Subject: BBV Exclusive: Utah testing of the Diebold touch-screen
reveals new problems
Emery County Clerk Bruce Funk has been running elections for 23 years.
He was quite content with his optical scan system. The state of Utah thought otherwise: On Dec. 27, Funk took delivery on 40 Diebold TSx touch-screen machines, part of a statewide directive.
>> "I had concerns about Diebold," says Funk, "but I thought, 'If the
>> state is going
>> to mandate it, then I guess they'll assume responsibility if anything
>> goes wrong.'"
>> Not so. He soon learned that he will be responsible but the state
>> will decide
>> what election system will count the votes.
>> "YOU'RE GOING TO HATE MY GUTS ON ELECTION DAY"
>> Funk's concerns escalated when he heard a particularly unusual
>> by Diebold sales rep Dana LaTour.
>> "Some of you are going to hate my guts on Election Day," she said to
>> assembly of elections officials. Later, another Diebold
>> representative named
>> Drew was asked what LaTour meant when she said "Some of you are going
>> to hate my guts..."
>> "We're going to have problems on Election Day, and we're just going
>> to have to
>> work through them," he said.
>> FAILURES RIGHT OUT OF THE GATE
>> Shortly after Funk received his "brand new" TSx machines, Diebold
>> helped him
>> do acceptance testing. Two of the 40 machines promptly failed the
>> test. Diebold
>> arranged to take them away.
>> The remaining machines showed several defects -- crooked paper feeds
>> that jam,
>> memory card bay doors that wouldn't close, parts getting stuck,
>> coming loose, falling off.
>> TAKING A CLOSER LOOK
>> Funk thought it might be a good idea to take a closer inventory.
>> He booted each machine up to check the battery. Some of the machines
>> marked with little yellow dots, and he got to wondering about that,
>> too. He studied
>> the screen messages, and noticed something very odd.
>> Most machines had about 25 MB of memory available, but some had only
>> 7 MB of
>> free memory left. One had only 4 MB of available memory. For
>> perspective, the
>> backup election file generated by the Diebold TSx is about 7.9 MB.
>> Now why would
>> brand new voting machines have used-up memory?
>> TIME TO GET A MORE IN DEPTH EVALUATION
>> This prompted Funk to seek an evaluation. He asked Black Box Voting
>> to help
>> him analyze his voting system.
>> After several consultations, Black Box Voting determined that the
>> nature of the
>> problems in Emery County might be systemic and might be national in
>> Therefore, we arranged for and underwrote the services of Harri
>> Hursti and
>> also Security Innovation, Inc.
>> Neither Funk nor Black Box Voting were prepared for the depth and
>> breadth of the
>> problems discovered. Based on these discoveries we will begin with a
>> series of
>> articles followed by concise, but more formal reports.
>> PART I
>> Hursti quickly determined the three most likely causes of the low
>> memory problem:
>> 1. There might be completely different software in the machines with
>> low memory.
>> 2. Some machines might contain different external data
>> 3. Or, some of the machines might have been delivered with natively
>> amounts of memory available.
>> Hursti approached issue #2 first. If the used memory was due to
>> external data or
>> archived election files stored on the system, he reasoned, removing
>> any such files
>> would clear the memory. He discovered that some of the machines did
>> contain test
>> election data, and he deleted the extra data. This produced only a
>> small improvement
>> in available memory, however.
>> As for issue #1, different programs on the machines -- or, the
>> existence of something
>> stored in memory which is hidden, such a find would obviously be
>> Issue #3, the possibility that some machines had different amounts of
>> memory left in
>> their life cycle, is particularly troubling. The technology choice
>> Diebold made -- memory
>> storage consisting of flash memory, which is known to degrade over
>> time -- carries
>> with it a possibility that used machines will be near the end of
>> their memory life cycle.
>> If such machines were delivered to Emery County as "new," this would
>> be like buying
>> a "new" car with 100,000 miles already on it.
>> The only thing that was known about the cause of this problem was
>> that there were
>> different amounts of memory. The reason remained to be discovered. In
>> the course of
>> evaluating the reason for the low memory, we learned much more about
>> the TSx.
>> IS THERE AN INFRA-RED PORT FOR REMOTE COMMUNICATIONS?
>> Hursti also examined the remote communications capabilities of this
>> system. He found
>> no infra-red (IrDA) ports.
>> "The whole thing here is that it's network aware even when RAS is not
>> running. You're
>> not dialing out and it's network aware. And it's actually configured
>> to use an Ethernet board..
>> .It's all the time network aware...Perhaps all you need is this
>> Ethernet cord and a wireless
>> cord inserted and off you go."
>> Of course, the software would need to be installed for this kind of
>> Unfortunately, we could find no way for elections officials to find
>> out whether inappropriate
>> software is in the touch-screen.
>> "I haven't asked any 'pins' (Personal ID Number). It hasn't been
>> hostile to me at all.
>> It's a very friendly guy," Hursti reports.
>> Hursti made a number of observations about the touch-screen, and
>> connected it to
>> his laptop for further "conversation."
>> In the interest of brevity, we will return to this issue in a later
>> article in this series.
>> A "SHOCKING" DISCOVERY
>> It's common for polling places to have too few outlets for a bank of
>> voting machines.
>> The normal cure is to set up hook the computers up in a daisy-chain
>> configuration, with
>> one plug to the wall, and the rest of the plugs linking voting
>> machines together.
>> Diebold's output plug falls out readily, exposing live 110 volt wall
>> outlet power on
>> bare wires.
>> This happened on every TSx we tested, and presents a significant
>> safety hazard for
>> poll workers, especially the elderly. According to Hursti, the
>> electrocution might only
>> result in a burned hand, and probably wouldn't be fatal.
>> This is a design flaw worthy of a general recall for standard
>> consumer and office electronics.
>> DIEBOLD: DOWN FOR THE COUNT?
>> While analyzing the memory storage problem, Hursti discovered a
>> critical security
>> hole in the foundation of the touch-screen. Then he found another in
>> the "lobby,"
>> and another on the "first floor." Taken together, these present a
>> potentially catastrophic
>> security hole.
>> These are not programming errors, but architectural design decisions.
>> Black Box Voting is turning the "road map" of the most dangerous
>> security findings
>> over to the proper authorities. We won't let anybody sit on this for
>> very long because
>> elections are looming and elections officials need to know what to do
>> A concise and more formal report will be released in a few weeks, and
>> this will
>> discuss the procedures for preparing a recovery path for these
>> security holes.
>> TWO THINGS WE HAVE LEARNED ALREADY:
>> 1. Source code reviews alone are NOT sufficient. Access to fully
>> systems MUST accompany source code reviews.
>> 2. Honest election officials and citizens again take the lead in
>> learning the truth
>> about voting machines. We ask for maximum public support for Bruce
>> Funk, who
>> showed courage and commitment to responsible elections. The important
>> effective work of Utah voting integrity advocates Kathy Dopp
>> (http://www.uscountvotes.org) and Jocelyn Strait should be applauded
>> by fellow
>> activists. They have played an important role to inspire this study
>> in Utah, which may
>> in turn assist with efforts in many other states.
>> Now would be an excellent time to express your support
>> for Bruce Funk with a letter or email, to demonstrate to
>> county officials that he has the support of the nation.
>> Bruce C. Funk - Clerk/Auditor