Maryland Illegally Used Uncertified Software in 2004 Election, Misled Media and Continues to Cover for Diebold

By Kevin Zeese

February 16, 2006

Maryland, the staunchest hold-out for paperless voting is about to change. Yesterday, Governor Robert Ehrlich joined the leadership of the Democratic Party to support a voter verified paper ballot saying: “I no longer have the in the confidence in State Board of Elections' ability to conduct fair and accurate elections in 2006.”

At the same time new documents revealed in litigation as well as from California and Pennsylvania show that Maryland illegally used uncertified software in a 2004 election. Further, State Election Administrator Linda Lamone misled the media in July 2004 when she denied allegations that uncertified software was illegally used in the March 2004 primary election. In addition, she is failing to address the current serious security problems with Diebold machines.

Maryland is of national interest because Lamone is the President of the National Association of State Election Directors (NASED) and the most vociferous advocate for paperless voting in the United States. John Gideon Information Manager of VoteTrustUSA.org says “NASED presently controls all federal voting systems qualifications. They control the panel that reviews the testing results from the Independent Test Authorities and because of that they control who gets qualified and who doesn't.” Indeed, unless Maryland passes legislation immediately, it will be the only state to use a statewide paperless Diebold system as Georgia, the other statewide paperless state has announced it is changing its system. The Maryland legislature is currently considering legislation to end paperless voting. Not surprisingly, Lamone is fighting the legislation.

The use of uncertified software violates Maryland election law which requires the use of federally certified software saying: “The State Board may not certify a voting system unless the State Board determines that . . . the voting system has been. . . shown by the testing laboratory to meet the performance and test standards for electronic voting systems established by the Federal Election Commission.” (See Title 9, Subtitle 1, Section 9-102 entitled Certification of Voting Systems.) Thus, federal certification is required. The purpose of voting system certification is to ensure security and reliability of the software through independent testing before being used in an election.

California decertified Diebold voting systems in 2004 in part because of the use of uncertified software in that state. Diebold admitted installing unauthorized software in a number of counties after it was discovered in an audit carried out by the state. In April 2004 Diebold defended their use of uncertified software by highlighting its use the use of uncertified software in Maryland saying: “[T]he State of Maryland successfully utilized GEMS 1.18.19 in their March Primary Election in their 22-county roll-out of touchscreens.” The report -- entitled “Diebold Election Systems, Inc. Report of Assurances to Alameda County” acknowledges that the software was not federally qualified even as of the date of the report, April 26, 2004. The Maryland primary was in March.

This week when I asked Ms. Lamone and her deputy, Ross Goldstein, whether uncertified software was used in Maryland elections, Mr. Goldstein responded that he could not answer on the advice of counsel. Ms. Lamone remained silent. Governor Ehrlich asked the same question, among others, in his letter yesterday to the Chairman of the Board of Elections and demanded an answer by February 28th.

The election advocacy group, TrueVoteMD.org, put out a press release on June 17, 2004 alleging the use of uncertified software and seeking accountability. Linda Schade, Executive Director of TrueVote explains how Lamone fooled the media: “When journalists for the New York Times, Wired Magazine and the Baltimore Sun contacted Ms. Lamone, she told them there was documentation that the GEMS software had passed federal certification in February. However, this certification only applied to the use of the GEMS software on the two dozen optical scan machines that count the state's absentee ballots, not the software used on 16,000 TS touch-screen voting machines used on Primary Day.”

In fact, according to the NASED website, the GEMS software used with the TS touch-screen machines used in Maryland were not certified until May 2004, two months after they were used in a Maryland election.

The current controversy stems from the infamous Leon County hack of the Diebold machines by Harri Hursti and Black Box Voting. The “Hursti Hack” showed that software currently on the Diebold memory cards - banned by the feds in 1990 - can be rigged to alter the results of an election. Changing the election requires only brief hands-on access to the memory card from the voting machine, a card about the size of a playing card, plus a computer equipped with a card-reader that can be purchased on the Internet.

The Hursti Hack is accomplished without any passwords and with the same level of access given to hundreds of poll workers. It changes votes in an untraceable one-step process that can only be detected in a hand count of paper ballots – if they are available. A hand count is not possible in Maryland where there is no voter verified paper record. Changing the elections requires only a single credit-card sized memory card. In Maryland, where 16,500 machines were used in 2004 there is one memory card for each machine and nearly 2,000 precincts where poll workers have access to those cards. Any single individual with access to the memory cards can change the outcome of the election.

In response to the Hursti hack, California immediately demanded that Diebold test the memory cards used with all its Diebold voting equipment. Pennsylvania moved to de-certify several Diebold systems after receiving a document dated January 5, 2006 in which Diebold acknowledged that the banned AccuBasic software, which creates the security hole that allows the Hursti Hack to occur, is used on memory cards for the TS machines – the machines used in Maryland and Georgia.

Lamone also wrote a letter to Diebold demanding daily briefings by telephone and the results of California's testing. However, according to documents provided in litigation, California did not request testing of the memory card software used on Maryland TS machines. California uses a newer model, the TSX; if that machine shows vulnerability it is likely the TS is also vulnerable, but if the TSX is secure it may not mean the TS is secure.

Brian Hancock, the Independent Testing Authority (ITA) Secretariat at NASED reported that NASED is unaware of any testing of the Maryland TS machines. Calls to Diebold and the ITA Ciber, Inc. went without response.

Lamone and her deputy refused to answer whether the TS machines and memory cards were being tested. Again, yesterday Governor Ehrlich asked whether any components of the TS were being tested by the ITA.

“Documents show Linda Lamone is carefully avoiding scrutiny of the TS machines used to cast the vast majority of votes in our state. Once again Lamone is protecting Diebold at the expense of election integrity. Rather than following the law, decertifying Diebold and require they engage in re-certification testing, she remains silent, hoping no one will notice,” said Schade. “The critical questions are 'Do Maryland voters have a secure voting system in place for the 2006 elections? Are the machines legal? I've discussed it with numerous national computer experts in this field who say they are not secure. This information is critical now because Maryland is considering legislation to require voter verified paper ballots.”