 I can't stand standing behind podiums because I'm short. So I'm going to just stand over here. I hope all of you can see me. If not, there's plenty of seats over there. You can move around. So anyway, thank you very much, Bev. For all your really wonderful investigative work, a lot of what we have, a lot of the files and interesting memorandum are due to Bev having taken the carriage to put them up on websites and withheld lawsuit threats and all sorts of things that were going on. So we really owe a great debt of thanks to Bev. And some other people have really been promoting this. One of you involved in the computer ate my vote day? Did you protest on that or sign the petition? We had over 350,000 signatures delivered to various state legislatures all over the country. I personally was standing on the steps of the state capital in New Jersey. And we delivered 20,000 signatures by New Jerseyans. It represents about 1% of the American citizens. And this just shows the level. That was just in this petition. It shows the level of understanding and enthusiasm that people have about the problems that we're already seeing on an election by election basis with these new voting systems. So I want to talk about this. For those of you who don't know me, I've been involved with this for 15 years. In 1989, I lived in Bucks County, Pennsylvania. And they were thinking about getting these newfangled voting machines over there. And I really thought, you know, I don't think this is a good idea. I went home, found a New Yorker article written by a guy by the name of Ronnie Duggar. By the way, he has a new article in this week's issue of the nation. Check it out. It's online. You can check it out. Really great investigative journalism. So he's been tracking this stuff for decades, the type of stuff that was going on. I actually convinced the county commissioners in Bucks County not to buy the machines. They're still using their old lever machines. And they called me after 2000 to thank me for convincing them to stay with that old sort of passe technology that they're still using in New York also, by the way. So that type of thing sort of on an individual basis got me involved with looking at this. I am a computer scientist. I'm like, Bev, I don't have any grandchildren that I know of unless there's some cloning going on. But my background has been in computer science. I've been working in the industry for around 20 years. And a lot of my work has been in real time microsystems and also in computer security. So this is a real offshoot of that type of work that I had been doing. So anyway, it was very easy for me, and again being somewhat small in stature, and looking somewhat nerdish. I can go into, not anymore, because they all know who I am. But I used to be able to go into voting machine companies and, you know, oh, what's that? Oh, open up the bag, show me the thing, and then point out all the microprocessors in the back of the machines. And by the way, why do you need five microprocessors inside of a voting machine? Who the heck knows? Anyway, this is the type of stuff that I was able to investigate. Now unfortunately, I get thrown out of places because they know who I am. But that's all right. I still can make a very good representation of what's going on when now we sometimes get court orders to go into this. So what's actually happened has been a huge debate that has broken out in the industry as a result of all of this. And they're pitting now us, us, the computer scientists, community, and engineers who have spoken out against this. And they're saying that we're un-American, we're un-patriotic for having pointed out these flaws in our election systems. And so in a very expensive lobbying group, which by the way, Bev was able to observe the formation of, what did they pay? The Venice paid $50,000 a piece to join. $200,000 a piece. Yeah, five days to decide that. And then five days to decide this, okay. So these guys joined these 20 forces in this line of view. By the way, we all do this pro-bono, just off of our own personal funds to do this. So I don't get any pay for doing this, but these guys had this huge lobbying group, which is an adjunct of the Information Technology Association of America. So now they come out with these statements. And here's some of the statements. These are just from the recent press, July 19th, just a few days ago. They said that a recent ITA survey showed that 77% of registered voters are unconcerned about the security of eventing systems. But what about the other 23% that are concerned about it? So then he says, and as I love, this is the latest in the way that this works, is that he never said that critics who claim to be concerned about the security of voting systems are really using the issue to push a political agenda on behalf of the open source community. Okay, so obviously I am an open source enthusiast, not really actually as it turns out, but they think that I am, and those of us who are doing this, but you don't want any code, so you're not advocating that. No, I don't think so. So then they go on to say the following. It's not about voting machines. It's not about voting machines at all. I've always studied this for 15 years. It got a PhD in this because I knew it wasn't about voting machines. It's a religious war about open source software versus proprietary software. Now I founded a company. I have a consultant for a notable software. You see a little logo down the bottom. I'm into it for proprietary stuff. I mean, you can get patents and copyrights. You don't have trade secrets, well then that should be for Coca-Cola. But for software, as far as I'm concerned, we have ways of protecting that. That can be proprietary and you're welcome to be a capitalist and you can sell your stuff. I really don't care. But basically what he's saying is that if you're a computer scientist and you think that open source software is the solution to everything, I've always thought that by the way, not. And then you hate electronic voting machines. But if you're a person who believes that proprietary software and open source software can both be reliable, then you don't hate electronic voting machines. That's a really nice of him. They're characterized in that one. Now if he'd come in and he might talk to them, in fact I know he wasn't one of my talks because when they announced the ITAA, they're, you know, this little club opening up, they were announced at the MIST conference at the National Institute of Standards and Technologies in Maryland. And maybe we're over there. They answered at the MIST conference and I was there and I was giving a talk and I showed these types of slides. So if he comes to any of my talks, which he has been at, I don't know if he stays awake during them, he would have seen this slide where I have all he said and it is in my writing that open source cannot provide sufficient verification and validation assurances. And in fact, Ken Thompson, the famous guru from AT&T Bell Laboratories, said the famous statement in his paper, Reflections on Trusting Trust, which incidentally has been linked on my website for about four years. But that's okay. Obviously I'm an open source fanatic. But he said in 1984 and won an award, he said you can't trust code that you do not totally create yourself, especially code from companies that employ people like me, like AT&T. Well obviously their stocks aren't doing too well, but what can we say? No amount of source level verification or scrutiny will protect you from using untrusted code. So I'm now an open source enthusiast, although I think that open source is great, but I'm not that enthusiastic about it. Now what I find is really interesting, and if any of you are checking the newsfeeds, and in fact you can just stay and carry on business cards anymore, because all you take is into Google, Mercury and Voting, and you don't even have to spell Mercury correctly and you'll get my home page. So I'm so famous now, so great. So it saves me a lot of money with business cards. But in any event, if you check today in Google News, because I was over at Black Hat, and I announced this challenge, and I said I was gonna announce it at Black Hat, and at DEF CON, at DEF CON, I'm giving you the details of the challenge, so you're gonna hear about this challenge. But basically I'm reiterating Michael Shamus' challenge. So you'll see, if you go into Google News, type in Mercury Voting, you're gonna see as of 11 o'clock this morning there were starting newsfeeds on me, there's probably even more. So they're jumping all over it. I understand CNN was won the Mercury challenge on the Squall today, which is like a recall. So the last time I got on the CNN Squall was when I called it Enron style of voting. So that was a couple of years ago. Anyway, so what I'm doing, what I'm saying is that I'm the issue in this challenge. By the way, if you got this brochure, it is the official brochure, if you get it through somebody doing it, I have a few extras left. So I'll be glad to autograph, I'm also a world autograph. Anyway, what Michael Shamus, a computer scientist and also an attorney, a student of two degrees, and he is at Corry & Mellon University and he happened to be on Jim Lowe's News Hour a couple of months ago on May 5th. And he made the following statement. He said, for years, in fact, about six years, I've had a challenge posted on the internet that there's a $10,000 prize for anyone who can tamper undetectably with a diary that's a direct recording electronic voting machine, and by the way, about 30% of the voting systems people will be using these DRE-style machines in the November election. And he then says, the following, no one has taken me up on this because it's not possible to do it. Well, that's really interesting. Now, we've heard a whole bunch of examples here of how he is possible to do it, but he still doesn't believe this. So I think that these are fighting words. So I have now thrown out the gauntlet. So the gauntlet is as follows, and this is what the Associated Press said yesterday, actually. So they reported me saying the following. I'm tired of hearing members of the election community say that no problems have occurred with electronic voting systems. When every election, there's plenty of newspaper reports of glitches. Well, one in cleric, they say, when these votes are missing, and you'll see later in my slides, when votes go missing, they insist, and I haven't even said this in court, in vain, meaning election officials, vendors, that people buy the droves or the thousands, tens, hundreds of thousands of people, even nationwide, by the millions of people, go into the voting machines, deliberately do not choose any candidates, and then leave. So I find this rather preposterous. But in fact, this is what they assert. And then they say all sorts of reasons for that, that they want to prove they're a citizen by doing this. I find this rather preposterous. They make these statements, they make these allegations, that these missing votes, I call them vanishing votes, the votes that vanish in these systems, they say that these are deliberately vanished votes, that the voters go in, don't make a choice, and then press the cast vote button, and then leave. I don't believe this. I believe, and you'll see this in my data as you see it going along. So I'm issuing this challenge, because I'm responding to his bet, and he is, as I said, he's promised this $10,000 to anyone who can hack into a voting machine and detect it. So that's what the challenge is. The challenge is to hack into a voting machine and detect it. Now, Bev has already given a whole host of back doors and ways that you can do it. Go on monster.com, get a gig, do this thing, and now I'm gonna tell you how you're gonna be able to identify yourself so that we can make sure you get the $10,000. So, yeah. So now you have to understand, a lot of telling anybody to do anything illegal, okay? Maybe Michael Seamus is telling you to do something illegal, but I'm not, okay? Now, I'm saying that his challenge was impossible because if you do it in the fashion where you take a machine and then you examine it, you insert this thing such as it's undetectable, we all know how to do that. Again, this was all in that Reflections on Trusting Trust, putting in the compiler, the compiler, the compiler, we could buy the code, et cetera. Those of you who are hackers know what I'm talking about. But anyway, that sort of stuff that you can do, you'd have to be an insider to do that, okay? So, or you'd have to have access to the machine. Yeah, you could have access to the machine and actually do that. But what he is saying is that you're only gonna have to do this without having access to the machine. Well, it's not really possible, but that's not really his challenge. It's just undetectable. So, the point is that since the industry imposes these restrictive trade secret agreements, you have to find some way of gaining access. Now, you have to do it legitimately or there's this wireless stuff going on. We'll talk about that a little bit later too. So, there's a whole host of ways that you can do this to gain access to the stuff. I would prefer it if people do this before the election rather than during the election. And what I'd really like to see is people actually doing it with code that has been released and I'll talk about that too. But anyway, so, the point is, is that they're not gonna offer up their machines. Couple of companies have, but mostly they're not gonna offer them up. So, they're not gonna have a legitimate way of doing it. That would be the real way to prove that this is going. So, anyway, yesterday, the Associated Press called Seamus and he dismissed my criticism, man, whatever. It's, you know, academic. So, he goes, no one is going to take me up in this challenge. The question of influencing an election is mute because no one could do it without being detected. And then he goes, anybody can hack into anything. I can break into a bank. The question is, are they going to know that the money is gone? And I'm going to give you the way that you can prove that, okay? So, anyway, so here's the issue. The issue is, can you do it that it is undetected, but you also have to prove that you did it? So, it's a rather fascinating, sort of, story trend of events. But, I am a genius, so I figured out how to do this in the last 24 hours, which I've had no sleep. So, yeah, I feel this really fascinating. Okay, so here's more reaction. There's a company called Vote Here that's also mentioning our press release and Jim Adler, and I know all these guys, we see it the same means in yelling at each other. Anyway, so, Vote Here founder Jim Adler said, his company published a code, because I mentioned his code in this stuff, to expand an election security software hoping people would test it. Okay, so he's hoping that people would test it. In fact, that's why I mentioned him, because he said that he wanted people to test it. But then he says, it's not about preventing fraud. This is about detecting fraud. Now, wait a second. Don't we want to prevent fraud in the election? No, he doesn't care. He just really wants us to detect it. Okay, that's a little strange, but all right, that's fine. We'll detect it too. So, what's interesting is here in Nevada, Nevada, and I think this is wrong. This was one of the associated press, but I think they got it wrong actually. I don't believe that Nevada is using the ballot printers in all of its pieces. I believe they're using in a select few of them. But Sequoia Voting Systems is providing these ballot printers. This is, some people may have heard of this mercury method where it's a touchscreen machine or a DRA machine and then it prints out a ballot next to it. But in any event, even though I'm the one who came up with that idea that they now adopted into the machine, they're calling me irresponsible now. So they're saying that this stuff needs to be reviewed by trusted experts in computer security. Excuse me, I have a PhD from the University of Pennsylvania in computer science. But no, I'm not a trusted expert in computer security. And not by technological vigilantes, maybe like the people in this room, so of whom probably also have PhDs in computer science, who want to exploit the technology. Said Alfie Charles, by the way, he's just a tech spokesman for the California base Sequoia, in any event. What my challenge is, I'm calling it the put up or shut up challenge. I am sick of these people making these statements. And so now, I want to put their money in their mouths and they know I'm doing this. They answer right in front of their faces at a conference in Rutgers, back at the end of May. And so basically, the challenge is that hopefully, some of you are going to do this. And then if they don't give us the $10,000 or whoever does it, then we're going to let everybody know and it's going to be broadcast all over, all the same news agencies that just broadcast the challenge today. So there's a lot of people looking at this. Now we need to define the rules in advance. So he's basically given us the grand rule. The grand rule is it has to be undetectable. So you have to do it, but then afterwards, you have to prove that you were the one who did it. And it could be, he doesn't say that, it can't be an insider attack. So as far as I'm concerned, if you can get that job from monster.com and then you can attack it and then demonstrate that afterwards, then I think that's fine. You can also do it as an outsider attack. And they have to provide proof of that detection. And here's how I'm suggesting that you do it. You can do it in some variation like this because maybe, since I've now said this, they're going to use some patterns to match. Although, I don't think they can change their source code at this late date because it had to be certified. So I've got them on this one. So what I think you want to do is that when we have elections, there's a wait in spot. So instead of voting for president, you write in Donald Duck, okay? Lots of people like to do that just for grins. So what I want you to do is I want you to write in or whoever does this on a ballot in a waiting. It doesn't have to be for president, it can be for anybody. You don't need to write shameless O's and then you're going to have some special characters that can't be typed from the keyboard, okay? Everybody knows ASCII and Unicode and you can have the smiley face or some Chinese or whatever you want to appear and then we'll have a way of tracing that back to you. So we'll have to work at that little detail. But as long as it's a special character that can't be typed from the keyboard, we know it didn't come from a voter. It had to come from inside the machine. So let's say Shameless O is ready here, 10K, okay? And that's how we're going to prove it. Now you could come up with other ways but if you're going to come up with other ways, you're going to have to identify it well in advance. And we want to figure out ways that you can be anonymous so that you don't go to jail and get arrested. We haven't worked all those details out yet. But I think we can work it out, okay? So, well you need to be able to have them deposited into a Swiss bank account or something. So the point is, is that if Shameless doesn't cough up the 10K after this happens, then we're going to blast this all over the place. Now no, then I am not saying that if you have this hack and you prove that you have this hack, that this is going to prevent the vendors from doing the famous thing that Bev loves them doing is that they say, oh, we fixed that. And then they release another version where they say they could fix it but they didn't really fix it. So it doesn't prevent them from doing that. So don't think that you're going to be solving the problems of Democratic elections by doing this. We're just going to literally give it to them. That's all we really want to do, you know? We really want to get the puppy. So the idea is not that we're going to solve problems of Democratic elections because they're just going to come out with another release. But hopefully we'll be able to pound them into the ground a couple of times and that will really help with that. Now the other thing is that if you aren't successful and you don't hack it, that doesn't mean that these things are secure. As we know, they're not secure. But I would really hope that people will take us up on the challenge and actually do this. Now who is Michael Sheamus? Actually Michael and Sheamus was one of the guys who inspired me in a variety of my thinkings on this whole election business. And he wrote in a conference paper that in fact I was the chair of the conference session. It was the Computer Freedom and Privacy Conference number three, which is something like in 1993 and in California, I invited Michael Sheamus because he actually was a state examiner for the State of Pennsylvania and also the State of Texas. And he had examined voting machines. He had written a number of really great articles and had demonstrated a number of different things with regard to the security or lack there of these voting systems. Excuse me, and in this paper, he had written these six commandments of voting. And he said, these were not heuristics that were generally available, that were published or anything like that. And nobody ever told him, well, when you examine a voting machine, you'll have to be concerned with these six commandments. But what he found was that basically, the systems had to obey these types of things or he couldn't really certify them because it was sort of generally understood that these were the things that people were looking for when they were doing the certification. So number one, and by the way, these are in decreasing order of importance. So he felt that the most important thing was that the voters vote had to be secret because even though there's actually not really a lot in the way of laws or precedence with regard to the secrecy of the ballot, some states have laws with regard to that, but people do expect that their vote is secret. In fact, it's not secret all the time. If you vote in like a caucus where people separate in the room, that's not a secret ballot. The internet primary that was held in Michigan was in fact not a secret ballot. So there's plenty of elections that are not secret. But in general, people expect that they're going to cast a secret ballot. Now, you notice that's number one. Down number four was they'll shall report all votes accurately. So he's not saying that it is equally important as reporting all the votes accurately. That's actually way lower down on the list. And in between that, there were other such things like not allowing voters to vote multiple times, not allowing there to be anything like a receipt where the voter could prove how they voted and allow them to sell their vote. Then finally, we're putting all votes accurately. And making sure that the voting system remains operable throughout each election. That didn't seem to happen a lot. In California in their recent primary election, they found that there were some, they reported that there were some 36% of machines didn't start up in one county on election day. As it turned out, when the Secretary of State's office investigated, it was more like 50% of the machines didn't start up. So these are the types of things that aren't really going on, but again, that's not that important. It's much more important to keep secret ballots than to make sure the voting system is operating through the entire day. And then the interesting thing was this business number six, where it says you have to keep an audit trail to detect sins against numbers two through four, not the operable thing necessarily, but you can't have your audit trail violate commandment number one. And therein lies the rub. I looked at this for a really long time, because I was on the, you know, I was the tier of this panel session, and he gave the talk and I kept thinking about it and took me a while. Actually, I think it was probably a couple of years before I suddenly realized, but there's some inherent problem. There's just some incompatibility between keeping votes completely secret and having an audit trail. Now he's saying that the secrecy is paramount is most important, but I actually believe that people really think that all six of these things are actually important. So what I felt was essentially that the emperor has no clothes, that it is not possible to do what these running system companies actually are saying that they are intending to do. And they're going to have complete auditability and complete anonymity in a fully electronic system. They're selling the stuff, saying that they can do that, but there isn't any way to actually provide that. And in fact, that was the seminal part of my doctoral dissertation, where I actually demonstrated using computer science theory that it is not possible to have full anonymity and full auditability in a completely electronic system. You have to have some other influences. In other words, those paper ballots or some other way of doing an independent audit in order to do the auditability. But fully electronic, there is actually no way to do that. Hold your question to the end. We'll begin to answer questions that I want to sort of roll through these. And in fact, what I also believe is that the voting system voters, having had to deal with these people for about 15 years now, what I actually believe is that they know these systems are actually flawed. That they know that sometimes they have negative votes or sometimes they have more votes than there are voters. And they know that sometimes the votes sort of go up and down and that these votes just tend to vanish. And that if we did have an external audit trail that we could compare against the electronic vote tally, that it would show how flawed these systems actually are. And so I believe there was a deliberate act, I didn't believe that until this year actually, but now having dealt with as many people as I have, I believe there is a deliberate act on the part of the major vendors, not really necessarily the smaller vendors because some of them are doing audit trails correctly. But on the part of the major vendors and on the part of some members of the election community to make sure there is no independent way to audit these systems because I think then it would be revealed how flawed these systems actually are. I haven't been able to prove this, but I have enough substantive proof with regard to these back doors that are being provided in the types of standards that are being written that leads me to believe that those back doors are actually being provided there. So anyway, let me go back a little bit in history and bring us up to where we are today, talk about the types of flaws that can be exploited and give you an opportunity to sort of give some thought to how you would go about hacking the voting system so that you could win the $10,000 prize. Now the idea of messing around with the ballot box goes way back. This is Thomas Nast where a lot of really maybe nasty comes out of that name. I don't know, but he had a lot of nasty cartoons, very famous cartoons, all the stuff's now in the public domain so you can use it. And he did a lot of stuff about elections and elections were very corrupt. The idea of ballot boxes going missing and people commandeering them with stuffing ballots and changing things was fairly commonplace in 1876. So now let's zoom ahead to the future and what we basically have is this sort of, as Bev likes to call it, black box or as I like to call it, Enron style of oddity. Oh and by the way, Enron, some of the Enron folks, you know they turned into another company and now they're an offshore Bermuda company called Accenture. Guess what they make, voting machines. They're actually responsible for the internet voting project that was gonna be used by the Department of Defense to cast ballots overseas by the military and military families in the 2004 election. They have decided not to do that but that project is not dead. And Accenture, the Enron people are the people who are helping to create that. Anyway, getting back to this, this basically is the situation that we have now so it's basically a trust us type of situation. What I believe the voters really wanted is that the voters want to know that the ballot is cast and counted as intended. Keep thinking about this hacking thing as you go along with this because this gives you the clues as to what is going to be hackable on this. And what the voters want is that the counts and the recounts should be independent, unbiased, reproducible, accurate and understandable but that's not what they've gotten. So all of those things that we don't have are those flaws that allow you to have those back doors to go in to hack the voting system. This is what the voters wanted. What I propose is the concept of the election lottery. Now actually it could be funded. I think it could be funded by a lottery. You know how on your tax returns some of you might not even pay taxes but on your tax returns there's that little check box. Do you want to donate a dollar to the presidential campaign? They should have, do you want to donate a dollar to the election lottery? And then everybody who votes gets a lottery ticket and then will have these statewide awards. But even that went over like a lead blimp. But what I feel is one of the things that the election officials have said is we can't use paper ballots because it's discriminatory and a lot of people can't deal with them. Now on these lottery ticket things, if you go to your state, I collect these in different states that I go to, if you go to your state thing like it's like in a 7-Eleven convenience store like maybe at the gas station, they have these little cards. The marketing method thing is basically slips of paper that the voter would actually see, they verify that that's how they intended to vote. They hear the button saying that that is how they intended to vote and it drops into the sealed ballot box. So that's the marketing method business. But actually even an optically scanned ballot, let's sort of get back to election Lana, the even an optically scanned ballot is a voter verified paper ballot because the voter sees how they voted and you do have that piece of paper there that you can then use to audit the election. So there's a variety of different ways. I want to talk about that in this talk today, but there's plenty of material on my website you can catch me later and I'll be glad to give you a lot of limitations of how that could actually work. I'll take one more question, then I'm going back to my talk. What happens if he pays? What happens if he pays? What happens if he pays? Then wait, then again, we publicize the whole thing that the election has been hacked and then we all like sort of pray about November. So then you see that one of you is wearing the redefeat Bush button. I've got the bumper stickers to the whole thing. So then we have a real important thing on our hands is that we've actually demonstrated that this actually could occur. And I think that that's the most important thing is because these guys are saying and girls and election-efficient female that these people are saying that we can't enact an election and I believe that we can and a number of us believe that we can. Okay, you're telling me I can talk. Yeah, okay, I'm back to the election Lana. Okay, so the whole idea of the election is that you're to hand these things on and if you wanna create 20 of them, if you create 20 of them, get 20 bucks from each person that you said you voted for. But then it's your choice as to how you're going to cast it. You know, I cast one, you have to go to your pre-symptom cast it. And when I suggested this, they said, oh no, we don't wanna make voting easy for people to do. Wait a second, I thought that was the idea of a democracy. Oh no, we don't want it to be easy. That would make it too easy for people to vote. Well, that's really too bad, isn't it? But what you really want is you want it to be controllable where it's cast. In other words, you wanna have it available to everybody, but apparently that's anathema to the way that we run elections, unfortunately, in this country. But we want ballots to be available to everybody. We won't be able to understand how they do the elections. And then we wanna make it difficult to cast it, but not so difficult that you're excluding certain minorities and this type of thing. You wanna make it just difficult enough that you can't cast them multiple times. So anyway, that idea went over like a lead bling. So someone came up, actually a Republican, came up with this idea, which is why, well, I call this, how they compare scientists to keep it simple and stupid voting machine, which is the Fisher price voting device. We can't vote with this. You can't think enough to choose, oh, that might be discriminatory against the people who can't think. But that's all right. The idea is that you wanna have this sort of, you know, plugging device. As far as the election law is concerned, actually it's the state's rights, how they choose to vote. And if the state wanted to vote by throwing beans into a cup, as long as it was fair to all citizens and all citizens send access to the beans, then there actually is a fair way of running elections. So there's absolutely nothing in the election law or in the Help America Vote Act, unlike what people would like you to think, that we have to vote on voting machines, the states can make up their own rules. So I hope that maybe some states will adopt this one. I think it would be cool. In fact, what we unfortunately got, I really love this cartoon, is the firing thing. It's basically these guys talking, he said, remember the Harbour Master in the Florida Vote Camp, where the new peri-produced voting machine, already being implemented in many counties, completely solves the problem. Absolutely, there's no offer chance or paper balance to deal with, just a computer record. So there's absolutely no way to do a recount if the election's close. And better yet, the software's a trade secret, so no one can check that the vote's recorded correctly. But that doesn't even need to be addressed, the real problem. No more records, no more recounts, may you think that this is rather blatant, it is a cartoon after all, but in fact, there is a company called Made at Powervert in the Dutch company, I've mentioned them in my press release, that right on the website, they said no more messy recounts. The computer will always print out the same thing multiple times. So they'll be inviting it out of this. So they only get to this point about recounts. Okay, now again, keep thinking, and sort of like the magic trick, keep thinking, I have seen that a lot of times, they throw mine down, throw it out there, and so, so I always think about the way that we do the magic work, they're saying keep thinking about this, so I always say, so keep thinking about this, as we're talking about this, it recounts, the fact that we don't really have recounts gives you again another back door to be able to work your tricks. Okay, fully electronic systems do not provide any way for the voter to independently verify that the ballot cast corresponds to the data that was recorded and transmitted. So again, 30% of voters are probably going to be voting on these types of systems this November. So this is basically what we're doing with no independent recount. Election officials are given no way to conduct an independent recount since the audit trails that are provided lack any sort of checks and balances. They're just provided by the manufacturer using the software that's in the machine. Recounts are as one of the congressmen in South Florida likes to mention, he calls it replants. And he says that they're not really a recount, it's just a reprint. When you get a recount from these machines, they just push a button and it basically computer generates another image there. And then in the computer industry, we know this as Geigo, garbage in, garbage out. So if the garbage data from your vote data was collected improperly or somehow smished up as we went along, then it's gonna be garbage on the way out. And then there's also claim that the machines are fail-safe. They're not fail-safe, we have had them malfunction in actual use during elections and the votes have vanished. And when they vanished, there's no way to recover the data. So again, these are all sorts of ways that you could hack the election. So you've got a whole list of ways. You don't have to necessarily do the thing that has this fake thing. But if you manage to do any of these things, you're gonna have to prove that you actually did this. But I would say if you do it, then you also wanna leave that little message in one of the ballots. So anyway, here's some of the vulnerabilities. And I said the vulnerabilities are really based on this inherent inequity between the full audit trail and the anonymity. And so basically what we have is inherent in the nature of all computers, including those used for ballot preparation and vote telling, are aspects that can be intentionally or accidentally used to support the systems. The infamous denial of service attack, the election occurs over a short time frame and it has to be running during that time frame. That's the high intensity period. So if you create a denial of service attack, such as happened with these batteries, some in some counties in California where the batteries for some reason weren't charged up and so people couldn't vote for four hours and they were denied access to the voting that were told to come back later, but some of them couldn't do that. So it is a high risk target. So if you can create a denial of service attack and then demonstrate that you did a denial of service attack, as far as I'm concerned, you should also win the $10,000. But anyway, I have to figure out how to do this and then also be identified as having done it. As I said, the traditional forms of auditing is prevented and precluded by the anonymity requirement. And the earlier forms, like when you saw that ballot box being kicked around, in order to do that, you had to do it the old fashioned way. There was types of voting called chain voting where you would have a blank ballot and you'd fill it out and then you'd hand it off to the next guy and the next guy. And so there was ways of paying for votes. They involved hundreds of people colluding in order to do this. The way that we're dealing with the voting systems now is that if you have access, if you can manage to get access, then you can influence all of it all simultaneously. So it provides you with an opportunity to affect it on a broad scale. You're working for the vendor themselves and you're manufacturing that software that's going into the voting systems then you have the opportunity not even just to affect it on your state level or on your county level, but you can affect it nationally. So it's a huge availability to the potential of corruption. And as we know, it's nearly impossible to prevent or to detect it. So I call it the perfect coin. It occurs invisibly. You can actually, as you said earlier, you can wait self modifying code that actually it would self destruct after it executed. The weapon is the part of the regular tool set. So we don't have to worry about, you know, your weapons are compilers and code and all that sort of stuff. So we don't have to worry about the smoking gun left lying around. Oh, he had a Microsoft C compiler. Well, a lot of people have that. So it's, you know, they're not really going to be able to accuse you of that. Potential suspects are allowed to tamper with the crime scene before the evidence is collected. You'll see on a subsequent slide the business about the election officials. The election officials have access to all of this stuff. So if they want to, they can cover up the coin. Critical evidence is going to be prevented from disclosure. My assumption is that if they do, if you do wind up having one of those statements written in, you know, in the gobbledygook language in the writing vote, they're going to try to cover that up as best as possible. So you've got to make sure that that gets disclosed. But we're trying to make sure that it happens for you to tip us off. The problem is that a lot of the evidence is hearsay. It's not from the individual source. The prosecutors are falsely relying on others, the people who are actually like myself, people who are concerned about this, get criticized, and incorrect suspects are being charged. People often are criticizing a local election official who unfortunately bought this stuff because the vendor stole them and it was safe and the state certified it. It was federally certified. There's a lawsuit going on right now in South Florida with Miriam Oliphant of Ballard County and she's being accused of having spent too much money to run the elections. Unfortunately, what she wasn't told was she was going to have to spend that much money to run the elections because the machines were so fouled up. So that, in my opinion, is the perfect crime. So in the perfect crime, remember there's motive and there's opportunity. So we have motive and we have opportunity by the election administrators. People who are in power in the election system, politicians are the people who are running the elections and as we know, power corrupts. Well, maybe not to everybody, but for a lot of people it does. And so the point is, is that they got elected in a partisan way using the election system and this is why you don't see people up on Capitol Hill very much except for Washhole and a few other Congress people who are really concerned about this. And by the way, Washhole is also a geek because he's a degreeed physicist. But anyway, the times of people who are speaking a lot about this are feeling far between because most of the people know that they got elected from some really corrupt voting system and so they don't really want to lock the apocon or they might not be in office too much longer. So, and it is true. So the rest of the interest is in remaining in control or passing control to like-minded individuals. That's the idea and we know this from studying political science that this has basically been the way that the United States and other so-called democratic governments have been perpetuating themselves. So any type of election system that's relying on procedural or voluntary controls. In other words, these types of bogus inspections, these types of what they call logic and accuracy tests. Oh, we're gonna test the machine before the election and make sure that it works. All of that stuff, if it's being conducted by election administrators, then it is inherently corruptible because it's being done by the people who have the most to lose if they don't make sure that the system can do what they want it to do. So, basically I call it the sort of hear no evil, see no evil, speak no evil philosophy. And so for you, looking into ways that you can hack into the election, these are the types of things you're gonna have to deal with. So, first you should look for the smell test, okay? If it stinks, there's probably some problem there. Voting system standards contain the standards. These are the standards. And by the way, these standards are huge. They're like 200, 300 pages, boring, long sort of stuff. So, make sure you have a lot of like intoxicating beverages when you're reading these things. Okay, and I read these things. You just imagine what it must be like. But anyway, so the voting system standards contain the same problem. By the way, I am a part of the Institute of Electrical Arts, Science Engineers, the IEEE Voting System Standards working group. And we are working with the vendors on creating these things. And every time we get to something that could potentially lock up one of these back doors or loopholes, they start having a fight with us. Like, we've had for months fights over should wireless be used in a voting machine. And I can't get them to agree that that is not a good idea. They keep saying, oh, oh, this is secure. So they're like, okay, well tell me which sort of wireless you're gonna use. Or at least specify what secure wireless technology you're going to use in the voting machine. Oh no, that would be implementation specific. We can't put any implementation specific things in this area. We should just say that it has to be a secure wireless technology. Okay, so any of you know a secure wireless technology? I don't think so. But in any event, those are the types of, so you're looking the standards and their standards have these back doors in them. So wherever that stuff is in there, then that's the stuff that you can do to hack into the voting system. So the back doors are in auditing and security, in configuration management, it's sort of like propagating the system. So oh, by the way, when we inspect these systems, it's not like when you inspect a car. Imagine that in Detroit, they just inspect five cars and then all the cars get an inspection sticker of that model forever. You never have to inspect them ever again. I mean, this is ridiculous. So that's the way these inspections are done. The inspections are not done per voting machine. In many places, they don't actually inspect them again in the states or when they're by them. So the configuration management is, okay, here's the one that was inspected. How do we know that the one that was received is actually the same? Testing, manufacturing, that type of thing. And then you heard mention earlier about cryptography. They use all these words, techno hype. It's the sort of, you know, like use of, you know, electronic auditoriums. We have it in cryptography. What the heck are they even talking about this? The election officials, they're clueless. They don't have an idea what any of this means. We know what it means. And so when you see these techno hype boards, basically just come up with some other gobbledygook of your own and you should be able to defeat that pretty easily. The procedures that they use are also very, very lax. You heard mention of the business about, you know, the little sticky tape and, you know, the secured tape and also like these little, you know, wire ties. It's all hugely lax. I'll give you a reference to an article where you can find this. So anyway, that was the smell test. This is the eyeball test. The eyeball test is basically if the running system company has done insecure things like Debo and Sequoia have left their source code floating out there on the web. So my suspicion will be that they have sort of a lax procedures and protocols for protecting their stuff. Vote here, again, the company that I mentioned who said that they are offering up their software for people to review. Their server was actually attacked. Maybe it was one of you who did that. So that's really wonderful. But in any event, their server was attacked. And so those types of companies who we know are vulnerable to this type of stuff would be vulnerable to these types of things. As we said, the use of cryptography has been inappropriately applied and you can find documentation about that. And then this business is about the backdoor's Cots which is commercial off the shelf software. Products are granted blank in these exemptions from any sort of certification examinations. I'll give you the example in a minute about the Cots stuff. And basically, if you use a Windows operating system as some of them do, it doesn't have to be certified because it's Cots. You can get it commercially off the shelf. A lot of the voice modules that they're using for the blind to read app, those are Cots voice reading modules, even the printer modules. Printer drivers, if it's a Cots thing and you can purchase it commercially off the shelf then it does not have to be inspected. So there you go, there's all your backdoor's for you. And then finally, what I call the taste test. There are hundreds, literally hundreds on the website. There's various websites, a lot of them are linked to my website, a lot of them are linked to her website. Of examples of hundreds of voting system malfunctions. So if you're gonna attack something, attack one that you know to be vulnerable in a place where you know they've had problems before. There's, you know, these malfunctions were reported throughout the spring primary season and literally they said there were hundreds of these things reported especially over the last couple of years. The uncertified software was used in California and also in Indiana. Now supposedly that's been corrected but even though it was uncertified, we don't know what they're doing to have better software in there. And believe it or not, I mean anybody who is you know a liability expert, you don't take your things out for the first dry run on the most important election of the decade. And so, a lot of, yeah, a lot of the counties that are able to get their stuff in here for the spring primary so they are going to take bring in new out of the box new voting systems that have not seen actual use in real elections and they're gonna be using them in November. So find out where those counties are. I would suspect those would be ones to look at. This Robert Technologies report, we'll get to that in a second. But the Robert Technologies report was done in Maryland by an independent firm that was paid money to actually try to attack the default system. And it's a great thing, it's a great report because it gives you sort of the blueprint of how to attack the default system. But yet, the recommendation, and I really, I had a lengthy email exchange with Red Harbor, the lead guy who was investigating this. I said, so you came up with all these flaws and then the recommendation was to put tape or proof tape upon the ports. I mean, come on, this is ridiculous. So the recommendations were not really very secure. And so you can go right into the Robert report and I'll tell you how to go through the USB port and just use one of those thumb drives to add additional votes or to add additional stuff right at the polling place there. So all that sort of stuff, it's all available, information's all out there. So anyway, I'll refer you to that as well. And then the final part is really the business about accuracy. We know that every vote doesn't count and these last votes that are floating around is in the range of about three to 5% at every single election. And these exceed the manufacturer's stated error rates. They're always supposed to, according to the standards, use like one vote in every 54,000, which is still a considerable number of votes, but it's much lower than three to 5%. And our data has really shown that what they call this residual or lost vote rate is much higher than anybody really has recognized. And it's across all types of machines as I'll show you in a second. When they do the testing, they do it on pristine datasets. So they use perfect cards or perfectly marked up if they scan ballots. Or when they're doing the touch screens, do you think they touch the screen to cast the test vote to note they use a little cartridge and they test it through the cartridge. So this doesn't test anything. So this business of biographies, I'm not gonna get into the business about residual vote rate, but this is the type of accuracy we were getting in the California recall election. And you can see, yeah, it looks like the touch screens are better than the punch cards, but actually in some cases they were better, in some cases they were actually worse. And one of the best systems in California is the data vote punch card where it actually sucks the chat right out of the hall. And that's a really good system. It's also extremely cheap and they now have to spend billions of dollars to buy new ones. But nobody's talking about using that. Any of it, that's the type of error rates that we're getting. So the core thing was I was up at Yale and they had this big debate among like real high-tech gurus, undergraduates. And they, I do that, but they were at Yale. So they, you know, not even at MIT, but at least one undergraduate can be used there. There are really good students who actually built them up. Really good super students at Yale in the Computer Science Department. But the point is that they actually theoretically demonstrated that if you only change one vote per precinct, they did this sort of a mathematical analysis, one vote per precinct, and you can imagine either one machine per precinct or maybe two machines per precinct. So they ran it out with a number of different numbers. But one vote per machine, you could think of it that way. If you just change one vote per precinct in a closed election nationwide, you could actually shift the electoral college votes because remember we don't vote for the president, we vote for the electoral college. You can actually shift the electoral college like has happened in Florida from one candidate to another. So that's all you really have to do to demonstrate that. So in order to hack the election 2004, you don't have to hack too much. And it's going to be in the alleyway and it will be undetectable. It'll be in the level of the noise. It will be undetectable. So basically what I'm saying is his challenge, Shanice's challenge is doable. All you have to do is make sure that one vote per machine is swapped from one candidate to another. If we have a closed election, it will change the outcome of the election. So very good results there with the Yale people. That's my email address and you have this fire and I have websites linked to mine. And if you go on my site, the ebay.html, you can just get a notable software.com and then click on the electronic voting button. That gives you all the information about voting, that sort of stuff. They just give you, they show you where this bill is about the Robin Technologies Report. And they're both going to take questions. This Robin Technologies Report, very easy to find. Oops, I just closed it, crap. All right, sorry about that. This Robin Technologies Report is available on the web and it's got, it paid over, it's only 23 pages. Here it is. The D-bar academic TS voting system. Let me get down to, let me get down here. So it actually shows you exactly how you can influence with the key cards, the, just sliding down here. Show you exactly what you can do. I just wanted to read this really great paragraph. So here's the sticky tape. This is a recommendation. Secure access with the server. He's a sticky tape. I like that. That's really good. We'll probably buy them on the internet. Here's the gem server and, and Ben has spent a lot of time with the gem server. It's just, I love this one. This is really great. Okay. The team demonstrated the file. And by the way, they didn't take months or you know, even like years to demonstrate. Some of these things that they demonstrated were demonstrated in like as little as five minutes. And in addition to all of the passwords being the one, one, one line, they also found that the physical keys, there were like 16,000 machines and each had two or three keys. All the keys were identical. Now, we don't even have to wonder about that. Like if you ordered keys from a wax making company, you would have to actually, I don't think that the default would be that they give you different keys, right? You would think that I don't think you would have to specifically ask for all the keys to be exactly the same. Or some Bozo did that. So all you have to have is one key and you could open up any loading machine because they all have the exact same physical key. This would be ridiculous. But anyway, the only thing about the gem server, this is the gem server wax critical security updates from Microsoft. Again, it's COTS. It's a server using a Microsoft standard product that you can buy commercially off the shelf. There's no requirement that you do an update. I love this when I read this. It says, as a result, the team successfully exploited a well-known vulnerability using a software product named as Canvas. Probably a lot of you know what that is. This vulnerability described in a security advisory for Microsoft, for which a patch was made available on July 16th, 2003, allows a remote attacker to get complete control of the machine. Since this is the same weakness that the honest 11, 2003 blaster worm exploded, it means that if the gem server was exposed to an environment where blaster was propagating, it might have been infected. Now, it's not the blaster so much that was bad. It's after it gets infected by blaster. There's, as you probably all know, there's a thing that runs on top of a blaster-infected thing that now exploits the blaster hull that's been blasted into it. So by just successfully directing Canvas at the gem's, what is it? It's a modem interface. The team is able to remotely, yes, the modem. We're able to remotely upload, download, and execute files with full system administrator privileges. All that was required was a valid phone number for the gem server. So this is the type of thing that's actually going on inside of these systems and nobody's doing anything to control or protect this type of stuff. So it's a great thing. You can search for, it's a robber report. Just search for robber technologies, Wordheimer, we'll find it. I might even have it linked to my website, but it's very easily accessible. And this is the type of thing that's out there. So I'm not talking about something that is impossible to do. It's very, very possible to hack these systems. And I'm encouraging people to at least do some sorts of demonstrations, if you can, even do them at your county. See if you can get your county to allow you to do this. Like you did, you went in there legitimately and you just talked the guy through so that he actually saw how it was possible to go in through a back door. I think people need to start doing that and we need to start getting in touch with the people who are in charge of this stuff and letting them know all of this is occurring. So I'm really enlisting your support. I hope you'll help me with this. We'll make sure that hopefully you don't get arrested, but we really want to make sure that people get the right out there and really try to find out what's going on inside these systems so that we can sort of stop this and then go to some sort of same way of running elections. Hey, thank you very much for your attention. Appreciate it. Thank you very much. Is that really a standing ovation over there, man? I've been a guitarist for most of my life and I have never gotten a standing ovation. Thank you very much. That makes me feel great. So anyway, now we'll take questions so we'll be happy to answer your questions and so you might as well start. Go ahead. Right, my name's Johnson, yeah. I'm assuming you're saying yeah, what you're saying is the question is essentially have I noticed any correlation between the people in the standards groups and the locations in which they happen to reside or work? That's a very interesting question and you can answer it too, but from my own personal standpoint, again I've been working this for 15 years, very early on I noticed that it was not the people who were working on it per se, but the locations in which they were deployed and the places in which they were reported problems and again these problems go back decades even with the electronic stuff that was around in the 80s and what I noticed and I didn't stay away too much during high school civics but I have to say that I stayed away long enough to know where the civil rights problems were and it was just astonishing to me to, you know, Dade County and all these places where there had been civil rights problems are the places that seem to be uniformly employing these types of technologies and also having the problems with them. Now the U.S. Commission on Civil Rights who I did testify for, the C-SPAN actually broadcast the testimony, the U.S. Commission on Civil Rights is very concerned about this and they have issued numerous reports. I should tell you that whenever they talk about voting in their hearings in the U.S. Commission of Civil Rights hearings, the Republicans get up and walk out. They don't want to talk about it but they do hold the hearings anyway even with the amount of the room and in their hearings and in their booklets they have various studies that they have done some fairly huge and extensive studies. They, there is a correlation between the places in which these machines are being used and it's like some of them, they show a map in the United States and it's like we're fighting the civil war. It's like north versus south and it was very astonishing to me because I didn't realize that it was as predominant as it actually is and that it's sort of like a high tech, what I call like a high tech literacy test. It's a new way of creating a literacy test that is a technology type of literacy test even if it's just that technology is harder to use by people who really don't have access to technology but the problems and the things, the denial service that seems to be endemic seems to be in those same counties. Again, hard to prove but the US Commission of Civil Rights just contact them, they can provide you with that data. That's the one that you answered it. Okay, cool. That's, I don't know if my mic works. Oh, yeah, it's working very well. Sorry about that. You recognize people. Oh, no. Okay, white shirt, black shirt, okay. Right, and then back. You're doing this here in Santa Clara County, yeah, my group demonstrated. It was probably the Avante system and they actually, they are certified. It wasn't in Santa Clara. Well, it might have been open voting. It was the open software group, that's right, it was the open software group. Oh, remember, evil, open software. Yeah, the open software group actually did demonstrate too but also Avante is actually certified. Open software group stuff is not certified yet to my knowledge, you can correct me but I'm fairly certain not. It costs about a million dollars to get a new product certified and it takes about a year to two years to get certified. Avante's system was demonstrated in California and they are certified. They have to be fairly certified and then state certified. So there are a number of paper ballot products that are legitimate out there that are actually certified and out there. So, and the open software group is planning on doing that as well. So, I don't know about that. Well, we should take a little bit. I'm sorry, we really did want to get, we might have to get somebody on the left. How about you? The vote by mail? Avante and vote by mail is unfortunately very vulnerable. It wouldn't need to be but they don't have a particular method of tracking the chain of custody. And what's more disturbing is in the urban areas, they outsource, they would get all these ballots in, in my county about 600,000. They come into the post office and then it turns it over to a private company and then the private company then turns it over, sorts it into its precincts, so it knows where the ones are, gives it to the elections division and at no point do they count the ballots to make sure that the same number of ballots is going through the system. So the easiest way to tamper with that would be to disappear ballots in key precincts. No one would ever know. And that is true. Any type of absentee balloting, even if it's like on the internet, can also be subject to vote selling coercion. But I have spoken with the Secretary of State of Oregon. He is happy with that. People in Oregon don't tend to talk to each other too much. So it does seem to work for Oregonians and they are actually happy with it. The thing that I do agree with what you're saying, one system that I did see that was demonstrated by Pitney Beaux and they're like the people who sell like the male, the electric, male sort of like the stamps, electric stamps and things like that. They actually have a very nice system which is end to end. You can actually trace back if the person, the editor says that we nailed you your ballot. You can actually prove through this Pitney Beaux system that it actually was mailed. So there are ways to do this correctly. And I have sort of urged Pitney Beaux that a lot of people don't know about it and I don't know if they've sold very many of them. One of the great things about, I happen to vote absentee now because they also put these systems in my area. So one of the things about voting absentee is that you don't, if you're voting early, you can actually go to the place where you drop it off and I physically dropped off my ballot and handed it off to someone else. I know when my vote was encouraged, I know I handed it off. I don't know what happens to it when it finally gets to it. That's also very important by the way is once the votes finally arrive, the absentee ballots, they're counted by the GEMS system, the central tabulator. Yeah, they're not counted by math. They get through the machine. Yeah, so the same problems exist. And there's a whole host of different things. I don't mean to put down cryptography or any of these high-tech approaches. There are some really great high-tech approaches and appropriate uses of technology where you would scan a ballot and it would get a cryptographic seal on it so it couldn't go mislead and things like that. So there are things that we have suggested to try to assure that the ballots are the way they are intended and that they get received the way and counted the way that they're intended. Unfortunately, again, the vendors are not going towards those things. But you'll see.