Looking in Diebold Source Code is the WRONG Place to look

A couple points:

1) I have been in the computer-programming world for 30 years and have worked on embedded processors like the Touchscreen/Optical Scanners use.

2) I will be writing this for the non-computer geeks out there and will try to make it as simple as I can. While I will be talking about things known to Windows users, the TS/OS machines main operating systems are based other operating systems but the names of things I use are just called different things on the other operating systems.

3) Most people talk about Diebold and it’s CEO that promised Ohio to Bush, but the true facts are that all the major TS/OS makers are heavy Repugs. While I will talk about Diebold in this piece, all TS/OS makers could use this method.

4) While the Flash Memory card “device driver” I will use in this paper is a prime candidate for the vote corruption changes, it is ONLY one of many places the corruption software could be hidden. I have picked the name of the flash memory maker as Lexar, not because I think they had anything to do with this but because I like their products in the digital camera world. :D

5) While I strongly believe that the vote corruption software has to have been written to change votes only at a select true date and time, I will leave that piece out for this white paper. But this is still an important piece; you would not want the machines changing votes while being tested in a mock election in a county.


HIDE THE VOTE CORRUPTION SOFTWARE in PLAIN SIGHT BUT NOT WHERE PEOPLE ARE LOOKING

In the TS/OS world there are two major pieces of software. The operating system, which I will call Windows TS/OpS and the application, in this case for Touchscreen voting, which I will call, Touch Me.

I would never put the corruption software in the Touch Me application. As Diebold found out this code can get out. Plus a lot of people are “auditing” the software. No I would hide the corruption software in the operating system. Because it is “standard” software, most people would not think to check it for vote corruption changes.

Vote Corruption Software in the Flash Memory Device Driver.

When a maker wants to add a new device to an operating system, they have to write a “device driver” for that device. So when Diebold wanted to use Flash Memory cards to store the records of all votes on, they would have to have a device driver for that card. Well Microsoft is very helpful, they provide you with something call a Device Driver toolkit. In this toolkit are sample programs of other device drivers.

When Lexar was talking to Diebold they probably gave them a working device driver for their flash memory card. The only problem was Diebold wanted to “add” some new functions to the device driver. Those functions were to change the vote’s records being written to flash. After a voter has finished voting and is happy with all their selections the final step would be the saving of the selections in a file to flash memory. Then at the end of the day, all the files are download to a central computer, read and the votes added up, if the flash memory device driver makes the vote corruption changes, the voter would not know it, and no matter how many times the flash memory card is read, it will always show the corrupted votes.

So Diebold came up with this plan. The device driver would be made up of two parts, the program part and a control file part. The device driver program part would never change, only the control file part. This control file would have some funny system name and be encrypted. For each election the control file would be download as part of a “security update” to the Windows TS operating system. Because this would never be updated at the same time as the Touch Me app, most people would not put two and two together.

In my simple control file example it would be made up of one record for each vote you wanted to change. IE

P,10,Kerry, Bush


This would tell the flash memory device driver for the President race, move 10% of the votes from Kerry to Bush. Very simple. This control file could be tailored well in advance for an election. Hopefully Rove would have the needed numbers well in advance of the election, he would not like it if Bush lost.

OK we how have a control file, and when the Touchscreen/Optical Scanner booted up, it reads this control file and is now ready to work.

The next file is the completed ballot file. This is the file that Touch Me “writes” to the flash memory card at the completion of each voter selection. In my simple example this file would look like:

P,Kerry
S,Castor
.
.

With these two files, the flash memory device driver has all the information it needs to modify the Kerry votes to Bush votes. The control file told it to only change 1 in 10 Kerry votes to Bush votes. If it was time to change the vote in the Presidential race, “P,Kerry” would become “P,Bush”. Very Very Simple.

And if you were auditing the Touch Me application for vote fraud you would NEVER see it. The last thing you would see would be two lines like

write (flashmemory, fileofvotes);
goback to New_Voter;


And because programmers are lazy, Diebold picked for its Optical Scanner hardware the Windows OpS operating system, and gee the flash memory device driver is used on it too. One really special device driver that can be used on both Touchscreens and Optical Scanners. How simple and how cheap.

And how about exposure to being caught, well in this simple example you have ONE programmer. This programmer may not even work for Diebold but could be a “special contractor” brought on to “write” the device driver software. And remember once the “special added functions” was written once, that special contractor would be passed from Touchscreen maker to Touchscreen maker and their “special added functions” could be reused from maker to maker.

Then you would need ONE person to create the “control file” for each election. Once it is created, the normal “update” person would just update the Windows TS/OpS software with this “security update”.

Some ending points:

Sad to say, if the vote corruption software is in fact in the operating system, it would be almost impossible to find. While at the higher levels of the TS/OS companies, they would know what their machines would be used for, 99.9 percent of the people in the company would have no idea. As I have shown, as little as a one to three person programming team could have written the code for all the TS/OS machines out there.

After the hanging chads of the 2000 election, everybody knew that a newer way for people to vote would be used in the 2002 and later elections. You also have to believe the Repug party has many great software types as would the Democratic Party. I believe the vote corruption software was first tested in the 2002 election to help Jeb Bush in Florida and to replace Democratic Senators like Max Cleland in Georgia.

Any election vote that was to be corrupted the race must be close. If the day after the election, the machines showed Alan Keyes the winner over Barack Obama, then nobody would believe the machines.

Maybe the release of the Diebold Touchscreen software was NOT an accident, but done on purpose by Diebold so people were looking at the wrong place and many man-years of programmer’s time were spent going over the WRONG code. Almost all magic acts use miss direction to pull off their “magic”. The release of the Diebold code could have just been miss direction.

In 2001 George Bush’s biggest problem was the Senate. A lot of theories are out there about what happened to Senator Paul Wellstone’s plane. A couple points to think about. Was Paul Wellstone so far ahead of the person he was running against that the machines could not switch enough votes for the Repug candidate to win, and/or what was the state of the Minnesota voting machines and were they the wrong type. So maybe Senator Paul Wellstone’s plane crashed because of pilot error or maybe because they could not control the election, he had to be gotten rid of at any cost.

Remember, the vote corruption would take place in all states not just Florida and Ohio. While some well meaning Democratic leaders point out that Bush got millions more votes than Kerry, in the real world a shift of only 5% or less of the Kerry votes to Bush would account for Bush’s “win”.

And finally a well known saying:
"When you have eliminated the impossible, what remains,
however improbable, must be the truth."
Sherlock Holmes, A Study In Scarlet, 1887 by A.C. Doyle

Note: Feel free to copy, edit my grammar errors, and pass on this white paper.

/s/
Florida_Geek

make the app look pretty bush league.

MS Access for database storage. I wonder if Windows Scripting Host is disabled on the machines running the tabulator program GEMS? Access + Windows Scripting Host = disaster (or profit, depending on your outlook).

So this can't be an inadvertent mistake.

Is that you have to hardcode a date of execution for the malicious code as well as the procedure for tampering. The vote tampering also runs blind, so it's difficult to control, and you may get strange results. If you code to flip one out of X Democrat votes, for example, it may not be enough to win or it might turn out way too obvious.

From what Bev Harris has reported, the GEMS system has a hidden set of books that can be accessed remotely. This gives those who tamper more of a chance to massage the votes (or not, if the candidate is ahead.)

Why couldn't some voting machines be tested----you know vote 100 times after all the updates are done, and see how they are recorded? If the machines don't tally them correctly, toss them and sue the manufacturer. Maybe I am missing something (probably am, not all that computer savvy). That should be able to be done even with this election. Why not test some machines?

date sensitive coding would not be that hard. We know all the election dates. Make sure the "fix" only happens on those dates, and you could test 364 days a year and not find any problem.

feel strongly about the date and time thing.

IMHO, to start only Optical Scanned ballots scanned on election date should be manually checked first. The absentee ballots may scan true.

I know that in NJ we can often get leaks of absentee totals during the day on election day from the county election boards which are manned by Dems and Reps equally in all counties by tradition.

If that were the case and the machines programmed only to make changes on election day, then re-scanning absentees that were scanned on election day would produce a different result.

that in my county the absentee ballots were scanned in front of Dems and Repugs representatives a couple days before the election. So that on the date of the election, they would only have to scan new mail.

receive the US Govt. atomic clock signals and use that date for the "true Date".. PS this would cost around $5 dollars in parts. There are other ways to get the true date and time for those machines connected to the Internet.

on one of these machines and the chip looks pretty much like other chips.

source of some info

http://www.boulder.nist.gov/timefreq/general/receiverlist.htm

equal the total votes cast, which could easily be verified in an audit.

So would one candidate's votes have to be "transferred" to another candidate to keep the total votes equal to the total signatures?

10% of Kerry vote would be transferred to Bush. While is total is way high IMHO even a 5% transfer would result in a 10% difference.

ie both get 10 votes transfer 10% of Kerry's vote to Bush

after corruption

Bush 11 Kerry 9 or close to 20% difference.

1. If your comments are right, how difficult would it be to find this in the operating system?

2. Does "recounting" of votes that were cast on these machines serve any useful purpose?

3. Should all voting machine software have well-commented *open source* code, so that it can be widely checked?

4. Should elections revert to being all-paper ballots (no voting machines)?

test votes = correct count

Nov 2 votes = macro enabled

Making the hardware & software for voting machines proprietary is a crime. Everything should be scrutinized by the harshest critics and picked apart in excruciating detail. There are plenty of computer geeks in the world who would love nothing more than to do just that.

As it stands now, the very people who have the LEGAL responsibility to ensure the accuracy & fairness of the voting system are also legally prohibited from doing so because of the proprietary restriction on the equipment & software. And even if they could look inside the box, they usually are unable to understand what they're looking at. They don't have the technical expertise.

I don't know about you, but when my election officials are asked if the voting process is fair accurate reliable and secure, I don't want him to say "How the hell should I know? Ask Diebold."

is used in some machines,,, Diebold will open their source code before Microsoft will.

And no matter what you think about it, Windows is a hell of a lot more stable & understandable than any single use propriety software.

Also Microsoft's political agenda is much larger than any one party or any single election. If people don't trust their software, they're finished.

On the other hand, as it is the entire voting machine industry seems to be geared toward electing Republicans. And while MS brings people in, trains them & certifies them in the use and functionality of their software, Diebold prohibits anybody from looking at their stuff.

If we use electronic voting systems, then ideally everything should be open source. (Along with a verifiable, manually recountable paper trail.) Not living in a perfect world, I don't think it's unreasonable to allow the most common OS to be used, and have the appplications be open source.

Remember, the people making these decisions are NOT geeks. It's our job to explain these things to them.

If it's whittled down to about 20% in size. <grin>

Most people haven't a clue. But obviuosly you do. Better than a clue, you've an explanation. The trick is to put it into a form where even the least savvy can can become edumicated. Is it even possible?

a lot of questions where asked that had I put it in the first post ... :scared:

Going to pass this along to several people. Thanks

a crime was committed before how the crime was committed.

and the small machine stuff was mostly industrial control.

Most of the touch screen machines run with Windows/CE. Lots of room to hide "gifts" there.

The scanners (where machine-counted OH isn't punch cards, its optical scan) do run on typical embedded OS or lack thereof. But the "where to scan" is apparently on a prom that gets changed for each election.

The central tabulator is a vanilla windows box, with all the stuff stored in unprotected MSaccess databases. All you need to rig the vote there is a one-shot "virus" to go in and change things in your favor.

Luckily all of OH has a human countable record to fall back on. This isn't according to the repub plan, but someone managed to block the purchase of paperless machines a few years back.

Since they couldn't go with the easy-steal solution, the strategy appears to have been get the rigged result into the early record, and then fight like hell to keep an un-riggable count from happening.

something like .0025 percent of the vote or in this case 19,000 votes. That is what IMHO the Repugs are scare of with the prov. ballots and late but legal absentee ballots.

In your post you said "it would be almost impossible to find". For us non-geeks, can you explain why that would be the case? You explained very simply how it could be done so I cannot understand why it would be hard to find.

runs on a system is not easy read. Even if Diebold release "all" their apps readable code, that does not prove that once compiled and made ready to run, the source they show you was the same source they compiled. You can decompile code but the output is very unreadable even for programmers.

Couldn't the machine code be decompiled into an assembler dump? There has to be some assembly language geeks out there that can figure this out.

For example an assembler listing of a simple C program

.file "fred.c"
.section .rodata
.LC0:
.string "TEMP"
.LC1:
.string "bad env TEMP \n"
.LC2:
.string "HOMEPATH"
.LC3:
.string "bad env HOMEPATH \n"
.LC4:
.string "rb"
.LC5:
.string "can't open old ip file\n"
.text
.align 2
.globl main
.type main,@function
main:
pushl %ebp
movl %esp, %ebp
subl $1576, %esp
andl $-16, %esp
movl $0, %eax
subl %eax, %esp
movl $0, -1052(%ebp)
.L2:
cmpl $255, -1052(%ebp)
jbe .L5
jmp .L3
.L5:
leal -1576(%ebp), %eax
addl -1052(%ebp), %eax
movb $0, (%eax)
leal -1320(%ebp), %eax
addl -1052(%ebp), %eax
movb $0, (%eax)
leal -280(%ebp), %eax
addl -1052(%ebp), %eax
movb $0, (%eax)
leal -536(%ebp), %eax
addl -1052(%ebp), %eax
movb $0, (%eax)
leal -792(%ebp), %eax
addl -1052(%ebp), %eax
movb $0, (%eax)
leal -1048(%ebp), %eax
incl (%eax)
jmp .L2
.L3:
subl $12, %esp
pushl $.LC0
call getenv
addl $16, %esp
movl %eax, -20(%ebp)
cmpl $0, -20(%ebp)
jne .L6
subl $12, %esp
pushl $.LC1
call printf
addl $16, %esp
jmp .L1
.L6:
subl $12, %esp
pushl $.LC2
call getenv
addl $16, %esp
movl %eax, -24(%ebp)
cmpl $0, -24(%ebp)
jne .L7
subl $12, %esp
pushl $.LC3
call printf
addl $16, %esp
jmp .L1
.L7:
subl $8, %esp
pushl $.LC4
leal -536(%ebp), %eax
pushl %eax
call fopen
addl $16, %esp
movl %eax, -12(%ebp)
cmpl $0, -12(%ebp)
jne .L8
subl $8, %esp
pushl $.LC5
pushl stderr
call fprintf
addl $16, %esp
jmp .L1
.L8:
pushl -12(%ebp)
pushl $80
pushl $1
leal -1320(%ebp), %eax
pushl %eax
call fread
addl $16, %esp
pushl -16(%ebp)
pushl $80
pushl $1
leal -1576(%ebp), %eax
pushl %eax
call fread
addl $16, %esp
movl %eax, -1056(%ebp)
.L1:
movl $0, %eax
leave
ret
.Lfe1:
.size main,.Lfe1-main
.ident "GCC: (GNU) 3.2 20020903 (Red Hat Linux 8.0 3.2-7)"

if very familiar with the assembly language in question and the object code it generates for each unique instruction, can look at the raw binary code and recreate the source code. Very difficult, but not impossible.

A series of machines were doing some fairly odd things on election day, such as coming up "initiated" to a "bush" vote before the voter voted as well as locking in a bush vote in the summary screen after the person was sure they had voted for Kerry.

I think this is a good place to look, but unless they did an "execute
once for 8 hours" sort of trojan, it might be possible to reverse engineer it and set the date in the system back to election day and see if it happens.

Another way to do this is to get the engineers who worked on the machine to testify, under oath with immunity for whistleblower status.

From the errors reported on election day, I don't see a timer trojan, although it is possible ..but the errors to me implied a wrongly
implemented initialization section plus either a bad semaphore
or something wrong with the GUI input sequencing...

at least something was interacting with it. Could be a flash device
driver, especially with some of the errors to be sure.

Frankly, I think if they confiscate these machines a good engineering
team can reverse engineer the box to figure out what is going on
without the code and I think they should confiscate the machines
for that.

there is such a thing as self writing code, which really would be a problem to locate any trojans...but a write log might also be available.

Anyway, I wish they would get an independent reverse engineering team
on these machines and just figure them out.

Check Miami Hearld headline on Late Breaking news. Worth looking into by any good geek.

If it was only money, then these people would be paid well. IMHO it would be a religious computer geek probably an anti-abortion person

Please contact Bev harris's group with your views..

I'm sure they welcome all thoughts!!

change for the better after midnight, if the machine was coded for a date, it sounds like it was for Wednesday.

it would explain the massive numbers of "memory card failures" reported on election day.

This is a "they gotta prove to us there was no crime" situation, dangit!
They (machine manufactureers, agents, sortware designers, politicians ad nauseum) are required to prove to us that they behaved honorably, not the other way 'round! They all shot themselves in the ass by refusing to document their best evidence of accuracy, and WE are the judges. Scream bloody murder.
These freakin' idiots are trying to sell us something, not proving they already have the power to make us show how stupid we are. It's high time we turn the tables, show the presence of cojones, and point out that we (the elactorate) are the judjes and juries here, NOT that we are the supplicants, begging to be noticed.
We have meekly allowed even the idiotic entertainment "media" to assume that they are our masters and our only responsibilities are to kiss their asses, suck their wangs, give them all our money and beg for more. I am sickened by the whole thing.

Make them prove they won by auditing the machine vote counts. We're supposed to just accept black box? Counts are supposed to be monitored and verified!
So, prove you won boys. Verify your votes.

if you do feel free.

:):) :toast:

Thank you so much for an excellent introduction to the arcane reality of computer programming. I've been helping grandmother's with their computers for years and I know all too well, that what is obvious to any programmer who's gone through an exercise in securing an application, is actually a "black-box" to anyone else who thinks CMOS means the "Chicago Manual of Style"! ;^)

Peter G. Neumann's RISKS digest (http://www.csl.sri.com/users/risko/risks.txt) has been one of the most respected resources in the INFOSEC field for longer than I can remember. He has an excellent paper called "Illustrative Risks to the Public in the Use of Computer Systems and Related Technology" with a wonderful section on "Election Problems"(http://www.csl.sri.com/users/neumann/illustrative.html#24) for anyone who wants to pull the curtain back (CAUTION: for the uninitated, learning your "trust in the system" comes from blind-faith can be overwhelming! But don't worry, we'll all make it through this if we support each other!)

The scary thing is it really could be done by a "lone-gunman" programmer, but as a tin-foil-hatter of the highest order (tongue-firmly-in-cheek!) I wanted to up the ante with the possiblity of hacking the entire OS! It's not beyond the pale to think that in one of those windowless buildings in Virginia is a $100M super-computer who's only job is to seach for everyone possible combination of windows exploits by running thousands of virtual machines SIMULTANEOUSLY! Subtle memory leaks that would never be found under any kind of usage or testing could be found to be exploited! Yes, yes, its waaay over the top, but I like finding the most extreme theoretical cases for any problem, from "where did I lose my keys" to "where did I lose my vote?"

Florida_Geek, you do all us computer geeks proud and maybe the geeks shall inherit the earth -- odds are we'll save it at least!

All the best,
FULL_METAL_HAT

This is my computer. There are many like it, but this one is mine. My computer is my best friend. It is my life. I must master it, as I must master my life. Without me my computer is useless. Without my computer, I am useless. I must fire my computer true. I must shoot straighter than my enemy who is trying to kill me. I must shoot him before he shoots me. I will. Before God I swear this creed. My computer and myself are defenders of my country. We are the masters of our enemy. We are the saviours of my life. So be it .. . until there is no enemy ... but peace. Amen.

I have been screaming forever that all that needs to be done is a simple registry switch in the OS where they tabulate the votes, that causes the totals to shift to whomever they want to win. It's easy, not in the source code, and no one will ever look there. And more than easy to delete/change after the fact.

They stole this. period.

The exit polls were correct.

The ONLY way to change this is to GET RID OF ELECTRONIC VOTING ALTOGETHER!!!! Paper receipts are not going to help this kind of fraud, and they'll NEVER EVER allow an election to be close enough to warrant a recount.

The only way to make sure our votes were correctly counted is if we vote on paper and those votes are counted by hand in a completely secure and independent manner.

http://www.dailykos.com/story/2004/11/10/1172/9052
---------------------------------------------------------------
!!! BREAKING - DIEBOLD SOURCE CODE !!!
by ouranos
Wed Nov 10th, 2004 at 08:07:02 PST

Go to http://www.senderberl.com/111004.htm

Scroll down to E-MAIL RECEIVED EARLY AM NOVEMBER 10, 2004

Dr. Avi Rubin is currently Professor of Computer Science
at John Hopkins University. He "accidently"got his hands on a copy
of the Diebold software program--Diebold's source code-
-which runs their e-voting machines.
Dr. Rubin's students pored over 48,609 lines of code
that make up this software.
One line in partictular stood out over all the rest:
#defineDESKEY((des_KEY8F2654hd4"

All commercial programs have provisions to be encrypted
so as to protect them from having their contents read or changed
by anyone not having the key..The line that staggered
the Hopkin's team was that the method used to encrypt
the Diebold machines was a method called Digital Encryption
Standard (DES), a code that was broken in 1997 and is NO LONGER USED
by anyone to secure prograns.
F2654hd4 was the key to the encryption.
Moreover, because the KEY was IN the source code,
all Diebold machines would respond to the same key.
Unlock one, you have then ALL unlocked.

I can't believe there is a person alive who wouldn't understand
the reason this was allowed to happen. This wasen't a mistake by any
stretch of the imagination. This was a fixed election, plain and simple.

This second coup d'etat is either stopped now or America ceases to be.
See more links at http://www.senderberl.com/111004.htm

The source code for the Touchscreen App, is IMHO a miss direction. The real vote corrupter is in the "standard" operating system software.

... so that it breaks and starts counting backwards at some point? Since we know it did so at times, not intentional for sure, then if the driver code could be written as an example so that bug would happen, we could see exactly how it was done and where they made their bug mistake.

Obviously, probably, I'm not a puter geek and maybe there isn't a connection here.

Even just keeping our machines running is a nightmare sometimes, I have been cobbling together my home units for about 15 years or so, but mostly just pick one off the shelf anymore. It's not worth the time, it just all changes so fast it's not worth it to remember that much if you don't do it for living.

That said this does not change accounting and how it's done, because that is old as language its self. People are keyed into access to the system, but to find things out you don't have to go in the front door.

Just like most math problems, when things don't add up correctly people look at it several times and wonder why. We have millions of people in this country if a few don't figure out what happened....you get the picture.

Welcome to DU!! :toast:

But one thing mine has is very very few people would have to know about it. The fewer the better. More people more chance somebody will talk.

Welcome to DU!! :toast:

1) If your comments are right, how difficult would it be to find this in the operating system?

If you have a true copy of the operating system that was used, a compare of file sizes of every module on the system against a know "gold standard". Once you got it down to the modules that do not match, IMHO one of them is the enemy.

2) Does "recounting" of votes that were cast on these machines serve any useful purpose?

100% YES---- With some rules:
a) Keep the totals by county in an Excel spreadsheet. DO NOT use something like the GEM software that came up with the totals in the first place. If I am wrong and the corruption was in GEM, this would catch it.
b) Manually count the Optical Scan paper voters, starting with the largest Democratic precinct and keep manually counting as long as the totals you manually counted are different than what was counted on election night. If I am right, vote corruption will show up in this manual count. And this is no punch card with magnifying glasses, it is filled in vote for Kerry/Bush or other.

3. Should all voting machine software have well-commented *open source* code, so that it can be widely checked?
Yes this is a good start

4. Should elections revert to being all-paper ballots (no voting machines)?
No Touchscreens need a paper trail. PLUS PLUS a mandatory audit of all votes in say 5% of all votes in a county. This mandatory audit would be MANUAL EYES ON PAPER, be it the paper receipt from the Touchscreen or the paper ballot that was optically scanned. IMHO once the manufacturers know this audit is going to be done, the Gig is UP.

What about the touchscreen machines without a paper trail? Is there any way that a realsitic audit of votes can be done... maybe resorting to obtaining sworn statements from all the voters?

That is the best I can do :evilgrin:

Yes: If the vote corruption was in the GEM software, and the votes on the flash memory card are correct, then a readout of the flash memory cards will give a true count.

But if I am right, the votes on the flash memory card will aways read out the same. BUT if I am right, both the flash memory cards from Touchscreens and Opt Scanners will be corrupted for the same company and IF you find a shift in the EYES on Paper that that county used for absentee ballots and prov. then you could guess the shift. But that may not be true because the shift may only have happened on scanned ballots on election day. But in the same state in another county that ONLY used Op Scanners by the same maker as your, if they show a 10% shift in votes scanned on election day, then you could GUESS that they shifted 10% of your TS votes.

In regards to 2 - 4:
Right on. Wherever the compromise could have occured, a recount of both the optical cards and the flash drives would pinpoint it. Hands down.

In regards to 1:
If it was a corrupted driver or an OS module, god help the guys who wrote it!

To clarify my above posts, I've only gotten hold of the GEMS program, which runs on any windoze box. I've seen a few broken links to the touchscreen OS but so far haven't had any luck finding it, and some things I've heard suggest it isn't even a stand-alone OS. If anyone reading this has a working link to it, please post it (I know it's proprietary, but so is my vote).

I would think, though, that from a reverse engineering perspective once a discrepency was found through a recount of the optical cards the stinky module could be found relatively easily. Just run a trace
and set a break on access of the vote data's memory range, and if any procedure is suspect you'll see it instantly. The naughty crax0rs do this sort of thing every day, and most of them have half the years on this planet that we do. And, if there was a verifiably non-evil build of the software, you're right, a simple comparison of file size would do the trick.

...would be to do the following:

1) replicate the environment exact to a voting precinct as possible. Including setting the times of the central tabulator and voting machines to one day prior to the voting day (Nov. 1).

2) load the ballot on the voting machines in the same method that was performed prior to tabulating any votes.

3) load the freely available RegMon (registry monitor) and FileMon (file access monitor) utilities available from sysinternals.com. This will give a logging of all file and registry access performed by software, including any drivers.

4) determine the driver the software uses for access to the MS-Access data source. This will be and OLEDB or ODBC driver. All driver delivered in Microsoft's MDAC allow for a trace application to hook into its calls, and provide a logging method... i.e. "ODBC Trace". This will give a complete log of all calls made to the access DB, SELECT, INSERT, UPDATE and DELETE procedures.

5) perform a mock election on the computer date of Nov. 2 entering several votes during the hours of the actual election. Note the actual count of votes tabulated to form your paper trail.

6) send the votes to the central tabulator system in the same manner as performed during the actual election. i.e. Floppy Disk, Network Copy, FTP Put, Dial-up PPP, WinSock etc...

7) The central tabulator would have the same utilities monitoring the File System, Registry and MS-Access DB, writing to log files at the central tabulator.

8) If the central tabulator calculates votes differently than the counts that have been cast. you now have a complete audit log of all file, registry and DB access, complete with date and time stamps.

I believe this would save a lot of digging through source code and reverse engineering driver code in machine language. This would also rule out the OS and any form of touch screen driver hacks, etc...

-OC

have an outside source for TRUE DATE and TIME, this could be a $5 radio receiver chip to receive the US Govt's Atomic Clock. If this was the case, then the software would only shift votes on the date of the election from the outside date source.

Good write up.

Example: for $17.95 you can have

...is a way to set the time on a computer to that of the gov't atomic clock. I believe that an additional device driver would need to be installed on the windows platform to utilize a 3rd party device as such. Of course there is the chance that this device would be part of the system's embedded chip sets and operate at the BIOS level. Since the Central tabulator is a Windows NT/XP box, it is doubtful that this type of device could exist at the central tabulator.

I am not aware of the actual hardware that runs the voting booth touch-screen machines. I am certain that Diebold must have a patent on file for this if it is something other than a tablet PC running the Diebold software. Shouldn't be too hard to lookup. ;)

The problem i see with using the AM radio frequency setting of the voting machines is that they would not function very well during thunder storms, largely metal framed buildings nor in basements of buildings where many people vote. GPS does also send a time signal, so that would be much more reliable... I'm no expert at the GPS system, and I am not sure of the size of antenna that would be needed to receive a signal. Maybe there is someone on the board that knows how GPS works and could shed some light on that feasibility.

Honestly, before going to great lengths to audit this software, I think a simple mock election as I stated before would be a good starting point to see if the software is actually tallying correctly in the first place, before going into great lengths to prove other non keep-it-simple methods.

The code has already been proven to be absolute crap... a developer writing this crappy of code would not have the talent to incorporate methods that are completely obtrusive, IMO.

Anyone know if this code is the product of Diebold offshore outsourcing? That would explain the FTP site leak! There has already been talk of outsourcing our homeland security software.. why not our voting system too???

-OC

"The code has already been proven to be absolute crap... a developer writing this crappy of code would not have the talent to incorporate methods that are completely obtrusive, IMO."

this is only from the leaked or whatever Diebold source. there is a couple other players in this game, who knows what condition there code is in.

But in my main post I suggested the code could be hidden in a device driver and that could have been written by an "recommended" outside consultant. That person would be very sharp.


Second point, if a radio receiver was used, the corruption software MUST vote TRUE if it can not get a true date and time. IMHO.

Plus now we know some systems have access to the Internet during voting.

In additionn if a radio receiver was used it may not be in the TS device but maybe in the little unit that they (in my county) run your electronic card thru that you use to start the voting process.

But I _like_ digging through machine language!

But is has to be IBM 370 machine code to be enjoyiable. :D

Wow, that's a very clever theory, thanks for that.

Someone was asking, "isn't it going to be hard to catch something like this after the fact, demonstrate how it happened?"

As I see it, that's step 2. Step 1 is simply to show that SOMETHING went wrong in the vote counting, that the votes weren't tallied correctly.

With optical scan ballots, that's easy -- the paper votes exist, so count them again. You won't get the same numbers you did on election night, and everyone will know something's gone wrong. Which will lead to more recounting.

Case in point: the ongoing recount for the NY Senate seat in Yonkers. It's turned up thousands of uncounted ballots, plus over 20 machines whose anti-tampering seals were broken!

From the New York Times, 11/9/04:
http://www.nytimes.com/2004/11/09/nyregion/09mbrfs.html?oref=login

"YONKERS: SENATE RACE NARROWS IN RECOUNT The race between Senator Nicholas A. Spano, who is Republican, and his Democratic challenger, Andrea Stewart-Cousins, narrowed to fewer than 200 votes yesterday, the Democratic Party reported, as election officials began the recount of ballots cast on voting machines in the 35th Senate District. Jonathan Rosen, campaign director for the New York Democratic Senate Campaign Committee, said Ms. Stewart-Cousins picked up about 1,400 votes in the recount of machines from 6 of 12 wards. The machine recount was expected to continue through tomorrow. Anthony J. Mangone, counsel to Mr. Spano, said he could not confirm the Democrats' tally, but said the day's recount "did cut down the lead considerably." Carolee C. Sunderland, the Republican chairwoman of the county's Board of Elections, said she would not discuss tallies until the recount was complete.Kirk Semple (NYT)"

(Edited to get rid of a stupid typo, sorry...)

the how.....

I have been talking and writing about this for 4 years... IMHO a crime was committed.

This is my first post. I felt compelled because while I applaud scotjohn for posting this recount in NY issue, it was somewhat buried in this Diebold evidence post.

These are the exact type of situations we are looking for. Actual evidence that either optical scan or touchscreen machines were wrong and a recount proves it. Anecdotal evidence that "I selected Kerry but it came up Bush" won't prove anything. How many other local or state recounts are currently going on? This Senate Race Recount in Yonkers should be started as a new post. It is very important. I'm too new to post a new thread, as I assume scotjohn. If it has and I missed it, I apologize.

I am not a computer person, so maybe what I am thinking is way off-base, but what I am thinking is that the Republicans wanted the outcome to match their prediction - 51% Bush to 48% Kerry.

The second requirement would be a sure bet with no major retinkering election night - they would want as hands off a system as needed

So, the way I see it - the easiest way to do that is to create a program that already shows the finished election, as if everybody has already voted - with the percentages already fixed, just the numbers not present.

I would see this as a program in the central control point - or maybe a remote computer connected to a modem - that takes in or intercepts the votes and then adjusts them once the percentage starts straying from the pre-planned mode. For votes in states not counted by this method, those votes could be entered manually in order to make sure the percentages are maintained.

This could be more of a clean-up part of the plan, the program that cleans up the irregularities that would be huge red flags and also allows the republicans to see instantly that things are going according to plan.

I am not proposing this as *the* key, but just as one part of their plan and maybe there would be no feasible way of doing this, either.

But first we have to show it was rigged. As they said in my Army days, it is time for Mark 1 Eyeball to come into play.

That's great stuff. One thing I discovered the other day is that there are a lot of old newsgroup messages from Diebold people. One could take up a lot of time on Google Groups going through all this stuff, though they seem to have cut off after the election controversy stuff began. I don't speak programming, but here's an example:

http://groups.google.com/groups?q=diebold+%22device+driver%22&hl=en&lr=&selm=O1tvrxKYCHA.1432%40tkmsftngp10&rnum=10