My Twitter Feed

December 18, 2014

Election Commissioner and Deputy Clerk Should Be Relieved of Duty

Brad Friedman, an award-winning investigative journalist and expert on issues of election integrity, and the Diebold AccuVote system used in the recent Anchorage Municipal election, had comments about inaccuracies told by the Election Commissioner Gwen Mathew at last night’s meeting of the Assembly to certify the election.

His outrage, and call for both Mathew, and Deputy Clerk Jacqueline Duke to be removed from their posts immediately, is a sentiment shared by a growing number of Anchorage residents who are becoming more informed regarding their ineptitude and outright misinformation.

Here are Friedman’s comments after watching Mathew’s testimony at Thursdays Assembly meeting, and following closely as Anchorage’s election debacle becomes an issue of national interest.

By Brad Friedman

As Gwen Mathew told me personally on the phone, she had not read any of the many security analyses and reviews of Diebold (pronounced DEE-bold, since approximately 1859 when the company was founded) op-scan systems. That was apparent last night in her testimony for the Assembly, as she simply either made things up about Diebold in California, or repeated what someone had told her.


[Gwen Mathew testifies before the public and the Anchorage Assembly. The misinformation discussed below starts at 4:58, and goes through 9:01 in the video.]

Here’s part of what she said, which was so wrong in so many ways that I’ll post what she said, and then respond line-by-line below it…

GWEN MATHEW: In 2003, in California, the Superior — some court, I can’t remember what it is — they ruled that the Diebold machines were not good for elections. But that is the touch-screens in California. These are much different. The touch-screens, they had software, firmware, hardware issues — which, by the way, were resolved — and, but these machines are simple scanning machines and counters. They’re very basic. The only security risk would be the memory card that is in each Diebold machine.

Through the years, I have worked elections as well. And they do occasionally come off. I mean part of our procedure is the night of the election, we take the memory cards out of the Diebold machines, along with the tapes — the zero report tapes — and the election results and we put them in their own envelope. And we take them to City Hall and we hand them to people who ‘do all that stuff’. So, it’s not unusual for the security seals to break, because they’re supposed to that night.

If you’re concerned about the security of this, you have to have a motive, you have to have opportunity, you have to have expertise to program that card, plus I don’t think they sell that kind of equipment at Radio Shack. I think it’s rather specialized.

These machines are “overnighted” [she means sent home on “sleepovers” with poll workers], but I think it’s unreasonable to assume that someone would want to break into that many precinct chairmen houses and get away with it and have no trail of that.

One last thing. These machines are easy to check, because they have a paper trail. You can have another machines programmed with — and by the way Jacqueline [Duke] programs these, she’s the only administrator, she has an observer when she does it — um, and you can run through the same ballots through that machine. It has a paper trail, which was a factor of the court case in California.

Good lord. Not even close. On any of it. Let’s go piece by piece.

GWEN MATHEW: In 2003, in California, the Superior — some court, I can’t remember what it is — they ruled that the Diebold machines were not good for elections. But that is the touch-screens in California. These are much different. The touch-screens, they had software, firmware, hardware issues — which, by the way, were resolved — and, but these machines are simple scanning machines and counters. They’re very basic. The only security risk would be the memory card that is in each Diebold machine.

The 2003 suit she’s referring to doesn’t actually have anything to do with security of the Diebold machines. It was a qui tam case, filed by Bev Harris of Black Box Voting, concerning the fact that Diebold had defrauded the state by lying about their touch-screen voting machines. This was discovered after Stephen Heller, a whistleblower at Diebold’s law firm Jones Day, found that Diebold was planning to lie to state officials about having illegally inserted uncertified firmware into their machines in Alameda County (and one other, as I recall).

The Secretary of State at the time, Kevin Shelley, decertified the touch-screen systems in the state entirely after that incident, and Diebold eventually paid $3.5m (as I recall) to settle the Qui Tam fraud lawsuit. It had nothing to do with the actual security of the systems themselves, but the fact that Diebold had lied about it all to officials and installed uncertified firmware.

Those issues were not “resolved,” as Gwen says. Rather, a new Secretary of State came in later, Bruce McPherson, appointed by Schwarzenegger, and simply certified the same touch-screens (and had Diebold guys working out of his office — literally) that Shelley had previously decertified.

He did that in 2006, even after the December 2005 Leon County, Florida “Hursti Hack” which showed how, not only could the Op-scan memory cards be gamed, but so could the memory cards in the touch-screens and, most disturbingly, the GEMS central tabulator itself. That — not the 2003 fraud case — is what is referred to in the 2006 Security Analysis commission by McPherson, that I quoted from in my original report on the Anchorage election mess. As I wrote (but Gwen failed to read, I guess):

The findings of the post-Leon County Security Analysis in California [PDF] revealed, among other things:

“Memory card attacks are a real threat. We determined that anyone who has access to a memory card of the [Diebold Accuvote op-scan], and can tamper it (i.e. modify its contents), and can have the modified cards used in a voting machine during an election, can indeed modify the election results from that machine in a number of ways. The fact that the the results are incorrect cannot be detected except by a recount of the original paper ballots.”

The analysis went on to warn that the hacker “was indeed able to change the election results by doing nothing more than modifying the contents of a memory card.”

“It would be safest if it is not widely used until these bugs are fixed (they never were) and until a modification is made to ensure that the…attack is eliminated.” The scientists wrote that “strong procedural safeguards should be implemented that prevent anyone from gaining unsupervised or undocumented access to a memory card, and these procedures should be maintained for the life of all cards. … Any breach of control over a card should require that its contents be zeroed (in the presence of two people) before it is used again.

“There would be no way to know that any of these attacks occurred; the canvass procedure would not detect any anomalies, and would just produce incorrect results. The only way to detect and correct the problem would be by recount of the original paper ballots,” they found.”

That had nothing to do with the 2003 fraud case!

When Mathew says, about her “amazing” machines that “The only security risk would be the memory card that is in each Diebold machine,” it’s clear she hasn’t bothered to read any of the security reports about these machines — as she told me that she had not!

That, of course, is just one report. There have been many many others finding all of the above and even much worse. In 2007, the newer California Secretary of State, Debra Bowen, did a “Top-to-Bottom Review” of all e-voting systems in the state of California. You can peruse the reports here which led her to decertify BOTH the touch-screen AND the op-scan, which was conditionally recertified with, among other security requirements, tamper-evident seals that, if broken, would de-certify the machine for use in an election.

Here are those many reports — often redacted for security reasons, to remove the most helpful stuff for hackers:

California’s “Top to Bottom Review” of E-voting systems:
Executive Summary

Decertification (and reasons why)

Source Code Report

Red Team Report (HACK TESTING!)

Documentation Review Report

A year later, the Secretary of State of Ohio, Jennifer Brunner, commissioned another study by her own state. Here are those results (Diebold had been renamed “Premier” by then to try and shake off some of the taint they had earned from all the fraud suits and decertifications and whistleblowers, etc.)

OHIO’s EVEREST Study:
Premier System Executive Summary Report (PDF)
Premier System Technical Manager’s Report (PDF)
Premier System Technical Details Report (PDF)

Back to Gwen’s statement last night:

Through the years, I have worked elections as well. And they do occasionally come off. I mean part of our procedure is the night of the election, we take the memory cards out of the Diebold machines, along with the tapes — the zero report tapes — and the election results and we put them in their own envelope. And we take them to City Hall and we hand them to people who ‘do all that stuff’. So, it’s not unusual for the security seals to break, because they’re supposed to that night.

“Hand them to people who ‘do all that stuff’.”¬† Love that. Anyway, no, the security seals are not supposed to break. They are supposed to be cut at the end of the night by the poll workers. If they just break on their own, it kinda defeats the purpose of security seals. Yes, they are crappy, and actually can be gamed (removed without breaking them, and then re-applying them), but that’s hardly the point.

If you’re concerned about the security of this, you have to have a motive, you have to have opportunity, you have to have expertise to program that card, plus I don’t think they sell that kind of equipment at Radio Shack. I think it’s rather specialized.

Fair enough. You have to have “motive‚Ķopportunity [and] expertise”. There are plenty of folks who have all of the above. Take, for instance, Jacqueline Duke. Her motive would be clear: Make sure her old boss won the election and that the ballot measure he opposed (Prop 5) didn’t. Of course, she would have both the opportunity and the expertise to game the system, because, as Gwen says as well, ” Jacqueline programs these, she’s the only administrator”.

Deputy Clerk, Jacqueline Duke

Not saying she did it. Just saying that she had all the requirements to game the entire system. Many others did as well. For example, the “people who ‘do all that stuff'”, as Gwen mentioned. And yes, poll workers could do so as well. More on that in a moment.

As far as the equipment required – Harri Hursti programmed his memory card for the Leon County Hack seen in Hacking Democracy by purchasing a crop scanner off the Internet for less than $100 dollars. Pima County, AZ did the same thing when they wanted to test, they say, how easy it would be to do what Hursti did.

But no equipment is needed at all to simply change results on the GEMS central tabulator. That is done with a few keystrokes by “the people who ‘do all that stuff'”, if they like.

These machines are “overnighted” [she means sent home on “sleepovers” with poll workers], but I think it’s unreasonable to assume that someone would want to break into that many precinct chairmen houses and get away with it and have no trail of that.

As the Princeton Diebold Virus Hack of 2006 showed — (I broke the story at Salon and in a more detailed version at The BRAD BLOG, the hack was later demonstrated, among many other places, live on Fox “News”) — a single memory card can be loaded with a virus that then passes itself either from machine to machine, or straight into the GEMS tabulator affecting all cards and results in the election. One needn’t “break into that many precinct chairmen houses” to do this.

Gwen is absolutely clueless about which she speaks, and is clearly repeating what she’s been told by the Diebold reps (who are now either ES&S or Dominion, whichever one Anchorage uses as their vendor since Diebold was sold off.)

One last thing. These machines are easy to check, because they have a paper trail. You can have another machine with — and by the way Jacqueline [Duke] programs these, she’s the only administrator, she has an observer when she does it — um, and you can run through the same ballots through that machine. It has a paper trail, which was a factor of the court case in California.

Nothing that she mentioned “was a factor of the court case in California.” She simply made that up.

A so-called “paper trail” is no good if you don’t examine it. By refusing to allow the Assembly to hand count the paper ballots, it does no good whatsoever to have a “paper trail”. In allowing someone like Jacqueline Duke (who worked for a guy on the ballot) to program the machines (with some unnamed “observer”), train the poll workers to ignore broken security seals, and then take custody of the “paper trail” (the ballots) themselves for a month before anybody ever gets to examine even one of those ballots by hand, makes a mockery of the entire system.

That Gwen Mathew is the author of the report used to determine whether that election should be certified or not is a joke. That she serves as the Election Commissioner of Anchorage is an insult. That she would blatantly mislead and/or lie to the Assembly in making her presentation by offering absurd “facts” that have absolutely nothing to do with reality is both an outrage, and merits a LOUD call for her to removed from her post — along with Jacqueline Duke, by the way — immediately.

Comments

comments

Comments
18 Responses to “Election Commissioner and Deputy Clerk Should Be Relieved of Duty”
  1. Krubozumo Nyankoye says:

    I am in favor of getting the Feds involved in this if at all possible but IANAL.

    It seems to me to be a clear and unambiguous case of election fraud.

    Broken security seals alone should have called everything into question, to
    pass them off as inconsequential is a patent lie. It assumes security seals
    break randomly at some high frequency.

    Are there not civil and criminal penalties for lying to the public? Actually I guess
    there are not, the onus is on the electorate to sort out the spew of propaganda
    that a right wing candidate offers up as policy.

    I cry for my beloved country…

  2. Paddlefoot says:

    Thanks Brad, and thanks to AKM for this forum. This last Municipal election was such folly. The religious right with their false registration information and these election “officials” with such blatant conflicts of interest. In line with most others, I don’t care if election results don’t change, I just want to have faith in the system.

  3. Bucsfan says:

    This is what happens when you have the wrong people in charge of elections, be they incompetent, biased or downright unethical, Katherine Harris and Ken Blackwell anyone? I lived in Washington state for years and from 1980 to 2000, the Secretary of State was a Republican named Ralph Munroe. I don’t recall problems with elections there until after he stepped down. And both sides of the aisle regarded him as fair and unbiased. Unfortunately for Anchorage, you get the opposite.

  4. Winski says:

    Mud!!!!!

    My word… Has no one brought this to the attention of the FERERAL AUTHORITIES ??

    This is WAY past just blatant incompetence, this is FRAUD…. On a massive scale!!!!

    If no one has sent this to the national media, I will!!!!

    W

  5. Simple Mind says:

    As I’ve said before, the Assembly will only act if they feel the eyes of the electorate on them. Any person in Anchorage reading this should immediately call and/or send an email to their Assembly representative, then send another in two days and another in four days and keep it up. Call, write, show up at meetings if you can. The Assembly will not lead. They must be pushed to do the right thing. Tell them they need to get this right.

  6. AKMagpie says:

    Brad and AKM, is there a way to get ProPublica involved in this investigation? I emailed them when this first came to light but have had no response. Is there another national blog or newspaper that can be brought in? Perhaps your names are more credible? Perhaps all mudpuppies need to get in touch with them.

  7. AKMagpie says:

    Thank you Brad, for following through with your help and advice on the matter of these Diebold machines. A complete hand count must be done, but since I doubt a chain of custody has been maintained for the ballots there is no way to know if they have also been compromised. The whole election should be redone with the ballots hand counted. The arrogance of the administration in certifying this election is outrageous. How can this not be on every local news show and above the fold in the Anchorage Daily News?

    • AKMagpie says:

      Sorta like the surgeon saying, “Well, we rinsed all the instruments of between patients and they looked clean so we saved money by not sterilizing them between all the patients.”

      • leenie17 says:

        Don’t forget that the surgeon never bothered to do any research on the instruments, which had a documented history of killing patients, which was available to anyone who spent ten minutes with Teh Google.

        “They look fine and I’m sure they’re really, really, really accurate. I think I heard that somewhere. And those pieces that fall off? Don’t worry about them. Just put them back with a little scotch tape and they’ll be just like new.”

  8. tallimat says:

    grrrrrr

    DO OVER!

  9. EatWildFish says:

    Anchorage Assembly to voters: “We couldn’t do it to you without you!”

    Wow ….

  10. benlomond2 says:

    hhhmmm… Elections coming in November… As Anchorage goes, so goes Alaska… and did I not read somewhere, that these machines are loaned to the city from the state ? … Geee, no WONDER Don Young gets re-elected, time and time again..

  11. Writing from Alaska says:

    All very strange.

  12. Zyxomma says:

    Thank you, Brad. Thank you, AKM and Mudflats. Eff you, Gwen and Jacqueline. After all, that’s what you’ve done to the voters and citizenry of Anchorage.

  13. GoI3ig says:

    Scary! And yet it continues.

  14. Moose Pucky says:

    Yep.

Leave A Comment

%d bloggers like this: