Re: Ms. Tobi's overheated rhetoric

From: Jim March <1_dot_jim_dot_march_at_gmail_dot_com>
Date: Sun Nov 04 2007 - 17:35:17 CST

Comments interspersed...

On Nov 3, 2007 11:43 AM, David Jefferson <> wrote:
> On Nov 3, 2007, at 4:40 AM, Jim March wrote:
>> David,
>> There have been a boatload of academics over the years of the Brit
>> Williams/Merle King ilk. People who have supported the "dominant
>> paradigm" at NASED, EAC and various state certification processes.
>> Rotten certification systems have had academic apologists for years.
>> And when they're not apologizing, they're simply ignoring data that
>> comes from non-academic sources.
> Most of these people are not "elite technologists" about whom Ms. Tobi was
> writing.
> The bona fide technologists who support the Williams/Merle paradigms are a
> dying
> breed. I do not think there have been any new ones in the U.S. since 2006
> or so,
> although Europe is a few years behind. There have never been more than a
> handful.
> What has changed is that there are now at least a hundred active
> technologists on
> the other side.
>> Let's take one example. You must be aware by now that Windows CE in
>> the Diebold touchscreen product line hasn't been examined by anybody
>> outside of Diebold. Documents filed by Diebold with the California
>> SecState's office list WinCE as "COTS", which is flat-out impossible
>> as CE has to have been customized in order to work at all. It's a
>> "kit", not a "product".
> Correct.
>> How can you ignore that? I'm quite serious here: there is NO possible
>> way the legality of the Diebold CE-based products can be supported.
> The COTS exemption is indefensible from any security standpoint.
> But there is nothing illegal about Diebold CE-based products. The VVSG
> standards
> are voluntary guidelines. Many states do not recognize them, as you know.
> But of
> course many states do require in law or regulation or custom that their
> voting
> systems be federally certified. They do not require that the VVSG standards
> actually
> be adhered to. What they require is federal certification. Well Diebold's
> systems were
> and still are federally certified. Perhaps they should not have been, but
> they were.
> So their state certification was not illegal. We can argue on lots of
> grounds that it
> should have been illegal, but I argue it was not not.

Ah. OK, so you've missed something BIG.

David, buried very deep in the US legal system is a principal at work
here, something a lawyer friend turned me on to. The phrase is "fraud
vitiates everything it touches", often shortened to "fraud vitiates

A google search will show the shorter form of this phrase turning up
in US Supreme Court case law going back as far as 1795 (and is still
in use). It also turns up in cases from India so it's likely a
carryover from English law.

"Vitiates" means "sexually corrupts" - I had to look it up myself.
It's a vicious term for something our culture is trying to get away
from - the idea that a victim of a sex crime can be rendered "impure"
as a result.

In this legal context, once fraud can be proven to be at the core of
the creation of ANY legal document, that document is null and void
from the moment the fraud occurred - not once uncovered, but when it
happened. The principle affects contracts, employment agreements,
licenses, *certifications* and much more.

Say you apply for a commercial driver's license based on truck
training papers that are forged, and end up driving a big-rig down the
road with the resulting "legal license". If the fraud is ever
uncovered, you're charged not just with the fraud, but also with
driving the truck without a license. The license was never legally
any good and YOU were (until caught) the only person who knew it.

Here's a real-world example of this happening:

Go talk to Lowell Finley about all this. Diebold's Federal
certification is, right as we speak, legally not valid.

>> Worse, since CE is at the core of the Sequoia and Hart touchscreens,
>> it's quite possible they pulled the same stunt. After all, there were
>> only three labs. If one examined CE in code-review detail while
>> another treated it as COTS, you'd think somebody would ask questions
>> over drinks at the hotel bar wherever the next NASED meet was held?
> You would think. But the people at NASED do not understand these issues. I
> know.
> I spoke at NASED in 2003 and said that ever that Diebold systems should
> be "considered" for decertification as a result of the Hopkins/Rice report.
> I have never
> had a hostile audience before but that audience turned hostile, led by Doug
> Lewis.
> They practically threw tomatoes at me and ran me out of the place.

No surprise there. But you still didn't understand what was happening.

>> So at least one vendor's product line is verifiably
>> illegal...something I told you in person around Oct. 2003. Did you
>> ever check up on that? Ever ask any questions?
> Jm, I am sure you have told me a lot of things in person. I do not agree
> that these
> systems are "illegal". I wish they were.

You're not a lawyer. Neither am I of course. BUT, you had (and have)
access to scads of 'em at the SecState's office, and I would guess you
have at least some friends with law degrees in your social circle.
Did you ever once run the situation past one, esp. one without a
political axe to grind at the SecState's office? Did it occur to you
to do so?

For your information, the lawyer I ran this past is a former county
prosecutor who has zero connection to the election integrity movement
whatsoever (I avoided anybody with an axe to grind myself).

>> It's 2007 and the
>> junk is still in use all over the country. Never mind that both the TS
>> and TSx have drop-in flash memory module support allowing wholesale
>> code addition with a standard Phillips screwdriver and less than five
>> minutes.
> Everyone knows this now.

Everyone paying attention, yeah. Doesn't include the media yet.

I'm gonna skip some irrelevancies here on both our parts...

> Quoting David:
> The McPherson administration was a lost cause once Susan Lapsley was
> appointed in about Jan., 2004. But you have no idea what happened in
> that administration, or how much we (me and the VSTAAB members tried
> to move them in a favorable direction).
> I assume you are upset because of the VSTAAB report we submitted in
> February 2006 that led to the Diebold certification. I will give you (or
> other
> readers of this) my story of what happened.
> 1) The Diebold system was going to be certified no matter what we said or
> wrote. If you don't know that, you just don't understand. It was already
> mid
> February and there was a special election scheduled for early April in San
> Diego (a Diebold county) and a statewide primary in June. Many counties
> had Diebold equipment in place, and they were pressuring the SoS that there
> was no time to get another system, and the SoS agency was in complete
> agreement. Furthermore, the January 1 federal deadline for HAVA compliance
> had already passed, and the SoS believed that DREs were important for HAVA
> compliance. So certification was going to happen. The only real issue then
> was what technical qualifications and mitigations would be required are part
> of
> certification.
> 2) The VSTAAB charter did not allow us to make policy recommendations. We
> were required to confine ourselves to technical statements of fact and
> possibly
> outline options for dealing with those facts. But not recommendations.
> Policy
> makers do not want to be boxed in by their technical advisors and they make
> that clear.
> 3) The issue at hand was the Hursti I vulnerability--the one demonstrated in
> Leon
> County Florida done by Harri Hursti and set up by Bev Harris. We were not
> authorized
> to do a full study of Diebold, nor would that have been possible in the time
> alotted.
> Our recommendations, and we did in effect make some in spite of the fact
> that we
> were not supposed to, were all directed toward doing something to mitigate
> them. I
> might add that the Husti I vulnerability was easily fixed, and even if not
> fixed was, we
> believed "manageable" (as we wrote) for a special Congressional election 6
> weeks
> away.
> 4) We intended, and expected, most of those mitigations to be targeted
> primarily at
> the April special election. We figured that there was barely enough time by
> the June
> primary for Diebold to make the code changes to fix the security
> vulnerabilities that we
> were able to identify (which we estimated would take a day) and get them
> federally
> certified and back to the state for certification for June. We pointed out
> in our
> nonpublic appendix to the report the exact lines of code that were faulty
> and needed
> to be fixed. We never imagined that that neither Diebold nor the SoS had
> that
> intention, and that we would go through the general election in November and
> another year as well with no fix at all even attempted! That was
> inconceivable to
> us. I am still stunned at the dereliction of duty that represents,
> especially in the light
> of subsequent events (Hursti II).

You're stunned, huh? Yeah, I suspect you are, but that's mainly
because you still don't seem to know why you were there at all. More
on that in a moment...

> 5) After certification of the Diebold Systems on Feb. 17, 2006, it was made
> clear to me
> that the agency was not happy with the report we submitted. Their biggest
> complaint was that we stated flatly that Harri Hursti was exactly
> right--everything
> he had said was correct, and his demonstration was real. They hated that, I
> think
> because it gave legitimacy to Hursti, whose work had embarrassed Florida
> officials,
> officials who had visited Sacramento to play a role in--and manipulate--the
> Hursti/AccuBasic investigation.
> 6) After that report the McPherson administration basically never dealt with
> us
> again. Barely a month later (March 15) I learned of the Hursti II
> vulnerabilities
> and the threat of viral attacks on Diebold voting systems, and I repeatedly
> tried to
> get the attention of the SoS agency to warn them of these vulnerabilities
> that were
> 100 times worse than Hursti I, and here it was an election year with a
> primary
> less than 3 months away. They would not listen, and would not even give us
> an appointment. Eventually I got another state to act (PA, with the help of
> Mike Shamos) and only then did CA officials even agree to hear us out. When
> they did, it was with Diebold people on the phone, and in the end they did
> essentially nothing. And they basically never spoke to us again, through
> the
> primary and general election, when McPherson was voted out of office.
> So, far from "enabling" the McPherson administration, I think it is fair to
> say that
> I (or we, the VSTAAB) slightly influenced them as best we could before the
> Diebold certification (Feb, 2006), and had no influence at all after.
> David

Oh David, for God's sake, you've proven my whole point.


OK, pay attention, because this part's important.

The VSTAAB ("Voting Systems Technology Assessment Advisory Board") was
at the California SecState's office for just one reason: so that the
bureaucrats and politicians could point to your PhDs, EEs, BAs, MAs
and all that other BS as credentials that were "on-board with their
program". The lot of you could have gone to the basement every day
and gotten bombed out of your skulls on crystal meth for all they

You thought you were going to get "inside" the process and use the
bureaucrats and politicians to get good voting systems in place. You
poor deluded fools. The reality is that the politicians and
bureaucrats used YOU - that's what they do, God almighty, it's about
the only thing they're good at.

Right about the time you realized you had no effective input
whatsoever, you should have publicly quit, as a group, in a press
conference on the steps of the SecState's building. You should have
publicly blown the whistle. Not only would you have shined a light on
the situation, you would have denied them the fig-leaf of credibility
that your academic records gave them!

At least ONE of you must have read "Atlas Shrugged" by Rand, and
thought to have "pulled a John Galt" on 'em?

In conclusion David, you have NO right to criticize the activism or
"personal styles" of Nancy Tobi, Bev Harris, Dr. Rebecca Mercuri,
myself or pretty much anybody else. We fought from the outside. Most
of us (Dr. Mercuri a notable exception) didn't have your degrees,
didn't have your training...but by God we have guts, and we for
damnsure didn't make things worse by providing political cover to a
pack of corrupt jackals.

Jim March
OVC-discuss mailing list
By sending email to the OVC-discuss list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Fri Nov 30 23:17:09 2007

This archive was generated by hypermail 2.1.8 : Fri Nov 30 2007 - 23:17:31 CST