Coalition for Voting Integrity, the home of the Voice of the Voters

Transcript, March 21, 2007
Home
SaveOurVote.com
Voice of the Voters! Internet/Radio
Voting News
2009 Holt Bill
Editorials
Letters
Videos
Voting Machine Allocation
Reports
*GAO Reports*
Take Action!
Legislative Efforts
Voting Principles
Vision and Principles
Pollwatching Kit
Facts & FAQs
Rebuttal re Danaher
Danaher Reexamination Request
Redistricting
Blogs, Groups
Cost Comparisons
2008 Municipal Resolutions
2005 Municipal Resolutions
Lou Dobbs
Slideshow
Lehigh and Northampton Counties
Facts about HAVA
Vote-PAD
New York Times
Join Us!
Contact Us
Contact Your PA Legislators
Donate
Links
Supportive Candidates
Songs
Voting Forum October 2005
Voting Integrity Forum, June 2005

Preliminary transcript of Voice of the Voters! March 21, 2007

 

Confused, complacent, complicit

Copyright 2007 by Coalition for Voting Integrity

 

Guest: Ion Sancho, Supervisor of Elections, Leon County, Florida (referred to as IS).

Show hosted by Mary Ann Gould (referred to as M).

John Gideon joins the discussion (referred to as JG).

 

Ian Sancho was the first election official to carry out testing of election system equipment.

M: How is it that you were the first elected official to call for independent testing of voting machines?

IS: The idea was not initiated by me.  Between 2000 and 2004, following the debacle that occurred over the Florida elections, we were deluged with news media; and I can tell you that I was interviewed by just about every kind of radio and TV personality that there was. During the course of that, I had done some interviews with a British independent journalist who had done some work for the BBC.  And he came back to me after the 2004 election and said that "we've watched you for a while, and you seem to have a commitment to the citizens in this process. How would you react if we were to ask you to do an independent series of tests to determine whether the system used to count votes in Leon County was in fact corruptible?"

I pondered this, and after discussing the issue with Mike Lance at length, decided that I would do it under certain conditions, one of which was that the individuals doing the security tests would have to have the kind of credentials necessary to substantiate their findings.  They had to be experts in this field.  And I didn't want non-experts touching the equipment.  Those conditions were agreed to, and it turned out that the individual who wanted to bring the testers down to Leon County was Bev Harris of Back Box Voting. 

Now within the elections establishment, people like Bev Harris, John Gideon and Lowell Finley were considered crazies by election officials.  It's largely due to the fact that as an election official for almost 20 years, I can tell you that there has been a constant, consistent and reaffirmed interaction between voting machine vendors, (we just call them vendors), and voting officials.  And I became a little bit queasy about this relationship, because it seemed to me that the vendors were driving the entire process in the American election system.  This just did not sit well with me. I am an elected official and my responsibilities are to the voters, the citizens of my community, and the oath I swore to uphold was to the Constitution of the State of Florida and to the United States.  Nowhere in any of that was material was any statement that the vendors were the entity that I was supposed to be safeguarding. 

And I really didn't sit well with that kind of group-think because basically, most election officials really don't know what's going on, and the strong leaders that emerge in the process are those which are cultivated by the vendors and are brought into the vendor organizations and essentially promoted through the process.  There’s a very telling quote that the former Secretary of State of New Mexico made when she was asked about why she was attending so many activities arm in arm with the voting machine vendors; and she said, "These people are like my family!"  That's exactly what she said and that is exactly how many election officials see this process, because when you go to Election Center functions--the two major election (or the National Association of Counties)--meetings, you will see many vendors. The programs will have Vendor Appreciation Days and "Let's say hi to the vendors!" and the vendors take you out and buy you great meals, they buy you drinks, they provide entertainment for you.  They’ll even take you fishing.  This relationship struck me as being absolutely improper!

M:  So that gave you cause to consider these people who back then everyone thought were crazy?

IS:  Well, I will tell you that while I personally witnessed what I consider some behavior that severely offended other election officials, it struck me that people like Bev Harris, in confronting election officials the way they did, were doing it in a very courageous and almost a pacifistic way.  They were, in fact, reminding me of the old activists I saw in the Civil Rights movement back in the sixties, and I guess I'm dating myself, but I do go back to the sixties, graduating from high school in 1968.  And the Civil Rights movement was very present in my life, as something that really shaped my life.  It seemed to me that while people like Bev Harris were simply not taking no for an answer, not taking "Go away and stop bothering me" as an answer, and to the degree that they were saying that they could hack into my system--something the vendors said was impossible—they did present what I thought was a very good kind of test to see who really had credibility in this process.

M:  And I do want to add to it, to give Bev Harris and others credit, they recognized one important factor that might have been forgotten: the vote belongs to the people, therefore, the people have the right to speak out.

IS: Well, they do, and it's unfortunate, but too many of my peers have what I call the "arrogance of authority," i.e., "Well, I'm in charge of the elections and I know best, and you don't know what you're talking about, so go away! You're just complicating my life, and my life is already complicated enough." Then the vendors are saying, "There's no truth in what they're [Bev Harris et al.] are saying, our systems are completely secure, these people are like UFO believers." That's what the establishment within the election profession reinforces, back and forth.

M:  So what person did they bring in that gave you the confidence that they were bringing in an expert?

IS: The two people who were going to do the test--and again, I demanded to know their names and resumes--were Dr. Hugh Thompson from Security Innovations, a Massachusetts firm (although he actually lives in Melbourne, Florida), and Harri Hursti, a very famous Finnish computer expert.  These individuals had the kind of qualifications I thought would lend credibility to whatever their findings might be. 

      So we brought them in, January through May 2005, and they made five visits here, to conduct a series of security tests that included attempting to attack the system externally. For example, could they get into the modems, could they get into my telephone lines, and take over my system from outside the office? They weren't able to do that, so that was very comforting.  Although they did say, that if they were a nation state, i.e., if they could use the kind of technology that was available to governments, organizations like the CIA or the FBI, they could do it, but they simply did not have access to that type of technology.  But leaving that aside, they simply weren't able, using their current equipment, to penetrate my system from the outside office perspective.  However, when we changed the scenario to "Could an insider with access alter the outcomes of an election without being detected?" that's when we found the real problems.  When we first bought our systems from Unisys in 1992, and it was an optical scanning system, we were told by their technology people that, “No one could take any action on this system without leaving their fingerprints in the audit log.”  The audit log was guaranteed to capture all attempts to manipulate the system from within, thereby leaving a trail that would lead to the transgressor.

      Right off the bat, the first test they did on that, was simply not the case.  Dr. Thompson was able to enter 5 lines of code without using any passwords, and I repeat, without using any passwords, any keys, or any guides or manuals that my office possessed—they acted independently from any kind of data I could allow them to see.  Which I didn't, because I knew that could potentially violate any kind of contracts that I had with the vendor, which was one of the critical elements of these tests—that they would receive no other access from me other than the access to conduct the physical tests of their attacks.  They could sit in front of the computer with everything turned off, and what they did was go right through the firewalls, right through everything and create their own back door into the tabulation center.  Five lines of code, in Microsoft Notepad, I might add, was all Dr. Thompson needed to type in to the computer, and he was into the tabulation portion of the computer.  He altered results in the computer and backed out the same way leaving no evidence that any one had touched my system. 

      The results were dramatically changed.  This information is available on the DVD "Hacking Democracy" and that DVD will go on sale March 27th at www.hackingdemocracy.com  and that DVD will contain these tests that I'm describing and will give much more detail.  Anyway, the first test indicated that all the safeguards I thought I had in the audit log protection, just simply wasn't there.  So, I went to Paul Craft, the Florida Certification Director at that time, who has since quit and is now working for the vendors, and he already knew about this.  He said they could do that through Microsoft Access.  So it turns out that there are several ways this can be done, but the important thing is that he knew!  And that stunned me even more than the test results because I'm the one that runs the voting equipment and I needed to know that, and that information should have been transmitted to me through his office. 

      So since he knew about this, and failed to notify all the election officials in the state about this lack of security, I found this quite troubling. But even more trouble came from the state, later.  The state simply said that if anything was wrong, it was just some sort of parlor trick.  So they blew me off.  But so many people have access to these machines, they sit in corridors, homes or wherever. And so many other kinds of people have access to them—information systems people, people that aren't even connected with your agency, even the janitorial crews.  And, according to Dr. Thompson, someone with an eighth grade level of technical experience could do this.  This was very serious and neither the vendors nor the state told us about any of this.

      For the second test, Harri Hursti recognized that when the machine turned on, it hesitated, which means that it was searching for something.  And as a result of their investigation, they developed a theory that [it was searching] the memory card, the equivalent of the electronic black box that stores all the votes, which is supposed to be empty.  Hursti theorized that there was an executable code on that card, which would allow someone to control the entire system from this small card, at the back end of the process.  His theory proved to be correct.  When I turned on the machine and asked it to give me its report—which should have been zero votes—instead, we got a message saying: "Is this real or is it Memorex?" But with this code inside the memory card, it could be manipulated to change any of the votes that could be stored in the future.  So we ended the test with this detailed analysis, which led to a 60-page paper, published by Black Box and Hursti. 

      The state and the vendor immediately said that this couldn't happen, and they stated that this was theoretical and we didn't actually do a mock election.  Being challenged by the state and the Diebold representative that this wasn't real, finished the break between me and the establishment election community.  They were refusing to deal with the facts because they didn't fit with their preconceived notions that there were no problems.  The state did nothing because the vendor told them that it was not a problem, so they didn’t do any independent checks.  They just believed the vendor.  I understood that the equipment I had could alter the outcome of the elections and that I might not be able to discover this. 

      Then, in December 2005, since I had just gotten a new server anyway, I decided to call the state's bluff and allow Black Box Voting and Harri Hursti to conduct a full election.  We met on December 13th, we had printed ballots and asked ourselves "can the Diebold machine be hacked using the memory card?" We had 8 people, mostly my staff, but included other people from around the state, acting as witnesses. We had the whole thing filmed to insure that we weren't doing anything bizarre, and in the mock election, 82 people voted on a optical scan ballot saying that the system could not be hacked, and 2 people saying that it could be hacked. 

      We fed the optically scanned ballots to the program’s memory card that had been programmed by Harri and the voting machine flipped the information.  Instead of the previous total of 6 no, and 2 yes, the executable code that had been implanted and manipulated by Harri in that memory card told the machine which followed its instructions and printed out the numbers as 7 yes and 1 no.  And then, to test the Diebold assertion that we had software that prevents the upload of faulty data, Will uploaded it into the computer, and the final election report printed that “7 yes, 1 no” as the official summary of the election, almost diametrically opposed to the real total.

      Harri had programmed the memory card to erase all evidence of tampering when his work was complete.  And the card did just that, leaving no evidence on this card that the executable code had been manipulated.  What an incredible crime! You can actually have an election and have the results flipped with large enough margins so that it would never be counted and leave absolutely no trace.  I turned that memory card over to the state of Florida, to the new voting machine Certification Director, since Kraft had retired during the same month as our test was completed, and the new director could not understand what Harri did.  To him, it looked as if nothing had been done, which is exactly how Harri had planned it!

      But again, rather than doing an independent test, this state official started attacking Harri.  But why didn't the state conduct its own independent tests? Fortunately, the state of California heard about the test results because, although I didn't hold any press conferences, the results were placed on the internet.  Since the state of California used the same optical scanning devices, they started doing their own tests to see who was telling the truth.  On February 14, they issued their report stating that the Hursti attack on these computers was not only real, but California found 16 other serious security vulnerabilities when they did their tests to try to replicate what we had found in Leon County.

M:  Harri Hursti later did a test on the touch screen machines which is now called Hursti 2 and found even worse problems.  So we have a major problem with electronic voting in the United States.

IS: And you haven't even mentioned the Brennan Study, which found that over 150 vulnerabilities exist in these computerized voting devices, about which all of us who are administrators of their system are unaware.

M:  Mary Ann discussed the National Association of Secretaries of State which has an affiliate program with funding from vendors.  She read from their pamphlet "The NASS Corporate Affiliate Program is a savvy way to share ideas and build relationships with key decision-makers throughout your state."

IS:  Yes you can wine and dine and buy access to the people that are at the top and in control of the voting process—The Secretaries of State in most states—and it is considered normal to take large sums of money from those whose only interest in this process is to make money.  It's a travesty that we've lost sight of the fact that the voters are the ones who are supposed to have the benefits of voting, not companies.  You and I should be driving this process and having our votes counted by this process.  But the culture of corruption, which is in Washington actually, washes all through this country, and the subject of election accountability is a word that is not even discussed.

M:  Tell me about the Election Center.  Who are they and what is their Connection?

IS:  The Election Center is a 501(C3) organization located in Houston, Texas, directed by Doug Lewis, a past Republican political consultant, (formerly campaign consultant for former Governor Connelly). He was appointed in the early 1990's as the Director of this organization.  They have an excellent continuing education program which brought me to the Election Center and I became nationally certified by them in 1996.  But it became clear to me that at all these meetings, vendors would sponsor breakfasts, lunches, Best Practices Awards, and there was as much meeting with the vendors as there was education.  At the last meeting I attended in Chicago, they even planned a cruise, which I did not attend.

      We need to stop whitewashing the problem.  The state and officials in Sarasota County had a letter from ESANDS indicating a problem with the smoothing filter on the Ivotronic voting machine and they had a patch that could fix this.  They even provided sample signs warning the voters that when they touched the screen their choices would take several seconds to appear on the screen.  This memo was not produced in the discovery process concerning the election challenge in Sarasota, the Sarasota officials didn't produce the letter even though they had it, and the letter only became known when an election activist group in North Carolina realized that this letter was never introduced into these court cases, and they wanted to know why. 

      These officials are either incompetent or negligent—take your choice.  But they certainly were not serving the interests of the city.  Even today, we had a demonstration of a ballot on demand system by a major vendor in Tallahassee, Florida--the Secretary of State wanted to see it.  I heard about it and sent some staff members to see it, and I had gotten permission from the Diebold representative.  The Secretary wouldn't allow them to see it; he wanted to be alone while viewing the machine.  My employees were actually asked to leave! That's unbelievable, but certainly not unusual, and that's the sad thing.  This goes right back to the arrogance of authority.  These arrogant officials want to run systems that are not in the public sector.  They should run systems someplace else.  In the public sector, we need accountability, and if we really want our elections to be verifiable, they must be audited, because if these voting systems can be taken over and manipulated, and unless you audit the evidence, you can't say that your system has not been compromised.

M:  And the audits have to be pretty large.

IS:  You're right.  I don't know what the magic number is, but why not investigate the proper sample size to give a 99 percent confidence level to our elections?  Citizens should call their reps in Congress; they're dealing with this issue now.  I am not affiliated with either party; but I think this new Congress and their point of view is substantially different.  They'll be subject to the same pressures as the other party was, the vendors will lean on them as will the professional organizations.  But, we're asking for elections to be verifiable.  If asking for verifiable elections by requiring audits destroys the elections, then they need to be destroyed because they're no good.

JG: John Gideon (who will be referred to as JG) thanked IS for all his hard work, and said that he had the highest respect for him.  JG spoke about how he respected the SOS in Washington State, for standing up to party pressure and making sure that the laws were followed.

      JG discussed the upcoming hearings on HR 811, and he asked IS about his feelings regarding this legislation.

IS:  As a Floridian, we have no audits; they're banned here in the state of Florida and there are no more recounts.  After the embarrassment of the 2000 election, the Republicans banned recounts in 2001.  So we have no way to audit elections.  [We are not allowed a recount], if the ballots have been machine read.  We are not allowed to audit those ballots because the Florida assumption enshrined in our law is that voting machines can make no mistakes, so there's no need to audit anything that's produced by the voting machines.  So we're only allowed to audit those ballots that could not be read by the voting machine, which is about one half to one quarter of a percent of the votes. 

      So the tiered ballots called for by the Holt bill is a dramatic improvement over the current situation in Florida, which has no audits.  That's a major reason why I support HR 811.  I understand a lot of people would like it to go much further; to be the magic bullet that would end all the problems we have in the voting field.  But I guess I'm a little jaundiced on that, because when you have no protection, and you're facing a presidential election, I want, at least, the audit that the HR 811 bill will provide for Floridians.  In my testimony I made to Congress yesterday, I was asked what kind of technology would best accomplish the kind of verification to the citizens that their count was accurate?  The only technology that does that is paper ballots!  You can optically scan them if you want, but by God, you'd better count them, in an audit fashion, so you can verify whatever that machine says is true.  Just accepting the machine totals is not proper, given what we understand relative to the lack of security in these devices.

      Both JG and IS shared their feelings of mutual respect and gratitude for each other’s work.