Debra Bowen's top to bottom review of election equipment in California pulled back the curtain to reveal fraud on the part of both the companies and the public officials who have been defending these systems as adequate.
Nevertheless the media accounts often feature the sound bites of public officials -- registrars of voters -- who are defending the corporations they have paid millions of taxpayer dollars to.
How can they overlook the top-to-bottom review results when they are published in plain sight.*
Here is a petition to support Debra Bowen's top-to=bottom review.
> >
> http://www.couragecampaign.org/...
>
> Join us in honoring and supporting an honest approach to securing our elections.
>
*From my perspective, the ROV;s who are so loudly complaining have no constituency except for the corporations themselves-- What is the point of continuing to uphold products like these? And why are they doing it?
Here are the conclusions from Bowne's 3 source code reports just posted at
http://www.sos.ca.gov/...
DIEBOLD, pg 65
Our study of the Diebold source code found that the system does not meet the requirements for a security-critical system. It is built upon an inherently fragile design and suffers from implementation flaws that can expose the entire voting system to attacks. These vulnerabilities, if exploited, could jeopardize voter privacy and the integrity of elections. An attack could plausibly be accomplished by a single skilled individual with temporary access to a single voting machine. The damage could be extensiveâ€"malicious code could spread to every voting machine in polling places and to county election servers. Even with a paper trail, malicious code might be able to subtly influence close elections, and it could disrupt elections by causing widespread equipment failure on election day.
SEQUOIA, Pg 82
We found pervasive security weaknesses throughout the Sequoia software. Virtually every important software security mechanism is vulnerable to circumvention. The integrity of elections conducted with the system depends almost entirely on the physical security of the equipment and the procedural controls under which election operations are conducted.
Whether the software vulnerabilities we describe can be compensated for with procedural and physical security mitigations depends on a range of factors, most of which were beyond the scope of this study. However, we caution that mitigation will place considerable additional pressure on physical security features (such as locks and seals) and human procedures (such as two-person control by poll workers). Many of the physical security features and procedures typically used with the Sequoia system appear to have been engineered under the assumption that the underlying software is considerably more secure than it actually is, and thus may not provide sufficient protection in light of the vulnerabilities discussed here.
And from a blog by one of the judges:
So what can we learn from all this?
In spite of the short time and other sub-optimal conditions, the project found deeply-rooted security weaknesses in the software of all three voting systems reviewed.
I was especially struck by the utter banality of most of the flaws we discovered. Exploitable vulnerabilities arose not so much from esoteric weaknesses that taxed our ingenuity, but rather from the garden-variety design and implementation blunders that plague any system not built with security as a central requirement. There was a pervasive lack of good security engineering across all three systems, and I'm at a loss to explain how any of them survived whatever process certified them as secure in the first place. Our hard work notwithstanding, unearthing exploitable deficiencies was surprisingly -- and disturbingly -- easy.
www.crypto.com/blog • Matt Blaze • mab@crypto.com
> >
> http://www.couragecampaign.org/...
>
> Join us in honoring and supporting an honest approach to securing our elections.
>