Tuesday, November 6, 2012

Heads up: Call today about unsupervised "patches" on Ohio voting machines





Brad Friedman, editor of Bradblog, who has worked for a long time on election fraud, published an article on Salon.com yesterday which spells out the questions concerning the "security patch" which Ohio Secretary of State Jon Husted, a particularly calculating vote suppressor, has - without review by any board, late in the election process - added to the computerized counting machines. This is the issue sued about by Bob Fitrakis, Harvey Wasserman and Jill Stein of the Green Party yesterday - see here. The video in his article would not reproduce in this computer program - here is the link with the video that accompanies the article below.

***

Obama has a clear lead in the polls on the swing states - enough to win easily the election. Check out the data of Nate Silver, who was amusingly interviewed last night on the Colbert Report. See here. Further, the polls do not contact many people under 40, i.e. they inadequately samples people who do not have land lines and uses only cell phones (pretty much everyone under 30 and most under 40). So that is more reason to think Obama will win decisively today.

***

But there is one dodge left for "Republican" Secretaries of State who have restored Jim Crow (see here and DemocracyNow this morning here) to disenfranchise voters who might vote for Obama. This is not a partisan difference; it is, in fact, a criminal activity criticized yesterday, as based on a fantasy of "voter fraud," even by Steve Schmidt, John McCain's campaign manager here. Yet there is good reason to suspect - the lack of an independent paper record associated with these machines which has no reason to exist except the potential for shifting/stealing votes without proof - that the election could be stolen in Ohio. I should underline: Obama can win without Ohio. It would take thefts in other states or a possible Romney come back in Virginia (he would have to squeak through in nearly all the swing states, however) to win. But it is also possible that there is some effort in Wisconsin (recall Scott Walker's performance on the telephone, when called by a faux "David Koch" about whether he should attack nonviolent demonstrations of public workers against union busting in Madison) or Iowa or Virginia or Colorado (any state with a Republican Secretary of State, let alone a Secretary of State and Governor).

***

Democratic party officials routinely talk against such possibilities - who could think anything like that? They are emotionally resistant to the possibility. But every act of voter suppression, keenly premeditated and vicious - listen again to DemocracyNow this morning here, including getting black church voters to file absentee ballots which Secretary of State Jon Husted can throw out - is indication enough that the "Republicans" will go very far to defeat that "other," the President.

Such officials are partly just talking themselves out of their own unease. The 2004 election was stolen, a point fairly widely known by now - and one has but to think about computerized voting machines with no paper trails, exit polling which deviates massively only in these cases and is then suppressed or altered (in 2004, in Ohio, Florida and Pennsylvania, with deviations of in Ohio 6.7% of exit polling from reported final vote whereas the difference for Bush's or Kerry's margins in 41 states was within three-tenths of a point), to realize that at least one Presidential election has already been stolen this way.

***

I hope that there is no attempt to steal the election through machines and through late and unauthorized changes by Secretary of State Husted. The way to make sure, however, is to protest, not to stick one's head, like a proverbial ostrich, deep in sand.

***

The Democrats and others oppose all the bizarre new Jim Crow laws (the New York Times editorial page has been very good on this - see yesterday here). But they have been weak-minded about the issue of the voting machines. Why any element of privatization is allowed about these machines - secret computer programs, sometimes reviewed by a supposedly public board of experts, is unclear. Why anyone should think that votes that disappear into a machine which leaves no paper trail is appropriate for the exercise the right to vote, the highest public responsibility each of us has, is unclear. Why this should have happened once in 2004 and even the slightest suspicion be allowed to remain about the machines is unclear.

But money talks in America, not the most core principle about American democracy and the rule of law...

***

Consider: we have to check the recorded votes against the exit polls (if we can access an honest account of them since Edison Mitofsky contracts with the news media and does not release the results independently to the public - see here). Why is there no separate, independent paper trail printed out of the vote as it occurs so that it is easily checkable, so that no vote shifting of the sort revealed in Ohio in 2004 can possibly go on?

***

One step anyone in the country can take right now is flood Ohio Secretary of State Husted with protests about his prima facie unseemly and dishonorable and potentially illegal activity. The actual vote shifting - the altering of the program on the "crown jewels" - can only occur once the votes are in. So shining a spotlight on this - and getting going on revealing any potential fraud - might be a a good way to stop them in/before the act.

***

Here is the public phone number for the Secretary of State's office:
(877) SOS-Ohio (767-6446) or in Ohio, (614) 466-2655. I just called and was immediately connected to Kathy in the election division and we had a good five minute conversation. I asked about the patches and she said they were entirely independent of the voting machines. She remarked that there was a lot of material flying around the internet about this and that there was a law suit (sort of braces the mind, I think...).

Furthermore, she said, there are two types of machines, optical scanners for those who cast a paper ballot - leaving a paper trail - and a computerized machine which has a visible paper record of each vote under the screen which the voter can see (Jefferson County, take note! - see here), records any changes the voter makes, and then keeps the record in the machine so it can be taken out and check independently.

I asked whether this paper trail could be altered along with an alteration of the overall vote. She replied that it couldn't be. I hope she is right, but it should be checked...

I also asked about Greg Palast's report on DemocracyNow this morning that black voters going from Church in Dayton Sunday went to cast their vote, but were only allowed to cast "absentee ballot." See here. Kathy replied: "Yes, that's no problem. Every vote before election day is an absentee ballot."

I asked her if there was a distinction between absentee ballots and the regular vote. She said: "no. They are counted on election day the same way."

What Palast had said, however, was that Secretary of State Husted has decided that any mistake on the ballots - meaning if you mis-fill in your address or leave your phone number blank - is sufficient reason to disqualify the ballot. And Husted is as awful, I am afraid, as Kathy is reasonable.

To her, I noted, that Palast had claimed that Secretary of State Husted throws out a disproportionate number of absentee ballots.

She recommended I speak to somebody else - Mallory in constituency affairs and policy - who knows more about this tomorrow and said rightly that she needed to help Ohio voters vote.

I said that I teach this stuff, that I am concerned about the matter, that it is very important that Ohio be spotless in this regard (read Brad's report and plainly nothing like that is true), and could she please convey my skepticism to Mr. Husted. She said she would.

I think it is fine to call this number and register some questions. With different stakes, I would have said: leave them alone for voting except that the issue about the fraudulence of the voting machines is so important and tonight is the night when the election in Ohio is stolen, if it is to be stolen. So call...

It was clear that the law suit has already accomplished a great deal, and Fitrakis, Wasserman, and Jill Stein deserve congratulations from all of us for acting quickly about this.

***

In addition, there is email today if the line gets busy: http://www.sos.state.oh.us/sos/agency/ContactUsAgency.aspx

These are form letters, however, which are comparatively easy to ignore. But the maximum scrutiny and ingenuity about getting the spotlight on them - it would be good, for instance, to have a demonstration about these issues even while voting is going on in Ohio as yesterday there was a press conference about the law suit - would be very helpful.

***

Here are phone numbers - haven't tried them yet - for employees of Governor Kasich, who really deserves a spotlight also - and Lt. Governor Mary Taylor:

Governor John Kasich
Riffe Center, 30th Floor
77 South High Street
Columbus, OH 43215-6117
Phone: (614) 466-3555

Lt. Governor Mary Taylor
Riffe Center, 30th Floor
77 South High Street
Columbus, OH 43215-6117

***

Letters to newspapers in Ohio might also be a good idea.

***

Let this be made a non-issue, if it can be...

***

Is the GOP stealing Ohio?
Uncertified, "experimental" software patches have been installed on machines in 39 counties of the key swing state VIDEO
BY BRAD FRIEDMAN

Jon Husted (R), Ohio Secretary of State. (Credit: AP/Jay Laprete)

Last week, Bob Fitrakis and Gerry Bello at FreePress.org reported an important story concerning what they described as “uncertified ‘experimental’ software patches” being installed at the last minute on electronic vote tabulation systems in 39 Ohio counties.

The story included a copy of the contract [PDF] between Republican Ohio Secretary of State Jon Husted’s office and ES&S, the nation’s largest e-voting system manufacturer, for a new, last-minute piece of software created to the custom specifications of the secretary of state. The contract itself describes the software as “High-level enhancements to ES&S’ election reporting software that extend beyond the current features and functionality of the software to facilitate a custom-developed State Election Results Reporting File.”

A subsequent story at the Free Press the following day included text said to be from a Nov. 1 memo sent from the Ohio secretary of state’s Election Counsel Brandi Laser Seske to a number of state election officials confirming the use of the new, uncertified software on Ohio’s tabulator systems. The memo claims that “its function is to aid in the reporting of results” by converting them “into a format that can be read by the Secretary of State’s election night reporting system.”

On Friday evening, at Huffington Post, journalist Art Levine followed up with a piece that, among other things, advanced the story by breaking the news that Fitrakis and his attorney Cliff Arnebeck were filing a lawsuit for an immediate injunction against Husted and ES&S to “halt the use of secretly installed, unauthorized ‘experimental’ software in 39 counties’ tabulators.” Levine also reported that Arnebeck had referred the matter to the Cincinnati FBI for criminal investigation of what the Ohio attorney describes as “a flagrant violation of the law.”

“Before you add new software, you need approval of a state board,” says Arnebeck. “They are installing an uncertified, suspect software patch that interfaces between the county’s vote tabulation equipment and state tabulators.” Arnebeck’s alarm is understandable.

Since the story initially broke, I’ve been trying to learn as much as I could about what is actually going on here. During that time, a few in the mainstream media have gotten wind of the story as well, including NBC News and CNN, and have been able to press Husted and other officials in his office into finally responding to the concerns publicly. The Ohio officials have attempted to downplay the concerns, though in doing so they appear to have given misleading information which, at times, seems to conflict even with the contract itself.

I’ve also spoken to computer scientists and election integrity experts, in trying to make sense of all of this, though many of them seem to be scratching their heads as well. My own queries to the Secretary of State’s office have gone unanswered, as had Fitrakis’ and Bello’s before they published their initial story, begging the question as to why, if this software is as benign as Ohio officials are suggesting, they didn’t respond immediately to say as much. Furthermore, why did they keep the contract a secret? Why did they wait until just before the election to have this work done? And why did they feel it was appropriate to circumvent both federal and state testing and certification programs for the software in the bargain?

I’d like to have been able to learn much more before running anything on this at all, frankly. But the lack of time between now and Tuesday’s election — in which Ohio’s results are universally believed to be key to determining the next president of the United States — preclude that.

So, based on the information I’ve been able to glean so far, allow me to try to explain, in as simple terms as I can, what we currently know and what we don’t, and what the serious concerns are all about.

And, just to pre-respond to those supposed journalists who have shown a proclivity for reading comprehension issues, let me be clear: No, this does not mean I am charging that there is a conspiracy to rig or steal the Ohio election. While there certainly could be, if there is, I don’t know about it, nor am I charging there is any such conspiracy at this time. The secretive, seemingly extra-legal way in which Secretary of State Husted’s office is going about whatever it is they are trying to do, however, at the very last minute before the election, along with the explanations they’ve given for it to date, and concerns about similar cases in the past, in both Ohio and elsewhere, are certainly cause for any reasonable skeptic or journalist to be suspicious and investigate what could be going on. And so I am …

The Contract

The first 13 pages of the 28-page contract [PDF] is largely boilerplate legal stuff. The actual “Statement of Work” in the contract, signed on Sept. 18, 2012, by ES&S and on Sept. 19 by Assistant Secretary of State Scott Borgemenke — less than two months before this year’s presidential election — describes the software that is to be created for the state by ES&S, beginning on Page 17.

Here’s the beginning of the “Overview” section, describing the scope of the work, which I’ll try to unpack just below it, for non-geeks…

In short, the contract is for an application called EXP, which exports voting results into a specific format after the data from the central tabulator has been organized by the ES&S Election Reporting Manager (ERM). The ERM program itself directly accesses the main tabulator database and the results are then exported, by EXP, to a text-based file.

The text-based file is then sent by the county, via some unspecified means, to the secretary of state for import into its Election Night Reporting System, which is subsequently made available on the Web, where it will be viewed by the media and the rest of the world as the “results” of that day’s election in Ohio.

The unencrypted text-based file created by EXP is a simple CSV (Comma Separate Values) formatted file, which includes field names and values separated by commas, as culled from the tabulated results database. Pages 26 and 27 of the contract detail the specific format for the plain text files created by EXP. Here’s an example:

The Secretary of State’s Explanations

Last last week, a public response was finally offered to Ugonna Okpalaoka of theGrio, an African-American-centric website published in partnership with NBC News.

Okpalaoka write: “Matt McClellan, a spokesman for the Secretary of State’s office, told theGrio that no patches were installed, describing instead a reporting tool software meant to ‘assist counties and to help them simplify the process by which they report the results to our system.’”

McClellan’s reported claim that “no patches were installed,” but rather it was simply “a reporting tool software” to assist counties, seems to be in direct contradiction with the contract itself.

At the bottom of Page 17, the contract states that “the current ES&S ERM Results Export Program (EXP) product version 2.0.6.0″ will be “modified to meet the Customers request.” The contract goes on to say that it “shall be modified” into two different EXP versions, 2.0.7.0 and 3.0.1.0, to work with two different versions of the ERM software variously installed in different Ohio counties.

It’s not entirely clear how the new version of EXP will differ from the existing one, though the contract specifies the older version created XML-formatted files instead of plain-text CSV files. The new version of the EXP program is installed onto the tabulation computing systems of the Ohio counties, which use the ES&S system, so this updated version is a new version of the existing software. It is either a “patch” or an upgrade or a new installation. Distinguishing between those descriptions, in this case, seems to be a distinction without a difference made by McClellan. In either case, it’s new software being applied onto the existing central tabulation system computers, without either state or federal certification, just days before the 2012 presidential election.

By describing it as “experimental” software, it seems the state is attempting to skirt the legal requirements for state testing and certification by the Ohio Board of Voting Machine Examiners. But more on that in a moment.

According to Pam Smith, president of the nonpartisan watchdog group VerifiedVoting.org, her organization also sought explanations for the last-minute software changes from the secretary of state’s office.

She tells me that she was told that “the Secretary of State team installed the EXP tool” themselves in the counties that use the ES&S system. “It was not left to the counties to figure out the installation or the configuration.”

Moreover, she stressed, she was told the software “does not get installed on voting machines.”

But that makes little difference, since the software is installed directly onto the central tabulator machines, where it can affect — either accidentally, or by design — the main results of an entire county’s election. Software residing on the central tabulation systems is, in fact, far more dangerous than software on the voting systems, since it can have direct access to the entire set of county election results.

Jim March, a longtime Libertarian election integrity and software expert, as well as a member of the Pima County, Ariz., Election Integrity Commission (which serves as an official advisory body to the Pima County Board of Supervisors), and a founding and current board member of BlackBoxVoting.org, is highly suspicious of the last-minute installation of software.

In an affidavit [PDF] submitted to Fitrakis and Arnebeck for their legal case, March says he believes “that this custom software is not necessary for the conduct of elections and is in fact highly dangerous.”

March has been involved in numerous cases involving suspicious elections and election software. In 2005 he received part of a multimillion-dollar settlement from Diebold as the result of a qui tam case with the state of California, after it had been discovered that the company had secretly installed uncertified software on its voting systems in the state. The secretary of state decertified the systems as a result.

“What ES&S has chosen to do here is extremely dangerous and exactly what you’d want to do if you wanted to plant a ‘cheat’ onto the central tabulator,” March says in his affidavit.

On Saturday night, Secretary Husted himself attempted to downplay the matter during an interview with CNN’s Don Lemon, explaining that there was no danger in installing the software on the county’s tabulation systems. MSNBC’s “Ed Show” played that part of the exchange with the secretary, as well as a response to it from Democratic Ohio state Sen. Nina Turner.

As Husted explained to Lemon: “The reporting system and the counting system are not connected in any actual way. And the results that anybody can get at home on their computer are — they’re going to get them at the same time that I do on election night. So we have a very transparent system.”

The “transparency” of a system that counts votes in secret and features a secretly installed piece of software that skirted normal certification procedures aside, March’s affidavit disputes Husted’s explanation about the separation between the reporting and counting systems.

“Their custom application … would have full contact with the central tabulator database on both a read and write basis, while running on the same computer as where the ‘master vote records’ (the central tabulator database — the ‘crown jewels’ of the whole process) are stored,” he says.

“Under this structure a case of accidental damage to the ‘crown jewels’ of the election data is possible. A case of deliberate tampering of that data using uncertified, untested software would be child’s play.”

He describes the process as “criminally negligent just from a standpoint of data security.”

State Sen. Turner was similarly suspicious: “They should not be experimenting in a presidential election. You know the secretary of state had previous years to try to experiment.”

Indeed, one of the unanswered questions we sent to the secretary of state asked why they waited until Sept. 18 to begin this contract, since Husted’s been in office fore nearly two full years, and they’ve carried out many elections, of lesser import than a presidential election since that time during which this software could have had a trial run. Furthermore, we asked, how did they manage without it until now during both his tenure and that of his predecessors?

We received no reply to that and a number of other related questions.

When theGrio asked a similar question, as to why they waited until “so soon before the election” to commission the new software, they were told by McClellan: “I’m not sure the exact timeline of that, but I know we’ve been working with the counties for the past couple of months on getting these in place, testing them to make sure they work properly, and working with the vendors as well.”

There was another point reported by theGrio that seems to be in direct contradiction to the contract between ES&S and the secretary of state, and it’s a troubling one.

They report: “McClellan said the tool serves to cut down on the amount of information precinct workers would have to key in by hand by allowing the results to be output onto a thumbdrive and uploaded at once into the Secretary of State’s system.”

But the contract specifically notes at the top of Page 21 that “Automated uploading or sending of the State Election Results Reporting file” is “outside the scope” of the software called for in the agreement, and that “It is a manual process to upload or send the results file.”

That would seem to contradict McClellan’s claim that the converted file created by the EXP program is “output onto a thumbdrive and uploaded at once into the Secretary of State’s system.”

The way in which that file is sent to the secretary of state, as noted, remains unknown. Moreover, if a plain text file is sent via email, or other similar Internet transmission, it can easily be intercepted and changed before it ever even reaches the SoS Election Night Reporting System. Such an attack is sometimes described as a “Man-in-the-Middle” attack.

Verified Voting’s Smith explained that she had been told that results files from the state’s other e-voting systems made by Diebold and Hart-Intercivic already created files in the format that EXP was being modified to create. Thus, she said, all of the files would be in the same format for uniform import into the Election Night Reporting System.

Another question I’d asked of Husted’s office was, if all that EXP did was simply convert files from one simple format to another, wouldn’t it have been far less dangerous to install the software once at the secretary of state’s office and simply convert files there for the Reporting System, after they’d been sent to them by the counties, rather than install 39 uncertified pieces of software on 39 different central tabulators in 39 different Ohio counties just days before the 2012 presidential election?

I received no answer to that question either.

History and Reason for Concern

Writing in the Oct. 5, 2006, issue of Rolling Stone, Robert F. Kennedy Jr. in “Will the Next Election Be Hacked?” described a suspect election that took place in Georgia in 2002, just after Diebold’s electronic touch-screen voting systems had been deployed for the first time across the entire state.

“Six days before the vote,” Kennedy writes, “polls showed Sen. Max Cleland, a decorated war veteran and Democratic incumbent, leading his Republican opponent Saxby Chambliss … by five percentage points. In the governor’s race, Democrat Roy Barnes was running a decisive eleven points ahead of Republican Sonny Perdue. But on Election Day, Chambliss won with fifty-three percent of the vote, and Perdue won with fifty-one percent.”

To this day, Election Integrity advocates cite that 2002 election as suspect, along with the curious software “patch” they later learned was secretly applied to the state’s electronic voting system earlier that year.

In his article, Kennedy quotes Diebold contractor Chris Hood, who was directly involved in the installation of the systems across the state, as describing Diebold Election Systems Inc. president Bob Urosevich personally distributing the software “patch,” which was covertly installed on more than 1,200 Diebold touch-screen systems that year.

No one will likely ever be able to prove that the November 2002 election was rigged, but that infamous software “patch,” along with the anomalous election results from 100 percent unverifiable voting systems (which are still in use today across the state of Georgia and in many other states) has cast an everlasting cloud of suspicion over that election.

Similarly, there remains a dark cloud of suspicion over the 2004 presidential election in Ohio itself, the last one run under the administration of a Republican secretary of state, when blatant voter suppression tactics, ballot tampering, unprecedented counting room lockdowns due to phony Homeland Security “terror warnings,” criminal manipulation of the post-election recount, as well as concern about a possible “Man-in-the-Middle” hack of the state’s Election Night Reporting System have long cast a shadow of doubt over the reported results.

The BRAD BLOG was honored with an award from Sonoma State University’s 36-year old investigative reporting project Project Censored for some of our coverage of the mysterous death of Ohio-based GOP IT guru Michael Connell.

In 2004, Connell designed and created Ohio’s Election Night Reporting System for then Secretary of State J. Kenneth Blackwell. It was later discovered, ironically enough by Ohio’s investigative journalist Bob Fitrakis and the Free Press, that the results the world were watching on the Web that night, as it became clear that the winner of the Buckeye State would determine the presidency, had been diverted from Ohio down to the servers of a far right-wing company in Chattanooga, Tenn., called SmarTech in the middle of the night.

Computer analysts and security experts, including a Republican who worked with Connell, have speculated, with a fair amount of evidence to support their case, that there could have been a “Man-in-the-Middle” attack that night, in which someone changed the results of the election between the time they were tabulated at the county level and before they appeared on the secretary of state’s website later that evening, as it was then being run out of SmarTech’s servers in Tennessee.

We may never know if that actually occurred, though schematics unearthed during an election fraud case against Blackwell detailed how Connell’s system allowed for “Man-in-the-Middle” access to change the results before they were reported to the world. Despite a federal court order to retain all of the ballots from the election, some or all of them were destroyed in 56 out of 88 counties, so it became impossible to compare the reported results with the actual ballots cast during the 2004 election.

Connell can no longer discuss the matter. He was killed when he crashed near the Columbus airport in his single-engine Piper Saratoga on his way back from Washington, D.C., for his company’s Christmas party in December of 2008. One month earlier, on the Monday before the 2008 presidential election, a federal judge compelled Connell to sit for a deposition in the 2004 election fraud case in which the attorneys believed the man who created the George W. Bush and John McCain campaign websites, as well as the now-infamous secret email system for the George W. Bush administration, held the key to an alleged conspiracy to steal the 2004 election in Ohio for Bush.

Whether or not a similar scheme could be in the works in 2012 is certainly unknown. To be clear, once again, I am alleging no such thing. I am simply reporting the facts that I know, and those that I do not.

Nonetheless, questions about a last-minute secret software patch to be used across multiple counties in Ohio, one that now resides on vote tabulation systems and is said to produce easily modifiable text files to be uploaded to a very partisan secretary of state’s Election Night Reporting System, certainly have a familiar, and to some, a chilling ring just over 24 hours before the next presidential election could well be decided in the Buckeye State.

As the Free Press notes, “Government reports such as Ohio’s Everest study [PDF] [the landmark analysis of the state's electronic voting systems by world class academic and corporate computer science and security experts, commissioned by Husted's Democratic predecessor Secretary of State Jennifer Brunner] document that any single change to the system could corrupt the whole voting process.”

Late on Sunday, in a new update from Bello and Fitrakis at the Free Press, the pair describe that “The potential federal illegality of this software has been hidden from public scrutiny by the Secretary of State’s Election Counsel Brandi Seske.” They report that a Sept. 29 memo from Seske describes “de minimis changes” in the ES&S software that allowed for use of the software updates without state testing. “De minimis,” they explain, “is a legal term for minute.”

And yet, they go on to cite a memo from the U.S. Elections Assistance Commission, the body tasked with certifying electronic voting and tabulation systems at the federal level, dated February 8, 2012 entitled “Software and Firmware modifications are not de minimis changes.”

“Ohio election law provides for experimental equipment only in a limited number of precincts per county,” they report. “Installing uncertified and untested software on central tabulation equipment essentially affects every single precinct in a given county.”

“The method of execution chosen,” for this effort, notes March in his affidavit for the Fitrakis/Arnebeck injunction lawsuit, “is unspeakably stupid, excessively complex and insanely risky. In medical terms it is the equivalent of doing open heart surgery as part of a method of removing somebody’s hemorrhoids. Whoever came up with this idea is either the dumbest Information Technology ‘professional’ in the US or has criminal intent against the Ohio election process.”

Ernest A. Canning contributed research to this report.

Investigative journalist and broadcaster Brad Friedman is the creator and publisher of The BRAD Blog. He has contributed to Mother Jones, The Guardian, Truthout, Huffington Post, The Trial Lawyer magazine and Editor & Publisher.

No comments:

Post a Comment