Received from Bowen's office today:
DIEBOLD REVEALS NEW “SECURITY VULNERABILITY” WITH ITS TOUCHSCREEN
VOTING MACHINES CERTIFIED FOR USE IN CALIFORNIA
COMPANY TELLS PENNSYLVANIA ABOUT FLAW IT SAYS COULD
LET “UNAUTHORIZED SOFTWARE” BE LOADED ONTO THE SYSTEM
“HOW DOES THE SECRETARY OF STATE PLAN TO RESOLVE THIS SECURITY NIGHTMARE AND GURANATEE PEOPLE’S VOTES ARE ACCURATELY COUNTED?”
SACRAMENTO – “Is it embarrassing that California’s Secretary of State certified voting machines that the company itself now admits suffer from a serious security flaw that could allow anyone to load software onto them to change people’s votes and potentially change the outcome of an election? I’m sure it is, but we have a statewide election in less than four weeks and we don’t have time for people to be embarrassed, we need to get the problem solved.”
That’s how Senator Debra Bowen (D-Redondo Beach), the chairwoman of the Senate Elections, Reapportionment & Constitutional Amendments Committee reacted to the revelation that Diebold has informed Pennsylvania elections officials that the AccuVote-TSx – a touchscreen voting machine that at least 12 California counties plan to use in the June primary – contains a serious “security vulnerability.”
“I called on the Secretary of State back in February to reverse his decision to certify the Diebold TSx because the machine doesn’t meet the requirements laid out in state law,” said Bowen. “Now, two-and-a-half months later, Diebold, which touts itself as using ‘industry leading security,’ comes out and tells Pennsylvania about a security flaw found in every TSx machine that lets people change the vote totals on the machines and, possibly, change the election results in the process. Voters in 12 California counties are going to have to rely on these machines to accurately record their votes, so why wasn’t California’s Secretary of State told about this security problem and if he was told about it, why has he been sitting on this information?”
On May 1, Diebold wrote to the Pennsylvania Secretary of the Commonwealth, stating it:
“. . . has determined there is a security vulnerability to the AccuVote-TS and AccuVote-TSx equipment in the system installation and upgrade mechanism. This security vulnerability could potentially allow un-authorized software to be loaded onto the system. The probability for exploiting this vulnerability to install un-authorized software that could affect an election is considered low.”
The following day, May 2, 2006, the Pennsylvania Secretary of the Commonwealth issued a directive to all Pennsylvania counties using Diebold machines, stating:
“In order to mitigate any immediate risk, all counties using the Diebold AccuVote-TSX shall re-install the authorized software during system startup prior to installing, testing, and sealing the election data PCMCIA card into the unit.”
“I really want to know how the Secretary of State is going to fix this debacle,” continued Bowen. “Why should the voters in the 12 or so counties using Diebold equipment have to cast their ballots on machines the company itself says aren’t secure? Voters wouldn’t be in this position if the Secretary of State hadn’t certified the Diebold machines in violation of state law back in February. This entire security nightmare has turned the intent of the Help America Vote Act on its head. Requiring voters to cast ballots on machines that don’t comply with California law and that the company itself now says are vulnerable to tampering runs completely counter to the intent of HAVA, which was supposed to make it easier for people to vote and to ensure every vote is counted accurately.”
On February 17, 2006, the Secretary of State’s Voting Systems Technology Assessment Advisory Board (VSTAAB) released a report identifying 16 security flaws in the Diebold machines, but not the flaw Diebold revealed to Pennsylvania officials on May 1. The Secretary of State certified the Diebold machines that same day and imposed additional security procedures, including one requiring the machine’s memory cards to be programmed under the supervision of the registrar of voters. However, it appears the process won’t cover the security problem disclosed by Diebold because the process deals solely with when the electronic ballot is loaded onto each machine, not when the operating software is loaded onto the machine.
A copy of the letter from Diebold to the Pennsylvania elections officials is attached, along with a copy of the directive from the Pennsylvania Secretary of the Commonwealth to counties that plan to use Diebold machines in the state’s May 16th primary election.Why is this garbage being forced on CA voters -- yet Vote-PAD can't be used?!
"Twelve Counties" is an estimate. ("12 or so counties" -- Bowen). Hopefully that number will be plummeting soon.
Looking through ERD, I couldn't locate the PA documents (?) so I'm posting them below.