27 April 2014

“Before his swearing-in, Bilbray said he looked forward to replacing
the images of airplanes that used to decorate the walls with photos of
surfboards and sailboats." — USA Today

Unfortunately, the immigrant-bashing Brian Bilbray wasn't talking about
decorating his dorm room. California's newest congressman is moving
into the Rayburn House Office Building, specifically the office vacated
by Randall “Duke" Cunningham, bribe taker extraordinaire, who is now
serving eight years in prison. Bilbray edged past Democrat Lorraine
Busby in a special, allegedly closely watched election on June 6,
allowing Republicans to hold the 50th District in traditionally
conservative San Diego County.

And the folksy detail about Bilbray's taste in poster art, in lieu of
reportorial outrage, seems to signal that, once again, America has
moved on from a shoddily conducted election — making Congress seem
about as trustworthy as a New Orleans rebuilt atop the toxic waste
stirred up by Hurricane Katrina. Somebody's going to get sick from this
sooner or later.

Indeed, the “democracy extremists" out there — the ones who take
procedural integrity seriously, especially in the era of electronic
voting — are sick already.

Let's forget for a moment the political significance of Bilbray vs.
Busby, or even who won, and pare the contest down to one essential
fact: The use of Diebold optical-scan and touchscreen machines in last
week's voting in San Diego County was subject to rigid procedural
standards set down both by the California Secretary of State's office
and the National Association of State Election Directors, the point of
which was to guarantee that the machines arrived at their polling
places untampered with and inviolate.

This is no small matter. People across the political spectrum have
begun waking up to the immense risks posed by electronic voting. For
instance, conservative CNN commentator Lou Dobbs recently weighed in
that, “The security of our elections and the integrity of our democracy
is in jeopardy. Nationwide, there is concern and even alarm that
electronic voting machines are simply too easily compromised and
vulnerable to fraud."

And Diebold machines, which were decertified in California at one
point, are probably the most controversial of all. Computer experts
given even brief access to a Diebold machine have demonstrated how
easily it can be hacked, with election-changing results. A highly
detailed “security alert" about Diebold, issued in May by the
nonpartisan Black Box Voting, warns:

“Based on publicly available documentation, source code experts and
testing performed with the system, there seem to be several backdoors
to the system which are unacceptable from a security point of view. . .

“In the worst case scenario, the architectural weaknesses incorporated
in these voting terminals allow a sophisticated attacker to develop an
‘offense in depth' approach in which each compromised layer will also
become the guardian against clean-up efforts in the other layers. This
kind of deep attack is extremely persistent and it is noteworthy that
the layers can conceal the contamination very effectively should the
attacker wish that. A quite natural strategy in these types of
situations is to penetrate, modify and make everything look normal."

Bev Harris of Black Box Voting put it a little more bluntly: “The
Diebold system is only as good as the most recent person who gets at
it. It's a defective system."

While many people argue that the machines shouldn't be used at all,
California Secretary of State Bruce McPherson, who recertified Diebold,
at least acknowledges their security danger and has established strict
“chain of custody" standards for each machine and memory card. No
unauthorized person should ever be alone with them, and “Any breach of
control over a memory card shall require that its contents be zeroed."

Now then, fasten your seatbelts. In San Diego County, the voting
registrar, Mikel Haas, apparently following time-honored custom (or
whatever), sent machines and other equipment home with poll workers for
as much as a week before the June 6 election, to be stored in living
rooms, garages, etc., shattering all control over these insecure
machines and opening up, in Harris' words, “a huge gaping maw of an
attack hole."

Some of the poll workers themselves were incredulous and contacted
LA-based blogger and democracy maven Brad Friedman. “My neighbors were
quite surprised when I showed them one of the touchscreen systems from
my garage," one of them wrote. Friedman sounded the alarm to his
readers, which is how I found out about it.

A spokesman at Haas' office subsequently confirmed the “sleepover" (as
Friedman put it). And another spokesman, at McPherson's office, who
took the better part of two days to return my calls, refused to answer
a simple, point-blank question: Were chain-of-custody requirements
violated in San Diego County? Instead, she e-mailed me a copy of the
secretary of state's certification process, which seemed to confirm
that indeed they were. Further calls to McPherson's office have not
been returned.

I don't know whether the secretary of state's allegiance is to partisan
politics or just a quick count. But like others who have looked on
appalled at the procedural sloppiness of this election, I have no
confidence in Bilbray's 4,732-vote victory" over Busby. Worse, I fear
that democracy in the electronic era is in the hands of people who
regard it as more trouble than it's worth.