BLACK BOX INVESTIGATIVE REPORTS Friday Jan. 9, 2004Full report on
http://www.blackboxvoting.org (I think it's going up on the
http://www.blackboxvoting.com site too, a shorter version)
My meeting with the Secret Service, and the VoteHere "hack" Bev Harris I met with Secret Service agent Michael Levin on Jan. 9, 2004, in a meeting that calls into question the accuracy of a recent VoteHere report alleging that the firm was hacked and that they had specific information on the suspect, who VoteHere CEO Jim Adler claims is a critic of electronic voting. Two citizens who are very interested in ensuring the integrity of our vote, Tom and Steve, drove 60 miles from Snohomish to accompany me in this meeting, and I am so thankful -- and impressed -- at receiving such support.
VoteHere reported an alleged hacking to the press on December 29, 2003. Articles on this can be found in an "MSNBC.com exclusive" at
http://www.msnbc.msn.com/id/3825143/ and by AP Wire reporter Ted Bridis at
http://www.crn.com/sections/BreakingNews/dailyarchives.asp?ArticleID=46918. The information was picked up by at least 57 news outlets. Now let's see how much of it was true:
"We caught the intruder, identified him by name. We know where he lives. We think this is political. There have been break-ins around election companies and we think this is related,"
said Jim Adler, according to the AP Wire service story.
"We do not have a suspect," Michael Levin, investigating agent for the Secret Service Cybercrime division, told me today.
I asked the Secret Service agent this: "But AP Wire, the
Seattle Times, and MSNBC reported that there is a suspect and that this person is supposedly an opponent to e-voting."
"We do not have a specific suspect at this time," the agent repeated.
"But in the news media it specifically reported that they have identified the intruder by name, and know where he lives. Is that not true, then?" I asked.
"That is a press statement by the president of a company. Read between the lines."
According to MSNBC, "While gaining entry, the intruder set off an electronic 'trip wire' that alerted VoteHere, he (Adler) said. Federal authorities were immediately told of the break-in, Adler said, and the intruder's activities were monitored as part of the investigation. Then access was blocked."
"This is not true," said the Secret Service agent, in a phone conversation with me on Jan. 7.
The AP story reported: "Adler would not identify the company's chief suspect but said he thinks the person was linked to the debate over the security of electronic voting. The same individual may be tied to the theft in March of internal documents from Diebold Election Systems of Canton, Ohio."
This is one of the most peculiar parts of the story. In fact, it sounds a bit concocted. Makes one wonder whether the "hack" happened at all (it probably did), or if it might have been enabled, or at least, its motivation might perhaps be tied to other situations.
Let me explain. Examining the VoteHere source code is not worth a cup of warm spit to any activist I know. That's because hundreds of millions of votes are being cast on Diebold, ES&S, Sequoia and Hart Intercivic, and that's where the focus has been -- not on VoteHere, who has not yet achieved significant market share.
In early October, at the time of this alleged "hack," the Diebold memos had been made public and voting integrity activists were engaged in a feeding frenzy to analyze them. Sequoia software had just become available on an open web site. There was
too much to examine at once, and in the unlikely event that an activist might want to hack something -- and I don't know any activists who engage in hacking company Web sites -- VoteHere would have been one of the least likely targets. Why bother with hacking VoteHere? Here's a possible reason:
To anyone who can claim to have "hacked" them, the Diebold memos are worth a pile of cash 200 feet high (stacked in $100 bills). That is because the Diebold memos contain evidence, when compared with R.F.P. sales bids made by Diebold, that Diebold made fraudulent claims when selling its system. Now in fact, the Diebold memos were leaked, not hacked, by someone with inside access, using an employee I.D. number. But why trouble ourselves with facts? Read on:
If government entities that purchased Diebold voting systems request reimbursement under HAVA, a person who claims to have originated the evidence for a fraudulent claims case -- even if such evidence was stolen or hacked -- could then file a Qui Tam whistleblower case. I've gone on record as disagreeing in principle with any Qui Tam that requires a gag order, because I feel that open discussion of flaws and fraud is of critical importance, and time is of the essence. But there is a lot of money involved for someone willing to accept a gag order. In such a case, the whistleblower can request treble damages, which will reimburse the government agency that bought the flawed voting system; up to 30 percent could go back to the whistleblower as a "bounty" for catching the fraudulent claims.
Diebold sales: Georgia, $54 million; Arizona, $52 million; Maryland, $53 million; San Diego, $33 million; Ohio, $75 million. Let's round this off to a quarter of a billion. Treble damages = $750 million (3/4 billion); 30 percent = about a quarter billion. Hack off 30 percent of that for the lawyers and you're left with perhaps $160 million to be divvied up among the folks who can claim a combination of origination of the evidence and scientific expertise to analyze it.
All this discussion of Qui Tam is for one simple, though speculative, purpose: To illustrate that there are motivations for claiming a hacking activity. For one who successfully claims origination to the Diebold memos, even if one was claiming they are "hacked," the monetary sums are certainly enough to take a fall -- six months easy time, or maybe, none at all. But who would believe you if you just claimed, "hey, I hacked the Diebold memos, give the money to me!" No, you'd want to do something like hack something else, perhaps something that would only result in a slap on the wrist because it was going to be released anyway. Something where they carefully document the hack. Then you say "OK, I admit I hacked that and hey, I hacked the Diebold memos too!" (Reminder: they were leaked, not hacked, and the Diebold Memos are not related to the Diebold FTP site, which contained source code and program files).
It is this little Qui Tam formula that I submitted to the FBI and the Secret Service when they inquired about the hack. The FBI was all ears. The Secret Service, not so interested. We'll see how it pans out.
Now, back to my conversations today:
The "trip wire" story was written by Alan Boyle on Dec. 29, 2003. I spoke with Boyle today. Boyle works on the Microsoft campus, and his employer is owned by Microsoft and NBC. He replied that maybe VoteHere was monitoring activities at the time, but the law enforcement agencies were not.
As an aside, I said, "So I notice you work on the Microsoft campus. I can assume, then, that you won't be reporting favorably on any Black Box Voting research." (Microsoft software is used by voting industry giants Diebold Election Systems and Sequoia Voting Systems.)
"Oh, you're such a cynic," he replied lightly.
I found it interesting that the VoteHere story showed up as an "MSNBC exclusive," complete with publicity photograph. I asked the AP reporter, Ted Bridis, about this.
"There was kind of an interesting chronology on this. We were tipped a few days before our story ran that there had been this hack. I called VoteHere. They seemed surprised to hear from me and said, 'Is this about the MSNBC story?' It seemed like they
had been shopping the story to MSNBC."
According to the MSNBC story, Adler said his company has "seen some connection" between the criticism of e-voting systems and October's computer break-in, but he declined to go into specifics.
"I don't want to necessarily politicize this," he said. "This is just a crime ... We feel that it may have been politically motivated," Adler said.
This is a rather self-serving statement. VoteHere has been at the receiving end of criticism by activists concerned about the integrity of our voting system. How handy it is to implicate activists. Politically speaking, the chairman of VoteHere, Ralph Munro, former Washington Secretary of State, is facing an ethics investigation, launched by voting integrity advocates who disapprove of Munro's stepping from regulator (Secretary of State) to regulatee (VoteHere board) without waiting the required two-year time span, and to the current close ties with Munro's protege, current Washington Secretary of Sate Sam Reed, who has been a proponent of VoteHere. Also "politically," Reed is being challenged by Andy Stephenson, a voting rights advocate who is running for Secretary of State on the Democratic ticket.
According to the Seattle Times, "VoteHere released some of its source code earlier this year to be scrutinized by VerifiedVoting.org, a grass-roots organization pressing for accountability in election systems."
In fact, VoteHere delayed the release of its source code and did not release it to VerifiedVoting.org.
"We were not happy about it," said VerifiedVoting webmaster Greg Dinger, of the delay. "I suggested to Dr. Dill that he not put the general VoteHere information on the site at all. But Dr. Dill said he'd made an agreement and was going to stick by it."
No one has adequately explained why VoteHere delayed its scheduled release of source code, but now the same source code has been "hacked," which has been the subject of an odd press release by a company that supposedly specializes in Internet voting security and voting verification. Conveniently, the firm blamed the alleged hacking on activists, the "hacker" then shopped the VoteHere source code to activists, including me, in an apparent entrapment attempt, by sending an email that invited clicking a link to the VoteHere source code; and, (possibly lucratively) VoteHere has now tied said hacking to origination for the Diebold Memos.
All this, but the Secret Service says they do not have a suspect. In fact, they have not yet proven that a crime even exists.
Stay tuned.