The next 8 days are critical here in California. On December 16, the Secretary of State's Voting Panel will meet and vote whether to certify the new Diebold AccuVote TSx Voting System. Currently it was given a provisional certification. Diebold is claiming it is a "minor" modification of their AccuVote TS. If it is a "minor" modification then it contains all the revealed security risks detailed in the new Compuware Report prepared for the Secretary of State in Ohio and released this last week.
SoS Kevin Shelley has also come out with some important steps in improving the security and accuracy of future voting systems sold in this state. They are an important "beginning", but do not adequately address the current installed systems, nor appear designed to immediately rectify the serious security risks revealed in the John Hopkins Report, SAIC Report, and now the Compuware Report. The security flaws are not "alleged" any more. Twice Diebold voting systems have been examined by security professionals, commissioned and paid for by State governments, and both times they have been revealed as containing multiple security risks.
If the new Diebold AccuVote TSx is certified on December 16 over 12,000 of those voting systems will be immediately purchased and installed in California, in the counties of San Diego, San Joaquin, and Solano. There are more counties waiting in the wings.
If you want to review the current known security issues involving Diebold, as detailed in the new Compuware Report, please read pages 21-79. Especially pages 73-79. Please bear in mind that this study was done on the latest versions, in tight controlled environments, with no intentional effort to compromise the systems. This is an assessment of the known vulnerabilities.
Some important actions that should be taken here in California in the next few days:
Write to SoS Kevin Shelley supporting his call for a VVPAT and for increasing oversight and control over electronic voting systems.
Caution him that the elections of 2004 are too critical to allow existing systems to be "grandfathered".
Call for him to not only refuse to certify the TSx system, but to de-certify the OS and TS systems until they address all the security risks revealed in the Reports of this year, and as revealed in the memos.
If he will not de-certify, then to require that all users of Diebold Voting Systems institute immediate policies and procedures addressing the recommended mitigation steps outlined in the Compuware and SAIC Reports. In addition, that Diebold be required to correct all the deficiencies revealed in those Reports concerning their firmware, hardware, and software, prior to the March, 2004 primary.
Write a Letter of Comment to the Voting Panel prior to the Dec. 16 hearing. Better yet, bring the letter with you and distribute the copies to each member (8 are needed) and read the Comments into the record. (they also can be faxed)
It is important to emphasize that both the touch-screen systems and the optical scan systems both use the GEMS software program to tabulate the election results. The Compuware Report confirms what Bev has been saying for months; the ballot definition data and the election results can both be altered by using Microsoft Access. That alteration can be done from within the election organization, from a precinct, or remotely with anyone having the IP address of the central GEMS server (as was revealed in a memo regarding Alameda County).
Finally, write a Letter to the Editor of your local papers pointing out the proven deficiencies and calling for the SoS to immediately institute security upgrades to all voting systems.
Diebold is the most critical because of the meeting next week. The Compuware Report revealed that both ES & S and Sequoia's tabulating systems can be altered, as well as many other vulnerabilities. Riverside County uses Sequoia and it too needs to be forced to tighten up security before the March primaries. By March 2004 the "high risk" vulnerabilities revealed in the SAIC and Compuware Reports must be required to have been mitigated. The balance of "medium and low risk" mitigated by the November elections. If not, then the voting systems not in compliance should be de-certified for use and paper ballots, hand counted, used.