October 03, 2005
Monday DeLay roundup

This story doesn't use the word, but I'm wondering how many times we'll be reading articles on Tom DeLay that include the word "defiant" in the near term. Quite a few, I'd venture.

Next question: Which of these people are kidding themselves?


DeLay, R-Sugar Land, said he has arranged a way to work with Speaker Dennis Hastert, R-Ill., that will comply with the spirit of the House regulation that forced DeLay to relinquish his post.

Hastert has said that DeLay no longer will attend official meetings of the Republican House leadership while he faces the felony charge of conspiracy for allegedly violating Texas election law by funneling corporate donations to candidates for the state House.

But, DeLay remarked, "The speaker certainly asked me to continue our partnership."

DeLay's statements seemed to fly in the face of remarks made earlier in the day by Rep. David Dreier, a California Republican selected by his congressional colleagues to help Rep. Roy Blunt, R-Mo., serve as majority leader while DeLay's criminal case is pending.

On CBS's Face the Nation, Dreier, chairman of the House Rules Committee, said of DeLay: "He's not going to still run things. He knows he's not going to run things. But he's clearly a member of Congress and he's a very important part of the team."

Also, moderate Republican Rep. Christopher Shays of Connecticut told CNN on Sunday he was no longer comfortable with DeLay as party leader.

"We got elected basically by saying we would live by a higher moral standard, and I don't think recently we have," Shays said. "Tom's problem ... is continual acts that border and go sometimes beyond the ethical edge."

On the same program, Rep. Jim Leach, R-Iowa, said the DeLay affair "isn't just an embarrassment for the Republicans. It's the Congress itself that's on trial."

Shays and Leach often speak against the grain of the Republican leadership.

DeLay, however, told the Chronicle that his clout in Congress has not been diminished.


One of these things is not like the others. The Stakeholder has been keeping an eye on Zach Wamp of Tennessee as a potential skunk at the garden party for DeLay and his still-loyal followers, but I'm willing to bet he's not the only one.

I'm glad to see that the idea that DeLay himself is just a part of the problem, a problem that won't be fixed by his departure, is getting some play on the op-ed pages. This is the man who has stepped in for The Hammer.


Although the two have very different personalities, [Roy] Blunt has modeled his political career on DeLay's, becoming in many respects a replica of the former majority leader. Like DeLay, Blunt quickly set up multiple political committees to establish a power base in the House.

Blunt has strengthened and enlarged DeLay's "K Street" alliance with Washington lobbyists. The two have a similar network of major corporate donors. Both have extensive financial ties to the Washington lobbying firm Alexander Strategy Group. Some of Blunt's actions have raised ethical issues.


Different person, same misplaced priorities, same ethical void. It's as simple as that. As Ezra says:

In some ways, losing him is worse, as DeLay was an easy stand-in for the corruption he'd created, and his personal proximity to scandal and ethics allegations sometimes proved a useful, if minor, check on his behavior. Blunt will have no such restrictions; if anything, he's worse than his predecessor. And that should be the message. This is not about Tom DeLay, it's about the house that DeLay built. The job for Democrats is to convince the public that it's time to tear it down.

If they can do that (no guarantees, that's for sure), the Dems can put themselves in a position to make big gains in 2006 as the Republicans did in 1994. It's a big if.

Well, okay, there is at least one Democrat talking about this in broader terms.


Taking out Tom DeLay would boost the morale of the Democratic Party and, I dare say, improve the representation for the 22nd Congressional District — but it would prove a pyrrhic victory on its own. Everyone but the scoundrel wants fair elections we can all trust. Everyone wants a democracy to hold the corrupt accountable. Taking on Tom DeLay without accomplishing these goals is an empty pursuit.

I worked for ethics reform long before Tom DeLay and I crossed paths, but our stories have become inextricably linked. I'm sure that I will have to answer questions about Tom DeLay for the rest of my life. Someday, I would like to be able to say that even though he has
repeatedly demonstrated his passion for power at the expense of ethics and integrity — to the detriment of those he serves — we all owe him a great debt. Without the scandals he caused, the people of Texas would not have demanded real ethics reform and reclaimed our government from the stench of corruption and special interests.


And I hope he gets to say that some day, too.

Finally, for a little finely honed sarcasm to go with the outrage, one turns to Julia. Enjoy.

Posted by Charles Kuffner on October 03, 2005 to Scandalized! | TrackBack
Comments

Looking beyond the schadenfreude though, one can't help but feel a little empty.

Can't we do better than this? Why is Tom DeLay -- and all of his lickspittles -- the sort of person that we (well, the voters of the 22nd district) willingly allow to "serve the American people?"

We elect the slickest, cruelest, nastiest, dumbest greedheads on the planet, and then we're surprised when they turn out to be douchebags.

It reminds me of the story of the woman who finds a wounded rattlesnake and takes it home and nurses it back to health. Later, after the snake gets better, and while she is feeding it, the snake strikes her on the arm. And as she lies dying, she cries, "Why? Why did you bite me? I took you in, and saved your life!"

And the serpent answers, "Lady, you knew I was a snake when you first picked me up."

Posted by: PDiddie on October 3, 2005 9:19 AM

Thank you Chris Bell. Well said:

"Everyone but the scoundrel wants fair elections we can all trust. Everyone wants a democracy to hold the corrupt accountable. Taking on Tom DeLay without accomplishing these goals is an empty pursuit."

We need to return real evidence back to our elections with paper ballots that are hand counted as scanning machines are easily corruptable too.

Yet, we will have to be watchful of Hart Intercivic eSlate E-Voting systems when they say they are including paper ballots (and is that the case here in Houston? Are we going to get paper ballots evidence for a real democracy?).

from:
http://www.bbvdocs.org/hart/hart-vvpat.pdf

Black Box Voting has obtained a copy of a preliminary sales document for the new Hart Intercivic "V.V.P.A.T." (Voter Verifiable Paper Audit Trail) touch-screen.

Note that according to this preliminary sales literature, the system may or may not produce a paper ballot for every vote cast. The language is murky:

"After reviewing the voter choice set on the eSlate summary screen, the voter navigates to the verification screen. The voter is presented with a screen that gives the option to verify a paper version of the Voter Choice Set OR cast ballot. (emphasis from BBV)
(When the voter selects to cast the ballot, does it also print, at the same time, the paper version? What does Hart mean by "Or"?)

When asked by Black Box Voting whether this "option" might result in less than a one-to-one relationship between paper records and electronic votes -- rendering the paper trail useless in an audit -- Hart Intercivic spokesperson Michelle Shafer provided the following information to clarify:

"Specifically regarding your question about voters having a choice to review their ballots using Hart's VVPAT, here is some information that should be helpful:

While the voter is given a choice to review his or her ballot, ALL votes are printed. The voter's choice has two possible outcomes:

1) Review the paper: If the voter chooses to review the paper ballot, the system displays the electronic information side-by-side with the paper record to facilitate comparison. The comparison is done one summary screen at a time but the voter does not have the ability to change the electronic version when in this mode. The voter is allowed reject his or her ballot at the end and return to the standard summery [sic] screen where changes can be made.
(Um, is the paper ballot physically next to the screen, or does this mean the screen is displaying both images,the electronic and paper versions? What does Hart mean?)

2) No review of paper: If the voter chooses NOT to review the paper, the system prints the paper version ballot without pause or an electronic version displayed on the screen.
(What is the difference in printing a paper version OR printing an electronic verison, which is what HART is saying here?)

There is always a one-to-one relationship between electronic records and paper records.

As for more general VVPAT commentary from Hart:

In the absence of any federal standards for VVPAT, Hart InterCivic is building its VVPAT system to be as flexible as possible to meet the different state guidelines / requirements for VVPAT that are and will be determined by each individual state that deems a VVPAT necessary.

Hart InterCivic has initiated final software development on our VVPAT solution. Further, the Election Assistance Commission (EAC) through the offices of the National Institute of Standards (NIST) has pending a set of draft standards for VVPAT that should be finalized later this month. It is our judgment that we should wait until these federal guidelines are in place before we undertake the final development of our VVPAT solution. Further, we are certain that states requiring VVPAT will want any VVPAT solution to achieve certification under these new federal guidelines.

Please feel free to e-mail me or call me at 512.252.6669 if you need more information or clarification.

Thanks!
Michelle}

Michelle M. Shafer
Director of Corporate Communications
Hart InterCivic
512.252.6669
mshafer@hartic.com
www.hartintercivic.com

Shafer provided this similar, but not identical, official version of the sales document:

http://www.bbvdocs.org/hart/hart-avvpat-official.pdf

Shafer told Black Box Voting that the "option" to verify with paper was because "California standards require it to be optional," but here is what the California standards actually say:

"Every electronic record must have a corresponding paper record copy. The paper record copy must be printed"

(Is it optional to verify 'with' paper- or optional for the voter to 'look' at the paper? And why call verifying with paper optional if CA requires it? Does HART provide an option for the voter to NOT print a voter verfied paper ballot?)

http://www.bbvdocs.org/general/avvpat_standards_1_21_05.pdf

....

As an aside, Mayor Bill White did a very good job during the hurricane. Thank you. However, I wonder if he gets Republican money and support just because he allows them to bring their own voting machines and to count the vote during elections. Just wondering...

Posted by: Prove Our Democracy with Paper Ballots on October 4, 2005 10:05 AM

A Diebold Insider Speaks

a story of the lack of oversight and concern from media and government for e-Voting machines and companies

from: http://www.bradblog.com/archives/00001838.htm

BLOGGED BY BRAD ON 9/15/2005 @ 11:05AM PT...

* EXCLUSIVE! * A DIEBOLD INSIDER SPEAKS!

DIEB-THROAT : 'DIEBOLD SYSTEM ONE OF GREATEST THREATS DEMOCRACY HAS EVER KNOWN'

IDENTIFIES U.S. HOMELAND SECURITY 'CYBER ALERT' PRIOR TO '04 ELECTION WARNING VOTES CAN BE 'MODIFIED REMOTELY' VIA 'UNDOCUMENTED BACKDOOR' IN CENTRAL TABULATOR SOFTWARE!

In exclusive stunning admissions to The BRAD BLOG some 11 months after the 2004 Presidential Election, a "Diebold Insider" is now finally speaking out for the first time about the alarming security flaws within Diebold, Inc's electronic voting systems, software and machinery. The source is acknowledging that the company's "upper management" -- as well as "top government officials" -- were keenly aware of the "undocumented backdoor" in Diebold's main "GEM Central Tabulator" software well prior to the 2004 election. A branch of the Federal Government even posted a security warning on the Internet.

Pointing to a little-noticed "Cyber Security Alert" issued by the United States Computer Emergency Readiness Team (US-CERT), a division of the U.S. Department of Homeland Security, the source inside Diebold -- who "for the time being" is requesting anonymity due to a continuing sensitive relationship with the company -- is charging that Diebold's technicians, including at least one of its lead programmers, knew about the security flaw and that the company instructed them to keep quiet about it.

"Diebold threatened violators with immediate dismissal," the insider, who we'll call DIEB-THROAT, explained recently to The BRAD BLOG via email. "In 2005, after one newly hired member of Diebold's technical staff pointed out the security flaw, he was criticized and isolated."

In phone interviews, DIEB-THROAT confirmed that the matters were well known within the company, but that a "culture of fear" had been developed to assure that employees, including technicians, vendors and programmers kept those issues to themselves.

The "Cyber Security Alert" from US-CERT was issued in late August of 2004 and is still available online via the US-CERT website. The alert warns that "A vulnerability exists due to an undocumented backdoor account, which could [sic: allow] a local or remote authenticated malicious user [sic: to] modify votes."

The alert, assessed to be of "MEDIUM" risk on the US-CERT security bulletin, goes on to add that there is "No workaround or patch available at time of publishing."

"Diebold's upper management was aware of access to the voter file defect before the 2004 election - but did nothing to correct it," the source explained.

A "MEDIUM" risk vulnerability cyber alert is described on the US-CERT site as: "one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file."

DIEB-THROAT claims that, though the Federal Government knew about this documented flaw, originally discovered and reported by BlackBoxVoting.org in August of 2004, they did nothing about it.

"I believe that top Government officials had an understanding with top Diebold officials to look the other way," the source explained, "because Diebold was their ace in the hole."...

But even DIEB-THROAT -- who says "we were brainwashed" by the company to believe such concerns about security were nonsense -- was surprised to learn that an arm of the U.S. Department of Homeland Security was well aware of this flaw, and concerned enough about it to issue a public alert prior to the election last year.

"I was aware of the Diebold security flaw and had heard about the Homeland Security Cyber Alert Threat Assessment website, so I went there and 'bingo,' there it was in black and white," the source wrote. "It blew me away because it showed that DHS, headed by a Cabinet level George Bush loyalist, was very aware of the 'threat' of someone changing votes in the Diebold Central Tabulator. The question is, why wasn't something done about it before the election?"

The CEO of North Canton, Ohio-based Diebold, Inc., Walden O'Dell has been oft-quoted for his 2003 Republican fund-raiser promise to help "Ohio deliver its electoral votes to the president next year." O'Dell himself was a high-level contributor to the Bush/Cheney '04 campaign as well as many other Republican causes.

"A very serious problem...one malicious person can change the outcome of any Diebold election"

The voting company insider, who has also served as a spokesperson for the company in various capacities over recent years, admits that the "real danger" of this security vulnerability could have easily been exploited by a malicious user or an insider through remote access.

"I have seen these systems connected to phone lines dozens of times with users gaining remote access," said DIEB-THROAT. "What I think we have here is a very serious problem. Remote access using phone lines eliminates any need for a conspiracy of hundreds to alter the outcome of an election. Diebold has held onto this theory [publicly] for years, but Diebold has lied and has put national elections at risk. Remote access using this backdoor means that one malicious person can change the outcome of any Diebold election."

The ability to connect to the system remotely by phone lines and the apparent lack of interest by Diebold to correct the serious security issue in a timely manner -- or at all -- would seem to be at odds with at least one of their Press Releases touting their voting hardware and software.

In an October 31, 2003 Press Release as part of a publicity blitz to "sell" the new voting machines to the voters in the state of Maryland, Diebold Election Systems President Thomas W. Swidarski is quoted as follows in a section titled "Security Is Key":
Diebold has fine-tuned its computerized system so that it meets stringent security requirements. “We have independent verification that the Diebold voting system provides an unprecedented level of election security. This is crucial to maintaining the integrity of the entire voting process,” Swidarski added.

Attempts by The BRAD BLOG to get comment from Swidarski were passed to one of the Vice-Presidents at Diebold who has not returned our voice mail message.

We did, however, hear back from Diebold Spokesperson David Bear of the PR firm Public Strategies. He was referred to us by several different Diebold offices as "the man to discuss voting machine issues with."

Bear claimed to have never heard of the Cyber Alert issued by US-CERT and when told of it, refused to acknowledge it as anything more than "an unverified allegation."

"One of the greatest threats our democracy has ever known"

Our source expressed emphatically that future democratic elections in the United States are at stake and feels that the problem will not be corrected until Congressional action forces the company to do so.

"In my opinion Diebold's election system is one of the greatest threats our democracy has ever known, and the only way this will be exposed is with a Congressional investigation with subpoenas of not just Diebold officials but Diebold technicians."

If our experience in discussing the matter with Bear, the man Diebold referred us to for all matters concerning voting machines, is any indication, then DIEB-THROAT may be correct. Even a Cyber Alert Bulletin issued by an official arm of the U.S. Department of Homeland Security more than a year ago was not enough to phase Diebold. At least not enough to even inform their public spokesperson about the matter, apparently.

"I don't know anything about it," Bear claimed when we asked about the Cyber Alert, and he refused to acknowledge there were anysecurity concerns about Diebold's Voting Machines or its GEMS Central Tabulator software.

Over and over, by rote, he repeated in response to our questions: "The GEMS software has been used in hundreds of elections and there's never been a security issue."

Bear says that "Diebold machines have never lost a single vote," but beyond that could not speak to the vulnerability issue since, he said, "I don't know what vulnerability they're referencing."

We sent the link to the US-CERT Cyber Alert to Bear, but have not yet heard back from about it. He did, however, send us a copy of the well-worn Caltech/Massachusetts Institute of Technology report [PDF] analyzing the 2004 Presidential Election which, Bear pointed out in his Email, "concludes that the most improvement [in vote-counting and integrity over 2000] occurred when counties/states changed to touch screen systems."

DIEB-THROAT was taken aback, but not wholly surprised, when we shared the comments from Bear denying knowledge of the "backdoor" security vulnerability in the GEMS software and his contention that there was nothing more than "allegations."

The vulnerability, and the ability to "manipulate votes" occurs because the GEMS software uses the public Microsoft Access database software to store vote totals in a separate data file. And, as DIEB-THROAT explained, Access is "full of holes. There are so many ways to get into it."

Because GEMS uses the Access database, "you can enter and manipulate the file without even entering into GEMS," our source said in response ot Bear's denials.

"GEMS sits on top of this database and it pretty much feeds information down to the database from GEMS. It's almost like you're on the first floor of your house and all of your operating equipment is in the basement so that anything that happens on the first floor ends up downstairs. Well, downstairs has a wide open door to it. So we're dumping all the votes downstairs and that's wide open to the rest of the computer system."

"A culture of fear"

In trying to understand why the U.S. Homeland Security Department's Cyber Alert didn't force Diebold to make fixes, patches or corrections quickly available for their software prior to -- or even since -- the '04 election, DIEB-THROAT repeated over and over that Diebold was simply "not concerned about security".

"They don't have security solutions. They don't want them...They leave security policy issues up to the states. They've known about this for some time. They don't really care," the source said, comparing the security flaw to "leaving the front door at Fort Knox open." It's just "blatant sloppiness and they don't care."

The versions of the GEMS Central Tabulation software listed on the US-CERT site are 1.17.7 and 1.18 and DIEB-THROAT says the same versions of the same software are still in use by States around the country and haven't had any fixes or patches applied to correct the problem.

Diebold spokesman, Bear, was unable to confirm whether or not Diebold had updated its GEMS software in any way since the US-CERT Cyber Alert was released telling us only that "There's different versions of the software for different needs" and that he didn't know if patches, fixes or corrections were ever released by the company.

"There's always an evolution," Bear said. "Before any software can be used it's federally qualified and then certified by the states...Where different versions are running, I just don't know."

"They're still at that same version number," DIEB-THROAT said. "A lot of our customers still have it and there's not been any patch....They really don't care about this sort of thing. They really don't. People may find it hard to believe...in other words [the company says] 'we'll give you a machine to vote on and the rest is up to you."

"This is a very profit motivated company," the source continued, "they don't care what happens after the sale. Once they have the contract they've got the customer tied up pretty good."

Initially DIEB-THROAT claims to have been "brainwashed" by the pervasive "company line" at Diebold, that all of the talk about security concerns and the possibility that someone could hack the vote was the talk of "conspiracy theorists". Apparently that was -- and is still is -- "the company line." But after one of Diebold's head technicians who works out of their McKinney, Texas facility confirmed the gaping security hole in the software to our source, it was understood that these concerns were for real.

"Up until his confirmation, I had heard it through the grapevine, as rumors and such, but he confirmed it for me. The lead technician who worked on the software, who has a Phd in mathematics and so forth, was saying that 'this problem exists!'"

So why hasn't that technician, or anyone else from within the company spoken out until now?

"This is a culture of fear. Really. Only because we were good friends did [the head technician] confide in me that these were problems that needed to be fixed," DIEB-THROAT said.

"They all knew..."

In regards to possible remote access to the GEMS Central Tabulator by modem via phone lines, a way that hackers could easily and simply change the vote total information in the Access database, Diebold's official spokesman seemed to be similarly in denial even today.

When we asked Bear whether or not the Central Tabulator is still accessible via modem in their machines, he first denied that it's even possible, telling us "the Central Tabulator isn't accessable via modem."

When we pressed about whether or not there are still modem capabilities in the machines and software they sell, Bear admitted, "There is a modem capability, but it's up to a jurisdiction whether they wish to use it or not...I don't know of any jurisdiction that does that."

"Oh, boy. Such lies," DIEB-THROAT said in response. "There are several jurisdications that use [the modem capabilities] in the machines...Probably one of the most robust users of modems is Prince Georges County in Maryland. They've used it in every election. I believe they started in 2000. And Baltimore County used them in the November election in 2004. Fulton County and Dekalb County in Georgia may have used them in 2004 as well."

While we were unable to hear back in response to messages left with Election Officials at several of those offices prior to the publication of this article, a review of "Lessons Learned" after the November 2004 Election conducted by the Maryland state Board of Elections obtained by The BRAD BLOG, confirms that modems were used to access the GEMS Central Tabulator to send in information from precincts on Election Night.

We are still reviewing the complete document, but amongst the findings in the report is that "the GEMS system froze several times during heavy modem transmitting periods requiring the system to be rebooted, which generated delays and prohibited BOE from receiving polling places' transmissions."

As well, the report concludes, "Modem lines testing in polling place still problematic; need better coordination with school system."

It also says that "7% of voting units deployed failed on Election Day" and that an additional 5% "were suspect based on the number of votes captured." The BRAD BLOG hopes to have a follow-up article in the coming days which looks in more detail at the full Maryland state Board of Elections report and the alarming rate of failure for Diebold Touch-Screen voting machines.

When we asked our source if they had any evidence to show that the security flaw described by the U.S. Dept. of Homeland Security was actually exploited in the 2004 election, DIEB-THROAT told us only: "I wouldn't say I have evidence that it was exploited....only that it was known. To the feds, to state officials and to Diebold. They all knew. In spite of the gap they moved forward as normal...As if it didn't exist."

more updates link at bottom at
http://www.bradblog.com/archives/00001838.htm

call your reps, etc.


Posted by: Prove Our Democracy with Paper Ballots on October 4, 2005 11:16 AM