Documented election law and security violations in Shelby County, Tennessee

Shelby County candidates Shep Wilbun, Sondra Becton, Vernon Johnson and Otis Jackson have performed a valuable service for their community in exposing some of the most irregular and illegal electronic voting procedures in America. Shelby County ran its August 3, 2006 election in a fashion that violated all basic security procedures. The multiple breaches of security call into question the results and cast doubt on the legality of elections processing.

Evidence from election official declarations and discovery documents obtained in litigation over a recent election using Diebold machines reveals that:

* Illegal and uncertified Lexar Jump Drive software was loaded onto the Diebold GEMS central tabulator, enabling secretive data transfer on small USB "key chain" memory devices. This blocked election transparency and raises questions as to whether hidden vote manipulation may have taken place.

* Other uncertified software of various kinds was loaded onto the system and, according to the event logs examined, was used. This opened the door for hand-editing of both vote totals and the reporting of election results.

* Evidence of actual attempts to manipulate election reporting results exists. The evidence available wouldn't record successful manipulation, only attempted manipulation, due to software failure. The logs show repeated failed attempts to use an HTML editor.

* According to Shelby County elections officials, they opened the central vote totals repository to widespread network connections. The dispersed nature of access to the central tabulator would prevent finding the perpetrators, even if documentation of manipulation could be achieved -- a difficult feat, since the type of hacking enabled by the GEMS program tends to erase evidence.

In an on-site inspection of the network connections conducted by Jim March, elections department lead computer operator Dennis Boyce pointed to a location on a network interconnection plug panel where the Diebold-supplied GEMS central tabulator is plugged in. No extra security such as a router or firewall was present at the interconnection. This appears to open up access by anybody in county government to the central tabulator.

* At the same on-site inspection, the Diebold-supplied GEMS backup central tabulator had more uncertified software than could be quickly documented – but observers did spot Symantec's PC Anywhere utility. This program would allow opening the machine to outside remote control - the PC Anywhere program allows a remote computer across a dial-up or networked connection to see the screen of the “zombied” computer and operate it's keyboard and mouse. To call this a security breach is an understatement.

* At the primary GEMS central tabulator station, all of MS-Office 2000 Professional was loaded and working. According to Windows, MS-Access was a frequently used program, the only component of the overall MS-Office suite that was so identified.

All answers to queries about what these uncertified MS-Office components were used for were evasive and no legitimate explanation was offered by the elections staff. The USB memory device (Lexar Jump Drive) was described as a way to transfer data from main to backup GEMS servers, which is plausible...but encryption for such purposes isn't. As to PC Anywhere, observers were told it “wasn't active”, which didn't answer the question of “what was it doing there?”

Overview Of The Environment:

Shelby County runs voting systems built by Diebold Election Systems Inc.

Most voting (both early and precinct) is handled by Diebold TSx touchscreen voting systems. Votes are tabulated county-wide on a single standard Dell computer provided by Diebold and running a Diebold application called GEMS – Global Election Management Software.

Altering votes at the precinct touchscreens is difficult but possible. Altering votes at the GEMS central tabulator (often referred to as the “GEMS server” or “main server”) is Chimpanzee-easy – the database of votes is in a format known as Microsoft Access. That database can be altered by programs other than GEMS and if someone does so, no audit trail record is created of the alterations and no password is required to do the alterations.

For this reason, physical access and network access to the central tabulator of votes is critical to overall election security. And since these systems are certified as set combinations of hardware and software at both the state and federal levels, no changes to the system involving new software or hardware are allowed as they can introduce new security vulnerabilities.

Shelby County Facts (as retrieved from the “Windows event log” of the GEMS server):

1) At 4:00pm the day after the election, somebody loaded a program called “JD Secure” into the GEMS server. “JD” stands for “JumpDrive” by the Lexar corporation. A “JumpDrive” is a small memory device, concealable in a closed fist, that allows rapid transfer of data. The fact that JD Secure was loaded means that data was not only moved around on a small, easily concealable memory device, but also that the contents of the memory device were password protected, further concealing what information was being transmitted. This violates system certification procedures and public/party observation laws (our right to transparent elections). It is difficult to conceive of a non-malicious purpose for concealment of data transfer (or manipulation) via password protection.

Four attempts to load the JD Secure software was documented across a period of about 15 minutes. So this loading of the memory device password application wasn’t accidental.

(One malicious use for the Jumpdrive with password encryption would be for a fraudster to hand-edit vote totals on another machine, spend hours to get it to total correctly, and then upload altered results back to GEMS the following day via the keychain memory device.)

2) On 8/7/06 somebody loaded a complete copy of Microsoft Office Professional 2000. This would include the MS-Access program long known as the simplest way to edit the contents of a Diebold central vote database (and banned for use in elections in virtually all jurisdictions nationwide).

3) On 8/22/06 for a period of over an hour -- and during a time period for which a Temporary Restraining Order was in effect -- somebody attempted to edit HTML data files. The only significant HTML files on a Diebold main server are vote total reports. The only reason any trace was left was because the HTML editing tools failed to load – they either broke somehow or weren’t loaded correctly. Either way, it suggests that somebody may have been hand-editing vote total reports, and that’s potentially very significant. For example: GEMS creates reports of vote tallies throughout election night, in either HTML or PDF formats. An editor for PDF data is included on the GEMS main server as shipped by Diebold, and HTML editors are easy to get. Those tally reports could be easily edited on election night, shifting the apparent vote totals, and then the main GEMS database could be hand-edited to match the false reports across most of the day after the election, to be illicitly uploaded via the password-protected Jumpdrive.

A Final Shelby County Fact (based on election official depositions):

4) At 6:30pm on election day, the GEMS main server was cross-connected to the main county computer network, which in turn has a cross-connection to the main Internet. They did this to allow uploading results from four regional elections offices across the county.

To be clear, it appears that results were modemed in to the regional stations from the precincts. The regional stations were reportedly connected to the county network.

It is impossible to overstate the seriousness of this security violation. This practice is flat banned in California and many other states, and may or may not be illegal in Tennessee...we’re checking on that. As a practical matter, this allowed anybody sitting at a county PC to get to and manipulate the central vote tabulator database.

With this final insult, it can be plainly stated that this wasn’t an election. It was a hacking contest, open to whoever was most efficient and motivated to alter vote totals.

The number of potential vote fraud perpetrators was literally enormous. Regardless of whether or not vote manipulation was caught and proven, no possible perpetrator could be caught.

It's hard to explain these violations of both law and known standard security practices in election processing.

Win or lose, candidates Shep Wilbun, Sondra Becton, Vernon Johnson and Otis Jackson have performed a valuable service for their community in exposing some of the most irregular and illegal electronic voting procedures in America today. Nobody else in the Tennessee elections process did their jobs except for these four candidates and a handful of citizen supporters and researchers.

These candidates performed another exceptional service when they went to court and obtained the most recent GEMS database to date. You can download it here:
http://www.bbvforums.org/forums/messages/2197/44189.html

It should be noted that this is NOT the election night database. We were not allowed to take a copy of that. This is, however, represented to be a real and final version of the Shelby County elections database.