The cat that controls New Hampshire election programming
By Bev Harris
Online Journal Guest Writer
Jan 8, 2008, 00:51
John Silvestro and his small private business, LHS
Associates, has exclusive programming contracts for ALL New Hampshire voting
machines, which combined will count about 81 percent of the vote in the
primary. And as to Super Tuesday and beyond: Silvestro also has the programming
contracts for the states of Connecticut, Massachusetts, and Vermont.
Silvestro IS the New Hampshire chain of custody in New
England -- or, at least, a very large component in it.
Last fall, with the help of citizens like you, Black Box
Voting began working on "Chain of Custody" projects, in which we
identified some of the areas of concern that might affect many jurisdictions at
once. First on the list for the Northeast U.S. is LHS Associates, a vendor with
inside access to every memory card, as well as to the chips containing the
"brain" of the Diebold optical scan machines.
Rare video footage
In an unusual confluence of available video, we obtained
footage of Silvestro grappling with Harri Hursti, the master hacker who had his
way with the Diebold optical scans in Leon County, Florida, in the famous
exploit that was showcased in the film Hacking Democracy.
The exact same make, model and version hacked in the Black
Box Voting project in Leon County is used throughout New Hampshire, where about
45 percent of elections administrators hand count paper ballots at the polling
place, with the remaining locations all using the Diebold version 1.94w optical
scan machine. Because the voting machine locations tend to be urban, this
represents about 81 percent of the New Hampshire voters.
The video shows Harri Hursti testifying on Sept. 19 before
the New Hampshire legislature, attempting to explain significant
vulnerabilities requiring urgent mitigations; throughout his testimony,
Silvestro inserted his own comments, opinions, misstatements and speculations.
Voting machine checkup
One area of disagreement between Hursti and Silvestro was
the amount of expertise needed to exploit the Diebold 1.94w optical scan
system. Silvestro claimed (in a strange contortion of reasoning) that he
doesn't hire very skilled programmers, implying that this makes New Hampshire
elections more secure.
Hursti pointed out that hiring programmers with a lack of
knowledge is generally not considered a security feature, and also that an
average high schooler can learn to exploit the system in two days to two weeks.
We think it doesn't take that long
Black Box Voting purchased a Diebold optical scan with 1.94w
firmware, and chose a computer repair shop out of the phone book, took it in,
grabbed the first available technician. It took him less than 10 minutes to
zero in on the memory card as a point of critical vulnerability -- and, oh my,
did he point out some other intersting things!
New Hampshire hasn't upgraded system security
Silvestro tries to claim that the security problems have
been fixed in newer editions. Whether or not they have been, it's a moot point
in New Hampshire where the upgrade is not made unless the Ballot Law Commission
meets, and they have not met for ages.
Silvestro then points to extraordinary measures taken by
other states to enact special procedural safeguards, but of course none of
those were implemented in New Hampshire either, because the Ballot Law
Commission has not bothered to meet since March 2006.
In fact, New Hampshire has not implemented
mitigations for known risks
Not only that, they have turned all the programming over to
a sole source private company, taking vote counting for 81 percent of New
Hampshire citizens out of the public domain.
LHS is not subject to public records requirements, as the
government is, at least, not in New Hampshire. The control over memory card
contents is absolute; when cards malfunction or get lost, LHS brings the
Control over the "brains" of the machine: access to the chip
Since LHS maintains the machines, repairs the machines, and
replaces the machines -- often on Election Day -- when they malfunction, they
have intimate access to the chips, sockets, ports, communications devices and
other electronic components.
Silvestro stated that the chip has "read only
memory" and cannot be reprogrammed without frying it under ultraviolet
Hursti never had a chance to examine the hardware, nor have
most of the recent university studies had access. But our friendly neighborhood
computer repair guy differed with Silvestro on the point of plug & play
reprogramming of the guts of the machine.
Harris is the founder of Black Box Voting
Inc., a national nonpartisan, nonprofit elections watchdog group.
Copyright © 1998-2007 Online Journal
Email Online Journal Editor