Consumer Protection for Elections
BREAKING NEWS: New information indicates that hackers
may have targeted the central computers that are counting our votes.
Voting without auditing. (Are we insane?)
SEATTLE, WASHINGTON Nov 3 2004Did the voting machines trump exit polls?
There's a way to find out.
Black Box Voting (.ORG) is conducting the largest Freedom of Information
action in history. At 8:30 p.m. Election Night, Black Box Voting blanketed
the U.S. with the first in a series of public records requests, to obtain
internal computer logs and other documents from 3,000 individual counties
and townships. Networks called the election before anyone bothered to
perform even the most rudimentary audit.
America: We have permission to say No to this. It is our right.
We call on every candidate not to concede. Don't play along. It is your right.
Among the first requests sent to counties (with all kinds of voting systemsoptical
scan, touch-screen, and punch card) is a formal records request
for internal audit logs, polling place results slips, modem transmission
logs, and computer trouble slips.
Such a request filed in King County, Washington on Sept. 15, following the
primary election six weeks ago, uncovered an internal audit log containing
a three-hour deletion on election night; "trouble slips" revealing
suspicious modem activity; and profound problems with security, including
accidental disclosure of critically sensitive remote access information to
poll workers, office personnel, and even, in a shocking blunder, to Black
Box Voting activists.
Black Box Voting is a nonpartisan, nonprofit consumer protection group for
elections. You may view the first volley of Freedom of Information requests
Responses from public officials will be posted in the forum, organized by
state and county, so that any news organization or citizens group has
access to the information. Black Box Voting will assist in analysis, by
providing expertise in evaluating the records. Watch for the records
online; Black Box Voting will be posting the results as they come in. And
by the way, these are not free. The more donations we get, the more FOIAs
we are empowered to do. Time's a'wasting.
We look forward to seeing you participate in this process. Join us in
evaluating the previously undisclosed inside information about how our
voting system works.
Play a part in reclaiming transparency. It's the only way.
Public Records Request - November 2, 2004
From: Black Box Voting
To: Elections division
Pursuant to public records law and the spirit of fair, trustworthy,
transparent elections, we request the following documents.
We are requesting these as a nonprofit, noncommercial group acting in the
capacity of a news and consumer interest organization, and ask that if
possible, the fees be waived for this request. If this is not possible,
please let us know which records will be provided and the cost. Please
provide records in electronic form, by e-mail, if possible -
We realize you are very, very busy with the elections canvass. To the
extent possible, we do ask that you expedite this request, since we are
conducting consumer audits and time is of the essence.
We request the following records.
Item 1. All notes, emails, memos, and other communications pertaining to
any and all problems experienced with the voting system, ballots, voter
registration, or any component of your elections process, beginning October
12, through November 3, 2004.
Item 2. Copies of the results slips from all polling places for the Nov. 2,
2004 election. If you have more than one copy, we would like the copy that
is signed by your poll workers and/or election judges.
Item 3: The internal audit log for each of your Unity, GEMS, WinEds, Hart
Intercivic or other central tabulating machine. Because different
manufacturers call this program by different names, for purposes of
clarification we mean the programs that tally the composite of votes from
Item 4: If you are in the special category of having Diebold equipment, or
the VTS or GEMS tabulator, we request the following additional audit logs:
a. The transmission logs for all votes, whether sent by modem or uploaded
directly. You will find these logs in the GEMS menu under "Accuvote OS
Server" and/or "Accuvote TS Server"
b. The "audit log" referred to in Item 3 for Diebold is found in the GEMS
menu and is called "Audit Log"
c. All "Poster logs". These can be found in the GEMS menu under "poster"
and also in the GEMS directory under Program Files, GEMS, Data, as a text
file. Simply print this out and provide it.
d. Also in the Data file directory under Program Files, GEMS, Data, please
provide any and all logs titled "CCLog," "PosterLog", and Pserver Log, and
any logs found within the "Download," "Log," "Poster" or "Results"
e. We are also requesting the Election Night Statement of Votes Cast, as of
the time you stopped uploading polling place memory cards for Nov. 2, 2004
Item 5: We are requesting every iteration of every interim results report,
from the time the polls close until 5 p.m. November 3.
Item 6: If you are in the special category of counties who have modems
attached, whether or not they were used and whether or not they were turned
on, we are requesting the following:
a. internal logs showing transmission times from each voting machine used
in a polling place
b. The Windows Event Viewer log. You will find this in administrative
tools, Event Viewer, and within that, print a copy of each log beginning
October 12, 2004 through Nov. 3, 2004.
Item 7: All e-mails, letters, notes, and other correspondence between any
employee of your elections division and any other person, pertaining to
your voting system, any anomalies or problems with any component of the
voting system, any written communications with vendors for any component of
your voting system, and any records pertaining to upgrades, improvements,
performance enhancement or any other changes to your voting system, between
Oct. 12, 2004 and Nov. 3, 2004.
Item 8: So that we may efficiently clarify any questions pertaining to your
specific county, please provide letterhead for the most recent
non-confidential correspondence between your office and your county
counsel, or, in lieu of this, just e-mail us the contact information for
your county counsel.
Because time is of the essence, if you cannot provide all items, please
provide them in increments as soon as you have them, and please notify us
by telephone (206-335-7747) or email (Bevharrismail@aol.com) as soon as you
have any portion of the above public records request available for review.
Thank you very much, and here's hoping for a smooth and simple canvass
which works out perfectly for you. We very, very much appreciate your help
with this, and we do realize how stressful this election has been.
If you need a local address, please let me know, and we will provide a
local member for this public records request. In the interest of keeping
your life simple, we thought it best to coordinate all records through one
entity so that you don't get multiple local requests.
We now have evidence that certainly looks like altering a computerized
voting system during a real election, and it happened just six weeks ago.
MONDAY Nov 1 2004: New information indicates that hackers may be targeting
the central computers counting our votes tomorrow. All county elections
officials who use modems to transfer votes from polling places to the
central vote-counting server should disconnect the modems now.
There is no down side to removing the modems. Simply drive the vote
cartridges from each polling place in to the central vote-counting location
by car, instead of transmitting by modem. "Turning off" the modems may not
be sufficient. Disconnect the central vote counting server from all modems,
INCLUDING PHONE LINES, not just Internet.
In a very large county, this will add at most one hour to the vote-counting
time, while offering significant protection from outside intrusion.
It appears that such an attack may already have taken place, in a primary
election 6 weeks ago in King County, Washingtona large jurisdiction
with over one million registered voters. Documents, including internal
audit logs for the central vote-counting computer, along with modem
"trouble slips" consistent with hacker activity, show that the system may
have been hacked on Sept. 14, 2004. Three hours is now missing from the
vote-counting computer's "audit log," an automatically generated record,
similar to the black box in an airplane, which registers certain kinds of
Here are the details about remote access vulnerability through the modem
connecting polling place voting machines with the central vote-counting
server in each county elections office. This applies specifically to all
Diebold systems (1,000 counties and townships), and may also apply to other
vendors. The prudent course of action is to disconnect all modems, since
the downside is small and the danger is significant.
The central servers are installed on unpatched, open Windows computers and
use RAS (Remote Access Server) to connect to the voting machines through
telephone lines. Since RAS is not adequately protected, anyone in the
world, even terrorists, who can figure out the server's phone number can
change vote totals without being detected by observers.
The passwords in many locations are easily guessed, and the access phone
numbers can be learned through social engineering or war dialing.
ELECTION OFFICIALS: The only way to protect tomorrow's election from this
type of attack is to disconnect the servers from the modems now. Under some
configurations, attacks by remote access are possible even if the modem
appears to be turned off. The modem lines should be physically disconnected.
We obtained these documents through a public records request. The video was
taken at a press conference held by the King County elections chief Friday
The audit log is a computer-generated automatic record similar to the
"black box" in an airplane, that automatically records access to the
Diebold GEMS central tabulator (unless, of course, you go into it in the
clandestine way we demonstrated on September 22 in Washington DC at the
National Press club.)
The central tabulator audit log is an FEC-required security feature. The
kinds of things it detects are the kinds of things you might see if someone
was tampering with the votes: Opening the vote file, previewing and/or
printing interim results, altering candidate definitions (a method that can
be used to flip votes).
Three hours is missing altogether from the Sept. 14 Washington State
primary held six weeks ago.
Here is a copy of the GEMS audit log.
Note that all entries from 9:52 p.m. until 1:31 a.m. are missing.
One report that GEMS automatically puts in the audit log is the "summary
report." This is the interim results report. We obtained the actual Sept.
14 summary reports, printed directly from the King County tabulator GEMS
program, because we went there and watched on election night and collected
these reports. These reports were also collected by party observers,
candidates, and were on the Web site for King County.
Here are summary reports which are now missing from the audit log.
Note the time and date stamps on the reports. Note also that they are
signed by Dean Logan, King County elections chief. We have the original
reports signed in ink on election night.
What does all this mean?
We know that summary reports show up in the audit log.
There are other audit logs, like the one that tracks modem transmissions,
but this audit log tracks summary reports.
Dean Logan held a press conference Friday morning, Oct. 29. Kathleen Wynne,
a citizen investigator for Black Box Voting, attended the press conference
and asked Dean Logan why three hours are missing from the audit log.
Here is a video clip
Logan said the empty three hours is because no reports were printed. OK.
But we have summary reports from 10:34 p.m., 11:38 p.m., 12:11 a.m., 12:46
a.m., and 1:33 p.m. These reports were during the time he said no reports
were run. Either the software malfunctioned, or audit log items were
deleted. Because remote access through the modems is possible, the system
may have been hacked, audit log deleted, without Logan realizing it.
Perhaps there are two of this particular kind of audit log? Perhaps this is
an incomplete one?
Bev Harris called King County elections office records employee Mary Stoa,
asking if perhaps there are any other audit logs at all. Mary Stoa called
back, reporting that according to Bill Huennikens of King County elections,
the audit log supplied to us in our public records request is the only one
and the comprehensive and complete one.
Perhaps it is a computer glitch?
The audit log is 168 pages long and spans 120 days, and the 3 hours just
happen to be missing during the most critical three hours on election night.
Diebold says altering the audit log cannot be done. Of course, we know a
chimpanzee can't get into an elections office and play with the computer,
but to demonstrate how easy it is to delete audit log entries, we taught a
chimpanzee to delete audit records using an illicit "back door" to get into
the program, Diebold told reporters it was a "magic show." Yet, Diebold's
own internal memos show they have known the audit log could be altered
Here is a Diebold memo from October 2001, titled "Altering the audit log,"
written by Diebold principal engineer Ken Clark:
"King County is famous for it" [altering the audit log]
Here is Dean Logan, telling a Channel 5 King-TV News reporter that there
were no unexpected problems with the Diebold programs. This was at the
"MBOS" central ballot counting facility in King County in the wee hours of
Sept. 15, on Election Night.
Dean Logan on Election Night, Sept 14 2004
Note that he says there were no problems with modem transmission.
When we obtained the trouble slips, in a public records request --
documentation that indeed the modems were not working fine, we were
accidentally given the access phone number for King County.
Were we so inclined, if we had simply kept this under our hat, we could
take control of your central server on election night from our living room.
Here are the trouble slips showing problems with modems. Note that King
County generously provided us with the "secret" information needed to hack
in by remote access. We did redact the specific information that gives this
information to you.
Here are more trouble tickets. One that is a concern: "OK to format memory
card?" (This would wipe out the votes in the electronic ballot box.)
Election officials: Disconnect those modems NOW. If you don't: You gotta be
Reporters: Some election officials will lie to you. Show your kids what
bravery looks like. Be courageous. Report the truth.
Citizens: Please help us by joining the Cleanup Crew. For now, e-mail
email@example.com to join, since our signup form has been taken out.
Candidates: Make a statement. Do not concede on Election Night. Wait until
audits and records can be examined.
HOW TO MONITOR THE CENTRAL TABULATOR: Black Box Voting developed these
guidelines to help you create an audit log, which can then be compared with
the FEC-required computer-generated audit log inside the computer.
Yes, this is a lot of stuff, and it might feel overwhelming, but whatever
you can doit is very much appreciated.
THINGS TO BRING WITH YOU
- A notebook and pen. Preferably a notebook with a sewn binding, if you can
find one. Do not take notes on a computer.
- A cell phone
If you can, also bring these:
- A camera
- A small tape recorder
- A video camera, with a zoom lens if possible
Note that some counties will require you to turn off your video camera
during the entering of passwords, a valid request. You should, however, be
able to videotape the rest. Don't pull your camera out right away. Avoid
confrontation by leaving your video camera in the bagbetter yet, a
purse. Pull it out only when there is an event of significance.
You can't be effective if you make assumptions or let others intimidate you.
- Don't let others make you feel dumb.
- Make no assumptions about security. It might be worse than you expect.
- Don't count on the accuracy of anything other people tell you, even if
they work for the county or the vendor.
- About party observers, techies, or lawyers: Remember that they have not
examined the actual software or setup, and they are operating on
assumptions, hearsay, or in some cases, may be trying to misdirect your
- Vendor contracts prohibit county officials from examining their own
software. Elections officials may just be repeating what someone else (the
vendor) has told them.
YOUR ROLE AS AN OBSERVER: CREATE YOUR OWN AUDIT LOG so it can be compared
to the real audit log.
Write down the following. For every event, write the date, time, including
1. NAMES & AFFILIATIONS: Get the names of everyone there. Find out
2. WHERE ARE THE COMPUTERS: Establish the number and location of all vote
tabulation computers. They call them different things: tabulators, servers.
What you want is the computer that adds up all the votes from everywhere in
- Some counties have only one. If there are more than one, find out where
each one is. If there is more than one tabulator, ask if they are networked
together and find out if any of them are in places you can't observe.
3. SYNCHRONIZE YOUR WATCH with the central vote-tally computer. Ask
officials to tell you the time on the computer. If more than one, ask for
the time of each and the ID number of each.
log the date and time, to the minute, in this format:
Nov. 02 2004 11:25 p.m.
Nov. 03 2004 01:15 a.m.
CREATE A LOG FOR THE FOLLOWING:
People: Ask names and affiliations for, and log the START and STOP time for:
a. Who accesses the terminal (the keyboard and screen)
b. Who sits at the terminal
c. Who accesses the server (the computer the screen is hooked up to)
d. Who enters and leaves the room
COMPUTER ACTIVITIES: Log the START and STOP time for the following events
and write down the name of the person involved:
a. Putting disks, CDs, or any other item in the computer
b. Taking disks, CDs, or any other item out of the computer
c. Uploading disks, CDs, or any other item
d. Viewing a preview of a report
e. Putting a report on the Web, even if this is done from another computer
f. Printing a report
g. NOTE WHAT'S ON THE SCREEN: Use binoculars to view the screen.
- Note upload icons.
- Use binoculars to read and record error messages. Note the time.
- Note indicators of processes, when a status bar shows how much is left to do
h. PROGRAM CRASHES:
- Watch to see if the program suddenly disappears from the screen (a
program crash) or any system error message appears. If so, note the time
and other details, and see below for how to record system crashes.
- Get the date and time and note who was at the computer
- Note whether any results were being transmitted or uploaded at the time
the crash occurred.
- Did the crash take down the whole computer or did it just close the
tabulator program unexpectedly.
- Log all activities and conversations that occur just after the crash. If
have a tape recorder, leave it in your purse, now is the time to turn it
on. But keep making notes regardless of whether you have tape, and trust
your gut. What you think might be important is probably important.
WRITE DOWN EVERYTHING YOU CAN FIND OUT ABOUT MODEMS.
i. Note when, where, and who feeds ballot data into the computer in the
central office. Describe what they are feeding the cards into, where the
items are located, who does it, and when.
j. DISK MANAGEMENT:
- Note what kind of data storage device is used to move data around. You
are looking for floppy disks, CDs, USB keys (about the size of a pack of gum).
- Note where they get the disk from originally (whether it was from the
machine, meaning it could have a program or data on it already, or out of a
package of new disks).
- Track the chain of custody: Where it is taken, and have someone watch it
when taken to any other machine, note what programs you can see on the
- Note whether (and what time) it comes back and if it is put into the
k. Moving the results: They have to move the results somehow. Ask questions
about their procedures.
- Is someone coming and going every hour or so with paper results?
- Are they moving results to the Internet with a floppy or CD or USB key
(looks like a little piece of plastic, about the size of a piece of gum)
- If no one is leaving the machine to post the results, chances are they
are doing this at the computer, meaning they are probably hooked up to a
network or the Internet. Ask questions about the details and record what
they say, and the name of the person who says it.
l. If you see somebody open a web page or they do something that lets you
know there has been Internet access, write it down.
m. BEHAVIORAL CUES:
- Note whether people look worried or stressed. Log the time it begins and
the time it ends and who they are.
- A now a word about "wranglers." Some elections offices appoint a personsometimes
a party observer they are chummy withto act as
"wranglers." They identify any person who might ask troublesome questions,
and if an event occurs that could cause embarrassment, the appointed
wrangler then goes over to distract the observers. Really. This is an
elections procedure in some jurisdictions. They actually call it a wrangler.
- If someone comes over and engages you in conversation, look around, and
see if officials have suddenly congregated into an office or people are
huddling over a computer. See if you can find out what you are not supposed
- Log behavior that is distracting, noting the time and person.
- Log time and people involved in other distraction events, for example:
The lights suddenly go out; a fire alarm goes off; someone spills
something, loud noises, someone knocks something over.
RECORDS TO REQUEST:
Each state has a public records act, but in most cases, you can get records
you ask for if you are nice. Here are important records you'll want:
1. Get a copy of each INTERIM RESULTS REPORT. Stand guard over what you
have. If someone comes in to remove or "replace one with a better copy"
hang onto the first and take the replacement, marking it. Make sure all
interim reports are time-stamped by the computer. If they aren't, note the
exact time you see them appear.
2. Request the COMPUTER AUDIT LOG for Oct. 29-Nov 2 (actually, it is
important to get the printout BEFORE YOU LEAVE that night. It will only be
a few pages, and can be printed from the vote-tally program's menu.
3. Ask for a copy of all the POLLING PLACE RESULTS SLIPS. These are sent in
with the results cartridges. Try to get copies before you leave that night.
If they won't give copies to you then, put in a public records request and
ask how soon you can pick them up.
4. Ask for a copy of THE UPLOAD LOGS. These are on the computer and can be
printed out on election night. They list each polling place and the time
results were uploaded.
5. There are ADDITIONAL LOGS in the Diebold GEMS programs you can request:
From the GEMS folder "data", ask for the poster logs. There may be folders
in the GEMS "data" directory titled "download", "log", "poster" and
"results". Ask for copies of these logs.
6. Here's a report that is very long but incredibly important and valuable.
Ask if you can have the ELECTION NIGHT DETAIL REPORTthe precinct by
precinct results as of the time all memory cards are uploaded from all
precincts. Depending on the system, they'll call it different thingsin
Diebold, it is called the Statement of Votes Cast (SOVC) report.
7. Let us know which REPORTS THEY REFUSE to give you on Election Night. We
can then put in Freedom of Information (public records) requests formally.
Once we have your observation log, and the records you obtain on Election
Night, we can start matching up events and data to audit for anomalies.
Post information in the county and state at BlackBoxVoting.ORG. If the site
is hacked out, come back as soon as it is up and post the information.
Thank you, and let's have an orderly election.
Now, there is a film crew who has been brave enough to capture what's
really going on:
THIS IS THE ONE: Here's the film that's breaking new ground on voting
machine investigations. Includes never before seen footage and information:
download 30 minute preview of the upcoming feature film.
NOTE: Please give your attention to the real film by the real
investigators: Russell Michaels, Simon Ardizzone, and Robert Carrillo Cohenthey
are the real deal. (Someone who ran off with a portion of the
proprietary footage has been pitching a similarly named, inferior
production which is missing most of the good stuff.) By the way, we've
worked with most of the documentary producers out there, and Russell
Michaels, Simon Ardizzone and Robert Carrillo Cohen are in a class by
themselvesIn my opinion, they are the only filmmakers who have been
doing real, in-depth, long-term in-the-field investigations on this issue
-- Bev Harris.
- Don't concede: Candidates, make a statement about voting without
auditing. Hold off on your concession until the canvass is done
- Gotta be replaced: If your county melts down into litigation, hold
officials accountable if they chose to ignore warnings and failed to
mitigate risks with preventive actions (like disconnecting telephone modems).
Note that most voting machine problems will be found between Nov. 3-12,
during the canvass, and a few weeks later, when public records requests are