County Assessor Jackie Stephens runs ballots precinct by precinct through the M650 ballot scanner Nov. 8.
Saguache County voting machine
SAGUACHE COUNTY — The controversy surrounding the use of electronic voting machines that first arose in 2000 has reared its head again following problems with new election equipment Nov. 2 in Saguache County.
While some mention was made in mid-summer during a Saguache County commissioner’s meeting that an order had been placed for a new M650 voting machine, information about the machine was not forthcoming until only recently.
County Clerk Melinda Myers made the decision to buy the machine after conducting “extensive research on what was available and reliable that would best suit Saguache County,” (Myers to the Saguache BOCC Nov. 16). “Saguache County had $33,000 in federal Help America Vote Act (HAVA) funds the Secretary of State was holding to be used to purchase electronic voting equipment, which had to be spent by Dec. 31, 2010 or they would revert back to the federal government.”
During the Canvass Board meeting last Friday, Myers also indicated that some of this money was used to purchase other voting machines.
In the meeting, Myers did not mention the fact that the M650 machine she purchased from Election Systems and Software cost a total of $55,000-57,000 (purchase price of the machine depending on various factors), exceeding the total available from HAVA by $22,000-24,000. During the Nov. 16 BOCC meeting, Commissioner Mike Spearman did comment that the amount in excess of HAVA came from “the general fund.” This means that taxpayers footed the bill for the $22,000-24,000.
In 2008, former Secretary of State Mike Coffman was forced to decertify a number of election machines to satisfy strict limitations imposed by state law and in answer to a court order from a 2006 lawsuit by voting activists challenging the machines as inaccurate.
California and Ohio no longer use the machines because of problems they encountered with their accuracy. Coffman later recertified all of them with the permission of lawmakers, who said he could reopen the process, explore different remedies and seek advice from county clerks. They also passed a bill allowing Coffman to look into security fixes for the machines.
Among the machines Coffman initially decertified then recertified was the M650.
In a report issued in 2007 by EVEREST: Evaluation and Validation of Election-Related Equipment, Standards and Testing on the M650 and other decertified machines, numerous and disturbing problems concerning possible compromise of votes when using the M650 are listed. Some of these are enumerated below.
Under performance deficiencies:
• Due to failures in performance, counties shall allow extra time for downloads and uploads of memory card devices. This may impact programming, testing and use of the system on election night.
• Counties shall ensure trusted staff is properly trained on this issue and accommodating the allowable time required for programming memory devices.
Then this alarming information is related under the section on Attack Scenarios:
“Prerequisites: Any person with knowledge of these three fi le names and approximately three minutes of unmonitored access to the M650 can replace all software on the machine with malware…The M650 checks only for the existence of the three fi les and performs no integrity or authenticity checks. Hence, any person with physical access to the machine can load new software onto the M650, either on, before, or after the election. As is also the case with the M100 (see Section 7.3.3), both fi rmware and ballot defi nitions are loaded through the same medium (in this case, the Zip Disk drive). By surreptitiously inserting malicious fi rmware onto a ballot defi nition disk, a corrupted Unity system could carry out this attack.
“Impact: An attacker who can forge a fi rmware update disk can take total control over the M650. This includes the ability to learn election results, change results, mimic the behavior of an uncompromised M650 (to avoid detection), thwart future attempts to load new fi rmware (while reporting success to the operator), and/or cause the M650 to become inoperable until its internal storage can be reimaged using separate and uncompromised hardware.
“An attacker can force this integer overfl ow by specifying a large number of precincts in the election defi nition fi le, allowing him to write arbitrary data onto the heap (the amount of data is limited only by the storage capacity of the Zip Disk)…The M650 [also] accepts forged ballots made of commodity paper in a variety of weights.
“Prerequisites: The M650 is a batch scanner used primarily to scan mail-in (absentee) ballots. To be scanned, forgeries must be mailed to the appropriate office in offi cial election envelopes (which, of course, may also be forged).
“Impact: A motivated forger can produce paper ballots that visually appear legitimate and that are accepted by the M650.”
These include complicated instructions to back up M650 data and Unity Software, and involves the use of media seals, chain of custody documents, extensive copying of memory cards, a backup of the master database, increased election night audits, additional testing for electronic and paper ballots and a written log/audit of any changes made to component of the system.
There is no record that any of the precautions required by the SOS were taken by election staff on the night of the Nov. 2 general election.
For the complete article see the 11-24-2010 issue.
Click here to purchase an electronic version of the 11-24-2010 paper.