Black Box Voting : 10-31-06: Reports from the front lines — Citizens find critical security issue with Sequoia
Anyone who can get at the yellow button can ruin the election. It takes no password, no computer knowledge, no equipment.
The formula is printed in materials that have been distributed to thousands of people. The machines will count millions of votes.
Citizens — not scientists or certifiers or testing lab authorities — identified the problem and have now notified the California secretary of state, and emergency measures are reportedly being taken in California, but not yet in Florida, Illinois, New Jersey, or any other state using Sequoia Voting Systems, the third-largest voting system vendor in the U.S.
An extraordinary Southern California citizen, Ron Watt, verified the security problem, which Black Box Voting will explain in detail below. The California secretary of state was formally notified by the California citizens.
The California Secretary of State’s office followed up on a conference call among Bruce McDannold (Sec. State’s office), Riverside citizen Tom Courbat, and Tehama County citizen Ron Watt on Friday Oct. 28.
After hearing what these citizens revealed, the Sec. State had Sequioa demonstrate the process which, in effect, allows any citizen to cast multiple votes
Sequoia agreed it could be done, but claimed it would be difficult to do unnoticed (they focused more on voters doing it than the idea of an insider doing it)
The Secretary of State contacted every California county that uses Sequoia and confirmed with them that they were indeed aware of this feature.
California counties are to inform all their poll workers of this and instruct them to be very vigilant during the Election Day to anyone spending too much time in the booth, or reaching around to the back of the machine where the button is located. Poll workers are supposed to be instructed to listen for a beeping sound made when the yellow button is pressed.
The Secretary of state is reportedly going to require increased signage regarding criminal penalties for tampering with voting equipment are to be prominently displayed on every machine.
Additional steps should be considered, and Sequoia now has joined Diebold as a company that produces provably insecure voting systems that should be recalled. Both the WinEDS central tabulator deployed by Sequoia and the Sequoia touch-screens with the yellow buttons are insecure.
While it may be caught if extra votes are entered using the yellow button hack, which ones would be thrown out if there are too many?
Here is how the “Yellow Button Hack” is done:
1. Go to the back of the voting machine. Press and hold the yellow activate button (about 3 seconds). Release when the screen says “waiting for next voter”.
2. Press and hold the yellow button again until the screen says “change to manual activation?”
3. Touch the “Yes” button on the screen.
4. At that point there will be a message on the screen that says “Manual activate voting enabled” (this is just displayed briefly)
5. Next message will read “Waiting for the next voter” When you see that you touch the message that says “start voting” or “resume voting” located in the lower right of the screen The AVC Edge is now set up for poll worker activation mode.
Here is the sequence:
If it’s regular voting (as opposed to provisional)
a. Once you’ve touched the start or resume the “waiting for next voter” appears
b. Activate the ballot by pressing and releasing the yellow activate button
c. Activate the correct party for the voter AND press the yellow activate button using the keypad on the display screen
d. Select the voter’s language if appropriate
e. Vote. (Once the voter has completed voting and cast their ballot. Prepare the Edge for the next voter. If the next voter is a regular voter repeat step B and D above.
You can now vote as many times as you want to.
This information was obtained in a public records request