Feeds

Black Box Voting Author replies

My articles say what they say. No more, no less.

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Computer ballot outfit perverts Senate race, theorist says

Bev Harris, author of Black Box Voting, takes issue with the above article. Or rather, several issues. Here is her rejoinder.

As Mark Twain said, "First get your facts straight, then you can distort 'em."

You published some boo-boos about "Black Box Voting: Ballot-Tampering in the 21st Century." The errors in your article were significant enough that printing a correction, or at least this letter, is in order.

Perhaps you didn't have time to read my work very carefully, and there is a lot of it, but I do hope you'll read this carefully: My articles say what they say. No more, no less. You put words in my mouth, and ascribed all kinds of motivations and implications that were just plain wrong.

CORRECTION: Nowhere in my article, or my book, do I say that Hagel tampered with the machines -- Instead, I report that what he did was improper:

(1) He ran for office, twice, while holding beneficial ownership in the voting machine company that built the machines that counted his votes.

(2) Clearly Hagel knew this was a conflict of interest, because although he discloses his involvement in everything but the church bake sale on his FEC forms, he omits the required disclosure of his positions as Chairman and CEO of the voting machine company. This is not a gray area: The instructions, printed right on the disclosure page itself, say to "list all positions held, paid or unpaid." Sorry, his failure to disclose was illegal, end of discussion. For seven years in a row Hagel described the McCarthy Group as, essentially, a publicly available mutual fund -- a ridiculous characterization -- in order to avoid disclosing that its underlying asset, ES&S, as the company that built, programmed, and provided technicians for the ONLY machines that counted his own votes.

I reported all of the above in October, 2002 and put copies of Hagel's disclosure documents on the web. In January, after a conversation with Senate Ethics Director Victor Baird, when I realized that I had really hit a sore spot, I picked up the phone and called Alex Bolton of THE HILL, who then investigated and verified everything I had reported earlier, and uncovered even more information. Bolton's investigation apparently triggered the resignation of Baird, the Chief Counsel and Director of the Senate Ethics Committee. Baird had planned to resign anyway, but not until around February 28. Instead, Baird met with Bolton, then Hagel's people, then Hagel's people again (Jan 27), and immediately afterward, abruptly, in the middle of the day and a month early, he resigned. Can we talk to Baird and ask him any questions? No. It has been arranged that he is to continue working there in a capacity that cannot talk to the press.

Attempt to kill the story: I got a threat letter from ES&S lawyers that, basically, told me to shut the heck up or else. Hagel's chief of staff and Jan Baran, one of the most powerful (if not THE most powerful) Republican lawyers in Washington D.C. walked into Alex Bolton's office and tried to muscle him into killing the story, something he told me has never happened in all his years of reporting on Washington politics.

Lucky us, Chuck Hagel has just declared that he is considering a run for the presidency in 2008, and his campaign has purchased the domain names Hagel2008.com and ChuckHagel2008.com (Bush-Hagel2004.com was purchased earlier).

CORRECTION: Nowhere in any of my articles do I say, or even imply, that Diebold has an automatic update feature. This is something your own fertile imagination came up with.

The sales presentation you say "we can't find" was sitting on the unpassworded, unprotected, publicly available FTP site that Diebold unwisely stuck on the Internet. A link from my article leads to those file listings, but if you like I can e-mail you Diebold's PowerPoint file itself. I can tell you that I certainly don't have time to make up artwork and create all the graphics and photographs that are in this file -- it's the real thing. You can also call them up and ask them.

You might be a little more charitable: Even you admit that what I uncovered was "a major security stuff-up by anyone's reckoning" -- how about giving a little credit for shining sunlight on this? Rather a cavalier attitude about security by a company whose machines count nearly 100 million votes, wouldn't you say?

CORRECTION: I never talked about an automatic update, but what I did write is that anyone was able to access sensitive files, and that anyone intent on tampering with the files could have done so.

OMMISION: And what I did report is that there are at least four versions, with varying file sizes, of the supposedly certified and locked GEMS vote-counting program, and indeed someone from Diebold should answer some questions about why all those variations exist.

OMMISSION: And what I did report is that the folder on the Diebold site, called "rob-georgia," had a folder inside it that said "replace files with these." I don't know who Rob is, but when I asked, they told me they don't have anyone named Rob in Georgia. Excuse me, but if no one was replacing files, what are these files for? Questions that Diebold now must answer: Where were they replacing files, why were they replacing files, and what was in the replacements?

A CORRECTION YOU CAN SOON PRINT: Again, writing about your own conclusions about my state of mind, which are incorrect, you wrote "The implication is that users are going to be FTP-ing in for hacked files thinking they're getting an update."

No, but what you will soon read, if you catch my next report, is that indeed an update was put on many Diebold machines shortly before the election. Around 22,000 machines in Georgia, to be exact. The origin of this update, and the chain of custody of the update file itself, including any downloads or uploads of the "replace files with these" folders that are specifically referenced to Georgia, are areas that Diebold should now be required to address with American citizens.

Be as skeptical as you want about my articles. Just don't report what I never said. You might want to be even more skeptical about the integrity of our voting machines, at least until we can obtain a voter-verified audit trail that we are allowed to compare with the machine counts.

What you'll see in my next articles: - Interviews of insiders at certification testing labs, who will admit that the labs never did a line-by-line inspection of the vote-counting program code, ever.

- Admissions by election officials, secretary of state officials, and voting machine companies that program patches and updates are sent out frequently and are usually not examined AT ALL before they are installed.

- An interview with a voting machine manufacturer who actually does the touch-screen thing right: Nearly 100% accuracy, voter-verified paper trails, who welcomes disclosure about owners, programmers, and managers, and freely discloses known errors. Election officials get so excited about his machines that they actually stand up and applaud when they see his presentation (except in Florida, where they told him to get out of the state). Unfortunately, though states certify his machines promptly, once the lobbyists get busy, purchases are only made to the companies that refuse to provide a paper trail, and insist on keeping owner identities secret, which have errors rates as high as 100 percent. (You heard me.)

Bev Harris

Author: Black Box Voting: Ballot-Tampering in the 21st Century http://www.blackboxvoting.com

P.S. Thanks for calling me a "bunny." I'm 52 years old, quite round, and my hair is getting darn gray.

Remote control for virtualized desktops

More from The Register

next story
Criticism of Uber's journo-Data Analytics plan is an Attack on DIGITAL FREEDOM
First they came for Emil – and I'm damn well SPEAKING OUT
'It is comforting to know where your data centres are.' UK.GOV does NOT
Plus: Anons are 'wannabes', KKK says, before being pwned
Google's whois results say it's a lousy smut searcher
Run whois google.com or whois microsoft.com. We dare you, you PIG◙◙◙◙ER
Holy vintage vehicles! Earliest known official Batmobile goes on sale
Riddle me this: are you prepared to pay US$180k?
'Open source just means big companies can steal your code.' O RLY?
Plus: Flame of the Week returns, for one night only!
NEWSFLASH: It's time to ditch dullard Facebook chums
Everything hot in tech, courtesy of avian anchor Regina Eggbert
Hey, you, PHONE-FACE! Kickstarter in-car mobe mount will EMBED your phone into your MUG
Stick it on the steering wheel and wait for the airbag to fire
prev story

Whitepapers

Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Simplify SSL certificate management across the enterprise
Simple steps to take control of SSL across the enterprise, and recommendations for a management platform for full visibility and single-point of control for these Certificates.