New Hampshire’s Voting Issues

A YouTube video from Black Box Voting that you won’t soon forget:

http://www.youtube.com/watch?v=PiiaBqwqkXs THE CAT THAT CONTROLS NEW HAMPSHIRE ELECTION PROGRAMMING

John Silvestro and his small private business, LHS Associates, has exclusive

programming contracts for ALL New Hampshire voting machines, which combined will

count about 81 percent of the vote in the primary. And as to Super Tuesday and

beyond: Silvestro also has the programming contracts for the states of

Connecticut, Massachusetts, and Vermont.

Silvestro IS the New Hampshire chain of custody in New England — Or at least, a

very large component in it.

Last fall, with the help of citizens like you, Black Box Voting began working on

“Chain of Custody” projects, in which we identified some of the areas of concern

that might affect many jurisdictions at once. First on the list for the

Northeast U.S. is LHS Associates, a vendor with inside access to every memory

card, as well as to the chips containing the “brain” of the Diebold optical scan

machines.

RARE VIDEO FOOTAGE

In an unusual confluence of available video, we obtained footage of Silvestro

grappling with Harri Hursti, the master hacker who had his way with the Diebold

optical scans in Leon County, Florida in the famous exploit that was showcased

in the film Hacking Democracy.

The exact same make, model and version hacked in the Black Box Voting project in

Leon County is used throughout New Hampshire, where about 45 percent of

elections administrators hand count paper ballots at the polling place, with the

remaining locations all using the Diebold version 1.94w optical scan machine.

Because the voting machine locations tend to be urban, this represents about 81

percent of the New Hampshire voters.

The video shows Harri Hursti testifying on Sept. 19 before the New Hampshire

legislature, attempting to explain significant vulnerabilities requiring urgent

mitigations; throughout his testimony, Silvestro inserted his own comments,

opinions, misstatements and speculations.

VOTING MACHINE CHECKUP

One area of disagreement between Hursti and Silvestro was the amount of

expertise needed to exploit the Diebold 1.94w optical scan system. Silvestro

claimed (in a strange contortion of reasoning) that he doesn’t hire very skilled

programmers, implying that this makes New Hampshire elections more secure.

Hursti pointed out that hiring programmers with a lack of knowledge is generally

not considered a security feature, and also that an average high schooler can

learn to exploit the system in two days to two weeks.

WE THINK IT DOESN’T TAKE THAT LONG

Black Box Voting purchased a Diebold optical scan with 1.94w firmware, and chose

a computer repair shop out of the phone book, took it in, grabbed the first

available technician. It took him less than 10 minutes to zero in on the memory

card as a point of critical vulnerability — and oh my, did he point out some

other intersting things!

NEW HAMPSHIRE HASN’T UPGRADED SYSTEM SECURITY

Silvestro tries to claim that the security problems have been fixed in newer

editions. Whether or not they have been, it’s a moot point in New Hampshire

where the upgrade is not made unless the Ballot Law Commission meets, and they

have not met for ages.

Silvestro then points to extraordinary measures taken by other states to enact

special procedural safeguards, but of course none of those were implemented in

New Hampshire either, because the Ballot Law Commission has not bothered to meet

since March 2006.

IN FACT, NEW HAMPSHIRE HAS NOT IMPLEMENTED MITIGATIONS FOR KNOWN RISKS

Not only that, they have turned all the programming over to a sole source

private company, taking vote counting for 81 percent of New Hampshire citizens

out of the public domain.

LHS is not subject to public records requirements, as the government is, at

least, not in New Hampshire. The control over memory card contents is absolute;

when cards malfunction or get lost, LHS brings the replacements.

CONTROL OVER THE “BRAINS” OF THE MACHINE: ACCESS TO THE CHIP

Since LHS maintains the machines, repairs the machines, and replaces the

machines — often on Election Day — when they malfunction, they have intimate

access to the chips, sockets, ports, communications devices and other electronic

components.

Silvestro stated that the chip has “read only memory” and cannot be reprogrammed

without frying it under ultraviolet light overnight.

Hursti never had a chance to examine the hardware, nor have most of the recent

university studies had access. But our friendly neighborhood computer repair guy

differed with Silvestro on the point of plug & play reprogramming of the guts of

the machine.

After I push the button to send this message out to the media and the citizenry,

I’ll work on getting a short YouTube video of the Accuvote checkup by our local

computer repairman. And before you say, “But wait! He’s not a world class

expert!” — That’s just the point.

Our local computer repairman may hit or miss on some of his analyses. You’ll all

be able to try your hand at second guessing him as soon as the next video is up.

But if he hits even one of his ideas for how to exploit the machine to steal

votes, that’s all it takes. From someone who is not, certainly, a world class

hacker or even a hacker at all.

I’ll post the link to that in a follow up here: http://www.bbvforums.org/forums/messages/1954/71200.html?1199744175 , and invite you techs to weigh in.

Please feel free to distribute, reprint or excerpt, with link to Black Box

Voting and the video link above.

Bev Harris

Black Box Voting

bev@blackboxvoting.org

Advertisements

One Response

  1. Thank you for sharing.
    Good article.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: