Stephen Spoonamore Interview

Oct 2006

Interviewer(I) Ė Youíre the CEO of Cybrinth, a cyber security company, tell me a little bit about what your company does.

Spoonamore(S) - We functionally develop policy and secure architecture for IT systems, primarily for major international banking corporations, credit card companies, a number of government agencies.

I - So these companies hire you to what, stop hackersÖ

S - One of the bi-products of what we weíre doing is we track data, we trace and track and create custodial management chains of how data moves through systems.Our largest amount of work is actually for the global credit card industries in which we are generally tasked with finding how data moves between when you take a credit card and actually put it through a machine, the machine goes to an acquiring bank which then has to integrate that information with their banking structure, hand it off to a international credit card company who then hands it off to an issuing bank, who is the person who gave you your credit card.It can populate as many as 90 databases all in a matter of 2 or 3 seconds to approve your single transaction.We trace, set up the custodial management and secure those types of transactions.

I - I see, so itís basically chain of custody issues to make sure the data is transported then secure.

S Ė Correct.

I - What is your experience with the architecture of electronic voting machines specifically the Diebold machines?

S - Um, my personal experience with them is purely as an outside observer asking to look at them.They refuse to show the architecture or allow it to be exposed to any kind significant expert.The people who I have met who they claim have certified their machines have no knowledge of architecture whatsoever.

I - Who has asked you to look at the architecture?

S - No one has asked me to look at the architecture of a voting machine.I have repeatedly asked to look at the architecture of voting machines.They will not allow us to do so.

I Ė Why?

S - Because the fundamentals Diebold has used to set up their machines are inherently flawed.Theyíre what I would consider IT junk.††

I - Why do you say that?On what basis?

S - Because they do not allow the code any kind of validation or check that allows for a local auditor to confirm that it is in a configuration pattern appropriate for voting.So if youíre going to set upÖletís look at a Diebold ATM, which we work with a lot. If youíre going to set up a Diebold ATM system at a bank every line of code in that machine, and there should be 30,000-35,000 lines of code, is inspected by 4 or 5 people, where each of the fields are confirmed that theyíre going to pass the information correctly to the machines that pass out the money, to the machines that take and validate your card, to the little motors that push your card back out to you, to the receipt printers and to the integrated databases on the back end.No process inside of that is not followed with a 4 eyes operation meaning 2 different people have to be looking at each step of the process at each step of the way.†† And those people are not from Diebold.One of them is from the installation group and one of them is from the bank.Otherwise the machine is not certified for use.

I - And this is not happening in respect for an electronic voting machine?

S - Not to my knowledge.

I - So what youíre saying is thereís more security regarding the dispensing of a $20 bill and the fact that if you donít get that $20 bill there is more of an audit system set up?

S - Of course.

I - Ok, before we get into this, I just wanted to kind of do some background with the electronic voting machine.It emerged out the 2000 election debacle and-

S - Earlier than that

I - But it was-

S - Global Elections systems, a group out of Texas, was pushing these back in 1998.I first became aware of it and actually wrote a short letter encouraging people to not use these in 1999 before the 2000 election debacle.What happened in 2000 is, all of a sudden you had a number of electronic systems fail during that election the Volusia County incident in which 16,000 votes suddenly vanished and then reappeared and several uncertified cards somehow ended up in the system, also a Diebold system.That sort of got lost in the hanging chad debate in Florida, however, thereís a very strong argument to be made that the 2000 election was electronically stolen and the hanging chads were just a distraction.

I - I see.Now going back to the audit, I believe at many times youíve asked the company, youíve asked Diebold to audit their systems

S - Iíve sent personal letters to more than 20 executives at Diebold, Iíve send dozens of letters to my own home county, my own home election board which now uses Diebold machines.Iíve sent letters to Ken Blackwell and his office.Actually, I personally asked Ken Blackwell for this, I served as the Co-chairman for the National Electronic Identity Taskforce and presented the stateís Attorney General the findings on how to secure state secure databases.At that meeting, Ken Blackwell was present and I actually went up and asked him if we could have a conversation about that and he said that it is not the appropriate venue.I then said to him, if you cannot discuss voting machine security at a security conference meant for state functions, when can we have this discussion?He then walked away.

I - What about Diebold executives?

S - They have never responded.Thatís not fully true.I actually reached out to a number of their people in financial services because I have a very significant set of contacts through the banking work that we do and the banking people that Iím working with asked for some of the Diebold people to speak to me.Since then, when they realized the scale of what Iíve asked for, theyíve refused any further communication.

I - Can you explain to the viewer how a Diebold voting machine can be hacked from a remote location?I know at times youíve mentioned that foreign nationals can accessÖ

S Ė Sure.

I - Take us through that.

S - The department of homeland security actually - this is some of the people involved in issuing this, very good friends of mine from the Cyber Emergency Response Team(CERT).The US CERT center actually put out a full warning, which Iím sure your station can get a copy of, warning that the way Diebold systems are architected, in the way the tabulators communicate to the central state tabulation center, is subject to foreign national hacking.They put out a warning about it, to the best of my knowledge this is still the case.Hereís how it happens, each individual machine has significant problems, most machines are not set up, the individual machines that you use as an individual voter touch are not set up so that they, themselves, are not electronically networked.A few of them are.Some of them hook up to phone lines for a variety of reasons, some of them have IR ports the same way you scan information back and forth from a PDA.Inside of those machines are a number of layers of information but eventually they get down to a memory card which itself is subject to hacking, there are several subject to hacking in the operating systems.Viruses, codes, screen flipsÖall those things can occur but letís assume everything worked correctly in the machine and you now have a card with the correct votes in the machine.Personally we have no way to know this, but letís assume itís true.We then take those machines to the county elections headquarter.All those cards come in and one by one are inserted into a central tabulator.That tabulator then is supposed to take the total votes in each of the precincts and the total votes from the county and electronically transport them from that machine to a central state tabulation machine.Hereís the problem Ė how is that moved from point A to point B?Itís moved through common carriers.Itíd be very easy, if you understood the IP addresses, and this is something that anyone with basic electronic intercept skills understand, you can mimic an IP address, and in the process of that information being transferred from point A to point B, see it.Now it may be PGP encrypted, it may be socket level encrypted, which Diebold claims to be the case, however, in the 3 counties where I have personally gone and asked the people who do the tabulation, they have no idea how to do encryption, what the encryption is, how itís set or who sets it.So again, weíre just trusting what Diebold says, oh donít worry, itís encrypted.But none of the voting officials know this or understand how it works.Ok, well then let a professional who actually looks at encryption key algorithm systems, which I have for probably for over 100 banks, let me see the system.I can tell you whether or not theyíre actually using a key exchange system which will make for secure transmission or not.I tend to think theyíre not doing so.

I Ė So again you said, forget the problems on the front end-

S - Letís assume there are no problems-

I - So as a voter, if I touch the screen Iím assuming my vote is secure but youíre saying at that point, a lot can happen to your vote.

S - The chain of custody in terms of that vote Ė hereís my finger and if I were to write on a ballot, that ballot is now a permanent document.What is happening now is when you touch that screen, that screen has circuitry inside of it, and that circuitry talks to a data field.That data field below it is like you basically walking up and opening a curtain and thereís a little man there and you say ďHello whatís your voteĒ and I say ďWell Iíd like to vote for thisĒ and he says ďOk thank youĒ and he closes the screen and goes to a different screen and tells someone else and that next layer is the operating system.Now you donít really know what the screen is telling the operating system because you canít see it. So unlike a vote that youíve marked the screen takes the information and passes it to a field set in the operating system.Who knows who wrote the operating system?Diebold wonít tell us.Iíve personally reviewed a number of pieces of code from Diebold and itís garbage.Some of the code is awful.I reviewed the patch that they put in Georgia 2002 that many of them claimed was a clock function and itís not a clock function.Itís a comparator function.It asked for 3 different fields on the front end, thatís information coming down from the screen into the operating system, sits on the operating system in an entry platform.At that point, this piece of code asks the 3 fields Ė I donít know what the 3 fields were Ė what their totals are, compares them against each other and sends them somewhere else.Well if it were me, and I were to guess what that code is, itís a vote-flipping code.Itís not a clock function that I know.

I - Youíre referring to the Georgia 2002 election, robgeorgia.zip and there was some upgrade that was supposedly inserted into the machinesÖ

S - Whether itís robgeorgia.zip, thereís a number of names of the file, I simply refer to it as what is called the zero-day patch.They patched it 2 days before the actual election itself between Cleland and Chambliss.I have no idea why, what it was for, what fields itís asking for or where it delivered them.But ostensibly, Bob Urosevich, the actual president, actually carried this himself, gave it to the people and told them that it was a clock function.None of them are programmers, they installed it like they were instructed, but itís not a clock function.I donít know what it is, itís some kind of comparator program.We didnít quite finish your question, after you move through the system, all these different problems occur, but finally it deposits a final set of data into a memory card.That card then has a number of chains of custody, that anybody who is then carrying that card Ė when youíre carrying a stack of paper ballots, you could rewrite all the ballots but that would take you a long time Ė but if youíre carrying a memory card with every single vote from that day from a machine, you can change it like that.Somebody could have in their car, or anywhere else, they could have a very simple kind of reader- this has been demonstrated in a number of different hacks- you can just change the information on that card by over-riding it with the same operating system type that was used to record it in the first place.

I - What about Al-Qaeda or China orÖ

S - Thatís in the transmission component.Now letís say the cards successfully have gotten down to the county correctly, who knows?No one has ever inspected the code inside this machine so youíre taking a card and saying well hereís all the votes, and letís assume the correct card has been brought and nobody has lost the card which is what just happened in Maryland Ė theyíve actually gotten the card to the county, theyíve put it in, then it goes into a tabulator machine.There have been repeated issues where people have said theyíve seen votes backing up in tabulators as cards are put in.Ok well that would indicate that something inside of that program is not adding cards forward, it may be adding cards backwards.I donít know Ė Iíve never seen the field sets.I do know in some of the optical scan machines, where again I have been able to take a look at the codes, some of the cards are capable of taking a negative number.Now as a programmer, this is a very interesting question.Generally you try to make a code as elegant, clean and simple as possible for security.There is no reason at all, if you have zero votes and then you add votes from that point going forward - maybe ten thousand votes is the maximum they can run on a machine - that makes sense. Cards should have a range from zero to ten thousand, so there is no reason in the world a negative number should ever be able to exist on a voting card.And yet, in all the voting card code that Iíve looked at Diebold has a negative field that allows for a negative number to be entered in a vote total.Why?Why would you want to steal votes?That way you can start with a card that has negative 100 votes for somebody then it takes them 100 votes before they even get back to zero.

I - And yet, Diebold does not allow, for proprietary reasons, anyone to review the vote tabulation software?

S - They allow itÖthey let us work on their cash machines, but no, they wonít let anybody see their software.

I - Any thoughts as to why?

S - Cause theyíre stealing elections.

I - How can you say that and what are the vulnerabilities that youíre just surmising?

S - Iím not surmising it, I have a very strong understanding of statistical analysis.The way we actually find credit card fraud Ė hereís a horrible fact that people are not gonna wanna know.About two and a half percent of the transactions on the global credit card network happening right now are fraudulent.Two and a half percent.†† Thatís a statistic that we are constantly battling with.When a fraud group, when a group that is doing a particular credit card scam moves into an area and begins working actively to fraud cards, we start to see statistics rise above the background level then we send in work, figure out who it is and try to break out the gang.Statistical analysis of one or two percentage points is how all computer hacking is detected.If you look at the case ofChambliss, thatís ridiculous, the man was not elected.He lost that election by 5 points.Max Cleland won, they flipped the votes. Clear as day.Everybody was shocked by it.Thereís been numerous vote flips by this point.I do not believe George Bush won.I believe Kerry won, and Iím a member of the GOP.But I want to make it clear, we need to live in a place where your election is actually reflected in the vote.I want my candidate to win, but if my candidate loses, I care a lot more about the process than I care about the victory.

I - So this is not a partisan issue?

S - It shouldnít be.This is a fascist issue.People who donít want voting and want fascist control, but have people think theyíre voting.I mean, people forget the fact that there was voting in Hitlerís Germany.Guess what?He won with 90 percent of the vote all the time.There was voting in Saddamís Iraq, and guess what?Saddam won the vote all the time.Well, did they win?Was that actually the will of the voter?Was that the way the votes were even cast?

I - Interesting question.I want to read something to you that was on the front page of The Washington Post yesterday.Maryland State Senate President Mike Miller called the card voting system ďthe Diebold machine is state of the artĒ.Do you consider these machines state of the art?

S - State of the art what?State of the art for a voting machine?I guess so.As far as Iím concerned, what I have seen of voting machines is reasonably good 1994 technology.

I - Ok, now what do you suggest that the government should tell Diebold to do to make their machines less vulnerable?

S - You canít make voting machines less vulnerable.You can make voting machines transparent.All code needs to be expected by external auditors, all process needs to be validated by external auditors, the same way we do banking systems.Do credit card systems get defrauded?Yes, to the tune of two and half percent.Two and half percent is a major amount if youíre dealing a vote.So letís look at the credit card industry.I spend an average of probably 30 hours a week, every single week of my life, battling to try and keep the number of credit card frauds below two and a half percent.We have a lot of money to do it.People really care about that, but that level of background fraud, we canít get it below that point.Itís just too hard.Well letís look at the question, do you want to have a system in place, where thereís a permanent background of electronic voting fraud of two and a half percent?That means you have to win an election by a minimum of 3 percent to know that youíve won?I donít.Paper ballots please.Thatís the only thing that can be secure.You can use electronic counters, and I appreciate Diebold wanted HAVA.Theyíve got their 4 billion dollars of given away federal money, great.Youíve stolen the money, throw the machines away and letís go back to paper.

I - Ok, let me just back up a second.Hacking.Thereís been a recent hack, much publicized.Princeton hacked the memory card, a virus inserted and-

S - They didnít hack the memory card.They hacked the operating system.

I - They hacked the operating system but there have been other hacks to the memory cards-

S - Harry Hursti

I - Right, Diebold has come back every time and said, well you know, that canít happen

S - Theyíre lying.DieBold is lying.

I - What?Their systems canít be hacked?

S - There is no system, electronic in the world that cannot be hacked.Iíve spent my entire life building or hacking electronic systems.There are entire companies dedicated to ďethical hackingĒ if you want to call it that.There is no system in the world, none, that cannot be hacked.If you give me the team of my choice of 8 people, in 1 week I will get any piece of data you want in the world.End of discussion.

I - Well then how do you secure such a piece of equipment?

S - You donít.You use paper ballots.

I - Ok, umÖ

S - I canít make it any clearer than this.You cannot have secure electronic voting.It doesnít exist.

I - What if there was a transparency?

S - If there was transparency, you would be able to audit where a mistake had occurred and make decisions about what to throw away.But you wouldnít eliminate the effort to hack.The cleverness of bad guys is extraordinary.If you had complete transparency on the process, hereís what would happen.People would eventually hack it and youíd have to throw away large portions of things.Even if you want to use electronic systems to accelerate the process and make it more assured, thereís no reason not to use optical scanning.You have a paper ballot, people mark it, you scan them very quickly into a system.Now at that point, those need to have random sampling to compare the way the computer has actually recorded things versus some hand chosen samples at random, one or two percent, and if one or two percent of random samples from the hand counted paper ballots, matches the computers in all likelihood you do not have a hack.In all likelihood.So at that point you have a very high degree of assurance that what you have is an accurate tabulation of the vote, other than that, you donít.

I - So securing data custody, thatís how it worksÖ

S - Correct, and having a validated paper trail.You must have paper ballots.Once you have a paper ballot, once you have generated a hand generated paper ballot is the best.Itís cheapest, itís easy, itís fool proof, itís secure.†† The truth of the matter is thatís still how things are done in the electronic world as well.Once you have generated that, you can validate how many ballots you have, who signed into a registry book, how the entire process is moved forward and you can go back and audit and check if there is any kind of dispute.You then have accurate elections.

I - Letís go back to the Princeton hack, just briefly, um, shocking detail on how a virus can be inserted into a machine and I donít want you to explain necessarily how it works but just to comment on something that Dieboldís response to this particular hack by a Princeton computer scientist was that they used an old machine.

S - As far as I know, that machine came off the assembly line 2 months ago.Iím sure the registry number is there, but letís stop and think about this.Two graduate students in 3 hours successfully hacked the machine.And once they had completed running their hack, they then added a 4 line code of self erasing virus to allow it to propagate across the network.Thatís just 2 guys with 2 hours, who had no interest or motivation in doing it other than in scientific interest.There are people out there, and thereís a lot of them who donít really want to win elections.What they want to do is they want to steal them.They have an enormous incentive for power, they have an enormous incentive for money and they have an enormous willingness to go do it.I donít want to have a society where weíre not sure who won.I want to live in a democracy where thereís a valid capacity to audit the entire trail.The Princeton guys did a brilliant job. It was a simple and elegant organization, but stop and think about it.It doesnít matter even if it was an older machine.Ok, so it was configured the way the 2004 machines were configured? Well in that case, does it mean that the 2004 election was hackable?Diebold is lying again.

I - But even so, some of those machines may still be in operation in states across the country.

S - Correct!

I - I see.

S - The 2002 machines that were used to steal the Chambliss election, theyíre still in use in Georgia.Same machines.

I - How much money does Diebold spend, do you know off hand, in ATM security versus voting machines?

S - Thatís a very interesting question.I donít know.

I - What would you say to those, I think I know the answer already, that Diebold machines are either poorly designed or intentionally designed?

S - I think theyíre brilliantly designed.Theyíre designed to steal elections.I mean, if you were to come to me, and people have Ė some of the things we do are deliberate audits, I mean there are back doors in the tabulation machine, which is what the US CERT warning is about.Thereís a back door communication that allows secondary computers to talk to the actual tabulators electronically from a distance.Thatís what US CERT warned about.There is layering and socket component problems.There is a negative field set up inside the tabulation-

I - What are socket components?People donít know what this means.

S - Well the socket components, basically what it means is that there are deliberately places built into the Diebold machines that allow you to insert data, or make updates after the machine is running.A socket layer is supposed to, once you activate a socket session or secure session, youíre not supposed to be able to change an operating procedure or change a code.Thatís not true with Diebold machines.While the machine is running, if you have administrative over-ride from the touch screen layer, you can actually change the way the machine is operated, you can reprogram it Ė they sell it as a feature in case you need to make an update during the day.

I - But according to state law, any changes made to the system, youíd have to recertify the equipment.

S - Well, if you change the software, of course.

I - What about the operating system?

S - If you changeÖ well, different states have different laws on this area and Iím not an attorney but I certainly know that since no one has ever seen what the code actually is or no one credible has ever seen what the code is, thereís really no way to know whatís been changed.

I - Many people who are denying problems, theyíre saying well oh, these are just democrats signaling alarmsÖ

S - Iím a Republican.Iím a Republican, I worked on Giulianiís campaign, I worked on Bloombergís campaign, I worked in John McCainís campaign.Iíve been a lifelong member of the party.This is not a democrat-republican issue.This is not a partisan issue.This is a democracy issue.If you actually care about a constitutional democracy in which each person votes, that vote is validated, and the people who end up in office are reflected on the basis of the way people voted, you care about this issue.If you donít want people to vote, if you donít want peopleís vote to count and if you want to rule without owning it by a mandate then you are very supportive of DieBold.

I - Well Wally OíDell has promised in an old fundraising letter to deliver-

S - Iím gonna go ahead-

I - Is it a republican issue?If what you say is true, who wants to steal the elections?

S - I certainly know that in old statistical information it seems that in every single bizarre circumstance where exit data, where polling data, informational data swings, it has all been in favor of republicans, but not the sort of republicans that I want to see in office at all.These are people who lie and people who cheat.That is not the conservative way.Conservatives conserve things.We are respectful and we are constitutionally based.You know what the real problem is?People do not want to believe that people want to steal elections in this country.Iíve done extensive work over the years for voting monitoring overseas, if we had a variance in the exit polling of even 2 percent of what was actually tabulated, which is exactly how the Orange Revolution came about in the Ukraine.We would be in there, explain to people something is wrong.We have had numerous selections in this country now, in which where you use Diebold elections systems machines, and what happens with the vote is way off Ė 5, 10, as much as 12 percent Ė from the exit polling and the actual survey.These statistical numbers are impossible and the problem is Americans do not want to believe that we have people stealing our elections.And they must come to the realization there are people in this country who want to steal elections and we must stop them.