September 27, 2003

Elections chief tightens vote security

Washington is a vital state for the anti-Bush whoever
it is...
"King County's newly appointed elections chief has taken steps to reduce the possibility of computerized vote-tampering while he studies questions raised about possible security flaws in software the county uses to tally election results. "


http://seattletimes.nwsource.com/html/localnews/2001744989_harris25m.html

Thursday, September 25, 2003 - Page updated at 10:02
A.M.

Elections chief tightens vote security

By Keith Ervin
Seattle Times staff reporter

King County's newly appointed elections chief has
taken steps to reduce the possibility of computerized
vote-tampering while he studies questions raised about
possible security flaws in software the county uses to
tally election results.

Dean Logan, who became director of records, elections
and licensing services this month, said yesterday he
has tightened security by restricting employee access
to a key election software program and removing other
software from the elections computer.

Logan also said he will ask for a formal response by
Diebold Election Systems to claims that the company's
vote-counting systems may be vulnerable to tampering.

"We're going to take it extremely seriously because we
want to be sure that voters are confident that their
votes are counted and counted as they intended them to
be counted," Logan said.

"If there are problems with the software, we're going
to get to the bottom of that."

Logan said he decided election security was a
"legitimate issue" after internal company e-mail was
posted on the Internet and discussed in a Salon.com
article Monday.

The memos appeared to support reports by Renton Web
journalist and author Bev Harris that election results
on Diebold's GEMS software could be altered by someone
using its underlying Microsoft Access software without
leaving a trace in the GEMS audit log.

"Right now you can open GEMS' .mdb file with
MS-Access, and alter its contents. That includes the
audit log," wrote Ken Clark, an employee of Diebold
Election Systems, in an October 2001 e-mail.

Harris said more than 100 memos indicate software
changes have been made to Diebold election devices in
various jurisdictions without the legally required
review by independent testing authorities.

Diebold has steadfastly maintained that its elections
machinery and software are safe. The company's
position was bolstered yesterday by Maryland Gov.
Robert Ehrlich Jr., who released an independent review
of Diebold's touch-screen machines and said that, if
properly used, they "can contribute to one of the
safest, most secure election systems available."

Harris' Web site was shut down by her Internet service
provider late Tuesday after a Diebold attorney said
she was violating the company's copyright by posting a
link to a New Zealand site that contained 15,000
pieces of Diebold e-mail.

Harris earlier removed Diebold e-mail from her site,
www.blackboxvoting.org, in response to an earlier
legal threat by the company. Her publisher's site,
www.blackboxvoting.com, which does not contain links
to the memos, was operating yesterday. Harris said she
plans to put her Web site back on the Internet as soon
as possible.

Harris said the e-mail supports her claims that
Diebold's high-tech voting systems are subject to
abuse. She said she was "stunned" the company
acknowledged the authenticity of the potentially
damaging documents.

Harris said she posted the memos after they were
provided to her by a Diebold insider. She called the
company's claim of copyright infringement "a flat-out
attempt to shut somebody up. ... I still have a mouth,
Diebold. Cease and desist my mouth."

A call to Diebold's public-relations department
yesterday was not returned. Company spokesman Mike
Jacobsen, who is on leave, was reached at his home
last night. He said the memos were stolen from Diebold
and the company wants them back.

Jacobsen said Harris also stole company property when
she circulated numerous company files she found on an
unprotected Web site. The files included source code
for the company's touch-screen voting machines, which
have recently been bought by election officials in
Georgia, Maryland and other states.

Diebold insists its machines meet the security
requirements of national and state certification and
has dismissed as flawed a critical analysis by
software experts from Johns Hopkins and Rice
universities. (One of the study's authors later
acknowledged he was on an advisory committee to
Bellevue election-software company VoteHere and held
VoteHere stock options.)

Critics of high-tech voting have questioned the
propriety of Diebold Chief Executive Walden O'Dell's
role as a prominent fund-raiser in President Bush's
re-election campaign. O'Dell, whose company is
marketing voting machines to its home state of Ohio,
wrote to campaign contributors last month that he is
"committed to helping Ohio deliver its electoral votes
to the president next year."

In King County, here are the steps ordered by election
chief Logan to ensure the integrity of elections,
including a recount of two close primary-election
races for the Seattle and Bellevue city councils:

On the computer running Diebold's GEMS software,
other software, including Microsoft Access software,
will be removed.

Two employees will have to log onto GEMS together
before the software can be used.

All uses of GEMS will be logged on a record
maintained outside the GEMS computer.

Logan said he intends to meet with officials from
other counties in the state that use GEMS to discuss
their procedures and to discuss Diebold's response to
security concerns.

Logan said he has looked into a comment in one Diebold
memo that said Access has been used a number of times
to make "end runs" around the GEMS database. "King
County is famous for it," one employee wrote in 2001.

Logan said he has been told by current and former
staff members that "end runs" have been used for such
legitimate purposes as installing a database in GEMS
and taking information from GEMS to create election
reports.

He said Harris was mistaken in one of her claims, that
GEMS may be vulnerable to external hacking through the
Internet. Election results are posted to the Internet
using a computer that does not run GEMS, Logan said.

Keith Ervin: 206-464-2105 or kervin@seattletimes.com

Posted by richard at September 27, 2003 10:06 AM