Email from Bev Harris of BlackBoxVoting.org, 11/7/04

 

Documents: voting system test lab omitted test for tamperability

 

Freedom of Information requests at http://www.blackboxvoting.org have unearthed two Ciber certification reports indicating that security and tamperability was NOT TESTED and that several state elections directors, a secretary of state, and Dr. Britain Williams signed off on the report anyway, certifying it.

 

The documents, posted at Black Box Voting (.ORG) show that Ciber Labs' Shawn Southworth used a conformance chart specifying FEC regulations, marking each test item "pass" or "fail."

 

Southworth “tested” whether every candidate on the ballot has a name. But we were shocked to find out that, when asked the most important question -- about vulnerable entry points -- Southworth’s report says “not reviewed.”

 

Ciber “tested” whether the manual gives a description of the voting system. But when asked to identify methods of attack (which we think the American voter would consider pretty important), the top-secret report says “not applicable.”

 

Ciber “tested” whether ballots comply with local regulations, but when we asked Shawn Southworth what he thinks about Diebold tabulators accepting large numbers of “minus” votes, he said he didn’t mention that in his report because “the vendors don’t like him to put anything negative” in his report. After all, he said, he is paid by the vendors.

 

Was this just a one-time oversight?

 

Nope. It appears to be more like a habit. We also posted the sister report, for another vendor entirely, VoteHere, and you can see that the critical security test, the “penetration analysis” was again marked “not applicable” and was not done.

 

Maybe another ITA did the penetration analysis?

 

Apparently not. We discovered an even more bizarre Wyle Laboratories report. In it, the lab admits the Sequoia voting system has problems, but says that since they were not corrected earlier, Sequoia could continue with the same flaws. At one point the Wyle report omits its testing altogether, hoping the vendor will do the test.

 

Computer Guys: Be your own ITA certifier.

 

Black Box Voting has posted a full Ciber report on GEMS 1.18.15. We also posted a .zip file download for the GEMS 1.18.15 program. We also provided a real live Diebold vote database. Compare your findings against the official testing lab and see if you agree with what Ciber says. E-mail us your findings.

 

Who the heck is NASED?

 

They are the people who certified this stuff. Now, if the security of the U.S. electoral system depends on you to certify a voting system, and you get a report that says security was “not tested” and “not applicable” -- what would you do?

 

Perhaps we should ask them. Go ahead. Hold them accountable for the election we just had. (Please, e-mail us their answers) Their names are listed on the Web site.

 

Bev Harris