect to see more from her office in the future, as she works to fulfill her oath to protect and defend the constitution of the United States.
Isn't this is a political stunt by Secretary Bowen to get publicity?
If Secretary Bowen had been interested in publicity, she would have held her press conference by 3 PM in order to get on the evening news. Instead, she held it shortly before midnight on a Friday, after she had assured herself that the certification documents had been carefully prepared.
Secretary Bowen is known in Sacramento for her intelligence, intitiative and integrity. She is not a political grandstander.
Debra Bowen's campaign for Secretary of State was about cleaning up our voting systems. Conducting a review was a promise of her campaign. She has kept that promise. This is exactly why the people of California elected her.
Nobody, and no machine, should be counting votes in secret.
For further information, email Jim Soper at :
May 24, 09