Patriot Act II-- over my dead fucking body!

[KraziHare]

With a Whisper, Not a Bang

===========================================
Bush signs parts of Patriot Act II into law — stealthily


O n December 13, when U.S. forces captured Saddam Hussein, President George W. Bush not only celebrated with his national security team, but also pulled out his pen and signed into law a bill that grants the FBI sweeping new powers. A White House spokesperson explained the curious timing of the signing - on a Saturday - as "the President signs bills seven days a week." But the last time Bush signed a bill into law on a Saturday happened more than a year ago - on a spending bill that the President needed to sign, to prevent shuttng down the federal government the following Monday.


By signing the bill on the day of Hussein's capture, Bush effectively consigned a dramatic expansion of the USA Patriot Act to a mere footnote. Consequently, while most Americans watched as Hussein was probed for head lice, few were aware that the FBI had just obtained the power to probe their financial records, even if the feds don't suspect their involvement in crime or terrorism.

The Bush Administration and its Congressional allies tucked away these new executive powers in the Intelligence Authorization Act for Fiscal Year 2004, a legislative behemoth that funds all the intelligence activities of the federal government. The Act included a simple, yet insidious, redefinition of "financial institution," which previously referred to banks, but now includes stockbrokers, car dealerships, casinos, credit card companies, insurance agencies, jewelers, airlines, the U.S. Post Office, and any other business "whose cash transactions have a high degree of usefulness in criminal, tax, or regulatory matters."


Congress passed the legislation around Thanksgiving. Except for U.S. Representative Charlie Gonzalez, all San Antonio's House members voted for the act. The Senate passed it with a voice vote to avoid individual accountability. While broadening the definition of "financial institution," the Bush administration is ramping up provisions within the 2001 USA Patriot Act, which granted the FBI the authority to obtain client records from banks by merely requesting the records in a "National Security Letter." To get the records, the FBI doesn't have to appear before a judge, nor demonstrate "probable cause" - reason to believe that the targeted client is involved in criminal or terrorist activity. Moreover, the National Security Letters are attached with a gag order, preventing any financial institution from informing its clients that their records have been surrendered to the FBI. If a financial institution breaches the gag order, it faces criminal penalties. And finally, the FBI will no longer be required to report to Congress how often they have used the National Security Letters.


Supporters of expanding the Patriot Act claim that the new law is necessary to prevent future terrorist attacks on the U.S. The FBI needs these new powers to be "expeditious and efficient" in its response to these new threats. Robert Summers, professor of international law and director of the new Center for Terrorism Law at St. Mary's University, explains, "We don't go to war with the terrorists as we went to war with the Germans or the North Vietnamese. If we apply old methods of following the money, we will not be successful. We need to meet them on an even playing field to avoid another disaster."

Opponents of the PATRIOT Act and its expansion claim that safeguards like judicial oversight and the Fourth Amendment, which prohibits unreasonable search and seizure, are essential to prevent abuses of power. "There's a reason these protections were put into place," says Chip Berlet, senior analyst at Political Research Associates, and a historian of U.S. political repression. "It has been shown that if you give [these agencies] this power they will abuse it. For any investigative agency, once you tell them that they must make sure that they protect the country from subversives, it inevitably gets translated into a program to silence dissent."


Opponents claim the FBI already has all the tools to stop crime and terrorism. Moreover, explains Patrick Filyk, an attorney and vice president of the local chapter of the ACLU, "The only thing the act accomplishes is the removal of judicial oversight and the transfer of more power to law enforcements agents."


This broadening of the Patriot Act represents a political victory for the Bush Administration's stealth legislative strategy to increase executive power. Last February, shortly before Bush launched the war on Iraq, the Center for Public Integrity obtained a draft of a comprehensive expansion of the Patriot Act, nicknamed Patriot Act II, written by Attorney General John Ashcroft's staff. Again, the timing was suspicious; it appeared that the Bush Administration was waiting for the start of the Iraq war to introduce Patriot Act II, and then exploit the crisis to ram it through Congress with little public debate.


The leak and ensuing public backlash frustrated the Bush administration's strategy, so Ashcroft and Co. disassembled Patriot Act II, then reassembled its parts into other legislation. By attaching the redefinition of "financial institution" to an Intelligence Authorization Act, the Bush Administration and its Congressional allies avoided public hearings and floor debates for the expansion of the Patriot Act.


Even proponents of this expansion have expressed concern about these legislative tactics. "It's a problem that some of these riders that are added on may not receive the scrutiny that we would like to see," says St. Mary's Professor Robert Summers.


The Bush Administration has yet to answer pivotal questions about its latest constitutional coup: If these new executive powers are necessary to protect United States citizens, then why would the legislation not withstand the test of public debate? If the new act's provisions are in the public interest, why use stealth in ramming them through the legislative process? •



©San Antonio Current 2003

===========================================

First they'll go for the people who might be terrorists, then they'll change the meaning of terrorist again, and they'll go after the people that vaguely fit that persona, then they'll do it again, that time it'll probably be people who are relatively benign but threatening to the government. Only then will anyone really notice and that's when the shit starts.

And now for some loosely related Radiohead lyrics:
Something for the rag & bone man
Over my dead body
Something big is gonna happen
Over my dead body
Someone's son or someone's daughter
Over my dead body
This is how I end up getting sucked in
Over my dead body
I'm gonna go to sleep let this wash all over me
We don't wanna wake the monster
Tiptoe round tie him down
We don't want the loonies taking over
Tiptoe round tie them down
May pretty horses
Come to you
As you sleep
I'm gonna go to sleep
Let this wash
All over me

[KraziHare]

Here's a copy of the act (in pdf form) and some related links:

http://www.pbs.org/now/politics/patriot2-hi.pdf - a copy of the expanded PA, if you need proof here it is

http://www.libertythink.com/VICTORYAct.pdf - A copy of the Victory Act, it's kind of long

http://www.publicintegrity.org/dtaweb/home.asp - The Center For Public Integrity, a non profit investigative journalism group, I'm especially fond of the ICIJ.

http://www.pbs.org/now/politics/lewis.html - Info related to PA2, this is the official website of Now with Bill Moyers, a show that can be seen on PBS on Sunday mornings and Friday nights in Illinois and Wisconsin and probably other places, i recomend you watch it if you get the chance

http://www.aclu.org/ - The ACLU's official website, go there

[stonie jo]

Puts me in mind of a guy who has to slip the girl a 'mickey' so he can get him some.

What do they call that? Oh yeah.............RAPE!

[Digit]

bump

[dirtydingusus]

fuckers like to slip it to us when we arnt looking....

Quote:

Originally posted by Digit
bump

nice to see you pushing your opinons arround again......lol

[Digit]

its you damn blades, you keep throwing up these tasty morsals to me and i have to pop back to see.

[Newbie Toker]

I'm glad i live in england, but then again I dont have a bank account, so it wouldnt effect me anyway, lol

[stonie jo]

Digit, I'm always happy to see you!! Please come back and make fun of us more often! Too bad more of us Americans aren't as passionate as you are!!

I've been checking out lots of different sites that I thought some of you might appreciate.

Here's one on the new voting software some states have been using........

www.equalccw.com-dieboldtestnotes.html

[stonie jo]

Well, obviously the link isn't working. The guy who had the site wanted everyone to know he could hack the software and change peoples votes without being detected. Some pretty intense shit if you think about it. Anyway, I saved the notes. If anyone would like to check 'em out let me know.

[KraziHare]

Copy and paste them here, I'd love to read that. If i can find it I'll pull up some info about the company who makes the machines in question, apparently they've actually been linked to the Bush administration...

[stonie jo]

It's VERY LONG - but here it is......


DIEBOLD'S VOTE-TALLY SOFTWARE- Security Review Instructions

V.5.0i - by Jim March, 9/17/03 - jmarch@prodigy.net

10/24/03: the links to the big program files ARE BACK!!!

INDEX:

INTRODUCTION

GEMS INSTALLS AND DATA FILES

SECURITY TEST PROCEDURES (step by step)

Analyzing The San Luis Obispo County Data File

Appendix A: Excerpts from Diebold internal memos/documents!

Appendix B: Physical Security And Access Issues

Appendix C: Legalities (read: why Diebold isn't going to sue me)

Appendix D: NOTES ON THE VARIOUS DATA FILES

Introduction:

This document is based on the prior reporting of Bev Harris, which can be found here:

http://www.scoop.co.nz/mason/stories/HL0307/S00065.htm

This document describes the files archived at http://www.equalccw.com/voteprar.html

The purpose of this document is to step you through a brief yet shocking evaluation of the security "features" of the software that Diebold Election Systems uses to tally and record votes at a central location within a county (Registrar of Voter's office, typically). This software is known as "GEMS", for "Global Election Management System" (Diebold bought out Global Elections over a year ago). GEMS is used to tally votes in either touchscreen (TS) or optical scan (OS) Diebold products.

REQUIREMENTS: Windows-based PC with 150megs free disk space and 128megs RAM (minimum). You also need MS-Access2000 or a later variant in order to severely circumvent the passwords and security - the whole point here is that MS-Access is basically a "hack tool" and once used, there's NO security on this "high security voting product" whatsoever!

NOTE: all files are downloaded as ".ZIP" files - this is a standard format for packing multiple files into one file, compressing them for disk space and optionally attaching a password. Programs to read and decompress such files can be found all over the 'net, such as at:

http://www.pkware.com/products/free_eval.html

http://www.woundedmoon.org/win32/ultimatezip27.html

http://shareware.search.com/search?c...h.sa_win&q=zip

And in my opinion, the BEST: http://www.rarlab.com/download.htm

The ZIP reader should be able to put the multi-file contents of each ZIP archive into their own sub-folders, which you create. Some of these archives contain a LOT of files, so that's the best answer.

Many of the files you'll be downloading are BIG - some in the 50megs range. I recommend use of a "download manager" on a dial-up modem connection or you'll go nuts trying to get these. One of the best is Getright:

http://www.getright.com/get.html

There are others, but too many are "spyware", "adware" or other such crud. Getright has no ill effects on your PC - it allows re-starting a big download if your connection dies halfway through, it will manage multiple downloads at once, and is otherwise a sanity saver.

GEMS INSTALLS AND DATA FILES

(NOTE: all of the test procedures shown in this manual for the GEMS 1.17.xx series work the SAME on the GEMS 1.18.xx series.)

These are complete copies of the GEMS applications. You can only install one GEMS version at a time - if you want to switch to a different version, uninstall the previous one with the standard MS-Windows "add/remove programs" function under the Control Panel (under the "Start" button).

The versions are:

GEMS 1.17.15 - this has by far the most complete set of documentation available in Acrobat PDF format - see also the files "AccuVote-TS Users Guide 4.1.pdf", "GEMS Users Guide 1-17-15.pdf" and two documents related to modem settings in the directory/folder for this version (suggesting that these systems can be dialed into and modified remotely).

These manuals for AccuVote-TS (touchscreen) and GEMS itself are a deep look into how the program works. But they're most notable for what's NOT in there: any reference to using MS-Access to open or alter data files, or that this is even possible. If the county elections personnel who are the target audience of those manuals has no idea that a standard copy of MS-Access is a "hack tool" for voting data, then an entire array of security precautions won't be taken.

Download at: http://freespeech.metacolo.com/pimaupgrade.zip - 54megs

GEMS 1.17.23 - this version is currently in use in San Luis Obispo County, California in their Diebold Optical Scan system according to the county's Registrar of Voters, Julie Rodewald. So we can assume it's certified. Few changes.

Download at: http://freespeech.metacolo.com/GEMSIS-1-17-23.zip - 17.4megs

GEMS 1.18.17 - this is a "late model" version, included for those wishing to test it. There don't appear to be many changes.

Download at: http://freespeech.metacolo.com/GEMSIS-1-18-17.zip - 28.9megs

You also need data files to play with:

There is a file for Alameda County with no actual vote data in it (just the setup, candidates, etc.) inside the GEMS 1.17.15 download above, filename is "alameda ca primary election 0302 007.mdb".

Others:

Cobb County (Georgia) test data: http://speakeasy.seattle.wa.us/jmarc...102-backup.zip - about 5megs

San Luis Obispo County LIVE VOTING DATA, from 3:31pm the day of the 3/5/02 primaries!: http://speakeasy.seattle.wa.us/jmarc...mary030502.zip - 53megs - this file should NOT have been on the Diebold website, and has been confirmed as real - according to the SLO County registrar (Julie Rodewald) it is the absentee ballot data? This file is password-protected - the password is "sophia", all lowercase, without the quotes. Any of the better ZIP handlers will let you input a password.

SECURITY TEST PROCEDURES (step by step)

Items needed:

To perform these tests, you need a standard PC running Windows 98, NT, 2000 or XP (note: XP might not have been tested yet, but it should work). You also need the MS-Access program; version "97" should do, I have personally tested all this with the MS-Access built into MS-Office 2000, later versions should be OK too. (Access is usually found packaged with MS-Office "Pro", but is also available standalone.

Load MS-Access on the PC in question.

EXACT STEPS:

1) Pick a GEMS version to install. If you're not sure which one to play with, use 1.17.23 as that's confirmed to be in operation in California (San Luis Obispo County). Otherwise, pick one that's closest to what your county actually uses (if known). From the folder for the version you want to load, run the "SETUP" program. This will install GEMS on your PC. Do so with "all the default settings" - it's a very simple process. It will probably call for a reboot of the PC at some point, go ahead and do that.

2) Click the Windows "START" button, and under "Program Files" find the "Global Election Systems" item. IF IT'S NOT THERE, don't panic, go back to the unzipped folder that you ran SETUP from and run that SETUP again - some versions are a "two step install" for some reason. After the second install, no reboot will be necessary.

3) Open up "My Computer" on the desktop (double-click it, or in WinXP it's under the "Start" button), then open the "C" hard drive. From there, open the "Program Files" folder, and in that open the "GEMS" folder, and in there open the "LocalDB" folder.

4) Loading data files: you can drag and drop any .MDB "data file" to that particular folder on "C:" (what a techie would call "C:\program files\gems\localdb"). Once an .MDB file is in that directory, GEMS will "see" it and allow you to load it. If you are unfamiliar with drag'n'drop file copying between two disk sources on a Windows machine, you're going to need some minimal "techie assistance" for all this. IF you hose the data files at this directory, you can always re-load them from the original .ZIP files. If the data file(s) are of the .GBF type (from the original ZIPs), double-click the .GBF data file and GEMS will put the .MDB version of the file into "C:\program files\gems\localdb" automatically. In other words, you can't directly use a "GBF" file as found in the Cobb County and SLO county ZIP files, BUT as long as GEMS is loading, double-clicking a .GBF will "process it" into something usable at C:\program files\gems\localdb

I can't give instructions on unzipping because I have no idea what ZIP reader program you've got. But they're all dead simple.

5) Now we're ready to play. First, fire up the main GEMS program - it's under the Windows "START" button, "Program Files" area, find a "Global Election Systems" area below that, and finally the GEMS program (blue globe icon).

6) You're in the "Connect To Database" screen. You'll see the text "alameda ca primary election 0302 007" and/or the other two databases if you downloaded them - we'll start with Alameda but these instructions apply to any of them. Click on that Alameda database ONCE, then hit the "OPEN" button once.

If you choose a 1.18.xx series GEMS to play with, it will do a "conversion step". This is normal. Once so converted, the data files cannot be used with a 1.17.xx series GEMS. If you jump backwards from 1.18.xx to 1.17.xx (read: unload GEMS 1.18.xx and load 1.17.xx fresh), you must reload the data files from the original ZIP files. Other than that, the instructions are the same.)

7) This next screen wants the password for username "ADMIN". You don't have it yet. Feel free to play with it and guess passwords but basically, the security at THIS point will "hold up" - you can't get into that Alameda data. Not yet.

8) Cancel out of this "Admin password" bit, and get back to the "Connect To Database" screen.

9) Hit the "new" button, and create a new GEMS database with that button.

10) Name the new database whatever you want - we'll use "joke" as an example. Below that, it wants an admin password for this new database. Put in whatever new password you want, and repeat it in the box below that. For our purposes, I'll use "jokepass" in this set of instructions - but YOU use something else, so you know there's no "cheating" on my part.

11) Once you're past the "new" screen, you're actually in GEMS. There's not much here to see because the entire election structure hasn't been built yet for this "new database". But feel free to explore if you want.

12) Now to business: quit the GEMS program completely, get back to just plain ol' Windows running.

13) Fire up MS-Access - it'll be an item under the "START" button, "Program Files" area. At the first MS-Access screen, it'll give you the option of opening an existing database (using the "More files…" item). Take it to the "C" drive (under "My Computers"), the "Program Files" folder, the "GEMS" folder and then the "LocalDB" folder. Access will now "see" the files of it's own "kind" sitting there: the Alameda file, the other two and the one you created (I called mine "joke").

14) Open the Alameda file.

15) OOOPS! Hey, where's the password? THERE AIN'T ONE! Once you fire up MS-Access, you can open and explore all the various bits. If you know where to look, you can change vote totals. You can change anything - it's all wide open to unlimited rape.

That's bad enough, but we ain't done yet, not by a long shot. Close out of the Alameda data file.

16) Now, in Access, open the "joke" datafile (or whatever you called the one you created) the same way you did the Alameda file. (If you quit out of Access in the last step, no problem, fire it up again.)

17) Got the "joke" file up in MS-Access? Good - you'll see a number of different sub-areas within MS-Access, such as "ballot", "card", "region", etc. Find one called "Operator", and open it (double-click on it).

18) You'll see a "password". It won't be the password you typed in, it'll be "scrambled" (random combination of characters) - don't worry about it. Highlight that whole password with your mouse. Make sure you get the WHOLE thing, it might be longer than the "box" it's in and will scroll sideways, you'll have to drag sideways with the mouse to get the whole thing. Got it "highlighted"? Good. Under the "Edit" menu at the top, give a "Copy" command.

19) Close down the "joke" (or whatever filename you used) file, and in MS-Access pull up the Alameda database file. Again, open up the "operator" item and highlight the password for Admin. Highlight the whole thing - and then, under the "Edit" menu, hit "Paste". You'll see the characters change to what they were in the "joke" file.

Now under the "file" menu, do a "save" command.

Got a sick feeling in the gut yet?

20) Quit completely out of MS-Access, and fire up GEMS again (at Start-Programs-Global Election Management-GEMS). Click on the Alameda database. Hit "open". This time, for the "Admin" password, use the password you created and entered twice for the "joke" file - in my case, that would be "jokepass" without quotes.

And bingo…you're in. That is GEMS with the full datafile spread'n'ready before you. You successfully bypassed the GEMS password control system like a hot knife through butter. Note: if you were doing real dirty deeds, you'd save the old Alameda admin password off in a Notepad window or similar, and then when you're done "hacking", splice it back into the file. You would never know what the password really is, but once you were done the system's legitimate administrators would be able to use that correct password normally, without being "alerted to trouble" from their proper password not working.

But wait…it gets worse. A LOT worse.

Go ahead and poke around in this data. Open stuff up, look at it, explore. Done? Good. In GEMS, under the "GEMS" pull-down menu at the top, you'll see the "audit trail" item. Open that, and look at it. It recorded all the poking around you just did, in excruciating detail. Cool. Good feature. Too bad it's worthless.

21) Close GEMS, and open up MS-Access again. Open the Alameda data again (remember, it's on "C", "Program Files", GEMS", "LocalDB").

22) Sitting right there in plain sight is the item "AuditLog". Open it. Okay, this is harder to explain than do: there are un-numbered gray boxes running vertically on the far left edge of this window. Clicking on one of those boxes highlights the entire horizontal audit trail item. Go ahead and click on one of those boxes, and then hit the "delete" (del) key on the keyboard. Access will ask if you really want to delete a record, say yes. Whoa. You just deleted an audit trail item. OK, highlight another row the same way maybe two or three rows down from the top. Now with the mouse, grab the "slide bar" on the right side and drag it all way down to the bottom of the audit trail. Hold down the SHIFT key, and pick another horizontal row (again, you're hitting the gray un-numbered boxes on the far left). What you've done is selected a whole range of audit trail items, leaving only the first few at the top and last few at the bottom. (You CAN delete the whole thing but there's a reason I don't want you to.) Now hit "delete" again, and confirm that you're trashing all this.

23) Save the Access file, and quit out of Access.

24) Run the GEMS program, get into the same data file and pull up the audit trail again.

25) First, you'll see that one hell of a lot of stuff is missing. But second, the items ARE NOT NUMBERED, so there's no way you can now tell things are way out of sequence. All standard reference works for Access note the need for line item numbering in Access, so that you can at least tell when the audit trail has been tampered with. The lack of such line numbers can only be deliberate.

Let's re-cap, shall we?

· MS-Access allows unlimited tampering with the elections data.

· There's also an easy way to defeat the GEMS Admin password.

· The audit trail has been left wide open to the point of uselessness. Even if it wasn't, alterations that are done in Access never make it to the GEMS audit log anyways - the log items are CREATED by GEMS, not by Access.

· Therefore, the only reason you'd need to tamper with the GEMS password by copying the password from a new datafile is if you wanted to check your dirty deeds in the GEMS program. Somebody who knows GEMS inside and out will never have to do that - they only need alter the data in MS-Access.

· There's one other issue we didn't get into, as it's more complex than I wanted to do for this article: the actual vote data is duplicated internally, and GEMS makes requests to each of the two tables for different purposes. In accounting terms, it's a "double set of books" problem (which is a hallmark of fraud). Basically, if you ask for countywide totals, that's pulled out of one data file, while precinct-by-precinct data comes out of another - and GEMS never checks to see if the two match, or informs the GEMS console user that this is happening. But in Access, you can alter the vote tallies in the one GEMS uses for countywide queries and so long as you take away the same number of votes for one candidate as you give another (to keep the total number of votes correct), there's no way to tell. Here's the critical part: if you're an honest elections officer and you "smell a rat", the first thing you do is spot-check some precincts. And you'll get honest numbers. Only by printing out the totals from each individual precinct one at a time, adding them on a hand calculator and comparing to the countywide total would you realize there's a problem - and you still wouldn't understand why, because nowhere in the GEMS program or documentation (see also the GEMS user manuals in PDF form included) does it say there's "two sets of books". (SEE ALSO Bev Harris's report on the "scoop" site, first URL at the very beginning of this document for more info.)

The net impression is that GEMS was designed to be tampered with in ways that would evade the detection of local elections officials.

California Elections Code 19205(c) specifies that any certified electronic voting system "shall be safe from fraud or manipulation". GEMS doesn't qualify.

Note that we haven't covered any of numerous other possible issues: GEMS contains a large number of DLLs which can have all sorts of hidden, funky features. Worse, Diebold supplies the Windows system to the customer on a pre-set machine; the Windows code itself could be hacked to hell and gone and it wouldn't be tested in a lab.

This program should never have been certified. It is a fraud, and quite possibly part of a literal coup attempt. Whoever certified this thing at the state and/or Federal level should be subject to serious scrutiny and review, as should the entire certification process.

This is NOT hyperbole, or "conspiracy theory" - this is an outright disaster in the works and undermines everything our Republic stands for.

Analyzing The San Luis Obispo County Data File:

Let's take another look at that file. I'm assuming you've run through the steps above, so you have a GEMS install loaded, and the SLO county data sitting at c:\program files\gems\localdb

26) Start MS-Access, and open up the SLO datafile: "sloprimary2002ORIG.mdb".

27) Go into the "Candidate" item. Remember, this was the Spring of 2002 primaries. So find the entries for Gray Davis, Democrat challengers Charles Pineda Jr, Anselmo A. Chavez and Mosemarie Boyd, and Republicans Richard Riorden, Bill Jones and Bill Simon. You may have to make the "Label" field wider so you can see the whole candidate names - click on the right edge of the gray box where the word "Label" is, and "drag the column fatter" (exactly like how MS-Excel works).

28) Write down the "KeyID" for each of those seven candidates. I've already done so, but make sure I'm accurate:

Chavez: 88 / Boyd: 89 / Pineda: 90 / Davis: 91 / Jones: 93 / Simon: 99 / Riorden: 98

(Remember, those aren't votes, they're a numeric ID assigned to each candidate.)

29) Now close the "Candidate" window (not the whole datafile) and open "SumCandidateCounter" in MS-Access, in the same SLO county data file.

30) You're looking at the actual votes. The first column appears to be the precinct, so there's actual votes in the last column for the votes in that precinct. The "CandVGroupID" column tells you who the votes are for - that's the "Candidate ID number", or "KeyID" from the candidate table.

31) Let's look at precinct 941, the first one. There were no votes at all for the three "also ran" Democrats, which makes sense with Davis as the incumbent Dem. Davis (number 91) has a vote; Jones (93) and Riorden (98) are neck and neck with 4 votes each.

Now check more precincts. What you'll see is that the numbers MATCH WHAT YOU'D EXPECT of a rural, conservative county. In most other precincts as you scroll through, Simon edges out Riorden by a small amount, Jones runs a distant third, and Davis dominates among the Dems. (Remember, in California you have to be a Dem to vote in the Dem primary and GOP to vote in the GOP primary. "Crossover voting" was banned by the courts fairly recently on freedom-of-association grounds.) Check out precincts 1146, 2349 and many more (those are precincts with sizable vote totals)…you'll see that the numbers "make ballpark sense", but with a "randomness element" you'd expect of early actual results.

So is this sample data, or real?

32) In MS-Access, open the Cobb County datafile. We know that's test data. Go look at SumCandidateCounter there - its just endlessly repeated numbers! ALL the sample data files, Logic & Accuracy test runs and similar that we've seen look like that - no randomness at all, and no connection with actual results.

Conclusion: if the SLO County numbers are a test run, somebody went to one HELL of a lot of trouble to do a fake!!! And at no time have we seen a tendency towards that level of initiative out of Diebold - on the contrary, the various security flaws identified can be most charitably described as extreme laziness!

Appendix A: Excerpts from Diebold internal memos/documents!

Now for some fun.

NOTE: the EMail address "support@gesn.com" is a "mailing list" address. When any of these people sent that address EMail, it was bounced (relayed) out to all the rest. This sort of thing is fairly common. In any case, assume that all messages sent to that or a similar address was viewable by a LOT of technical or other staff within Diebold.

Here's one titled "RE: mdb files corrupt" by Ken Clark with 0 relies:

To:

Subject: RE: mdb files corrupt

From: "Ken Clark"

Date: Thu, 10 Feb 2000 11:00:00 -0600

Importance: Normal

In-reply-to: <002c01bf73e6$f63abc60$0103a8c0@ges002>

--------------------------------------------------------------------------------

The reason for this is that you are using a version of MS-Access that is older than the Jet engine used to create the database (ie, a new GEMS). Access 2000 will open the .mdb.

Don't use MS-Access to manipulate GEMS .mdb files.

Ken

-----Original Message-----

From: owner-support@gesn.com [mailtowner-support@gesn.com]On Behalf Of Tari Runyan

Sent: Thursday, February 10, 2000 10:43 AM

To: support@gesn.com

Subject: Re: mdb files corrupt

yes - 1-14-8 loaded from disk backed up to backup and then went to mdb file and wouldn't open

Jim again. Clearly, all the way back in February of 2000, Diebold field staff had realized that MS-Access could be used to open and modify GEMS data exactly as Bev Harris later discovered, and "Principle Engineer" (per other Diebold docs) Ken Clark back at "home base" was attempting to discourage this highly illegal procedure (as MS-Access has NEVER been approved as elections software!!!).

By October of 2001, the Federal testing lab (Metamor Inc, the "Independent Testing Authority" or "ITA") had discovered the same thing - that MS-Access can get into GEMS databases and diddle such details as the audit trail and votes; this was reported back to home base by tech Nel Finberg:

From: owner-support@gesn.com [mailtowner-support@gesn.com]On Behalf Of Nel Finberg

Sent: Tuesday, October 16, 2001 11:32 PM

To: support Subject: alteration of Audit Log in Access

Jennifer Price at Metamor (about to be Ciber) has indicated that she can access the GEMS Access database and alter the Audit log without entering a password. What is the position of our development staff on this issue? Can we justify this? Or should this be anathema? Nel

Ken's response indicates that his early attempts to curtail MS-Access use had failed miserably, and he knew there was a problem:

To:

Subject: RE: alteration of Audit Log in Access

From: "Ken Clark"

Date: Thu, 18 Oct 2001 09:55:02 -0700

Importance: Normal

In-reply-to:

--------------------------------------------------------------------------------

Its a tough question, and it has a lot to do with perception. Of course everyone knows perception is reality.

Right now you can open GEMS' .mdb file with MS-Access, and alter its contents. That includes the audit log. This isn't anything new. In VTS, you can open the database with progress and do the same. The same would go for anyone else's system using whatever database they are using. Hard drives are read-write entities. You can change their contents.

Now, where the perception comes in is that its right now very *easy* to change the contents. Double click the .mdb file. Even technical wizards at Metamor (or Ciber, or whatever) can figure that one out.

It is possible to put a secret password on the .mdb file to prevent Metamor from opening it with Access. I've threatened to put a password on the .mdb before when dealers/customers/support have done stupid things with the GEMS database structure using Access. Being able to end-run the database has admittedly got people out of a bind though. Jane (I think it was Jane) did some fancy footwork on the .mdb file in Gaston recently. I know our dealers do it. King County is famous for it. That's why we've never put a password on the file before.

Note however that even if we put a password on the file, it doesn't really prove much. Someone has to know the password, else how would GEMS open it. So this technically brings us back to square one: the audit log is modifiable by that person at least (read, me). Back to perception though, if you don't bring this up you might skate through Metamor.

There might be some clever crypto techniques to make it even harder to change the log (for me, they guy with the password that is). We're talking big changes here though, and at the moment largely theoretical ones. I'd doubt that any of our competitors are that clever.

By the way, all of this is why Texas gets its sh*t in a knot over the log printer. Log printers are not read-write, so you don't have the problem. Of course if I were Texas I would be more worried about modifications to our electronic ballots than to our electron logs, but that is another story I guess.

Bottom line on Metamor is to find out what it is going to take to make them happy. You can try the old standard of the NT password gains access to the operating system, and that after that point all bets are off. You have to trust the person with the NT password at least. This is all about Florida, and we have had VTS certified in Florida under the status quo for nearly ten years.

I sense a loosing battle here though. The changes to put a password on the .mdb file are not trivial and probably not even backward compatible, but we'll do it if that is what it is going to take.

Ken

Jim March again. Let's tally the sheer number of "confessions" Ken just made:

* Alteration of GEMS data files with an unapproved product (MS-Access) is common both among Diebold staff and county elections personnel.

* Ken Clark knew about that, and deliberately avoided tightening down security to eliminate the practice because it's "handy".

* Ken admits having the ability to hack elections(!). That means somebody else in Diebold can.

* Ken knew that relying on "operating system security" was inadequate, yet suggested telling the Federal test lab that it was. While not thinking it would work. AND disparaging the technical ability of the lab staff (ref: "Even technical wizards at Metamor (or Ciber, or whatever) can figure that one out").

This all adds up to intent to defraud.

So what was Jennifer Price's reaction to this "story"?

To:

Subject: RE: alteration of Audit Log in Access

From: "Nel Finberg"

Date: Wed, 17 Oct 2001 14:48:16 -0700 I

mportance: Normal In-reply-to:

--------------------------------------------------------------------------------

Thanks for the response, Ken. For now Metamor accepts the requirement to restrict the server password to authorized staff in the jurisdiction, and that it should be the responsibility of the jurisdiction to restrict knowledge of this password. So no action is necessary in this matter, at this time.

Nel

So there you have it. Diebold lied to the Federal testing lab, the only people with access to the source code who can fully evaluate the product, and got away with it.

You can see this discussion as it would have looked on the Diebold internal website at:

http://www.equalccw.com/smokinggun.html

It wasn't just Ken Clark that was "just rolling with the madness".

Folks, go download http://www.equalccw.com/ElectionSupportGuide.pdf - This document was NOT for client/public review! It's written to help the hapless Diebold techie with what they'll encounter and need to deal with on-site the day of the election. Ohhhh GOD, this is just...drop dead, laugh out loud funny in bits...excerpts below.

It's dated Oct. 21st 2002 in the text inside. Filesize is 256k or so.

Early in the manual we see this bit (remember, it's for Canadian staff, eh?):

1. Overview

This document is intended for Diebold Election Systems, Inc. staff attending elections, and attempts to address the majority of representati ve situations that may be encountered at an election. The document aims primarily at educating novice election support staff, and is in no way intended to provide an authoritative basis of product information.

Please note that this document is intended strictly for the consumption of Diebold Election Systems, Inc. staff, and is not intended for customers or other election-related authorities.

Jim: Oh ya. Fun ahead. Let's start with travel tips:

2.1. Border crossing

Indicate that you are attending an election when questioned by US customs. Provide a terse explanation of what your job is as well as the business the company you work for is in. Under no circumstances should you indicate that you intend on working in the US. If requested, give Tab's name and work telephone number as reference.

Jim: "Work visas? We don't need no steenkin' work visas!"

Quick, somebody call INS!

3. General issues

As representative of Diebold on election day, you will be considered the paragon of knowledge and authority with respect to the jurisdiction’s election, even though you may in fact be the least qualified person on site. In light of this, present yourself in as diplomatic, reassuring, and professional a manner as possible.

Jim: Correction, call Scott Adams ("Dilbert" cartoonist), this is HIS territory now!

3.2. Communication

You will generally be considered to be a high-ranking election specialist and a paragon of knowledge and solutions, which may be disconcerting when things go wrong. Do not promote your ignorance - in case of doubt, call a designated contact who may be more knowledgeable than you.

Ideally, you should not remain all day at election central, but spend at least several hours visiting polling places in order to view the voting process itself.

Be observant throughout the election, making notes of any anomalies or issues you believe the company could/should be aware of.

Be aware of the fact that pollworkers are often quite aged, and that technological issues that to you are utterly banal may be quite daunting to the pollworkers.

Do not flaunt your knowledge, particularly if it is technical only, and not election specific. Not only may your audience be less than receptive, you may be called to task where you least expect it , and can least make a difference.

Carry with you a list of telephone numbers of Diebold Election Systems, Inc. contact people. Carry a cell phone with you if possible - if you don't already have one, attempt to procure one from the jurisdiction.

Remember to take along the Excel spreadsheet containing all employee phone numbers.

Be aware of any senior technical staff that will be present at the election other than yourself. Be aware of their strengths and limitations as far as product and election knowledge is concerned. Just becausesomeone has been working for our organization for years does not mean they will be aware of every facet of election management requirements.

Defer to more experienced staff where possible. Do not offer answers if you are not perfectly comfortable with doing so - an incorrect answer may well have more serious consequences than no answer at all. It is acceptable to indicate that you are not aware of the answer requested, and that you will contact another company representative who will be equipped with the answer.

Offer the minimum amount of information necessary. Consider the nature of information being discussed, your familiarity with the subject being discussed, the position of the individual you are discussing the issue with, as well as any individuals or press who may be present who you are not familiar with.

Under no circumstances should you discuss anything to do with the election with the press, or appear on press cameras. The same applies generally to any individuals outside of the immediate election environment. You cannot be familiar with the partisan politics that may be rife in the jurisdiction, and possible oppositional sentiments towards our product or company.

Do not to offer damaging opinions of our systems, even when their failings become obvious.

Contact Tab or Ken at the Vancouver office once the election has been deemed to have been closed.

Jim: translation - "Do try not to step on your genitalia..."

And it bears repeating:

"Do not to offer damaging opinions of our systems, even when their failings become obvious." They might get lucky, have both neurons fire up at once, and dump us like a cheap date...

3.3. Attendance

Expect to be onsite on election day between 6am and 7am. Depending on how well the election goes, you may be able to leave the site as early as 10pm or 11pm. If things go badly, you could be there until the next morning.

Jim: How often does THAT happen?

Except from a Diebold hiring ad: "we're looking for people capable of working 48 hours at a stretch...".

6.2. AccuFeed

The jurisdiction may be using the AccuFeed in order to process absentee ballots in batch mode. The AccuFeed is often sensitive to the orientation, size, and print quality of the ballot.. AccuFeed units tend to reflect varying behavior in terms of speed and quality of processing. Familiarize yourself with the functioning of the AccuFeed before the election if it will be used in the election. Do not offer information as to the AccuFeed's shortcomings to the jurisdiction, even where obvious.

Sigh.

These clowns KNEW they were a pack of screwups.

Jesus H. Christ.

More info on these internal memos and documents will be updated at http://www.equalccw.com/voteprar.html

Appendix B: Physical Security And Access Issues

One of Diebold's best defenses so far has been to explain that physical security ("plant security") is a key part of the process, so that while GEMS may be open to tampering, nobody unauthorized can get into it to tamper.

This isn't a bad argument. Basically, without an "access method" to GEMS, the above steps to "hack the vote" are useless.

Problem: there IS an access method.

Sources: one major source of info, I'm pleased to report, has been SLO County's Registrar, Julie Rodewald.

Per my interviews with her, here's what we've got physically going on at the county central elections office:

The computer running GEMS is relatively high end. It's running Windows NT, and it contains a card called a "Digiboard", which is inside it and has sixteen modest-speed "serial ports". Four of the sixteen ports run across the same room to optical scan readers, to enter the absentee ballots with.

Most of the rest (ten or twelve) ports are connected to external modems. These modems are normally turned OFF.

At the time the polls close (normally 8:00pm), the modems are turned on. For the next 1.5 to 2 hours, optical scan computers at the polling places call into the central GEMS boxes through the modems and report their totals. Given the number of polling places (see also the SLO County instructions above, steps 29 through 31) each "conversation" is moderately short, although they'll perhaps vary a bit due to normal line quality differences and possibly the size of the data tranfer (popularity of a particular polling place).

The phone numbers involved are known to (or at least accessable by) everybody in the office, and the Diebold support staff (per Ms. Rodewald).

This is therefore the most likely avenue of attack.

In February, as part of the set of downloads hackers did on the Diebold websites, the following memo between a Diebold field tech agent and the central support crew was located. We didn't understand it's full significance until we gleaned basic information on the setup from Ms. Rodewald. In it's entirety:

----- Original Message ----- From: "Robert Chen" To: Sent: Monday, October 28, 2002 1:30 PM Subject: AVTS modem upload BS 4.3.11

Hi,

Found something interesting here in Alameda County, and want to see if anyone has found this in the field. Especially those of you who are doing AVTS (we don't do AVOS) modem upload from the precincts.

Running: BS 4.3.11 GEMS 1.18.14 NT 4.0 6a

I am dialing the central computer's bank of modems (connected via Digi PCI X/em) and connecting to NT's Remote Access Server. I have assigned a ip pool (166.107.248.210 to 220) and the AVTS with PCMCIA card modems dial in okay, and make a connection with the RAS server. I can see the assigned ip address to the incoming AVTS unit. However, when I try uploading, it gives and error: "no connection to host". Yes, I have confirmed the HOST name and tried the IP address.

I tried pinging the AVTS unit and only get timeouts. I then tried simulating the connection with my laptop and was able to successfully upload. I was also able to ping my laptop from the server and vice versa.

At this point, I do not think, despite the port information displayed by RAS Server, that the AVTS was taking the ip address.

I am sure I am probably doing something wrong and would appreciate some enlightenment.

rob chen

Jim again. Let me try translating:

"Digi PCI X/em" is the 16-port Digiboard - see also "products" at