THIS PAGE
TO A FRIEND
The cat that controls New Hampshire election programming
Tuesday, January 8, 2008
By Bev Harris
John Silvestro and his small private business, LHS Associates, has exclusive programming contracts for ALL New Hampshire voting machines, which combined will count about 81 percent of the vote in the primary. And as to Super Tuesday and beyond: Silvestro also has the programming contracts for the states of Connecticut, Massachusetts, and Vermont.
Silvestro IS the New Hampshire chain of custody in New England -- or, at least, a very large component in it.
Last fall, with the help of citizens like you, Black Box Voting began working on "Chain of Custody" projects, in which we identified some of the areas of concern that might affect many jurisdictions at once. First on the list for the Northeast U.S. is LHS Associates, a vendor with inside access to every memory card, as well as to the chips containing the "brain" of the Diebold optical scan machines.
Rare video footage
In an unusual confluence of available video, we obtained footage of Silvestro grappling with Harri Hursti, the master hacker who had his way with the Diebold optical scans in Leon County, Florida, in the famous exploit that was showcased in the film Hacking Democracy.
The exact same make, model and version hacked in the Black Box Voting project in Leon County is used throughout New Hampshire, where about 45 percent of elections administrators hand count paper ballots at the polling place, with the remaining locations all using the Diebold version 1.94w optical scan machine. Because the voting machine locations tend to be urban, this represents about 81 percent of the New Hampshire voters.
The video shows Harri Hursti testifying on Sept. 19 before the New Hampshire legislature, attempting to explain significant vulnerabilities requiring urgent mitigations; throughout his testimony, Silvestro inserted his own comments, opinions, misstatements and speculations.
Voting machine checkup
One area of disagreement between Hursti and Silvestro was the amount of expertise needed to exploit the Diebold 1.94w optical scan system. Silvestro claimed (in a strange contortion of reasoning) that he doesn't hire very skilled programmers, implying that this makes New Hampshire elections more secure.
Hursti pointed out that hiring programmers with a lack of knowledge is generally not considered a security feature, and also that an average high schooler can learn to exploit the system in two days to two weeks.
We think it doesn't take that long
Black Box Voting purchased a Diebold optical scan with 1.94w firmware, and chose a computer repair shop out of the phone book, took it in, grabbed the first available technician. It took him less than 10 minutes to zero in on the memory card as a point of critical vulnerability -- and, oh my, did he point out some other intersting things!
New Hampshire hasn't upgraded system security
Silvestro tries to claim that the security problems have been fixed in newer editions. Whether or not they have been, it's a moot point in New Hampshire where the upgrade is not made unless the Ballot Law Commission meets, and they have not met for ages.
Silvestro then points to extraordinary measures taken by other states to enact special procedural safeguards, but of course none of those were implemented in New Hampshire either, because the Ballot Law Commission has not bothered to meet since March 2006.
In fact, New Hampshire has not implemented mitigations for known risks
Not only that, they have turned all the programming over to a sole source private company, taking vote counting for 81 percent of New Hampshire citizens out of the public domain.
LHS is not subject to public records requirements, as the government is, at least, not in New Hampshire. The control over memory card contents is absolute; when cards malfunction or get lost, LHS brings the replacements.
Control over the "brains" of the machine: access to the chip
Since LHS maintains the machines, repairs the machines, and replaces the machines -- often on Election Day -- when they malfunction, they have intimate access to the chips, sockets, ports, communications devices and other electronic components.
Silvestro stated that the chip has "read only memory" and cannot be reprogrammed without frying it under ultraviolet light overnight.
Hursti never had a chance to examine the hardware, nor have most of the recent university studies had access. But our friendly neighborhood computer repair guy differed with Silvestro on the point of plug & play reprogramming of the guts of the machine.
Authors Bio: Bev Harris is executive director of Black Box Voting, Inc. an advocacy group committed to restoring citizen oversight to elections.
NOTE: In accordance with Title 17 U.S.C. section 107, any copyrighted material herein is distributed without profit or payment to those who have expressed prior interest in receiving this information for non-profit research and educational purposes only. For further information please refer to:http://www.law.cornell.edu/uscode/17/107.shtml
