Startling admission made during public hearing in CA to consider decertification of the company's voting and tabulation software...

Mitch Trachtenberg Byon 3/17/2009, 11:06pm PT

Guest Blogged by Mitch Trachtenberg, with Brad Friedman

Even the audit log system on current versions of Premier Election Solutions' (formerly Diebold's) electronic voting and tabulating systems --- used in some 34 states across the nation --- fail to record the wholesale deletion of ballots. Even when ballots are deleted on the same day as an election. That's the shocking admission heard today from Justin Bales, Premier's Western Region manager, at a State of California public hearing on the possible decertification of Diebold/Premier's tabulator system, GEMS v. 1.18.19.

An election system's audit logs are meant to record all activity during the system's actual counting of ballots, so that later examiners may determine, with certainty, whether any fraudulent or mistaken activity had occurred during the count. Diebold's software fails to do that, as has recently been discovered by Election Integrity advocates in Humboldt County, CA, and then confirmed by the CA Secretary of State. The flaws, built into the system for more than a decade, are in serious violation of federal voting system certification standards.

The problems may lead to decertification of the company's voting systems, as well as an examination of voting systems made by other companies to determine if they too may have been able to sneak such violations past both federal and state testers...

Today's hearing was a response to the startling discovery last December, by a volunteer group in Humboldt County that, under fairly common circumstances, the older version of GEMS used by the county, and several others in the state, dropped all votes from the ballots in the first deck of ballots run through GEMS. (See BRAD BLOG coverage: here, here and here.)

The Humboldt County Election Transparency Project, using the free and open source software program Ballot Browser, found that Diebold's GEMS system had eliminated all votes from 197 vote-by-mail ballots cast in a single precinct in Eureka, CA during last November's general election. [DISCLOSURE: Mitch Trachtenberg, author of this article, was one of the HTP volunteers. He developed Ballot Browser, for use by the project.]

The revelations were made just after Humboldt County Registrar of Voters Carolyn Crnich had certified the election results with the state, forcing her to recertify with new numbers after the discovery. Crnich, who helped found the Transparency Project, was present at today's hearing.

Following the discovery of Diebold's dropped votes, and the equally disturbing revelation that Diebold had been aware of the problem for years, CA's Secretary of State Debra Bowen, initiated an investigation which confirmed [PDF] that, under common circumstances, the GEMS software would drop all votes from the first scanned deck of ballots, the so-called "deck zero."

The investigation also revealed that the problems went far beyond the dropping of votes. GEMS v1.18.19, the version used in Humboldt County --- as well as versions 1.18.20, 1.18.21, 1.18.22 and 1.18.23 --- were discovered to have defective audit logs.

In addition, the software was discovered to have a "Clear" button which, when pressed, would actually delete the contents of an audit log without even asking for confirmation from the user. That, despite repeated federal and state testing and certification of the software which failed to notice the egregious programming flaws in violation of federal voting system standards requiring indestructible logs to track all system events.

The flaws should have kept the systems from receiving certification at all.

"In terms of being able to track down the precise mechanism by which the problem had occurred in [the Humboldt] election, critical information was simply never recorded," in the audit logs, Deputy Sec. of State Lowell Finley said at today's hearing which was made available to the public via one-way audio teleconference.

Today's hearing was meant to help determine whether or not GEMS v. 1.18.19, as used in Humboldt County, should now be decertified by the state. However, in response to a question, Premier representative Justin Bales admitted that even the most recent versions of GEMS, used in a number of other states, such as FL and TX, as well as CA, still fail to record the deletion of ballots in their audit logs.

For a decade or more, e-vote system vendors have pointed to the audit logs as a way of ensuring that every operation performed by their software would be available for inspection in post-election examinations. As a result of today's hearing, it has become clear that even the most recent versions of Diebold/Premier's vote counting software do not actually record all system events.

Bales admitted that his company had "not yet" corrected the problem, which was first implemented in the company's software more than a decade ago.

Wired's Kim Zetter quotes Bales as noting "We never, again, intended for any malicious intent and not to log certain activities. ... It was just not in the initial program, but now we're taking a serious look at that."

CA SoS Bowen described the Diebold audit logs as "useless".

According to the Secretary of State's report, the four year old bug in Diebold/Premier's software triggered a problem in Humboldt's election as a result of a personnel change. Diebold had sent a memo, back in 2004, to elections managers still using GEMS 1.18.19. This memo, without going into details of the software bug, instructed elections officials to begin their elections by creating and deleting an empty "deck zero."

However, Diebold never sent similar instructions to the federal body that had certified their software, never notified the California Secretary of State of the problem, and never modified their instruction manuals. In Humboldt County, the previous election manager left the county without alerting his successor or his superiors of Diebold's suggested "workaround", sent out as a single notice, via email, back in 2004 (their terse email is posted here.)

Although the California Secretary of State's report indicated that the problem was Premier's responsibility, Premier's representative attempted to tell the hearing that the blame should be shared, suggesting that Crnich, the Humboldt Registrar, should have somehow known to delete "deck zero" before using GEMS to count ballots, despite her having access to no such instructions.

Crnich responded that she was "offended" by Diebold's attempt to shift blame, adding "if you are saying that your system needs to be checked every damn time you turn it on, then I agree with you."

Tom Pinto, a staffer at Humboldt County's District Attorney's office and a volunteer with the Transparency Project, urged that the approach used in Humboldt --- independently scanning ballots with separately developed open source software and off-the-shelf hardware --- be expanded statewide. Pinto stated that the project had demonstrated the need for "100% audits."

The question of whether similar problems exist in the audit logs of systems certified by other companies was also raised at today's hearing by both Election Integrity advocates during the public comment period, and afterwards by Bowen herself.

"Clearly, we're going to have to look at this," she told Wired. "That's one of the obvious next steps."

A transcript of today's hearing will be posted at this CA SoS webpage.

===

Mitch Trachtenberg is a member of the Humboldt County Election Transparency Project, and the author of Ballot Browser, free and open source ballot counting software. He is also a partner in Trachtenberg Election Verification Systems (TEVSystems), which provides support for Ballot Browser.

CLARIFICATION: Our original headline was somewhat clumsily worded as: "Diebold Admits ALL Versions of Their Software Delete Ballots Without Notice". In fact, while ballots can be deleted by administrators, from all versions, without being noted in the audit logs, at this time we're only aware of versions 1.18.19, 1.18.20, 1.18.21, 1.18.22 and 1.18.23 doing so automatically (the "deck zero" bug described in the story). All versions of the GEMS software allow the deletion of ballots, which are not necessarily recorded in the audit logs. Though we don't know if, in fact, the software itself deletes those ballots, as we know that it does in the versions mentioned above. We apologize for any unintended confusion to readers.



