|
Edited on Wed Mar-31-04 10:13 PM by BevHarris
The phone has been ringing nonstop, but let me at least fill you in on the outline of the report, which I am formatting for the Web now. I'll add the links in after the report is up.
The Sequoia WinEds software, found on the Web in September 2003, has been examined by computer programmers now. Andy and I have together worked with programmers in New York, Washington, California, and Wisconsin and we are getting confirmations on this material from additional sources.
The software, WinEds, is equivalent to GEMS, in that it resides on the county servers that collect and tabulate all the votes gathered from the polling place. It therefore has the potential to manipulate as many as 600,000 votes at once.
The following flaws were found in the Sequoia central tabulation software:
1. The Spanish language ballots can quite easily be altered so that the touch-screen records the vote for the opposite candidate than the voter intended. This works with foreign language votes only.
2. The code, when altered, defaults to erase the manipulations after you close the program. Therefore, if you create ballots using the Spanish language manipulation, install the ballots onto the touchscreens, then close the program, your handiwork will no longer exist when the program is reopened.
3. The program uses VBA, which is a highly insecure language. In fact, the interpretive language used in the Sequoia touch screens appears to violate FEC standards.
4. The Visio programming allows anyone with access to the machine to rewrite source code, not by going in a back door or getting access at the factory, but by opening the program and walking right in the front door.
5. The WinEds program examined also includes a large amount of business logic, stored procedures that can easily be manipulated. This imperils the tabulation of votes that have already been cast.
6. The level of access required is quite minimal -- any tech who works for the county as a database administrator, or a support rep for Sequoia, can execute the manipulations easily and with very little chance of getting caught.
7. Such access has been documented in ways that show weak security protocols. For example:
In Snohomish County, Washington, county auditor Bob Terwilliger admitted on the Mike Webb radio show that one of his employees did a patch on his Sequoia touch screen system. Later, at a League of Women Voters meeting, Terwilliger said that this patch was only to change a font. However, because of the way the WinEds program is constructed, you can put programming in so that when you do a simple thing like change a font, it changes the way the vote is recorded.
In Riverside County, California, I recently participated in videotaping a statement that is of great concern.
On election night, March 2, two people who do not work for the County, Sequoia employees Michael Frontera (a former Denver Elections Commission executive who took a position with Sequoia right after placing $6.6 million in Sequoia orders with Denver) and Eddie Campbell were observed to access the WinEds central tabulator during the middle of the count. At this time, more than 50 of the 157 precincts had been counted. The count stopped, Frontera began entering information into WinEds, with Eddie Campbell standing next to him, and then the count resumed. The results, according to one campaign manager, were unusual. More on that in the full report.
Two days later, still in the middle of the count, while 5,000 absentee ballots were being counted, with only 72 votes separating two candidates from a mandatory runoff, Sequoia employee Eddie Campbell was observed outside the building. While there, he pulled a memory card out of his pocket. "Let's see if this will work," he said to a County employee named Paul Shook. He then went into the central counting room, over the loud protests of election watchers, who demanded to know what was on the card.
Campbell then went into the central tabulation room and a Riverside County employee named Brian Foss logged him onto the central tabulator with his (Foss's) password. Foss then left the room. Campbell touched a handful of central tabulator machines, apparently entering the password belonging to Brian Foss. Witnesses report that he then took the card that had been in his pocket, and uploaded information into the machine. He took the card back, put it in his pocket, told bystanders it was his "personal" card, and he left the building with it, got on a plane and flew out of the state to Denver.
In California, unless the company technicians have been certified and sworn in explicitly, it is a felony for them to touch voting systems after votes have been cast.
Now, assuming these two employees had officially sanctioned access, which we have not yet been able to determine, there are two obvious problems with the above: 1) Using someone else's password defeats the purpose of the event log, or audit log. Eddie Campbell will show up as Brian Foss. and 2) Leaving the state with a card that uploaded data into a live election tabulator during the middle of an election is outrageous. That card needed to be retained by the County of Riverside, at least until the election was certified and recounts were settled.
In addition, I'll outline a host of conflict of interest problems that have cropped up with Mischelle Townsend, including:
- taking over $1000 in illegal travel reimbursements from Sequoia. (Today's LA Times)
- Four years of her personal financial disclosure documents seem to be missing in action.
- Her husband, it turns out, is or was a Vice President for Maximus, a company that is part of the RFP sales proposals for Hart Intercivic and, according to one report, handled some of the business with Sequoia when Riverside bought its system.
- Also, Riverside negotiated delivery of something like 1500 extra smart card devices, and research needs to take place on who they came from and who got the commission, as well as what these extra devices are doing during elections and who is monitoring their activity.
- The public relations firm for Sequoia in Riverside, O'Reilly, also apparently has ties to County business.
There it is in a nutshell. It will be late before the whole thing goes online. At that time, you may see a link that releases the Sequoia files into the wild.
Bev
|