[no subject]

Web site over 180 times. Dmitry is a keeper of the passwords and the king of single-sentence

memos. He knows the voting system programming intimately and has uploaded computer code

that programs your smart card, captures your votes at the polling place, and accumulates and

reports them at the county.

* * * * *

To examiners of the Diebold files, Ken Clark ? one of the programmers who uploaded

software modifications to the FTP site ? has become somewhat famous for his blunt writing and

ethical shortcuts. Clark?s comments in the touch screen source code are quite a hoot, though not

inspiring of confidence in the touch-screen system:

?the BOOL beeped flag is a hack so we don?t beep twice. This is really a result of the key handling being

gorped. (WriteIn.cpp,v)

? this is completely screwed up. the iIndex calculations are incorrectly based on nybbles for some unknown

reason, and so the offsets are incorrect. This works only because the offsets are also incorrect when the

card is read.? (VoterCard.cpp,v)

?Reserve place in hell for person who renamed CRace and friends to CRaceKey.? (BufferedSocket.cpp,v)

?determine issue type. This is the silliest case statement I have ever seen? (TSElectionDoc.cpp,v)

?The if (counted) reeks.? (TransferResultsDlg.cpp,v)

?Add and comment out code to work around bogus -1 in ballot level IDs.? (BallotRstDlg.cpp,v)

?Why is this here - should only be needed in DoDataExchange()? (ElectPollBookDlg.cpp,v)

?this is a sick hack to parse out a jurisdiction from a multi-line election title. The jurisdiction field should be

eliminiated altogether and this code removed. This whole section is fairly broken wrt GEMS. GEMS doesn?t

store the ?election information? in any kind of multilingual sense, let alone rich text. For now just stuff the

english into all languages.? (BuildElecDlg.cpp,v)

?The scaling stuff is complete voodo.[sic] Trust me or rewrite it to make more sense.? (TextCell.cpp,v)

Deep magic is not working? Tried input of 6 and got back 1 which is not right.? (CIssue.CPP,v)

?I justify the label by saying the existing code was crap structurally to begin with.? (Votercard.cpp,v )

In a July 1999 memo, Ian Piper wrote, ?What is GEMS written in?? Clark replied, ?GEMS is

written in my office.?

So Clark programs the GEMS system that accumulates and reports votes from polling places.

We have weak and sometimes unenforced procedures for comparing polling place results with the

county tabulations, so the GEMS program is an especially tempting target. Clark repeatedly

advises field technicians to skirt U.S. election law, telling them to go ahead and install software

which he knows has not been certified.

From: Cathi Smothers, June 05, 2000, to Ken Clark: How do I know which version of GEMS (i.e. 1.16.3,

1.16.4, etc.) to use??

From: Ken Clark, 5 Jun 2000: ?... Baring any certification issues, the latest stable release is what you want to

upgrade accounts to ... Right now 1.16.latest is considered stable, 1.16.4 being the current release by my mail

... ?Its fair to say the nature of this company and business make this process fairly informal, perhaps more so

than I would like. Testing releases go out to customers when they shouldn?t, and new features get added to

stable branches when they shouldn?t. It is not entirely undisciplined either though. Obviously you need to

keep an eye on the support and bugtrack lists. Sometimes a bug slips into a stable branch, in which case its

better to ship a version you trust, or wait for it to get corrected.

... ?The DLL files shipped on the GEMS CD get updated from time-to-time as well, though not often. Is

usually a good idea to order the CD [as opposed to downloading from the FTP site] for a long-haul upgrade.

Its not really clear whether 1.11->1.14 qualifies as long haul or not. That really depends on your comfort

level. There is never any harm in ordering a CD ...?

From: Ken Clark, 6 Jul 1999: I hate more than anyone else in the company to bring up a certification issue

with this, but a number of jurisdictions require a ?system test? before every election ... That is why the

AccuVote displayes the silly ***System Test Passed*** message on boot up instead of ?memory test

passed?, which is all it actually tests. ?No argument from me that it is pointless. You could probably get away

with a batch file that prints ?system test passed? for all I know.?

From: Ken Clark, 7 Jan 2000: ?*Any* testing we can do on 1.14 is a good idea. With the risk of sounding

alarmist, 1.14 really needs more testing. Even though much of GEMS looks the same from the outside, the

guts changed substantially between 1.11 and 1.14. That?s why you see all kinds of things completely

unrelated to shadow races broken in the early 1.14 releases.?

From: Steve Knecht, 14 Jan 2000: ?Is it the intention of development staff that California March election will

be run on some version of 1.14 or will we end up in the 1.15 range ...?

(Answer from Ken Clark, 14 Jan 2000): ?Needless to say, the changes were extensive. The paint is still wet

* * * * *

We know nothing at all about Whitman Lee, another Vancouver programmer who uploads

software to the FTP site. His memos consist of fixing bugs and uploading replacement software,

which he did three dozen times over a 24-month time period.

From: Whitman Lee

?GEMS 1-5-3 is ready to download.

?GEMS has evolved so many times that it breaks some of the pre-election reports, and ?Base Precincts with

Cards? is one of them.?

?Here is the latest changes since 1.5.8.?

?AVTS-3-4-1.zip is up. Here is this short ?upgrade? instructions.?

?The password for ATTemplate-3-4-1.zip is msd8sdh3isohr.?

?GEMS-Reports-1-9-6.zip is ready for download.?

?GEMS 1.10.3 is ready. Password is ?lad073tm/p.sm.?

... this package now includes the missing mfc42.dll (6.00.8267) file. These two files are included in the package

and also available under ATFix directory: vbajet32.dll, mfc42.dll.6.00.8267.0?

?GEMS 1.11.2 is ready.?

?AVTS 3.8.1 and its InstallShield package are ready.?

?AVTS 3.9.2 and its InstallShield package are ready.?

?The fix will be in GEMS-1-18-9.?

* * * * *

Guy Lancaster?s speciality is programming the optical scan system, used in 37 states in the

U.S. Lancaster has been retained only off-and-on as an independent contractor. He has also

arranged for uncertified software to enter our optical scan machines. A lot of it, apparently.

From: Guy Lancaster, 27 Jan 1999: ?For those romantics that fell in love with 1.94f, the latest flavor

incorporates all the changes made since 1.94f<. This includes the changes in 1.94q, r, s, t*, and u. Pass

your orders on to McKinney. ?* Note: The PC 1.94t release was preempted by 1.94u.?

From: Guy Lancaster, 25 Feb 1999: ?Our latest 1.94 releases have been rushed out to fix a bug that slipped

out with 1.94u and 1.94f>. Namely, 1.94u and 1.94f> fail to detect unvoted ballots and therefore cannot

return blank ballots ...?