Black Box Voting Author replies

My articles say what they say. No more, no less.

  • alert
  • submit to reddit

Combat fraud and increase customer satisfaction

Computer ballot outfit perverts Senate race, theorist says

Bev Harris, author of Black Box Voting, takes issue with the above article. Or rather, several issues. Here is her rejoinder.

As Mark Twain said, "First get your facts straight, then you can distort 'em."

You published some boo-boos about "Black Box Voting: Ballot-Tampering in the 21st Century." The errors in your article were significant enough that printing a correction, or at least this letter, is in order.

Perhaps you didn't have time to read my work very carefully, and there is a lot of it, but I do hope you'll read this carefully: My articles say what they say. No more, no less. You put words in my mouth, and ascribed all kinds of motivations and implications that were just plain wrong.

CORRECTION: Nowhere in my article, or my book, do I say that Hagel tampered with the machines -- Instead, I report that what he did was improper:

(1) He ran for office, twice, while holding beneficial ownership in the voting machine company that built the machines that counted his votes.

(2) Clearly Hagel knew this was a conflict of interest, because although he discloses his involvement in everything but the church bake sale on his FEC forms, he omits the required disclosure of his positions as Chairman and CEO of the voting machine company. This is not a gray area: The instructions, printed right on the disclosure page itself, say to "list all positions held, paid or unpaid." Sorry, his failure to disclose was illegal, end of discussion. For seven years in a row Hagel described the McCarthy Group as, essentially, a publicly available mutual fund -- a ridiculous characterization -- in order to avoid disclosing that its underlying asset, ES&S, as the company that built, programmed, and provided technicians for the ONLY machines that counted his own votes.

I reported all of the above in October, 2002 and put copies of Hagel's disclosure documents on the web. In January, after a conversation with Senate Ethics Director Victor Baird, when I realized that I had really hit a sore spot, I picked up the phone and called Alex Bolton of THE HILL, who then investigated and verified everything I had reported earlier, and uncovered even more information. Bolton's investigation apparently triggered the resignation of Baird, the Chief Counsel and Director of the Senate Ethics Committee. Baird had planned to resign anyway, but not until around February 28. Instead, Baird met with Bolton, then Hagel's people, then Hagel's people again (Jan 27), and immediately afterward, abruptly, in the middle of the day and a month early, he resigned. Can we talk to Baird and ask him any questions? No. It has been arranged that he is to continue working there in a capacity that cannot talk to the press.

Attempt to kill the story: I got a threat letter from ES&S lawyers that, basically, told me to shut the heck up or else. Hagel's chief of staff and Jan Baran, one of the most powerful (if not THE most powerful) Republican lawyers in Washington D.C. walked into Alex Bolton's office and tried to muscle him into killing the story, something he told me has never happened in all his years of reporting on Washington politics.

Lucky us, Chuck Hagel has just declared that he is considering a run for the presidency in 2008, and his campaign has purchased the domain names Hagel2008.com and ChuckHagel2008.com (Bush-Hagel2004.com was purchased earlier).

CORRECTION: Nowhere in any of my articles do I say, or even imply, that Diebold has an automatic update feature. This is something your own fertile imagination came up with.

The sales presentation you say "we can't find" was sitting on the unpassworded, unprotected, publicly available FTP site that Diebold unwisely stuck on the Internet. A link from my article leads to those file listings, but if you like I can e-mail you Diebold's PowerPoint file itself. I can tell you that I certainly don't have time to make up artwork and create all the graphics and photographs that are in this file -- it's the real thing. You can also call them up and ask them.

You might be a little more charitable: Even you admit that what I uncovered was "a major security stuff-up by anyone's reckoning" -- how about giving a little credit for shining sunlight on this? Rather a cavalier attitude about security by a company whose machines count nearly 100 million votes, wouldn't you say?

CORRECTION: I never talked about an automatic update, but what I did write is that anyone was able to access sensitive files, and that anyone intent on tampering with the files could have done so.

OMMISION: And what I did report is that there are at least four versions, with varying file sizes, of the supposedly certified and locked GEMS vote-counting program, and indeed someone from Diebold should answer some questions about why all those variations exist.

OMMISSION: And what I did report is that the folder on the Diebold site, called "rob-georgia," had a folder inside it that said "replace files with these." I don't know who Rob is, but when I asked, they told me they don't have anyone named Rob in Georgia. Excuse me, but if no one was replacing files, what are these files for? Questions that Diebold now must answer: Where were they replacing files, why were they replacing files, and what was in the replacements?

A CORRECTION YOU CAN SOON PRINT: Again, writing about your own conclusions about my state of mind, which are incorrect, you wrote "The implication is that users are going to be FTP-ing in for hacked files thinking they're getting an update."

No, but what you will soon read, if you catch my next report, is that indeed an update was put on many Diebold machines shortly before the election. Around 22,000 machines in Georgia, to be exact. The origin of this update, and the chain of custody of the update file itself, including any downloads or uploads of the "replace files with these" folders that are specifically referenced to Georgia, are areas that Diebold should now be required to address with American citizens.

Be as skeptical as you want about my articles. Just don't report what I never said. You might want to be even more skeptical about the integrity of our voting machines, at least until we can obtain a voter-verified audit trail that we are allowed to compare with the machine counts.

What you'll see in my next articles: - Interviews of insiders at certification testing labs, who will admit that the labs never did a line-by-line inspection of the vote-counting program code, ever.

- Admissions by election officials, secretary of state officials, and voting machine companies that program patches and updates are sent out frequently and are usually not examined AT ALL before they are installed.

- An interview with a voting machine manufacturer who actually does the touch-screen thing right: Nearly 100% accuracy, voter-verified paper trails, who welcomes disclosure about owners, programmers, and managers, and freely discloses known errors. Election officials get so excited about his machines that they actually stand up and applaud when they see his presentation (except in Florida, where they told him to get out of the state). Unfortunately, though states certify his machines promptly, once the lobbyists get busy, purchases are only made to the companies that refuse to provide a paper trail, and insist on keeping owner identities secret, which have errors rates as high as 100 percent. (You heard me.)

Bev Harris

Author: Black Box Voting: Ballot-Tampering in the 21st Century http://www.blackboxvoting.com

P.S. Thanks for calling me a "bunny." I'm 52 years old, quite round, and my hair is getting darn gray.

3 Big data security analytics techniques

More from The Register

next story
Forget the beach 'n' boardwalk, check out the Santa Cruz STEVE JOBS FOUNTAIN
Reg reader snaps shot of touching tribute to Apple icon
Oz bank in comedy Heartbleed blog FAIL
Bank: 'We are now safely patched.' Customers: 'You were using OpenSSL?'
Happy 40th Playmobil: Reg looks back at small, rude world of our favourite tiny toys
Little men straddle LOHAN, attend tiny G20 Summit... ah, sweet memories...
Spanish village called 'Kill the Jews' mulls rebranding exercise
Not exactly attractive to the Israeli tourist demographic
Lego is the TOOL OF SATAN, thunders Polish priest
New minifigs like Monster Fighters are turning kids to the dark side
Dark SITH LORD 'Darth Vader' joins battle to rule, er, Ukraine
Only I can 'make an empire out of a republic' intones presidential candidate
Chinese company counters pollution by importing fresh air
Citizens line up for bags of that sweet, sweet mountain air
Google asks April Fools: Want a job? Be our 'Pokemon Master'
Mountain View is prankin' like it's 1999...
prev story


Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.