“An amount of wealth that enables an individual to reject traditional social behavior and niceties of conduct without fear of consequences.”


Paying Zero for Public Services
BY Fumiko Nagano / 12.29.2009

Imagine that you are an old lady from a poor household in a town in the outskirts of Chennai city, India. All you have wanted desperately for the last year and a half is to get a title in your name for the land you own, called patta. You need this land title to serve as a collateral for a bank loan you have been hoping to borrow to finance your granddaughter’s college education. But there has been a problem: the Revenue Department official responsible for giving out the patta has been asking you to pay a little fee for this service. That’s right, a bribe. But you are poor (you are officially assessed to be below the poverty line) and you do not have the money he wants. And the most absurd part about the scenario you find yourself in is that this is a public service that should be rendered to you free of charge in the first place. What would you do? You might conclude, as you have done for the last 1-1/2 years, that there isn’t much you can do…but wait, you just heard about a local NGO by the name of 5th Pillar and it just happened to give you a powerful ally: a zero rupee note.

In Doha last month, CommGAP learned about the work of 5th Pillar, which has a unique initiative to mobilize citizens to fight corruption. In India, petty corruption is pervasive – people often face situations where they are asked to pay bribes for public services that should be provided free. 5th Pillar distributes zero rupee notes in the hopes that ordinary Indians can use these notes as a means to protest demands for bribes by public officials. I recently spoke with Vijay Anand, 5th Pillar’s president, to learn more about this fascinating initiative.

According to Anand, the idea was first conceived by an Indian physics professor at the University of Maryland, who, in his travels around India, realized how widespread bribery was and wanted to do something about it. He came up with the idea of printing zero-denomination notes and handing them out to officials whenever he was asked for kickbacks as a way to show his resistance. Anand took this idea further: to print them en masse, widely publicize them, and give them out to the Indian people. He thought these notes would be a way to get people to show their disapproval of public service delivery dependent on bribes. The notes did just that. The first batch of 25,000 notes were met with such demand that 5th Pillar has ended up distributing one million zero-rupee notes to date since it began this initiative. Along the way, the organization has collected many stories from people using them to successfully resist engaging in bribery.

One such story was our earlier case about the old lady and her troubles with the Revenue Department official over a land title. Fed up with requests for bribes and equipped with a zero rupee note, the old lady handed the note to the official. He was stunned. Remarkably, the official stood up from his seat, offered her a chair, offered her tea and gave her the title she had been seeking for the last year and a half to obtain without success. Had the zero rupee note reached the old lady sooner, her granddaughter could have started college on schedule and avoided the consequence of delaying her education for two years. In another experience, a corrupt official in a district in Tamil Nadu was so frightened on seeing the zero rupee note that he returned all the bribe money he had collected for establishing a new electricity connection back to the no longer compliant citizen.

Anand explained that a number of factors contribute to the success of the zero rupee notes in fighting corruption in India. First, bribery is a crime in India punishable with jail time. Corrupt officials seldom encounter resistance by ordinary people that they become scared when people have the courage to show their zero rupee notes, effectively making a strong statement condemning bribery. In addition, officials want to keep their jobs and are fearful about setting off disciplinary proceedings, not to mention risking going to jail. More importantly, Anand believes that the success of the notes lies in the willingness of the people to use them. People are willing to stand up against the practice that has become so commonplace because they are no longer afraid: first, they have nothing to lose, and secondly, they know that this initiative is being backed up by an organization—that is, they are not alone in this fight.

This last point—people knowing that they are not alone in the fight—seems to be the biggest hurdle when it comes to transforming norms vis-à-vis corruption. For people to speak up against corruption that has become institutionalized within society, they must know that there are others who are just as fed up and frustrated with the system. Once they realize that they are not alone, they also realize that this battle is not unbeatable. Then, a path opens up—a path that can pave the way for relatively simple ideas like the zero rupee notes to turn into a powerful social statement against petty corruption.

Can this note stamp out corruption in a land where it’s the norm?
BY Ashling O’Connor / April 9, 2007

In the secret language of corruption in India, an official expecting a bribe will ask for Mahatma Gandhi to “smile” at him. The revered leader of the independence movement is on all denominations of rupee notes. With rampant dishonesty ingrained in the bureaucratic culture, an anticorruption group has decided to interpret the euphemism literally by issuing a zero-rupee note.

A direct copy of the 50-rupee note, including Gandhi’s portrait, it is designed to be handed out to officials who demand backhanders. In the place of the usual promise of redemption by the central bank governor, the new pledge is: “I promise to neither accept nor give bribe.”

5th Pillar, the organisation behind the initiative, says that the note will allow ordinary Indians to make a statement against corruption without provoking a confrontation with people in authority. It has printed 25,000 notes and is distributing them in the southern city of Chennai as part of a wider mission to stamp out corruption “at all levels of society”.

Vijay Anand, the president of 5th Pillar, said: “People have already started using them and it is working. One autorick-shaw driver was pulled over by a policeman in the middle of the night who said he could go if he was ‘taken care of’. The driver gave him the note instead. The policeman was shocked but smiled and let him go. The purpose of this is to instil confidence in people to say no to bribery. It is just a representation.”

The group says that it has checked its legal position carefully and is not deemed to be printing counterfeit money because the official design is on only one side. The other side carries its mission statement. G. Ramakrishnan, information commissioner of Tamil Nadu, described the note as “a symbol to express refusal to grease the palms of officials”.

Corruption is part of the daily routine in India. Whether an individual needs to get a phone line, renew a passport or dodge a speeding ticket, the process normally involves a bribe. Most officials get away with it because of a general lack of awareness about citizens’ rights. In 2005 the Right to Information Act was passed as a way of holding government departments, agencies and officials accountable. Citing the law, anyone can access government records within 30 days of their request. Yet the majority of the population have no idea how to use it in their everyday lives nor do they have access to the legal resources.

Last month 5th Pillar, which has 1,200 members and 6,000 online subscribers worldwide, opened drop-in centres staffed by volunteers able to help people to leverage the Act by drafting petitions and delivering them to the relevant government department. “We want to empower people to fight for their rights,” Mr Anand said. “One lady had been waiting a year for her land title and was told she would only receive it if she paid a 7,500-rupee ‘fee’. She went back to the office with one of our volunteers and got the document in 30 minutes without paying anything.”

Hard graft
— India regularly joins China and Russia at the top of the global bribery index
— Ordinary people pay bribes worth £2.5 billion a year for public services
— Bihar is the most corrupt state, Kerala the least
— Civil servants are poorly paid and open to temptation. Police are the most corrupt, followed by lower courts and land administration
— Traffic police pay to be posted at junctions that are fertile ground for kickbacks
— Every bag of cement that goes into Indian roads has involved a bribe

Vijay Anand
email : vijay [at] 5thpillar [dot] org / ENDcorruption [at] 5thpillar [dot] org

Corruption (n.): the misuse of entrusted power for private gain

“Corruption in the form of bribery is prevalent throughout the world. On average in a country where corruption is a known occurrence around
$5 billion exchange hands every year. Corruption results in many problems for a country’s political, economic and social structures. If every one of us stops giving and taking bribes we can put an end to corruption in our country.

The zero currency note in your country’s currency is a tool to help you achive the goal of zero corruption. The note is a way for any human being to say NO to corruption without the fear of facing an encounter with persons in authority. Next time someone asks you for a bribe, just take your country’s zero currency note and hand it to them. This will let the other person know that you refuse to give or take any money in order to perform services required by law or to give or take money to do something illegal.”



Lawrence Lessig
email : lessig_from_web [at] pobox [dot] com

Citizens United upholds institutional corruption
BY Aminu Gamawa / The Harvard Law Record / January 28, 2010

What started as a 90-minute political campaign documentary against then- presidential candidate Hilary Clinton ended in the Supreme Court with a decision that was described by some critics as one of the worst since Dred Scot. “Hillary: The Movie,” was produced by Citizens United, a conservative nonprofit, as part of its campaign against the former democratic presidential aspirant, and was released during the Democratic presidential primaries in 2008.

The judgment, which relaxes the restriction on power of the corporations to directly spend on advertising during federal elections, was described by Harvard law Professor Lawrence Lessig as “proverbial fuel on the fire”. He notes that the issue is not whether corporations are silenced or their First Amendment right to free speech upheld. More importantly, the outcome is an assault on democracy, capable of promoting a system that will further erode the public trust in their elected officers. Lessig cautioned that decision would undermine the participation of the citizens in the democratic process and that it gives unfair advantage to corporations, whose financial prowess will give them a stronger voice than the electorate.

Lessig heads Harvard’s Safra Center for Ethics, which studies the intersection between politics, interest groups and corruption in the U.S. politics. As part of the reading for a course convened by the program, I came across a very interesting article by an expert on political corruption, Zephyr Rain Teachout (found in the Cornell Law Review, Vol. 94, No. 341, 2009, for those who are interested), which I found very relevant to the Court’s decision in Citizens United.

Teachout writes that the Framers of the Constitution were obsessed with corruption and saw it as one of the greatest threats to democracy. They designed the system in such a way that corrupt leaders will not only loose their positions, but also their reputation. The Founding Fathers built mechanisms into the Constitution to safeguard democracy by ensuring transparency, accountability and citizens’ participation in the political process. The independence of the political office holders from other special interests was of paramount importance to the Framers.

Teachout writes that “corruption was discussed more often in the constitutional convention than factions, violence, or instability. It was a topic of concern on almost a quarter of the days that the members convened. Madison recorded the specific term corruption fifty-four times, and the vast majority of the corruption discussions were spearheaded by influential delegates Madison, Moris, Mason, and Wilson. The attendees were concerned about the corrupting influence of wealth, greed, and ambition.” It is not an overstatement to say that the Framers actually saw the Constitution as an instrument to fight corruption.

The Framers defined political corruption to include “self-serving use of public power for private ends, including, without limitation, bribery, public decisions to serve private wealth made because of dependent relationships, public decisions to serve executive power made because of dependent relationships, and use by public officials of their positions of power to become wealthy”.

Their efforts to curb corruption in the political process is visible in issues including the regulation of elections, term limits, limits on holding multiple offices, limitations on accepting foreign gifts, the veto power, the impeachment clause, and provisions for the separation of powers, among other measures, with a view to ensure that leaders represent the interest of their constituency and not personal interests. In the words of Teachout, “taking seriously the architecture [of the Constitution] requires more than passing knowledge of what motivated the choice of architecture. Political corruption is context without which other specific words don’t make sense; it is embodied in the text itself through other words that can’t be understood without understanding corruption”.

History has shown that when leaders put their self-interest above those who elected them, it undermines the trust of the people in the process and inevitably leads to collapse of the democratic system. The Roman and Greek empires are classic examples. The danger of democracies leaving political corruption unchecked is succinctly captured by Teachout: “voters will stop voting, people will stop running for office, and citizens will stop making serious efforts to read news and understand the public issues of their day, because they will believe that such efforts are futile,” she writes.

In McConnell v. FEC, 540 U.S. 93, which the Court overturned in Citizens United, the Court had made the following powerful comments: “Just as troubling to a functioning democracy as classic quid pro quo corruption is the danger that officeholders will decide issues not on the merits or the desires of their constituencies, but according to the wishes of those who have made large financial contributions valued by the office holder. Even if it occurs only occasionally, the potential for such undue influence is manifest. And unlike straight cash-for-votes transactions, such corruption is neither easily detected nor practical to criminalize. The best means to prevention is to identify and remove the temptation.”

Ignoring the threat of corruption to democracy is, therefore, a serious problem that cannot be taken lightly. I agree with Teachout when she writes that “internal decay of our political life due to power-and-wealth seeking by representatives and elites is a major and constant threat to our democracy. History provides some powerful tools to allow us incorporate the anti-corruption principle into the constitutional law of democracy. We should pay attention to it”. The recent decision of the Supreme Court ignores this history, undermining the Constitution’s efforts to curb corruption at the highest level.

The 5-4 conservative majority decision was delivered by Justice Anthony Kennedy ’61, and concurred in by Justice Samuel Alito, Chief Justice John Roberts ’79, Justice Clarence Thomas and Justice Antonin Scalia ’60. Justice Sonia Sotomayor began her Supreme Court career with a dissent. She joined four other liberal justices in disagreeing with the majority decision. The dissenting judgment delivered by Justice Stevens severely criticized the majority court for ignoring the dangerous consequence of the decision on democracy:

“At bottom, the Court’s opinion is thus a rejection of the common sense of the American people, who have recognized a need to prevent corporations from undermining self government since the founding, and who have fought against the distinctive corrupting potential of corporate electioneering since the days of Theodore Roosevelt. It is a strange time to repudiate that common sense. While American democracy is imperfect, few outside the majority of this Court would have thought its flaws included a dearth of corporate money in politics,” Justice Stevens wrote.

The decision overruled a decade of precedent laid down in McConnell, a 2003 decision that upheld the part of the Bipartisan Campaign Reform Act of 2002, which restricted campaign spending by corporations and unions, as well as Austin v. Michigan Chamber of Commerce, 494 U.S. 652, a 1990 decision that upheld restrictions on corporate spending to support or oppose political candidates.

In his weekly address on Saturday, President Barack Obama ’91 criticized the decision as “a huge victory to the special interests and their lobbyists”. The President expressed his disappointment with the ruling, saying that he could not “think of anything more devastating to the public interest. The last thing we need to do is hand more influence to the lobbyists in Washington, or more power to the special interests to tip the outcome of elections”. He noted that even foreign corporations would now have say in U.S. politics; candidates that disagreed with corporations would come under serious attack from the corporations during election.

Obama went on to observe that “all of us, regardless of party, should be worried that it will be that much harder to get fair, common-sense financial reforms, or close unwarranted tax loopholes that reward corporations from sheltering their income or shipping American jobs offshore”. He also cautioned that the decision makes it “more difficult to pass common-sense laws” to promote energy independence or expand health care.

The danger is clear!
The competition will now be intense among the corporations to producing the highest number of Senators and Representatives. Doesn’t this undermine the role of the public in the American democracy? Can individuals’ contribution to candidates now count in the campaign process? Will this be the last Congress that is truly elected by the people? How much would this decision contributing in promoting institutional corruption? I am sure most politicians will be more concerned about pleasing the corporations than their constituencies. It will be dangerous for any of them to fall out with the corporations.

American democracy has been a model to many countries across the globe. But the recent decision by the Supreme Court legalizing direct corporate participation which over turn a time revered restriction on the corporation is a worrisome development that deserve concern of anyone that is interested in American democracy’s future. Citizens United has introduced a new era in the U.S. politics.

The Constitution’s “We the People” has gradually become “We the Corporations”. Equating corporations with human beings undoubtedly undermines the participation of individual citizens in the political process. Election into political office under the new regime will largely depend on having the highest donation from the corporations. Corporations and their interests, which sometimes include interest of foreign nationals, will now have the strongest voice in the U.S. politics.

It will not be surprising to see Blackwater, Wal-Mart, Exxon and other corporations being better represented in Congress than citizens, whose interest and participation the Constitution seeks to preserve. This is an unwelcome development that anyone concerned about preserving the U.S.’ long-cherished democracy must oppose.

The matter of democratic integrity, transparency and accountability transcends the usual liberal/conservative or Democrat/Republican divide. It is an assault on democracy and negation of the text and original understanding of the Constitution as understood by the Founding Fathers, who strived to craft a document that would preserve democracy by protecting the interest of the electorate over and above other interests.

One might ask if there is anything Congress can do. Even before the decision was announced, an advocacy group called Change Congress was working to pursue the passage of a bipartisan bill called the Fair Elections Now Act. The bill is sponsored by congress men Sens. Dick Durbin (D-IL) and Arlen Specter (R-PA), and Reps. John Larson (D-CT) and Walter Jones (R-NC).

“Under this legislation, congressional candidates who raise a threshold number of small-dollar donations would qualify for a chunk of funding—several hundred thousand dollars for House, millions for many Senate races. If they accept this funding, they can’t raise big-dollar donations. But they can raise contributions up to $100, which would be matched four to one by a central fund. A reduced fee for TV airtime is also an element of this bill. This would create an incentive for politicians to opt into this system and run people-powered campaigns.”

President Obama said that he has instructed his advisers to work with Congress on a forceful, bipartisan response. In a New York Times op-ed, David D. Kirkpatrick wrote that because of the enormous threat of this decision to democracy, some members of Congress are working hard to introduce new laws that will, cure the defect by either
• Imposing a ban political advertising by corporations that hire lobbyists, receive government money, or collect most of their revenue abroad;
• Tightening rules against coordination between campaigns and outside groups so that, for example, they could not hire the same advertising firms or consultants; or
• Requiring shareholder approval of political expenditures, or even forcing chief executives to appear as sponsors of commercials their companies pay for.

What is really necessary need, as Professor Lessig puts it, is an alternative, “Not the alternative that tries to silence any speaker but an alternative that allows us to believe once again that our government is guided by reason or judgment or even just the politics of the people in a district and not by the need to raise money.”



for best effect (if your network can handle it) play them all at once

“Update: We are no longer recommending people set up plaintext squid proxies. The Iranian regime appears to be doing deep-packet inspection on all traffic now.”


AND THIS: TAQIYYA, KITMAN, KHOD’EH, TAAROF,+kitman,+khod’eh…-a0155873239
Iran’s Political Culture Of Righteous Deception


#IranElection #gr88 #CNNFail viaTwitter




Son’s Death Has Iranian Family Asking Why
BY Farnaz Fassihi  /  June 23, 2009

Tehran—The family, clad in black, stood at the curb of the road sobbing. A middle-aged mother slapped her cheeks, letting out piercing wails. The father, a frail man who worked as a doorman at a clinic in central Tehran, wept quietly with his head bowed. Minutes before, an ambulance had arrived from Tehran’s morgue carrying the body of their only son, 19-year-old Kaveh Alipour. On Saturday, amid the most violent clashes between security forces and protesters, Mr. Alipour was shot in the head as he stood at an intersection in downtown Tehran. He was returning from acting class and a week shy of becoming a groom, his family said.

The details of his death remain unclear. He had been alone. Neighbors and relatives think that he got trapped in the crossfire. He wasn’t politically active and hadn’t taken part in the turmoil that has rocked Iran for over a week, they said. “He was a very polite, shy young man,” said Mohamad, a neighbor who has known him since childhood. When Mr. Alipour didn’t return home that night, his parents began to worry. All day, they had heard gunshots ringing in the distance. His father, Yousef, first called his fiancée and friends. No one had heard from him.

At the crack of dawn, his father began searching at police stations, then hospitals and then the morgue. Upon learning of his son’s death, the elder Mr. Alipour was told the family had to pay an equivalent of $3,000 as a “bullet fee”—a fee for the bullet used by security forces—before taking the body back, relatives said.

Mr. Alipour told officials that his entire possessions wouldn’t amount to $3,000, arguing they should waive the fee because he is a veteran of the Iran-Iraq war. According to relatives, morgue officials finally agreed, but demanded that the family do no funeral or burial in Tehran. Kaveh Alipour’s body was quietly transported to the city of Rasht, where there is family.

Everyone in the neighborhood knows the Alipour family. In addition to their slain son, they have two daughters. Shopkeepers and businesses pasted a photocopied picture of Mr. Alipour on their walls and windows. In the picture, the young man is shown wearing a dark suit with gray stripes. His black hair is combed neatly to a side and he has a half-smile. “He was so full of life. He had so many dreams,” said Arsalan, a taxi driver who has known the family for 10 years. “What did he die for?”

“RT @LaraABCNews: from trusted source, eyewitness at protests: the acid attacks were real, dumped on protesters from above.”

Neda Soltan’s family ‘forced out of home’ by Iranian authorities

The Iranian authorities have ordered the family of Neda Agha Soltan out of their Tehran home after shocking images of her death were circulated around the world. Neighbours said that her family no longer lives in the four-floor apartment building on Meshkini Street, in eastern Tehran, having been forced to move since she was killed. The police did not hand the body back to her family, her funeral was cancelled, she was buried without letting her family know and the government banned mourning ceremonies at mosques, the neighbours said. “We just know that they [the family] were forced to leave their flat,” a neighbour said. The Guardian was unable to contact the family directly to confirm if they had been forced to leave.

The government is also accusing protesters of killing Soltan, describing her as a martyr of the Basij militia. Javan, a pro-government newspaper, has gone so far as to blame the recently expelled BBC correspondent, Jon Leyne, of hiring “thugs” to shoot her so he could make a documentary film. Soltan was shot dead on Saturday evening near the scene of clashes between pro-government militias and demonstrators, turning her into a symbol of the Iranian protest movement. Barack Obama spoke of the “searing image” of Soltan’s dying moments at his press conference yesterday.

Amid scenes of grief in the Soltan household with her father and mother screaming, neighbours not only from their building but from others in the area streamed out to protest at her death. But the police moved in quickly to quell any public displays of grief. They arrived as soon as they found out that a friend of Soltan had come to the family flat. In accordance with Persian tradition, the family had put up a mourning announcement and attached a black banner to the building.

But the police took them down, refusing to allow the family to show any signs of mourning. The next day they were ordered to move out. Since then, neighbours have received suspicious calls warning them not to discuss her death with anyone and not to make any protest. A tearful middle-aged woman who was an immediate neighbour said her family had not slept for days because of the oppressive presence of the Basij militia, out in force in the area harassing people since Soltan’s death.

The area in front of Soltan’s house was empty today. There was no sign of black cloths, banners or mourning. Secret police patrolled the street. “We are trembling,” one neighbour said. “We are still afraid. We haven’t had a peaceful time in the last days, let alone her family. Nobody was allowed to console her family, they were alone, they were under arrest and their daughter was just killed. I can’t imagine how painful it was for them. Her friends came to console her family but the police didn’t let them in and forced them to disperse and arrested some of them. Neda’s family were not even given a quite moment to grieve.”

Another man said many would have turned up to show their sympathy had it not been for the police. “In Iran, when someone dies, neighbours visit the family and will not let them stay alone for weeks but Neda’s family was forced to be alone, otherwise the whole of Iran would gather here,” he said. “The government is terrible, they are even accusing pro-Mousavi people of killing Neda and have just written in their websites that Neda is a Basiji (government militia) martyr. That’s ridiculous – if that’s true why don’t they let her family hold any funeral or ceremonies? Since the election, you are not able to trust one word from the government.” A shopkeeper said he had often met Soltan, who used to come to his store. “She was a kind, innocent girl. She treated me well and I appreciated her behaviour. I was surprised when I found out that she was killed by the riot police. I knew she was a student as she mentioned that she was going to university. She always had a nice peaceful smile and now she has been sacrificed for the government’s vote-rigging in the presidential election.”

Grave spaces at Behesht-e-Zahra cemetery reportedly set aside for those killed in Tehran clashes

Her fiance, Caspian Makan, told BBC Persian TV about the circumstances of Neda’s death: “She was near the area, a few streets away, from where the main protests were taking place, near the Amir-Abad area. She was with her music teacher, sitting in a car and stuck in traffic. She was feeling very tired and very hot. She got out of the car for just for a few minutes. And that’s when it all happened. That’s when she was shot dead. Eyewitnesses and video footage of the shooting clearly show that probably Basij paramilitaries in civilian clothing deliberately targeted her. Eyewitnesses said they clearly targeted her and she was shot in the chest. She passed away within a few minutes. People tried to take her to the nearest hospital, the Shariati hospital. But it was too late.

We worked so hard to get the authorities to release her body. She was taken to a morgue outside Tehran. The officials from the morgue asked if they could use parts of her corpse for body transplants for medical patients. They didn’t specify what exactly they intended to do. Her family agreed because they wanted to bury her as soon as possible. We buried her in the Behesht-e-Zahra cemetery in southern Tehran. They asked us to bury her in this section where it seemed the authorities had set aside spaces for graves for those killed during the violent clashes in Tehran last week.

On Monday afternoon, we had planned to hold a memorial service at the mosque. But the authorities there and the paramilitary group, the Basij, wouldn’t allow it because they were worried it would attract unwanted attention and they didn’t want anymore trouble. The authorities are aware that everybody in Iran and throughout the whole world knows about her story. So that’s why they didn’t want a memorial service. They were afraid that lots people could turn up at the event. So as things stand now, we are not allowed to hold any gatherings to remember Neda.

“(Late Sunday I watch Neda’s video. I suspect that I recognize Arash Hejazi, but I prefer not to believe in what I am seeing. I send him and email)

Sunday 21 June 2009 | Dear Arash
I need to know where you stand, if things that I am seeing/reading are true. Then I can myself take a position – depending on your advice, of course. love, Paulo

Mon, 22 Jun 2009 | Subject: your country | Dearest Paulo,
I am now in Tehran. The video of Neda’s murder was taken by my friend, and you can recognize me in the video. I was the doctor who tried to save her and failed. She died in my arms. I am writing with tears in my eyes. Please don’t mention my name. I’ll contact you with more details soon. Love, Arash

(At this point, I decide to put the video in my blog. For the rest of the day, I try to contact him. At one point, someone answers his phone as a “CNN journalist”. I start to become worried)

Monday 22 June 2009 | Dear Arash
so far, no news from you. After I published the video in my blog, it seems that it spread worldwide, including posts in NY Times, Guardian, National Review, etc. Therefore, my main concern now is about you. You NEED to answer this email, saying that you are all right
and the name of the person where we spend the New Year’s Eve in 2001 together, just to be sure that it is you really who is answering this email. I don’t buy this CNN person answering your mobile.
If you don’t do that, I may leak your name to the press, in order to protect you – visibility is the only protection at this point. I know this because I am a former prisoner of conscience. If you do that, unless instructed otherwise by you, I will stop the pressure for the moment. My main concern now is you and your family. love, Paulo
P.S. – there are several trusted friends in blind copy here.

Tuesday, June 23, 2009 | Dearest Paulo
I am alright for now. I am not staying at home. I don’t know about CNN. The friend’s name was Frederick. Love Arash

Tuesday, June 23, 2009 | Dearest Paulo
Trying to leave the country tomorrow morning. If I don’t arrive in London at 2 pm., something has happened to me. Till then, wait.
My wife and my son are in (edited). Their phone (edited) Her email (edited) Please wait till tomorrow. If something happens to me, please take care of (name of wife) and (name of son), they are there, alone, and have no one else in the world. Much love, it was an honor having you as a friend. Arash

(At this point, a Brazilian journalist, Luis Antonio Ryff, who traveled to Iran to cover my visit, recognizes Arash in the video, and writes me to double-check. I confirm, but I ask him to keep his name secret until today. Ryff agrees – even knowing that this would be a major scoop for him. I would like to thank him here, for his dignity)

Wednesday 24 June 2009
Arash landed in London”


Primary Target: hosting protestor images
“Iran’s government is putting pictures of targeted protestors on the web for the Basij to identify and harass, arrest, or worse. These individuals could be jailed, or worse, dead by tomorrow. This website needs to die.”

Activists Launch Hack Attacks on Tehran Regime
“Pro-democracy activists on the web are asking supporters to use relatively simple hacking tools to flood the regime’s propaganda sites with junk traffic. “NOTE to HACKERS – attack – pls try to hack all iran gov wesites [sic]. very difficult for us,” Tweets one activist. The impact of these distributed denial of service (DDOS) attacks isn’t clear. But official online outlets like,, and are currently inaccessible. “There are calls to use an even more sophisticated tool called BWraep, which seems to exhaust the target website out of bandwidth by creating bogus requests for serving images,” notes Open Society Institute fellow Evgeny Morozov. In both Iran and abroad, the cyberstrikes are being praised as a way to hit back against a regime that so blatantly engaged in voter fraud. But some observers warn that the network strikes could backfire — hurting the very protesters they’re meant to assist. Michael Roston is concerned that “it helps to excuse the Iranian regime’s own cyberwarfare.” Text-messaging networks and key opposition websites mysteriously went dark just before the election. Morozov worries that it “gives [the] hard-line government another reason to suspect ‘foreign intervention‘ — albeit via computer networks — into Iranian politics.” Iran has one of the world’s most vibrant social media communities. That’s helping those of us outside Iran follow along as this revolution is being YouTubed, blogged, and Tweeted. But Iran’s network infrastructure there is relatively centralized. Which makes Internet access there inherently unstable. Programmer Robert Synott worries that if outside protesters pour too much DDOS traffic into Iran, carriers there “will simply pull the plug to protect the rest of their network.” For the moment, however, those connections are still live. And activists are using them to mobilize mass protests in Tehran. Opposition leader Mir Hossein Mousavi has just appeared. Tens of thousands of protesters are chanting “‘No fear, No fear, we are with each other.’” Meanwhile, universities are recovering from assaults by pro-regime goons. Students were bloodied. Memory cards and software were swiped by police. Computers were smashed.”


[open letter by Isaac Levy, security researcher, IT professional, Defcon panelist, cyberwarfare analyst – we believe this information is correct, but we are not in Iran; please check for yourself]
“People in Iran please tell every person you know: EVERYONE use SSL proxy servers starting tomorrow on all internet traffic, or please stop using proxies! In spite of everyone’s best intentions, when used in limited numbers as they are right now, it’s likely that internet proxies are simply automating an opposition arrest list (or death list) for the regime. Please understand that Iran’s network-control is state of the art, and Iranian security can inspect ALL traffic easily in an automated fashion, through its centralized choke point. It’s likely that anyone using a proxy is quickly spotted and tracked. Proxies are an effective way to get information out, but the use of proxies will not be safe unless EVERY SINGLE PERSON in Iran uses one. EVERYONE.

SSL/TLS (https) can be about 4 to 5 times the packet size in transmission, which makes the bandwidth throttling of the Iranian Security forces more difficult (the Iranian internet is painfully, selectively, slow since it was shut down). If everyone were to use it, for all communications, then all traffic would look the same, and dissidents could not be so easily singled out. This is sometimes called ‘faking the weather.’ We must recommend either EVERYONE uses SSL proxies, in order to protect each other, or NO ONE does. IT/Networking professionals will recognize the tactics in commonplace IPS or IDS systems. Iran is clearly using payload inspection and filtering systems- both for blocking, and collecting information. This is done easily, since (without SSL) none of the material being sent is encrypted. Security professionals will understand that scaling firewalls to a national size is a solved problem. Cisco’s Netflow is used in network gear throughout the world to record network traffic, and common new style ‘deep packet inspection’ network products are capable of extremely efficient real-time network processing and data collection.

The longer you wait the more proxy users will be arrested. Tell your grandmothers, tell everyone you know: find a safe SSL proxy, learn to use it, and only use SSL/TLS proxies from now on. They are not difficult to use. If everyone does this, Iran will have an unfiltered internet; to block it the Iranian government would be forced to turn off their WHOLE internet connection (again). Also remember, anonymous proxies can be hijacked: SSL provides validation that you’re talking to the right person.

In Summation: Without maximum use in Iran of these SSL/TLS proxy technologies, in spite of best intentions, and with incredible efficiency, the outside internet community is most likely helping to automate an Iranian dissident death/arrest list. I can not overstate this. Everyone in Iran please start using ssl proxies immediately. today. now.

Once more, put simply?
On the outside, https proxies (SSL/TLS) for encryption and server validation* are absolutely necessary. Please set them up. (* validation to defend against Iran Security Forces performing man-in-the-middle attacks) On the inside, EVERY Iranian citizen must use SSL web proxies. If both of these things are not done, the best intentions of the internet community will only help automate death lists for citizens using the internet to protest the faked election, and document the violence and repression that has followed. If both of these things (inside and outside the country) ARE done, Iranians regain cheap and fast internal unblocked internet communications, as well as a very robust communications line to the outside world. Again, EVERYONE has to do it. Both sides. Iranian grandmothers must understand that they all must learn to do this, to protect Iranian opposition protesters. It is easy and you only have to do it once.

Inside Iran, look for things like this:
Outside of Iran, Tech Specs, 2 parts:
1 )SSL Capable proxy servers:
Apache 2.x (enable mod_ssl, mod_proxy)
Apache 1.x, (enable mod_ssl, mod_proxy)
2) Cheap, valid SSL certificates:
(Critical to avoid Iran Security mitm attacks!)

Isaac Levy
email : isaac [at] diversaform [dot] com

[NOTE : it should be understood that the obvious reason the internet was not simply turned off is that Iran’s entire financial sector needs it to conduct business, and many use tools like SSL.]

“any circumvention system, open proxy or not, requires an element of trust in the intermediary you’re using to get around the block. turning on SSL would be added comfort, i guess — if, as the author says, everyone else did as well, but it would also slow things down even more (that’s his point, i guess: then IRI would have to monitor less to keep traffic flowing at an acceptable speed). and anyway, there is some security in obscurity: there is a large and evolving population of open proxies, and many people of all stripes use them; open proxies have been commonly used since filtering was first deployed, years ago). to imagine that doing so without SSL will lead to one’s arrest would mean ascribing to The State a technologically perfect and comprehensive surveillance. while the Net certainly aids in data collection and monitoring that wasn’t previously possible, as we know, no system is without its cracks. it would probably be good if people outside of iran were reminded that the government of iran isn’t somehow omnipotent just because it has authoritarian elements.”

The More People Use It, The Stronger It Gets
“Tor is well known and respected as the best most efficient most anonymous proxy service. The Onion Routing makes the user almost completely untraceable.”

TOR BRIDGES,1000000189,39616925,00.htm
from Moxie Marlinspike:

“I’m not following the tech situation in Iran very closely, but it seems like activists within Iran who are trying to share information and coordinate actions should be using TOR rather than just SSL proxies. TOR can probably provide the most robust defense against attempts at censoring information, allowing Iranians to use social networking tools, as well as providing (at least) network-level anonymity.

The problems with SSL proxies are:
1) There are reports that port 443 is blocked. You could run an SSL proxy on another port, but most are on 443 right now. TOR bridges, however, are available on a wide range of ports.
2) Every time a list of SSL proxies is published, the government can just blacklist them all. While the government could ban direct access to the entire TOR directory, TOR bridges make it difficult for them to restrict TOR traffic outright.
3) Simple SSL proxies are more vulnerable to any number of attacks. For instance, it’s often not possible to determine who’s running the proxy (the government or not?), and while this is also true for any individual TOR node, no individual TOR node simultaneously knows both the client’s identity as well as the site they’re visiting. TOR is also more resilient to timing attacks and other MITM attacks on SSL traffic.”

Iranian Protests Becoming Crowd-Sourced Cyber War
BY Kit Eaton / Jun 17, 2009

“The really interesting thing about these attacks are not that they’re going on–DDoS attacks after elections apparently isn’t a new phenomenon–but how they’re being carried out. Rather than using simple code, with automated viral botnets and the like, these efforts are largely being driven by hand. There are a number of simple scripts going around that can be downloaded and which continually re-load the target Web sites in a browser window. It’s a simpler system, being coordinated by word of mouth, Twitter and other means, but it appears to be effective–all the target sites are offline, or have bandwidth issues.

And the subtlety that this is a crowd-sourced form of cyber war, or cyber revolution, rather than an anonymous automated network of infected PCs, shouldn’t go unnoticed. The new technological infrastructure is giving people a way to protest and act in ways that wouldn’t have been possible before. While the morality of DDoS attacks remains a grey area, it’s nevertheless a fascinating V for Vendetta-style effect in action.”


Web Attacks Expand in Iran’s Cyber Battle (Updated)
BY Noah Shachtman / June 16, 2009

More and more of Iran’s pro-government websites are under assault, as opposition forces launch web attacks on the Tehran regime’s online propaganda arms. What started out as an attempt to overload a small set of official sites has now expanded, network security consultant Dancho Danchev notes. News outlets like Raja News are being attacked, too. The semi-official Fars News site is currently unavailable. “We turned our collective power and outrage into a serious weapon that we could use at our will, without ever having to feel the consequences. We practiced distributed, citizen-based warfare,” writes Matthew Burton, a former U.S. intelligence analyst who joined in the online assaults, thanks to a “push-button tool that would, upon your click, immediately start bombarding 10 Web sites with requests.” But the tactic of launching these distributed denial of service, or DDOS, attacks remains hugely controversial. The author of one-web based tool, “Page Rebooter,” used by opposition supporters to send massive amounts of traffic to Iranian government sites, temporarily shut the service down, citing his discomfort with using the tool “to attack other websites.” Then, a few hours later, he turned on the service again, after his employers agreed to cover the costs of the additional traffic. is opening up 16 Page Reboot windows simultaneously, to flood an array of government pages at once.

Other online supporters of the so-called “Green Revolution” worry about the ethics of a democracy-promotion movement inhibitting their foes’ free speech. A third group is concerned that the DDOS strikes could eat up the limited amount of bandwidth available inside Iran — bandwidth being used by the opposition to spread its message by Twitter, Facebook, and YouTube. “Quit with the DDOS attacks — they’re just slowing down Iranian traffic and making it more difficult for the protesters to Tweet,” says one online activist.

But Burton — who helped bring Web 2.0 tools to the American spy community — isn’t so sure. “Giving a citizenry the ability to turn the tables on its own government is, I think, what governance is all about. The public’s ability to strike back is something that every government should be reminded of from time to time.” Yet he admits to feeling “conflicted.” about participating in the strikes, he suddenly stopped. “I don’t know why, but it just felt…creepy. I was frightened by how easy it was to sow chaos from afar, safe and sound in my apartment, where I would never have to experience–or even know–the results of my actions.”

The Proxy Fight for Iranian Democracy
BY James Cowie / June 22, 2009

If you put 65 million people in a locked room, they’re going to find all the exits pretty quickly, and maybe make a few of their own. In the case of Iran’s crippled-but-still-connected Internet, that means finding a continuous supply of proxy servers that allow continued access to unfiltered international web content like Twitter, Gmail, and the BBC. A proxy server is a simple bit of software that you run on your computer. It effectively lets you share your computer with anonymous strangers as a “repeater” for content that they aren’t allowed to fetch themselves. For example, an Iranian web browser might be manually configured to use your computer (identified by an IP address and a port number) as a Web proxy. When your anonymous friend reads, or posts a tweet, the request goes via your computer, instead of to Twitter’s web server directly. Except for a little delay, and the fact that your friend gets to see what the uncensored Internet looks like from New York or London or São Paolo instead of Tabriz or Qom, surfing through a proxy is pretty much like surfing without one. As you might imagine, open web proxies are valuable commodities in places where it’s forbidden, possibly dangerous, to surf the Internet. Iran’s opposition movement has been vigorously trading lists of open proxies over the past week. And as you might further imagine, the Iranian government censors have worked overtime to identify these proxies and add them to the daily blacklists.

As an experiment, we geolocated a list of about 2,000 web proxies (unique IP addresses and port numbers) that were shared on Twitter and other web sites over the course of the last week, to see if we could discern patterns in the places that are hosting them. Most of these are no longer reachable from inside Iran, of course, precisely because they were made public. The USA and Western Europe were well-represented, but so were China, India, Russia, Romania, Bulgaria, Vietnam, … 87 countries in all, a pretty impressive breadth of representation, considering the relatively small size of this sample. (You can also see about a dozen Iranian IP addresses represented in the set. Not surprisingly, all but one of these belong to networks originated by DCI, the government-run service provider who operates the modern-day Internet equivalent of the Alamūt Castle.)

In a geographic visualization of the proxies, drawn in Google Earth, each of the colored arcs represents a single open web proxy; they are “fountaining” out of a cable landing or Internet traffic exchange point that makes approximate sense for their Iranian Internet routing. For example, all of the web proxies in Europe are drawn from the Marseilles termination of the Sea-Me-We-4 cable. The web proxies in Turkey are drawn in light blue, radiating from Ankara, where the Iran-Turkey gas pipeline passes through on its way from Bazargan. Those unusual Iranian proxies emerge from Tehran, and so forth. If we rotate the globe, you can see how the countries of Asia are doing their part to keep the bits flowing in Iran. India, China, South Korea, Taiwan, Vietnam, and Japan are all visible sources of web proxy activity.

I’d like to be able to say that these maps are a measure of the strength of the democratic impulse and volunteer spirit in all the countries of the world. But that might be a stretch. You see, looked at another way, an open proxy is a security hole, something you might find in a machine that’s been compromised, or at the very least, badly administered. Security purists think of them as the “unlocked gun cabinet” of the Internet — a resource for anyone who wants to abuse a website, commit fraud, cover their tracks. Some of the proxies in this dataset are undoubtedly fresh, created by people who want to keep the Internet alive for the Iranian people. But many of these proxies have probably been around for months or years, mapped out by those that map out such things. We did see a few organizers try to explain the concept of an ACL (Access Control List) to all the new proud parents of open proxies. If you are diligent, it is possible to restrict the anonymous users of your new proxy to just the Iranians, or even just the Iranian non-government networks, if you have a good enough list of the IP address blocks (network prefixes) in question. But I expect that the complexity of configuring anything tighter than an “open access” proxy is going to prove too high a barrier to entry for most people who might volunteer to run one.

For one thing, we know how hard this is. Renesys has pretty good lists of per-country networks and their transit patterns, based on our analysis of the global routing tables, and trust me, they take some work to maintain. And even given good maps of Iran’s address space to work from, ACLs are notoriously hard to test, if you don’t have Iranian friends who can try your server from inside the protest zone and report back to you with problems. Most people aren’t going to bother, and that’s probably okay. Freedom is messy. There’ll be time for security later. Perhaps the strangest thing of all, given how diverse and active and vocal the proxy server farmers have been, is that by and large, it isn’t working. The rate with which new proxies are being created has slumped over the last few days. It’s getting harder and harder to propagate new proxies to the people who need them, as the government consolidates its hold on the filtering mechanisms. Any new proxy addresses that are posted to Twitter, or emailed, will be blocked very quickly.

People we talk to inside Iran say that almost no proxies are usable any more. Freegate, a Chinese anti-censorship application that makes use of networks of open proxies, has proven popular in Iran. But this week, it, too, has been experiencing problems. Many popular applications, like Yahoo! Messenger, have stopped working. The authorities are said to be using power interruptions as a cyberweapon, causing brief outages during rallies that cause computers to reboot, just as people are trying to upload images and video. The net result, as Arbor’s excellent analysis shows, has been a drastic reduction in inbound traffic on filtered ports since the election.

If there’s a lesson here for the rest of the world, perhaps it’s this: Install a few proxy instances on machines you control. Learn how to lock them down properly. Swap them with your friends overseas who live in places where the Internet is fragile. Set up your tunnels and test them. And don’t wait until the tanks are in the streets to figure this out, because by that point, you may have already lost the proxy war.

Silicon Valley should step up, help Iranians
BY Cyrus Farivar / June 30, 2009

“Until Iran’s election and ensuing political crisis, many Silicon Valley companies had ignored Persian-language services almost entirely. It’s easy to understand why. First, there’s an American embargo against Iran, which forbids American companies from doing business with that country. Second, there is a perception that the Iranian community (particularly outside of Los Angeles) is not that large or significant. Third, most Iranians in the United States are well-educated, upper-class people who speak English very well.

So ignoring Iran has been convenient – there has seemingly been no real business motivation for tech companies to make their products useful for Iranians both inside and outside Iran. This thinking is despite the fact that there are more Persian speakers worldwide than Korean speakers. That’s about 100 million people, including the 75 million Iranians (including the diaspora) plus neighboring Tajikistan and Afghanistan. Sure, Korea is a much more wired society than Iran, but that also means there is that much more opportunity for Iranian online applications and software to take off in the marketplace.

So instead of superficial support, like Twitter users changing their avatars to green to support Iran’s reformist movement, Silicon Valley minds and money should pool resources as a way to help Iranians get around this information blockade by providing easier-to-use proxies, anonymizers and maybe even unfiltered Internet access through hardware.

Long-range Wi-Fi, 3G, satellite or other wireless communications devices from Iran’s neighboring countries or even the Persian Gulf could be used to get faster and better information in and out of Iran. One Arizona company, Space Data, even advertises the capability to use helium-filled balloons to provide Internet and mobile phone access. Much of Iran could theoretically be covered with one or two such balloons. All of that may sound crazy, but not helping Iranian reformers at their darkest hour would be crazier.”


“With all the turmoil and internet censorship in Iran making it difficult to get an accurate picture of what’s going, security researchers have found a way to locate gaps in Iran’s filtering by analyzing traffic exiting Iran. The short version is that SSH, torrents and Flash are high priorities for blocking, while game protocols like WoW and Xbox traffic are being ignored, even though they also allow communication. Hopefully, this data will help people think of new ways to bypass filtering and speak freely, even though average Iranians have worse things to worry about than internet censorship, now that the reformists have been declared anti-Islamic by the Supreme Leader. Given the circumstances, that declaration has been called ‘basically a death sentence’ for those who continue protesting.”

Reader CaroKann sends in a related story at the Washington Post about an analysis of the vote totals in the Iranian election (similar to, but different from the one we discussed earlier) in which the authors say the election results have a one in two-hundred chance of being legitimate.

Iranian Traffic Engineering
BY Craig Labovitz / June 17th, 2009

The outcome of the Iranian elections now hangs in the balance and perhaps, also on the availability of the Internet (or at least Twitter and Facebook according to the US State Department). Based on significant Internet engineering changes over the last week, the Iranian government seems to agree… While other countries (e.g. Burma in 2007) completely unplugged the country during political unrest, Iran has taken a decidedly different tact.

Before going further, I should note that we have no direct insight into Iranian political machinations nor telecommunications policy. But the 100 ISPs participating in the Internet Observatory provide some interesting hints on how the Iranian government may hope to control Internet access. The state owned Data communication Company of Iran (or DCI) acts as the gateway for all Internet traffic entering or leaving the country. Historically, Iranian Internet access has enjoyed some level of freedom despite government filtering and monitoring of web sites.

In normal times, DCI carries roughly 5 Gbps of traffic (with a reported capacity of 12 Gbps) through 6 upstream regional and global Internet providers. For the region, this represents an average level of Internet infrastructure (for purposes of perspective, a mid size ISP in Michigan carries roughly the same level of traffic).

Then the Iranian Internet stopped. One the day after the elections on June 13th at 1:30pm GMT (9:30am EDT and 6:00pm Tehran / IRDT), Iran dropped off the Internet. All six regional and global providers connecting Iran to the rest of the world saw a near complete loss of traffic. The below graph shows Iranian Internet traffic through Iran’s six upstream providers.

{Note: All data comes from analysis of Internet Observatory anonymous ASPath traffic statistics from which we infer upstream ISP traffic. Also a few caveats — Iranian traffic is such a small part of global Internet traffic levels that the Observatory data is fairly noisy. We used a number of standard statistical approaches to normalize the sampled dataset.}

As noted earlier, Iran normally sees around 5 Gbps of traffic with typical diurnal and weekly curves (though Iran sees dips both on Iranian weekend of Thurs / Friday as well as during western Sat / Sun weekends). From the view of the Observatory, most Internet traffic to Iran goes through Reliance (formerly Flag) Telecom, the major Asia Pacific region underseas cable operator. Singtel, a major pan-Asian provider and Türk Telekom also provide significant transit.

Initially, DCI severed most of the major transit connections into Iran. Within a few hours, a trickle of traffic returned across TeliaSonera, Reliance and SignTel — all well under 1 Gbps.

The below graph shows a zoomed in view of the outage and earlier graph.

As of 6:30am GMT June 16, traffic levels returned to roughly 70% of normal with Reliance traffic climbing by more than a Gigabit. So what is happening to Iranian traffic? I can only speculate. But DCI’s Internet changes suggest piecemeal migration of traffic flows. Typically off the shelf / inexpensive Internet proxy and filtering appliances can support 1 Gbps or lower. If DCI needed to support higher throughput (say, all Iranian Internet traffic), then redirecting subsets of traffic as the filtering infrastructure comes online would make sense.

Unlike Burma, Iran has significant commercial and technological relationships with the rest of the world. In other words, the government cannot turn off the Internet without impacting business and perhaps generating further social unrest. In all, this represents a delicate balance for the Iranian government and a test case for the Internet to impact democratic change. Events are still unfolding in Iran, but some reports are saying the Internet has already won.


Could Iran Shut Down Twitter?
BY Jonathan Zittrain / June 15th, 2009

Iran has been able to impose a finely grained Internet filtering regime, not having to deal with the sheer volume of traffic that, say, China has. It’s able to treat its Internet-using public the way a school can filter what its kids see on their PCs. All Internet traffic is routed through a server farm that applies the filtering. (The government used to run U.S. company Secure Computing’s (since acquired by McAfee) SmartFilter software. Secure Computing denied selling the software to Iran; see Wikipedia’s summary. Today Iran runs its own home-grown filtering software.)

So it’d be trivial for the Iranian government to block access to Twitter as it could to any particular Web site, and it could even block access to some Twitter users’ feeds there while leaving others open, by simply configuring its filters to allow some Twitter urls through while filtering others. But Twitter isn’t just any particular Web site. It’s an atom designed to be built into other molecules. More than most, Twitter allows multiple paths in and out for data. Its open APIs make it trivially easy for any other Web service provider to insert a stream of tweets in or to capture what comes out. Thus Twitterfall can provide a waterfall of tweets — all viewable by going there instead of to Twitter. Anyone using at Twitterfall can tweet from there as well. You can hook up your Facebook status in either direction, so that when you tweet it automatically updates your Facebook status — or the other way around.

The very fact that Twitter itself is half-baked, coupled with its designers’ willingness to let anyone build on top of it to finish baking it (I suppose it helps not to have any apparent business model that relies on drawing people to the actual Twitter Web site), is what makes it so powerful. There’s no easy signature for a tweet-in-progress if its shorn of a direct connection to the servers at And with so many ways to get those tweets there and back without the user needing, it’s far more naturally censorship resistant than most other Web sites. Less really is more. Publius points out that Iran could simply cut off all Internet access, or at least all access for most people there. Maybe it’ll come to that.

“Have you ever come across a web site that you could not access and wondered,”Am I the only one?” Herdict Web aggregates reports of inaccessible sites, allowing users to compare data to see if inaccessibility is a shared problem. By crowdsourcing data from around the world, we can document accessibility for any web site, anywhere.”

Iran Pro-Regime Voices Multiply Online
BY Christopher Rhoads and Geoffrey A. Fowler / July 3, 2009

Supporters of Iran’s regime are taking a cue from the opposition’s strategy: They’re mounting an online offensive. Thousands of Iranians used social-networking sites and blogs after Iran’s election last month to criticize the government and spread news of its violent clashes with protesters. But over the past week, a growing number of Iranian users of Twitter — the online service that allows users to send short messages — have been “tweeting” in favor of the regime, according to Internet security experts and others studying the development.

Some messages throw cold water on planned protests. “Staying at home tomorrow to avoid angering my elected govt,” one user with the name Eyeran wrote. Others make threats. A user with the name Vagheeiat (Persian for “realities”) said in an online message to an apparent opposition supporter: “The Basij [volunteer militia] protects the honor of the people and is the killer of you, liars and puppets of the U.S.” Ariel Silverstone, an Internet security expert in Atlanta, says the number of pro-government messages on Twitter in the past few days has increased to about 100 every six hours from just one every 12 hours or so earlier in the post-election period.

It is impossible to determine whether the comments come from members of Iran’s government or simply supporters. Attempts to reach such users of Twitter weren’t successful. But Internet experts see clues in certain patterns of use. In the case of Vagheeiat, the user biography on Twitter says the person who sent the message is a member of a unit of the Revolutionary Guard, which oversees the Basij. The user’s profile links to the Web site of the Revolutionary Guard unit. Vagheeiat used Twitter on only one day, last Thursday.

On Twitter, users can receive the messages of others by choosing to “follow” them, or joining in conversations on a certain topic. Many of the Iranian users sending pro-government missives opened accounts only a few days ago, and have few, if any, followers — nor are they following anyone else, Mr. Silverstone said. Also pointing to an orchestrated effort, some pro-regime messages are simultaneously blasted from different online accounts at regular intervals. Among them: “Mousavi the Instigator is in custody,” referring to opposition leader Mir Hossein Mousavi. Twitter Inc.’s co-founder Biz Stone declined to comment.

The government “has made a concrete effort to fight the opposition online,” Mr. Silverstone says. “Over the past few days this has really increased.” While some of the tactics are new — particularly the use of Twitter — the regime and its supporters aren’t new to the Internet. President Mahmoud Ahmadinejad has had his own blogs, in English and Persian, since the summer of 2006, and posted four messages before the recent election. Earlier this year, the Revolutionary Guard put out a call online for 10,000 bloggers to spread its views.

In one instance, the regime has sought to tap into the power of the Internet to help identify and round up individuals for arrest. A Web site called Gerdab, which means “vortex” in Persian, shows nearly two dozen candid photos of individuals with their faces circled in red. The site, which says it is owned by the organized-crime-fighting unit of the Revolutionary Guard, states that these people were behind the post-election chaos, and seeks information about them. There are spaces for visitors to the site to enter names, addresses, phone numbers and other information about the people who are marked. The site says that so far two of the people pictured had been identified and arrested.

The technique — which is commonly called crowd-sourcing and relies on the shared knowledge of numbers of people — is typically used for things like working out the bugs in new software or rating restaurants. “It would not be the first time that a photo has led to trouble or imprisonment in a conflict. However, this is a new development in officially sanctioned stalking and persecution by crowd-sourcing information online,” an Iranian blogger in Brussels wrote under the pen name Hamid Tehrani. He is the Iran editor of Web site Global Voices Online, but declined to provide his real name.

The online protest movement appears to be losing steam. After the election, fan pages for Mr. Mousavi on the social-networking site Facebook were signing up several thousand new users a day. The number of supporters listed by the most popular Facebook fan page for Mr. Mousavi, which swelled from about 2,500 a few weeks before the election to more than 100,000, hasn’t grown much since last week. Sassan, a Californian in his 30s who declined to give his last name, says his cousin in Iran stopped using Facebook after his friends were shown pictures of their Facebook pages and copies of their emails while jailed after a protest.

Other observers say the action online is mirroring what is happening on the street. “There is a little less activity because there is a little less to take a picture of,” says Jonathan Zittrain, a co-founder of Harvard University’s Berkman Center for Internet & Society. Richard Stiennon, the founder of Internet security firm IT-Harvest, notes the number of messages on Twitter relating to the Iranian unrest has plummeted in recent days — giving way to last week’s news of the death of pop star Michael Jackson.

A Deeper Look at The Iranian Firewall
BY Craig Labovitz

In the previous blog post about the Iranian firewall, we explored macro level Iranian traffic engineering changes (showing that Iran cut all communication after the election and then slowly added back Internet connectivity over the course of several days). Like many other news reports and bloggers, we also speculated on Iran’s intent — how was the government manipulating Internet traffic and why?

Thanks to the cooperation of several ISPs in the region and Internet Observatory data, we can now do a bit better than speculate — we have pieced together a rough picture of what the Iranian government’s Internet firewall appears to be doing. The data shows that DCI, the Iranian state run telecommunications agency, has selectively blocked or rate-limited targeted Internet applications (either by payload inspection or ports).

I’ll step through several of these applications. On average, Internet traffic is dominated by web pages (roughly 40-50% of all Internet traffic). And the vast majority of this web traffic (unless you happen to be Google or Facebook) goes into ISPs and the millions of associated end users (as opposed to traffic going out of a country or ISP). Iran is no exception.

The below graph shows web traffic (TCP port 80) into Iran over the days before and immediately after the election. Though the graph clearly shows a brief post-election outage followed by a decrease in web traffic, the Iranian web traffic was comparatively unaffected by Iran filter changes. Based on reports of Iran’s pre-existing Internet filtering capabilities, I’d speculate DCI did not require significant additional web filtering infrastructure.

In contrast, the next graph shows streaming video traffic (Adobe Flash) going into and out of Iran. Note the significant increase of video traffic immediately preceding the election (presumably reflecting high levels of Iranian interest in outside news sources). All video traffic immediately stops on the Saturday following the election (June 13th at 6:00pm Tehran / IRDT) and unlike the web, never returns to pre-election levels.

The next graph on Iranian applications filters shows email into and out of the country. Again note the run up in email traffic immediately preceding the election (especially outbound mails). And then? The data suggests DCI began blocking some outgoing email even before the election completed. Following the election, email returned at reduced levels (again, presumably because DCI had filtering infrastructure in place).

Finally, a look at the top applications now blocked by the DCI firewall(s). The chart shows average percentage decrease in application traffic in the days before and after the election. As discussed earlier, the Iranian firewalls appear to be selectively impacting application traffic. I’ll note that ssh (a secure communication protocol) tops the list followed by video streaming and file sharing.

While the rapidly evolving Iranian firewall has blocked web, video and most forms of interactive communication, not all Internet applications appear impacted. Interestingly, game protocols like xbox and World of Warcraft show little evidence of government manipulation.

Perhaps games provide a possible source of covert channels (e.g. “Bring your elves to the castle on the island of Azeroth and we’ll plan the next Ahmadinejad protest rally?”)

Why Twitter Doesn’t Mean the End of Iranian Censorship
BY Hal Roberts / June 16, 2009

Amid post-election protests in Iran, the government has apparently increased its filtering of sites, such as Twitter and Facebook, that host potentially offensive (to the government) content–and even reportedly turned off for a short period the Internet connection to the rest of the world. A question simple to ask–but difficult to answer–is whether Iranians are successfully bypassing the filtering through proxies or other filtering circumvention tools.

Academic research has established for years that the government of Iran closely filters its Internet connections, blocking sites that it does not like (mostly pornographic ones, but political and religious sites as well). The government of Iran can do this easily because virtually all traffic flows through a single government-controlled ISP. (In fact, Iran for years used McAfee SmartFilter, a product of a U.S. company, to perform this filtering, but it uses its own homegrown filtering tools now.)

Some users combat this filtering by employing proxies, routing their traffic through a machine outside of Iran so that the Iran filter sees only traffic to that proxy, effectively exchanging Iran’s control of the network for the proxy’s control of its network. Iran responds by blocking these proxies as it finds them, and these proxy users respond by continually looking for new, unblocked proxies or by using tools like UltraSurf that do the work of filtering out government interference themselves.

Data about proxy use is naturally hard to find (the point is to hide the users’ usage), but our best data indicate that interest in using proxies has increased substantially over the past year and has doubled in the past week. But such use is confined to a small portion of Iranian Internet users; it’s in the low single percentage points. Google searches for “proxy,” for instance, remain orders of magnitude less popular than searches for “election.” Likewise, a steady flow of information about the protests has come out of Twitter, but the number of Iranian users actually Twittering seems to be a tiny portion of Iranians. As far as we can tell, the Iranian government has done a pretty good job of blocking its citizens’ Web requests to sites that it does not want them to see, including during the current crisis.

But new technologies make the battle over filtering harder to judge. Even though the government has reportedly blocked, a defining attribute of Twitter is that it is an open system in that it allows a wide diversity of external tools and sites to read from and write to its service through its programming interface. Jonathan Zittrain and John Palfrey point out that as content is divorced from delivery through such open systems, blocking, for example, Twitter-as-a-network-system much harder than simply blocking Twitter the site, since there are dozens of tools and sites that directly read and write the Twitter data stream.

And as with other recent global crises, the widespread use of distributed denial of service (DDoS) attacks has made it possible to filter a site by flooding it with so much data that it can no longer respond to legitimate users, rendering proxies useless for those sites. The tools to launch DDoS attacks, including simple Twitter campaigns to overload a list of sites, have become easily available, so both pro-government and protest actors have directed these attacks at each other’s sites.

But the technical issue of whether a given site returns a response for a given set of people captures only one small part of the larger problem of determining who controls the flows of information on the Internet and through media and social networks in general. A fuller approach to the problem is to think about those flows of information and how they are being filtered, by social and political as well as technical means. We should ask, for example, whether the information from the core group of proxy/Twitter users is filtering out to the wider Iranian and global communities, how it is flowing to and through those communities, and what effect the information is having as it filters out. The answers to those questions are impossible to determine in real time from the outside, given the chaos and confusion of the situation. As with the protests, time and perspective will tell.

{As a Fellow at the Berkman Center for Internet & Society at Harvard University, Hal Roberts performs primary research into global Internet filtering.}


WSJ: Nokia, Siemens Help Iran Spy on Internet Users
BY Kim Zetter E / June 22, 2009

According to a somewhat confusing Wall Street Journal story, Iran has adopted NSA-like techniques and installed equipment on its national telecommunication network last year that allows it to spy on the online activities and correspondence — including the content of e-mail and VoIP phone calls — of its internet users. Nokia Siemens Networks, a joint venture between Germany’s Siemens and Finland’s Nokia, installed the monitoring equipment late last year in Iran’s government-controlled telecom network, Telecommunication Infrastructure Co., but authorities only recently engaged its full capabilities in response to recent protests that have broken out in the country over its presidential election.

The equipment allows the state to conduct deep-packet inspection, which sifts through data as it flows through a network searching for keywords in the content of e-mail and voice transmissions. According to the Journal, Iran seems to be doing this for the entire country from a single choke point. “Seems,” because although the Journal states that Nokia Siemens installed the equipment and that signs indicate the country is conducting deep-packet inspection, the paper also says “it couldn’t be determined whether the equipment from Nokia Siemens Networks is used specifically for deep packet inspection.”

Although the Journal has published questionable “spying” stories in the past, we’re willing to go with them on this one. It’s previously been reported that Iran was blocking access to some web sites for people inside the country as protesters took to the streets and the internet to dispute the results of the country’s recent presidential election. But sources told the Journal that the government’s activities have gone beyond censorship to massive spying. They say the deep-packet inspection, which deconstructs data in transit then reconstructs it, could be responsible for network activity in Iran having recently slowed to less than a tenth of its regular speed. The slowdown could be caused by the inspection at a single point, rather than at numerous network points, as China reportedly does it. A brochure promoting the equipment sold to Iran says the technology allows for “the monitoring and interception of all types of voice and data communication on all networks.”

A spokesman for Nokia Siemens Networks defended the sale of the equipment to Iran suggesting that the company provided the technology with the idea that it would be used for “lawful intercept,” such as combating terrorism, child pornography, drug trafficking and other criminal activity. Equipment installed for law enforcement purposes, however, can easily be used for spying as well. “If you sell networks, you also, intrinsically, sell the capability to intercept any communication that runs over them,” the spokesman told the Journal. He added that the company “does have a choice about whether to do business in any country” but said, “We believe providing people, wherever they are, with the ability to communicate is preferable to leaving them without the choice to be heard.” In March, the company sold off its monitoring technology to a German investment firm.

Deep-Packet Inspection in U.S. Scrutinized Following Iran Surveillance
BY Kim Zetter / June 29, 2009

Following a report last week that Iran is spying on domestic internet users with western-supplied technology, advocacy groups are pressuring federal lawmakers to scrutinize the use of the same technology in the U.S. The Open Internet Coalition sent a letter to all members of the House and Senate urging them to launch hearings aimed at examining and possibly regulating the so-called deep-packet inspection technology. Two senators also announced plans to introduce a bill that would bar foreign companies that sell IT technology to Iran from obtaining U.S. government contracts, legislation that is clearly aimed at the two European companies that reportedly sold the equipment to Iran. The Wall Street Journal reported last week that Nokia Siemens Networks, a joint venture between Germany’s Siemens and Finland’s Nokia, recently gave Iran deep-packet inspection equipment that would allow the government to spy on internet users. According to the Journal, Iranian officials have used deep-packet surveillance to snoop on the content of e-mail, VoIP calls and other online communication as well as track users’ other online activity, such as uploading videos to YouTube. Iranian officials are said to be using it to monitor activists engaged in protests over the country’s recent disputed presidential election, though the Journal said it couldn’t confirm whether Iran was using the Nokia Siemens Networks equipment for this purpose or equipment from another maker. Nokia Siemens has denied that it provided Iran with such technology.

But similar technology is being installed at ISPs in the U.S. It spurred extensive controversy last year when Charter Communications, one of the country’s largest ISPs, announced that it planned to use deep-packet inspection to spy on broadband customers to help advertisers deliver targeted ads. The plan sparked a backlash and heated congressional hearings. Publicity about the issue died down, however, after Charter retreated from its plan, and Congress moved on to other matters. But deep-packet inspection didn’t go away. ISPs insist they need it to help combat spam and malware. But the technology is ripe for abuse, not only by ISPs but also by the U.S. government, which could force providers to retain and hand over data they collect about users.

In its letter to lawmakers urging them to investigate the technology, the Open Internet Coalition delicately avoided placing the U.S. government in the same category as Iran by not mentioning possible U.S. government abuses of the technology. “We do not believe U.S. network owners intend to interfere with political communications in the way the Iranian government is doing, but the control technologies they are deploying on the internet carry the same enormous power,” the Coalition writes. “And, whether an inspection system is used to disrupt political speech or achieve commercial purposes, both require the same level of total surveillance of all communications between end-users and the internet.”

At a House subcommittee hearing this year to examine the technology, Rep. Rick Boucher (D-Virginia) also expressed alarm. “The thought that a network operator could track a user’s every move on the Internet, record the details of every search and read every e-mail or attached document is alarming,” he said. With regard to the sale of the technology to Iran, Sens. Charles E. Schumer (D-New York) and Lindsey Graham (R-South Carolina) attempted to address the Nokie Siemens issue with a bill that would prevent foreign companies selling sensitive technology to Iran from either obtaining new government contracts or renewing existing ones, unless they halt their exports to Iran. According to NextGov, Nokia did more than $10 million in business with the U.S. government between 2000 and 2008; Siemens has nearly 2,000 U.S. government contracts and obtained $250 million in U.S. government contracts this year alone. Nokia Siemens Networks currently has more than $5 million in U.S. government contracts. Neither Schumer nor Graham mentioned how such a law would be enforced if foreign companies used proxies to sell their products to Iran to circumvent the regulation.

The U.S. government embargo against U.S. companies selling to Iran is one of the tightest. The embargo currently prevents any U.S. individual or company from obtaining a license to sell goods and technologies to Iran that could be used for, among other things, missile proliferation purposes, chemical and biological warfare proliferation, human rights and crime control. The embargo, however, has done little to prevent Iran from obtaining U.S. technology anyway. In the meantime, consumers called for a boycott of Nokia and Siemens products. And Hands Across the Mideast Support Alliance (HAMSA) has organized a writing campaign urging users to send a protest letter to Nokia. According to the organization’s site, nearly 4,000 people have acknowledged sending the letter so far.

Iranian Women Take To The Streets, Demand Equal Rights, Economic Opportunities
BY Martha Raddatz and Susan Rucci / June 19, 2009

The huge rallies this week in Iran, the largest seen since the 1979 Islamic Revolution, have included thousands of women, who have taken to the streets to oppose the government of President Mahmoud Ahmadinejad. Some are dubbing itthe “lipstick revolution.” A week after the contested election that declared incumbent President Ahmadinejad the winner, protests over alleged voting fraud still continue strong.

Women, old and young, are visible at every rally — chanting, shouting, defiantly flashing V for Victory signs, carrying placards protesting the election results, defying the police and, in some cases, facing brutal retaliation. Others say the presence of so many woman is only the tip of the iceberg. “This movement is not about wearing lipstick and throwing their veil off,” Kelly Nikinejad, editor of, told ABC News. “It’s so much deeper than that.” Many Iranian women want what they have desired for so long — equal rights. Women make up an important part of Iran’s population. They constitute 65 percent of all university students, but only 12 percent of women are in the workforce. Additionally, under the current law, women do not have equal divorce, child custody or inheritance rights. Last year, Ahmadinejad’s government tried to push a “family protection law” through parliament. The law would ease restrictions on polygamy and taxing mehriyeh, the traditional payment a husband gives a wife upon marriage, angering many.

In this election, women, who have been on the forefront of many a political movement in the country including the 1979 Revolution, threw their weight boldly behind Mir Hossein Mousavi, the reformist candidate who enjoys overwhelming support but according to election results, was defeated by a wide margin by Ahmadinejad, leading the opposition and their supporters to cry foul. “They are very brave,” Nikinejad said. “They go and they get beat up every day and they come back and they say I hurt, I hurt there, and then the next day they go back and they get pepper sprayed, beaten up, it’s amazing.” The bold support for Mousavi does not mean that Ahmadinejad does not have a female base. In fact, many women showed up at his rallies as well and strongly believe that he would solve their problems — from housing to health care. But to many Iranian women frustrated about their lives, Mousavi’s message of change and hope and equal rights struck a deep chord.

Iranian Women Demand Equal Rights
And they saw hope not only in Mousavi, but also in his wife, Zahra Rahnavard, a reflection of themselves. Rahnavard became the first Iranian women to openly campaign with her husband. “She was the image of change in Iran,” Nikinejad said. “She’s a very educated woman. She has two PhDs. She’s authored 20 books.” Mousavi and his wife called for more economic and social rights for women. “Changing this mentality and picture [of women] can be very helpful because if we step toward improving the situation of our women then we have progressed along the path of elimination of discrimination,” Mousavi said at a rally last week. “Women will be educated and trained so that they can be employed,” he said at another event.

His wife has also spoken out openly against Ahmadinejad’s government. “Today, we feel that an atmosphere of freedom of speech, press and thought, which we are all interested in and have confidence in, is absent. We feel that we do not possess an independent and great economy because of the wrong policies and adventurous behavior at a national and international level, and because of unilateral decisions without consultation with experts,” Rahnavard said at a political rally. “Now is the time we feel that we must be present on the scene.” Over the last few years, women once fearful in many of parts of the world are finding the courage to speak out. In 2002, in Bangladesh thousands of women marched demanding equal rights, and earlier this year 300 Afghan women protested a Taliban law that allowed marital rape. But the big question that remains to be answered is whether these courageous acts witnessed around the world will make a difference in Iran.

“The SMS (Short Message Service) system in Iran has been taken down, just hours before polls open for Friday’s presidential election. The Ghalam News report, translated from Persian, says that the popular network “was cut off throughout the country.” The action occurred just before midnight local time, less than nine hours before the start of elections. “All walks of life from all over the country” are discovering that “messages on different cell phone networks will not send.” The disruption in communication occurred after reformist candidates have been increasingly using Twitter and text messaging to rally support, per the Wall Street Journal. Approximatey 110 millions SMS messages have been sent per day leading up to the election, according to The Tehran Times.”

“Persian blogger Hossein Derakshan says Iranian officials recently detained several staff and web technicians who worked on banned reformist websites, in order to gain control of the sites. They have now reportedly taken control of the servers, shut them down, and deleted all of their content.”

“The Islamic Republic of Iran continues to expand and consolidate its technical filtering system, which is among the most extensive in the world. A centralized system for Internet filtering has been implemented that augments the filtering conducted at the Internet service provider (ISP) level. Iran now employs domestically produced technology for identifying and blocking objectionable Web sites, reducing its reliance on Western filtering technologies. The regulatory agencies in Iran charged with policing the Internet continue to expand. The Revolutionary Guard has begun to play an active role in enforcing Internet content standards.”

Iran cancels foreign media accreditation


“A purge of reform-oriented individuals….” / 17 June 2009

PROXY WARS (cont.),1518,626412,00.html

Newspaper Roozonline has an interview (in Persian) with one of the young plainclothes militiamen who have been beating protesters. The Guardian’s Robert Tait sends this synopsis: “The man, who has come from a small town in the eastern province of Khorasan and has never been in Tehran before, says he is being paid 2m rial (£122) to assault protestors with a heavy wooden stave. He says the money is the main incentive as it will enable him to get married and may even enable him to afford more than one wife. Leadership of the volunteers has been provided by a man known only as “Hajji”, who has instructed his men to “beat the counter-revolutionaries so hard that they won’t be able to stand up”. The volunteers, most of them from far-flung provinces such as Khuzestan, Arak and Mazandaran, are being kept in hostel accommodation, reportedly in east Tehran. Other volunteers, he says, have been brought from Lebanon, where the Iranian regime has strong allies in the Hezbollah movement. They are said to be more highly-paid than their Iranian counterparts and are put up in hotels. The last piece of information seems to confirm the suspicion of many Iranians that foreign security personnel are being used to suppress the demonstrators. For all his talk of the legal process, this interview provides a key insight into where Iran’s supreme leader, Ayatollah Ali Khamenei, believes the true source of his legitimacy rests.”

Suppression of Dissent – The Players

Currently, there are two or three, maybe four, groups who are suppressing the students on the ground that you’ll read about throughout this thread:
1. The Basij
2. Ansar Hizbullah (which I will refer to as Ansar)
3. Lebanese Hizbullah (Unconfirmed rumour but either a probable or a persistent one. Der Spiegel, based on a Voice of America report, says that 5,000 Hizbullah fighters are currently in Iran masquerading as riot police, confirming the independent reports. Iran Press News has posted two photographs of men they claim are Hizbullah and Hamas mercenaries. Many different independent reports and video point that way. Even in the last days other independent twitter feeds have declared witnessing thugs beating on people while shouting in Arabic; I will refer to them as Hizbullah)
4. Lebanese Hamas (unconfirmed and doubtful. This rumour has been cropping up, with some of the most twitter feeds saying they had visual confirmation of Lebanese Hamas fighters along with Lebanese Hizbullah member. You should definitely take with a grain of salt, but it has been mentioned often enough, by sources generally always right, that it deserves of a mention here. Iran Press TV also claims to have posted a picture of Hamas mercenaries. I will refer to them as Hamas)

– The Basij are your regular paramilitary organization. They are the armed hand of the clerics. The Basij are a legal group, officially a student union, and are legally under direct orders of the Revolutionary Guard. Their main raison d’être is to quell dissent. They are the ones who go and crack skulls, force people to participate in pro-regime demonstrations, and generally try to stop any demonstrations from even starting. They are located throughout the country, in every mosque, every university, every social club you can think of. They function in a way very similar to the brownshirts.

They were the ones who first started the crackdown after the election, but it wasn’t enough. While they are violent and repressive, they are still Persian and attacking fellow citizens. A beating is one thing, mass killings another.

– Another group was working with them, whose members are even more extreme, is Ansar. There is a lot of cross-membership between the Basij and Ansar, though not all are members of the other group and vice-versa. The vast majority of Ansar are Persians (either Basij or ex-military), though a lot of Arab recruits come from Lebanon and train with them under supervision of the Revolutionary Guard. They are not functioning under a legal umbrella, they are considered a vigilante group, but they pledge loyalty directly to the Supreme Leader and most people believe that they are under his control. They are currently helping the Basij to control the riots, but due to the fact that they are Persians and in lower numbers than the Basij, they are not that active.

– The Lebanese Hizbullah is a direct offshoot (and under direct control) of the Iranian Hizbullah (itself under direct control of the Supreme Leader) and cooperates closely with Ansar though Ansar occupies itself only with Iran’s domestic policies, while Hizbullah occupies itself only with Iran’s foreign policy unless there is a crisis like right now. However, Hizbullah has been called to stop violent riots in Iran in the past.

(The following paragraph includes some speculation based on reports from ground zero, it is no confirmed, this is what was reported early on by various twitter feeds considered credible, so do not take this as anything but unconfirmed rumours) Hizbullah flew in a lot of their members in Iran, most likely a good deal even before the elections in case there were trouble. They are the ones who speak Arabs and are unleashing the biggest level of violence on the Persians so far. Another wave arrived recently and there is chatter that yet another wave of Hizbullah reinforcements are coming in from Lebanon as we speak. According to Iranians on the ground, they are the ones riding motorcycles, beating men women and children indiscriminately and firing live ammunitions at students.

– The Lebanese Hamas is a branch of Hamas set-up in Lebanon. Like Hamas in Gaza, Hamas in Lebanon is directly under the orders of the Hamas council of Damascus known as Majlis al-Shurah. While it is surprising to hear that they might be involved, and as I said take these reports with a grain of salt until we get more confirmations, it is not illogical either. Iran has become the main benefactor of Hamas in the last years, branching out from only supporting Islamic Jihad. They now provide Hamas with the bulk of their budget, with advanced weaponry and training by the Iranian Revolutionary Guard. Not only does Hamas own them a lot, but if the Republic falls, Hamas finds itself in dire trouble. It is very likely that, at the call of Iran, the Majlis al-Shura would have decided to send fighters from their Lebanese Hamas branch along with Hizbullah fighters if it was requested of them.

Other Players
The Police – Iran’s police force is not dissimilar to your run-of-the-mill law enforcement apparatus in other dictatorships, with the difference that they are not generally as brutal and repressive. This is because the Basij are generally in charge of these activities, meaning that Iranian policemen generally concentrate more on the law and order aspect of Iranian daily life.

Today, it is thought that the Iranian police numbers close to 60,000 members, in contrast with up to a million Basij members. This is one of the reasons why we hear much more about the plainclothes militia than we do about the police right now, the other being that the Basij and Ansar are much more willing to violently assault their fellow citizens than even the regular police force. This is not as much a testament to the decency of your average police officers as much as a damning report of what the Basij and Ansar thugs are like.

There are also subdivisions and extra-legal forces attached to the police force. The major subdivision would be the riot police (So-called Unit 110) who are actually much more violent than regular police officers, but also in much, much smaller numbers. There is also VEVAK, the secret police. Very little is known and confirmed about them, except their extreme tactics include murder, kidnapping and torture.

The Army
In Iran, there are actually two armies. They are divided between Artesh and Pasdaran. Artesh is the regular Military apparatus of the Republic. Their numbers, including reservists, go up to a million members, but only half of them have received anything more than very basic training. As it is often the case in police states, there is very little known and confirmed about the structure of the Army itself. They were created prior to the Iranian Revolution, in fact this army has existed in one form or another, and is a continuation, for more than 2,500 years. This is not as impressive as it sounds, however, as they often underwent drastic changes, there is no real links between the current incarnations, and the top echelons were most often purged when new rulers took power. In fact, in the last 100 years, those purges happened between two or three times, depending on the count, the last time centered around the time of the Islamic revolution, when most generals were forced to flee, killed, or killed while in exile.

Artesh took the brunt of the military casualties during the Iran-Iraq war, the army is considered to very nationalist and not extremely religious, which explains why they have declared their neutrality and refusal to repress the situation, as they see their purpose to defend the Iranian population. Everyone agrees they will be the ultimate key to this Revolution when they finally decide to take a side, or alternatively force the Pasdaran to stay on the sidelines with them.

Pasdaran, also known as Iranian Revolutionary Guard
The Iranian Ground forces (I will focus on them, as the Navy and Air force are currently irrelevant, will update if the situation changes) have been estimated between 100,000 and 130,000 units total. As always, truth most likely resides somewhere in the middle. They are, much like the Basij and Ansar, subservient directly to the Supreme Leader, and ideologically created in the spirit of defending the Islamic Revolution ideals and Republic, not Iran per se. They also control the Basij.

They are a child of the revolution, and they are more geared toward guerilla warfare than they are for military engagements. They are also the force responsible for training the various terrorist groups financed and supported by the Iranian government. They are fanatically devoted to the Republic through intense indoctrination.

The elite troops are called Quds. They are considered the elite of the elite, but they only number between 2000-6000, although rumours say that they are twice or three time as big. They are, however, rumours and quite unlikely. Ultimately, the Revolutionary Council and the Supreme Leader will call on them if they think they are on the verge of losing power, however it is unlikely that the army will just stay on the sidelines if this happens.

The Grand Ayatollahs
The Grand Ayatollahs are Shiite clerics who first attained the position of Ayatollahs and then, through their knowledge of Islamic Jurisprudence, attained a supreme position and are regarded as the most important voice in Shia Islam today. They revolve around the holy Shiite city of Qom, though some live outside Iran.

Niruyeh Moghavemat Basij / Mobilisation Resistance Force

The Pasdaran was given the mandate of organizing a large people’s militia, the Basij, in 1980. Islamic Revolution Guards (Vezarat-e Sepah Pasdaran-e Enqelab-e Islamic) is in charge of the paramilitary national Mobilization of the Oppressed (Baseej-e Mostazafan) Organisation. It is from Basij ranks that volunteers were drawn to launch “human wave” attacks against the Iraqis, particularly around Basra.

The precise size of the Basij is an open question. Basij membership comprises mainly boys, old men, and those who recently finished their military service. Article 151 of the Constitution says the government is obligated to provide military-training facilities for everyone in the country, in accordance with the precepts of Islam under which all individuals should have the ability to take up arms in defense of their country

Iranian officials frequently cite a figure of 20 million, but this appears to be an exaggeration based on revolutionary leader Ayatollah Ruhollah Khomeini’s November 1979 decree creating the Basij. Khomeini said at the time that “a country with 20 million youths must have 20 million riflemen or a military with 20 million soldiers; such a country will never be destroyed.” In a 1985 Iranian News Agency report, Hojjatoleslam Rahmani, head of the Basij forces of the Pasdaran, was quoted as stating that there were close to 3 million volunteers in the paramilitary force receiving training in some 11,000 centers.

General Yahya Rahim-Safavi, the commander of the IRGC, predicted that in the Third Five-Year Development Plan (2000-04) the number of Basijis will expand to 15 million (9 million men, 6 million women) to better counter potential domestic and foreign threats. While apparently falling short of the goal outlined in the plan, Basij commander Brigadier General Mohammad Hejazi estimated the number of Basij personnel at 10.3 million in March 2004 and 11 million in March 2005. Basij commander General Mohammad Hejazi said on 14 September 2005 that the Basij has more than 11 million members across the country.

Other estimates place the force at 400,000. There are about 90,000 active-duty Basij members who are full-time uniformed personnel; they are joined by up to 300,000 reservists. The Basij can mobilize up to 1 million men. This includes members of the University Basij, Student Basij, and the former tribal levies incorporated into the Basij (aka Tribal Basij). Middle-school-aged members of the Student Basij are called Seekers (Puyandegan), and high-school members are called the Vanguard (Pishgaman).

The Niruyeh Moghavemat Basij – the Mobilisation Resistance Force – was the strong right arm of Ayatollah Khomeini. Its volunteers were martyred in their tens of thousands in the Iran-Iraq war, and were given the role of moral police at home. The supreme leader’s equally conservative successor, Ayatollah Ali Khamenei, has been careful not to let any of Iran’s overlapping security forces fall under the control of his elected rival.

Ashura Brigades were reportedly created in 1993 after anti-government riots erupted in various Iranian cities. In 1998 they consisted of 17,000 Islamic militia men and women, and were composed of elements of the Revolutionary Guards and the Baseej volunteer militia.

The Basij, or Baseej paramilitary volunteer forces, come under the control of the Revolutionary Guards. They have been active in monitoring the activities of citizens, enforcing the hijab and arresting women for violating the dress code, and seizing ‘indecent’ material and satellite dish antennae. In May 1999 the Minister of Islamic Culture and Guidance stated in public remarks that the Government might support an easing of the satellite ban. However, Supreme Leader Khamenei, who makes the ultimate determination on issues that involve radio and television broadcasting, quickly criticised any potential change as amounting to “surrender” to Western culture, effectively ending any further debate of the idea. The “Special Basijis” are not permitted to participate in political parties or groups, although other members of the Basij can belong to political associations if they are not on a Basij mission and do not use the name or resources of the Basij for the association. Basijis can participate in specialist or trade associations.

Hezbollahi “partisans of God” consist of religious zealots who consider themselves as preservers of the Revolution. They have been active in harassing government critics and intellectuals, have firebombed bookstores and disrupted meetings. They are said to gather at the invitation of the state-affiliated media and generally act without meaningful police restraint or fear of persecution.

President Mohammad Khatami told the cabinet on 22 November 2000 that “the Basij is a progressive force which seeks to play a better role in maintaining religious faith among its allies, and acquiring greater knowledge and skills.” The deputy commander of the Islamic Revolution Guards Corps, Brigadier-General Mohammad Baqer Zolqadr, made comments in a similar vein at the annual Basij Supreme Association for Political Studies and Analysis gathering. He told the audience that the Basij pursued military activities in the first decade after the revolution because the main threat facing Iran at the time was a military one. Now, Zolqadr explained, the Basij will become “involved anywhere if the country’s security, goals, or national interests are threatened.” A statement issued by the Basij Center at the Science and Technology University on 23 November 2000 explained how this will be accomplished : “The Basij Resistance Force is equipped with the most modern and up-to-date weapons and is undergoing the most advanced training. It is making such achievements that if the enemy finds out it will tremble and have a heart attack.” The Basij demonstrated what it would do in case that faile during 23 November 2000 civil defense exercises, when armed Basijis took up positions in the streets and along strategic locations.

The Basij Resistance Force appeared to be undergoing something of a revival under the administration of President Mahmud Ahmadinejad. This could be connected with the organization’s alleged role in securing votes for Ahmadinejad during the presidential campaign and on election day. Ahmadinejad appointed Hojatoleslam Heidar Moslehi, the supreme leader’s representative to the Basij, as an adviser in mid-August 2005. But the revival — along with changes in the paramilitary organization’s senior leadership — could also be connected with preparations for possible civil unrest. In late September 2005, the Basij staged a series of urban defense exercises across the country. General Mirahmadi, the first deputy commander of the Basij, announced in Tehran that the creation of 2,000 Ashura battalions within the Basij will enhance Iran’s defensive capabilities. Ashura units have riot-control responsibilities.

Street Survival Guide / 23-Jun-2009

“This is a document that a friend of mine who is an Iranian-American police officer has put together. He is the member of the SWAT team and he’s an expert on anti riot tactics. he has been watching and studying the videos and the tactics that basij has been using and he put the document together. It would be great to spread this document and pass it on to the kids in Iran. It might save their lives.” — “SB”

“Here are some simple ways of defending yourself when attacked by Basij or Security forces.

Anti riot attacks
Once caught by security forces, the best way to break free is by swinging relentlessly in all directions. Keep in mind that security forces have to hold on to you, which means they only can use one hand to deflect the blows. Brass Knuckle is extremely effective when trying to break loose from the grip of security forces. Wooden brass knuckle is strong and simple to make. The image above is a sample of a basic wooden brass knuckle that can be made with a piece of wood, a cutter and a drill. It should not take more than 30 minutes to make a wooden brass knuckle. Wooden brass knuckle is extremely strong, light weight and versatile. Make sure that the top edges are sharp and round.

Motorcycle attacks
Iranian Basij motorcycle units use attack and retrieve tactics which is meant to create fear more than anything else. The same tactic was used by US police forces on horsebacks when confronting the civil right protestors. The advantage of utilizing motorcycles in urban environment is obvious: motorcycles can go places that cars can’t. However, motorcycles have disadvantages which can handicap the force that uses them.

The most effective way of disabling motorcycles is using tire spikes. Though made of carbon cratnor material, the Basij motorcycle tires cannot withstand multiple punctures. The easiest way to spike Basiji’s tires is by using a simple tire spike system called Iron Caltrop. This simple device can be made in a matter of minutes by wrapping two pieces of nail together in a 65 degree angle. By dropping a handful of Iron Caltrop on the ground, you can deflate the tires of Basijis’ motorcycles in a matter of minutes. If you ride, you know how difficult it is to steer a motorcycle with two flat tires.

Tear gas
A fabric socked in vinegar can very well protect you against tear gas. Cover your nose and mouth with the fabric and keep plenty of water around to wash your eyes if you come in direct contact with tear gas. Urban Legend: burning tires will reduce the effect of tear gas. Not true, it actually increases the effect and it smells bad too.

Riot police is trained to use batons. They understand that it’s easy to hit a stationary target and much easier to hit a target that is running away. Hitting somebody with baton is a matter of timing. The worst thing you can do is to run away from baton whirling security guards because it allows them to time the strike perfectly. The most effective way to counter a security guard with baton is to throw off his timing by going directly at him. That’s right. Run away and turn and go directly at him. When you go directly at the guard and close the distance, you completely screw up his timing. A boxer cannot hit a person that is standing 2 inches away from his face. That’s why boxer bounce around. A baton whirling guard is just like a boxer, he needs to time his strikes. By going directly at the guard and closing distance you mess-up his timing and might even be able to take him down.

Riot formation
Basij and police security guardsmen perform best when crowd disperses and becomes separated. The worst scenario for the riot police is when the crowd is together and inseparable. South Korean labor protestors in the 90s were the best organized units in history of rioting. Thousands of them held on to each other (locked arms) and no matter what, they did not let go. It made it impossible for the riot police to disperse them.

Just a few tips. Please translate and send it back to the youth in Iran. This can save their lives.”

The Survivalist Guide To Protesting / 25 Jun 2009

“A twitterer named lettersoftheliv has published an exhaustive series of tweets as a how-to guide for non-violent demonstrations.

Here’s how to protect yourself from tear gas:
– Do not pick up/throw back tear gas canisters- will severely burn your hands.
– Vinegar soaked bandana helps you breath with tear gas. Contaminates fast, have extra.
– Most tear gas injuries come from PANIC/chaos,not the chemicals:Ppl lose heads.Effects intense but very short-term.
– Stay calm and yell “WALK, WALK” as you walk away from tear gas/pepper spray attack- spread calm.
– Do not wear contact lens- pepper spray can linger and damage your eyes.

How to protect yourself during a basij assault:
– Go limp – When rigid,easy to pick up & move. If limp weight,hard to pick up & move (Always tuck your head by looking at your belly) link arms, stay in large groups, never touch a basiji, consider Sit Down when attacked (depending on plan/setting/ and Weapon)
– If grp sits dwn & police grab at 1 to beat, that 1 should scoot back & ppl behind open up & pull thru to back.Ppl in front close gap.
– If sit in grp&1 beaten w/batons,Ppl drape selves over target:spread hits over 3 ppl’s butts, not 1 prsn’s head.Cover head & torso
– “No-Hit Strategy”-attacked ppl hv instinct 2 hit back:Never let ppl rcv more than 2 hits b4 swarming as group 2 protect.
– Swarm/Surround agitators who are becoming violent so they cannot escalate the situation.
– If police push u n grp,unsafe 2 push back:escalates situation.All cross ankles & sit in place.Impossible 2 push seated group.
– At times you deem appropriate, sing or chant- do things to keep groups spirit strong- this is unbelievably important.
– Stay alert, “Ignore” harassment- ignore yelling, throwing objects, etc Do not react emotionally- Do not engage baiting
– Most powerful weapon you wield is SHAME- from your own religious/cultural context, choose symbolic NV acts.
– Always scan for escape routes, easiest exits.

General preparation:
– Know and trust ppl u are protesting with- don’t mix NV and violent protesters
– Be prepared – with talking points, chants, alternative plans, exit strategy, contingency plans, supplies, etc
– Practice/Roleplay NV de-escalation & tolerating/surviving/escaping “basiji” in GROUPS. Discuss-strengths,weaknesses
– Share “if I get arrested” info-emergency contacts/needs
– Assign jobs- scout, scene assessment, food, map, exits, etc. Have 1 person off-site know where you are. appoint teams of people 4 tasks- a team 2 scout & swarm agitators, keep deescalated (assume agitators r plants)
– Avoid alcohol, drugs and caffeine- dehydrating. Don’t use anything that will impair judgement.
– Stay hydrated- use oral rehydration solution:1 ts salt,8 ts sugar,1 liter clean drinking water: Stir.
– If no bathroom available use privacy circle, group stands in circle around person, faces outward.

What to wear (or not to wear):
– Wear a waterproof, nonabsorbent outer layer if possible. Cover your arms and legs.
– Wear 2 pairs of underwear. If you get arrested, you have 1 to wear and 1 to wash.
– Dress in layers, appropriately for weather.
– WOMEN- Don’t wear tampons- wear pads (can’t remove if arrested or trapped, toxic shock syndrome)”






“Writings. Eyewitness accounts. Send your own articles to us at xyaban [at] gmail [dot] com
For subscriptions email khyaboon [at] gmail [dot] com

Long live popular sovereignty! Long live resistance to the Coup D’état! Death to dictatorship!
The Street – Issue 1 – 29 Khordad 1388 (June 19, 2009)

Aiming to negate students’ impact on the current developments: University dormitories ordered closed
Iran in a bloodbath
Workers of [car maker] Iran Khodro on Strike
Tens of thousands protesters march from Tupkhaneh Square to Haft Tir
In the provinces, coup-makers practice violent oppression

Media and the streets. A bloody page in Iran’s modern history seems to be turning in the events we are witnessing. In past days and nights, Tehran and many Iranian cities have not stayed calm as peoples’ burning rage has thrown daily life into flux. The people in the streets are playing a game of cat and mouse with violent thugs; youth are in revolt, and the elderly rack their memories for re-learned lessons of the calamitous events of the 1979 revolution to pass on to the young.

Again, after thirty years, people are leaving the doors of their homes open [to give refuge] to courageous youth, and we hear from many how great people are, and how quickly they can change. Over the past days’ witness to events, we were different people, different slogans. During the campaign until election day, the huge crowds of people that had taken to the street with the green wave were spirited, the bliss of unawareness reigning over them. Yet since the results were announced, the situation changed and people became angry, and sought the crest of the wave to propel them beyond the ignorance, repression and hundreds of lies. During recent days and nights, the tide has again turned.

Like Azar of 1953 [CIA-backed anti-Mossadegh coup] and Tir of 1999 [reformist protests and regime crackdown], and – according to many present at the time – even like the protests of the revolutionary years and 1963 [clergy-led anti-shah protests]!!! Yes, we are seeing the naked face of repression. We see the green wave of reformism in its entire expanse, as it brings us into a shared arena with the existing system

Killing us and calls for calm have only made the situation more acute. Now we have more questions; more than just issues with vote counting. We want a different voice. We do not want to be sacrificed to corruption and graft again, for the nth time, so that our interests are ignored. We do not want a slaughterhouse that would set society back thirty years. We do not want a repeat of the fraud of 1979. We do not have any media but the world has gotten smaller so we no longer experience one thing on the streets yet read something different in world media. We do not want the next generation to be ignorant about what happened on the streets of Tehran, Esfahan, Tabriz, Shiraz, Mashhad, Ahvaz, Kermanshah, and the rest of the cities, large and small. We will represent a new voice in this power play: the voice of the people crying out in the streets. The people who have no delusions about colors and who demand change.”

Khiaban Issue 7

Bullet in Baharestan
According to human rights and democracy activists in Iran, after 12 this afternoon, on Wednesday 3 Tir, all the access points to Baharestan Square were closed and no underground trains were stopping at Baharestan station. More special forces and anti-riot forces and even police had surrounded the Parliament building with their cars and motorcycles and ordered closed all the stores located on Baharestan Square, even stores along secondary roads terminating at the square. They threatened to burn down any stores that did not close. Despite strict control of all the approaches, a large crowd had reached the square by about 4:30 and was standing in silence. The security forces had warned them not to gather and to disperse. A number of people had black armbands on and a small number were holding proclamation signs above their heads. Those with signs were attacks by guard forces and civilian dressed forces. At about 4:40 guard and anti-riot forces surrounded the crowd gathered in the square and sprayed teargas to scatter the people, while the slogans ‘death to the dictator, people’ and ‘don’t be afraid, don’t be afraid, we are all together’ could be heard. The people trying to enter the square from surrounding streets were the target of baton attacks, and a number were also arrested. The arrested were herded with batons to cars and beaten with batons inside the cars. As the pressure from the crowd trying to enter the square steadily built, several shots were fired in the air to break up the people. But as pressure built more, they began firing directly into the people, and cries of ‘we will protest, we will protest’ and ‘they killed my brother’ rose from the crowd. For nearly an hour the sound of gunfire could be heard on Baharestan Square and the surrounding streets. Every time a group of people would escape to surrounding streets under pressure from guard forces, they were chased down by men on motorcycles and assaulted with batons – moving the clash to surrounding streets. According to reports, a number were killed in the clashes, and 30 people were arrested and more than 50 wounded. As of yesterday, Basiji and guard forces positioned at the head of all the streets are stopping the people, especially, the young people, and searching photos and film taken on their mobile phones. They are even stopping and searching cars.

Baharestan Has Awoken
As expected, Baharestan was surrounded by security forces. They were continuously dispersing the people, and the people gathering in another corner. Everyone was expecting – and there were murmurings – that Mousavi would arrive, but no one saw him. They had stopped the people and prevented them from moving towards the Parliament building. Against the protests of people trying to reach their homes on that side, a security official was yelling: ‘We know that none of your houses are on that side.’ The security officials were openly filming the people. One point worth mentioning is the weak presence of Basiji or plain clothes security forces compared to the police forces. More anti-riot guard forces were intending to intimidate the people. They were dragging their batons against the barricades or striking them against their shields to produce a frightening noise. They are charging several people. The crowd is large, and the protests more crowded than usual. They are still openly threatening ‘If you go, the Special Forces will come and you will be beaten!!!!!!!!!’ They cleared out the pedestrian bridge in a savage way. Men on motorcycles were moving through the protesters and threatening them with batons. But the crowd, as if they had no fear, was constantly signaling to each other ‘don’t run, we are ordinary passersby.’ They released some teargas. There was an odd apprehension among the security forces. Even with violence it took about an hour to disperse the crowd. The sound of gunshots arose. There were clashes at several locations where the police quickly hauled people off to jail while beating and jeering at them. There were searching the bags of black-clad boys, searching for a pretext or green gangs. I heard that they killed a person. The Baharestan subway station was closed – up to Sa’adi. Helicopters were constantly hovering above the crowd. The plain clothes police were not intervening a lot, and they were noticeably few, but there were armed, plain clothed individuals among the crowd, and it was not difficult to identify them. Once or twice during the clashes they also struck onlookers. They shoved the crowd and dispersed them to the surrounding streets.

Civility of Religion
They have threatened families of the slain victims – agreeing to deliver the bodies of love ones only on condition that they sign away their right to file complaints against the assailants and police force. They are extorting 5 to 14 million from families as payment for delivering the bodies of their love ones slain in clashes over the last 10 days.

Will the cat above the precipice fall down?
BY Slavoj Zizek / June 25, 2009

When an authoritarian regime approaches its final crisis, its dissolution as a rule follows two steps. Before its actual collapse, a mysterious rupture takes place: all of a sudden people know that the game is over, they are simply no longer afraid. It is not only that the regime loses its legitimacy, its exercise of power itself is perceived as an impotent panic reaction. We all know the classic scene from cartoons: the cat reaches a precipice, but it goes on walking, ignoring the fact that there is no ground under its feet; it starts to fall only when it looks down and notices the abyss. When it loses its authority, the regime is like a cat above the precipice: in order to fall, it only has to be reminded to look down…

In Shah of Shahs, a classic account of the Khomeini revolution, Ryszard Kapuscinski located the precise moment of this rupture: at a Tehran crossroad, a single demonstrator refused to budge when a policeman shouted at him to move, and the embarrassed policeman simply withdrew; in a couple of hours, all Tehran knew about this incident, and although there were street fights going on for weeks, everyone somehow knew the game is over. Is something similar going on now?

There are many versions of the events in Tehran. Some see in the protests the culmination of the pro-Western “reform movement” along the lines of the “orange” revolutions in Ukraine, Georgia, etc. – a secular reaction to the Khomeini revolution. They support the protests as the first step towards a new liberal-democratic secular Iran freed of Muslim fundamentalism. They are counteracted by skeptics who think that Ahmadinejad really won: he is the voice of the majority, while the support of Mousavi comes from the middle classes and their gilded youth. In short: let’s drop the illusions and face the fact that, in Ahmadinejad, Iran has a president it deserves. Then there are those who dismiss Mousavi as a member of the cleric establishment with merely cosmetic differences from Ahmadinejad: Mousavi also wants to continue the atomic energy program, he is against recognizing Israel, plus he enjoyed the full support of Khomeini as a prime minister in the years of the war with Iraq.

Finally, the saddest of them all are the Leftist supporters of Ahmadinejad: what is really at stake for them is Iranian independence. Ahmadinejad won because he stood up for the country’s independence, exposed elite corruption and used oil wealth to boost the incomes of the poor majority – this is, so we are told, the true Ahmadinejad beneath the Western-media image of a holocaust-denying fanatic. According to this view, what is effectively going on now in Iran is a repetition of the 1953 overthrow of Mossadegh – a West-financed coup against the legitimate president. This view not only ignores facts: the high electoral participation – up from the usual 55% to 85% – can only be explained as a protest vote. It also displays its blindness for a genuine demonstration of popular will, patronizingly assuming that, for the backward Iranians, Ahmadinejad is good enough – they are not yet sufficiently mature to be ruled by a secular Left.

Opposed as they are, all these versions read the Iranian protests along the axis of Islamic hardliners versus pro-Western liberal reformists, which is why they find it so difficult to locate Mousavi: is he a Western-backed reformer who wants more personal freedom and market economy, or a member of the cleric establishment whose eventual victory would not affect in any serious way the nature of the regime? Such extreme oscillations demonstrate that they all miss the true nature of the protests.

The green color adopted by the Mousavi supporters, the cries of “Allah akbar!” that resonate from the roofs of Tehran in the evening darkness, clearly indicate that they see their activity as the repetition of the 1979 Khomeini revolution, as the return to its roots, the undoing of the revolution’s later corruption. This return to the roots is not only programmatic; it concerns even more the mode of activity of the crowds: the emphatic unity of the people, their all-encompassing solidarity, creative self-organization, improvising of the ways to articulate protest, the unique mixture of spontaneity and discipline, like the ominous march of thousands in complete silence. We are dealing with a genuine popular uprising of the deceived partisans of the Khomeini revolution.

There are a couple of crucial consequences to be drawn from this insight. First, Ahmadinejad is not the hero of the Islamist poor, but a genuine corrupted Islamo-Fascist populist, a kind of Iranian Berlusconi whose mixture of clownish posturing and ruthless power politics is causing unease even among the majority of ayatollahs. His demagogic distributing of crumbs to the poor should not deceive us: behind him are not only organs of police repression and a very Westernized PR apparatus, but also a strong new rich class, the result of the regime’s corruption (Iran’s Revolutionary Guard is not a working class militia, but a mega-corporation, the strongest center of wealth in the country).

Second, one should draw a clear difference between the two main candidates opposed to Ahmadinejad, Mehdi Karroubi and Mousavi. Karroubi effectively is a reformist, basically proposing the Iranian version of identity politics, promising favors to all particular groups. Mousavi is something entirely different: his name stands for the genuine resuscitation of the popular dream which sustained the Khomeini revolution. Even if this dream was a utopia, one should recognize in it the genuine utopia of the revolution itself. What this means is that the 1979 Khomeini revolution cannot be reduced to a hard line Islamist takeover – it was much more. Now is the time to remember the incredible effervescence of the first year after the revolution, with the breath-taking explosion of political and social creativity, organizational experiments and debates among students and ordinary people. The very fact that this explosion had to be stifled demonstrates that the Khomeini revolution was an authentic political event, a momentary opening that unleashed unheard-of forces of social transformation, a moment in which “everything seemed possible.” What followed was a gradual closing through the take-over of political control by the Islam establishment. To put it in Freudian terms, today’s protest movement is the “return of the repressed” of the Khomeini revolution.

And, last but not least, what this means is that there is a genuine liberating potential in Islam – to find a “good” Islam, one doesn’t have to go back to the 10th century, we have it right here, in front of our eyes.

The future is uncertain – in all probability, those in power will contain the popular explosion, and the cat will not fall into the precipice, but regain ground. However, it will no longer be the same regime, but just one corrupted authoritarian rule among others. Whatever the outcome, it is vitally important to keep in mind that we are witnessing a great emancipatory event which doesn’t fit the frame of the struggle between pro-Western liberals and anti-Western fundamentalists. If our cynical pragmatism will make us lose the capacity to recognize this emancipatory dimension, then we in the West are effectively entering a post-democratic era, getting ready for our own Ahmadinejads. Italians already know his name: Berlusconi. Others are waiting in line.



“The measure of a nation is its vote.” – Ayatollah Khomeini

‘Real’ vote count, allegedly showing Ahmadinijad in THIRD place

President of the Committee of Election Monitoring : Election is Invalid
from Iran Interior Ministry (Authenticity NOT VERIFIED)
“The chart that follows informs Khamenei of the vote’s “real” results. It says 42 million votes were cast with with Mousavi getting 19,075,623 votes, Mehdi Karroubi getting 13,387,104 votes, Ahmadinejad finishing a distant third with 5,698,417 votes, and Mohsen Rezaee getting 3,754,218.”


Rafsanjani: shark or kingmaker?
BY Simon Tisdall / 15 June 2009

More intriguing are similarly unsubstantiated claims that Rafsanjani is in the holy city of Qom, where he once studied and where he has strong links to a moderate clerical body, the Association of Combatant Clergy. Rafsanjani was said to be assessing whether he has sufficient votes in the 86-member Assembly of Experts to dismiss Ayatollah Ali Khamenei, the Supreme Leader and Ahmadinejad’s chief patron. Under Iran’s constitution, only the assembly has the power to do this.

The super-rich Rafsanjani, his family, and his supporters in the reformist Kargozaran party make no bones about helping finance and direct Mir Hossein Mousavi’s campaign to topple Ahmadinejad, whom they despise. But with Mousavi ostensibly beaten, the developing post-election struggle now pits Rafsanjani against Khamenei rather than the president – who is widely seen as a mouthpiece for the hardline fundamentalism typified by the Supreme Leader. Although he is supposed to stay above the fray, Khamenei endorsed Ahmadinejad this time, just as in the second round of the 2005 election.

Rafsanjani has made no secret of his belief that foreign and economic policies pursued during the past four years under Khamenei’s guidance have seriously damaged the Islamic Republic. His frustrations came to a head last week after Ahmadinejad was allowed to publicly accuse him of corruption. In an angry letter he lambasted Khamenei for failing to uphold the country’s dignity. In what was in effect an unprecedented challenge to Khamenei’s authority, he implied the Supreme Leader, normally above criticism, was negligent, partial, and possibly involved in plans to steal the election.

“I am expecting you to resolve this position in order to extinguish the fire, whose smoke can be seen in the atmosphere, and to foil dangerous plots,” Rafsanjani wrote. “If the system cannot or does not want to confront such ugly and sin-infected phenomena as insults, lies and false allegations, how can we consider ourselves followers of the sacred Islamic system?”

Rafsanjani remains unpopular with many Iranians who believe the corruption claims and blame him for a murderous, covert campaign to silence dissidents at home and abroad during his 1989-97 presidency. Those latter allegations earned him another nickname: the “grey eminence”. At the same time he is respected as one of the Islamic revolution’s founding fathers and a close associate of its first leader, Ayatollah Ruhollah Khomeini. As a result he can count on some powerful friends if he decides to try to shame Khamenei into allowing an election re-run or standing down.

Apart from his clerical allies in Qom, prominent establishment conservatives such as Ali Akbar Velayati and Ali Akbar Nateq-Nuri have criticised Ahmadinejad. So, too, has Ali Larijani, the influential Majlis (parliament) speaker and former national security chief. The mayor of Tehran, Mohammad Bagher Qalibaf, is another potential ally, as are the former president Mohammad Khatami, Mousavi, the other defeated presidential candidates, and their millions of thwarted supporters.

If mobilised, his would comprise an elite coalition operating inside the hierarchy of the Islamic Republic, rather than from outside on the streets. It would not be a democratic movement; but it would be a dagger held to Khamenei’s breast. Not for nothing is the Machiavellian Rafsanjani, pistachio nut millionaire, pragmatist and ruthless political survivor, known by yet another nickname: the “kingmaker”. Iran awaits his next move.

Top Pieces of Evidence that the Iranian Presidential Election Was Stolen

1. It is claimed that Ahmadinejad won the city of Tabriz with 57%. His main opponent, Mir Hossein Mousavi, is an Azeri from Azerbaijan province, of which Tabriz is the capital. Mousavi, according to such polls as exist in Iran and widespread anecdotal evidence, did better in cities and is popular in Azerbaijan. Certainly, his rallies there were very well attended. So for an Azeri urban center to go so heavily for Ahmadinejad just makes no sense. In past elections, Azeris voted disproportionately for even minor presidential candidates who hailed from that province.
2. Ahmadinejad is claimed to have taken Tehran by over 50%. Again, he is not popular in the cities, even, as he claims, in the poor neighborhoods, in part because his policies have produced high inflation and high unemployment. That he should have won Tehran is so unlikely as to raise real questions about these numbers. [Ahmadinejad is widely thought only to have won Tehran in 2005 because the pro-reform groups were discouraged and stayed home rather than voting.)
3. It is claimed that cleric Mehdi Karoubi, the other reformist candidate, received 320,000 votes, and that he did poorly in Iran’s western provinces, even losing in Luristan. He is a Lur and is popular in the west, including in Kurdistan. Karoubi received 17 percent of the vote in the first round of presidential elections in 2005. While it is possible that his support has substantially declined since then, it is hard to believe that he would get less than one percent of the vote. Moreover, he should have at least done well in the west, which he did not.
4. Mohsen Rezaie, who polled very badly and seems not to have been at all popular, is alleged to have received 670,000 votes, twice as much as Karoubi.
5. Ahmadinejad’s numbers were fairly standard across Iran’s provinces. In past elections there have been substantial ethnic and provincial variations.
6. The Electoral Commission is supposed to wait three days before certifying the results of the election, at which point they are to inform Khamenei of the results, and he signs off on the process. The three-day delay is intended to allow charges of irregularities to be adjudicated. In this case, Khamenei immediately approved the alleged results.

I am aware of the difficulties of catching history on the run. Some explanation may emerge for Ahmadinejad’s upset that does not involve fraud. For instance, it is possible that he has gotten the credit for spreading around a lot of oil money in the form of favors to his constituencies, but somehow managed to escape the blame for the resultant high inflation. But just as a first reaction, this post-election situation looks to me like a crime scene. And here is how I would reconstruct the crime. As the real numbers started coming into the Interior Ministry late on Friday, it became clear that Mousavi was winning. Mousavi’s spokesman abroad, filmmaker Mohsen Makhbalbaf, alleges that the ministry even contacted Mousavi’s camp and said it would begin preparing the population for this victory. The ministry must have informed Supreme Leader Ali Khamenei, who has had a feud with Mousavi for over 30 years, who found this outcome unsupportable. And, apparently, he and other top leaders had been so confident of an Ahmadinejad win that they had made no contingency plans for what to do if he looked as though he would lose. They therefore sent blanket instructions to the Electoral Commission to falsify the vote counts. This clumsy cover-up then produced the incredible result of an Ahmadinejad landlside in Tabriz and Isfahan and Tehran. The reason for which Rezaie and Karoubi had to be assigned such implausibly low totals was to make sure Ahmadinejad got over 51% of the vote and thus avoid a run-off between him and Mousavi next Friday, which would have given the Mousavi camp a chance to attempt to rally the public and forestall further tampering with the election. This scenario accounts for all known anomalies and is consistent with what we know of the major players.”

“Professor Mebane has updated his analysis to incorporate 2005 second round district-level data. In 2005 some opposition politicians called for a boycott of the election. The surge in turnout in 2009 is widely interpreted as meaning that many who boycotted in 2005 decided to vote in 2009. Hence towns that have high ratios should have lower proportions of the vote for Ahmadinejad (the coefficient should be negative). He then tested this hypothesis using an over-dispersed binomial model, finding that it worked well for most districts. Suspiciously however, whenever this data significantly deviated from his model, it was in Ahmadinejad’s favor.”

Guardian Council: Over 100% voted in 50 cities / 21 Jun 2009

Iran’s Guardian Council has suggested that the number of votes collected in 50 cities surpass the number of people eligible to cast ballot in those areas. The council’s Spokesman Abbas-Ali Kadkhodaei, who was speaking on the Islamic Republic of Iran Broadcasting (IRIB) Channel 2 on Sunday, made the remarks in response to complaints filed by Mohsen Rezaei — a defeated candidate in the June 12 Presidential election. “Statistics provided by the candidates, who claim more than 100% of those eligible have cast their ballot in 80-170 cities are not accurate — the incident has happened in only 50 cities,” Kadkhodaei said. Kadkhodaei further explained that the voter turnout of above 100% in some cities is a normal phenomenon because there is no legal limitation for people to vote for the presidential elections in another city or province to which people often travel or commute. According to the Guardian Council spokesman, summering areas and places like district one and three in Tehran are not separable. The spokesman, however, said that the vote tally affected by such issues could be over 3 million and would not noticably affect the outcome of the election.

He, however, added that the council could, at the request of the candidates, re-count the affected ballot boxes, and determine ” whether the possible change in the tally is decisive in the election results,” reported Khabaronline. Three of the four candidates contesting in last Friday’s presidential election cried foul, once the Interior Ministry announced the results – according to which incumbent President Mahmoud Ahmadinejad was declared the winner with almost two-thirds of the vote. Rezaei, along with Mir-Hossein Mousavi and Mehdi Karroubi, reported more than 646 ‘irregularities’ in the electoral process and submitted their complaints to the body responsible for overseeing the election — the Guardian Council.

The Devil Is in the Digits
BY Bernd Beber and Alexandra Scacco / June 20, 2009

Since the declaration of Mahmoud Ahmadinejad’s landslide victory in Iran’s presidential election, accusations of fraud have swelled. Against expectations from pollsters and pundits alike, Ahmadinejad did surprisingly well in urban areas, including Tehran — where he is thought to be highly unpopular — and even Tabriz, the capital city of opposition candidate Mir Hussein Mousavi’s native East Azarbaijan province.

Others have pointed to the surprisingly poor performance of Mehdi Karroubi, another reform candidate, and particularly in his home province of Lorestan, where conservative candidates fared poorly in 2005, but where Ahmadinejad allegedly captured 71 percent of the vote. Eyebrows have been raised further by the relative consistency in Ahmadinejad’s vote share across Iran’s provinces, in spite of wide provincial variation in past elections.

These pieces of the story point in the direction of fraud, to be sure. They have led experts to speculate that the election results released by Iran’s Ministry of the Interior had been altered behind closed doors. But we don’t have to rely on suggestive evidence alone. We can use statistics more systematically to show that this is likely what happened. Here’s how.

We’ll concentrate on vote counts — the number of votes received by different candidates in different provinces — and in particular the last and second-to-last digits of these numbers. For example, if a candidate received 14,579 votes in a province (Mr. Karroubi’s actual vote count in Isfahan), we’ll focus on digits 7 and 9.

This may seem strange, because these digits usually don’t change who wins. In fact, last digits in a fair election don’t tell us anything about the candidates, the make-up of the electorate or the context of the election. They are random noise in the sense that a fair vote count is as likely to end in 1 as it is to end in 2, 3, 4, or any other numeral. But that’s exactly why they can serve as a litmus test for election fraud. For example, an election in which a majority of provincial vote counts ended in 5 would surely raise red flags.

Why would fraudulent numbers look any different? The reason is that humans are bad at making up numbers. Cognitive psychologists have found that study participants in lab experiments asked to write sequences of random digits will tend to select some digits more frequently than others.

So what can we make of Iran’s election results? We used the results released by the Ministry of the Interior and published on the web site of Press TV, a news channel funded by Iran’s government. The ministry provided data for 29 provinces, and we examined the number of votes each of the four main candidates — Ahmadinejad, Mousavi, Karroubi and Mohsen Rezai — is reported to have received in each of the provinces — a total of 116 numbers.

The numbers look suspicious. We find too many 7s and not enough 5s in the last digit. We expect each digit (0, 1, 2, and so on) to appear at the end of 10 percent of the vote counts. But in Iran’s provincial results, the digit 7 appears 17 percent of the time, and only 4 percent of the results end in the number 5. Two such departures from the average — a spike of 17 percent or more in one digit and a drop to 4 percent or less in another — are extremely unlikely. Fewer than four in a hundred non-fraudulent elections would produce such numbers.

As a point of comparison, we can analyze the state-by-state vote counts for John McCain and Barack Obama in last year’s U.S. presidential election. The frequencies of last digits in these election returns never rise above 14 percent or fall below 6 percent, a pattern we would expect to see in seventy out of a hundred fair elections.

But that’s not all. Psychologists have also found that humans have trouble generating non-adjacent digits (such as 64 or 17, as opposed to 23) as frequently as one would expect in a sequence of random numbers. To check for deviations of this type, we examined the pairs of last and second-to-last digits in Iran’s vote counts. On average, if the results had not been manipulated, 70 percent of these pairs should consist of distinct, non-adjacent digits.

Not so in the data from Iran: Only 62 percent of the pairs contain non-adjacent digits. This may not sound so different from 70 percent, but the probability that a fair election would produce a difference this large is less than 4.2 percent. And while our first test — variation in last-digit frequencies — suggests that Rezai’s vote counts are the most irregular, the lack of non-adjacent digits is most striking in the results reported for Ahmadinejad.

Each of these two tests provides strong evidence that the numbers released by Iran’s Ministry of the Interior were manipulated. But taken together, they leave very little room for reasonable doubt. The probability that a fair election would produce both too few non-adjacent digits and the suspicious deviations in last-digit frequencies described earlier is less than .005. In other words, a bet that the numbers are clean is a one in two-hundred long shot.

{Bernd Beber and Alexandra Scacco, Ph.D. candidates in political science at Columbia University, will be assistant professors in New York University’s Wilf Family Department of Politics this fall.}


How to Confuse Iranian Censors on Twitter

Very briefly, preceding the recent elections in Iran, many leftists had been organizing protests and what not via facebook and other social networks. However, Iranian censors quickly jumped on this trend and blocked facebook’s site from the entire country. Following the elections, protests ensued and were organized and publicized on Twitter, which the luddite bureaucracy failed to block in time. Iranian censors are now combing the twitter network for dissidents in a Stasi like fashion. In retaliation, people around the world have tried to throw a wrench in their efforts:

1. Change Your Time zone and Home City:
Click Twitter Settings in the top right, change your Home City to Tehran and your time zone to GMT +3:30 Tehran Time. It’s likely that the first method of filtering will relate to the location of the user. If we flood twitter with accounts that all appear to be from Tehran, we build a bigger data cloud that the censors have to sift through in their search for Iranian dissidents. This is not full proof, but will likely buy them some time in the same way that searching “John Smith” on face book will yield a frustratingly large selection of people to search through.

2. Change the Name Associated with your Twitter Account
Click Twitter Settings and change your birth name to something Iranian. You can find a list of Iranian names here: . Should the censors end up on your account, your American (or whatever) name will be a likely clue that you aren’t worth their time.

3. Repost Content
Follow someone posting from Iran and repost their material. Content is the ultimate tell tale of who is and isn’t a dissident in this situation. By reposting someone else’s content censors be forced to look at the timestamp of the tweet to decipher who is the original writer. Ideally, your follow up tweet would be so close to the initial posting time that the two become indiscriminate. You can also go a step further and, if they have uploaded a photo, save the file and re upload it via your account (merely linking to their account is liable to clue the censors in). Edit: Be careful in reposting, there have been reports of false accounts going up to provide misinformation to the prostestors. More info here: . Do not repost things verbatim, paraphrase. Also, when retweeting to not use the original posters name.

4. Maintain the ‘false data cloud’
Even in the event that Iran blocks twitter as they did Facebook, it is likely that the censors will still have access to the site, and will continue to comb it. Sustaining your efforts could serve to further delay the censors. Obviously, none of these methods are full proof. The idea is to buy any of the said dissidents time to hide, evacuate or so on… “If only for an instant, we will unite what you have divided. Our calls will be heard from shore to shore, through borders, races, classes and languages, For we bear a torch that burns one hundred thousand years strong, we carry the flame of revolution.”

Down Time Rescheduled / June 15, 2009
“A critical network upgrade must be performed to ensure continued operation of Twitter. In coordination with Twitter, our network host had planned this upgrade for tonight. However, our network partners at NTT America recognize the role Twitter is currently playing as an important communication tool in Iran. Tonight’s planned maintenance has been rescheduled to tomorrow between 2-3p PST (1:30a in Iran).”

The Kid at State Who Figured Out the Iranians Should Be Allowed to Keep Tweeting / Jun 17 2009

Imagine our surprise, then, when we learned that, instead, it was a 27-year-old whiz kid whose job is to advise the State Department on how to use social media to promote U.S. interests the Middle East. And imagine our further surprise when we learned this young gentleman wasn’t one of Barack Obama’s social media geniuses, but instead was a Condi Rice pick hired specifically to advise the State Department on young people in the Middle East and how to “counter-radicalize” them. According to the New York Times, it was Jared Cohen, a member of the Policy Planning Staff, who contacted Twitter on Monday, inquiring about their plan to perform maintenance in what would be the middle of the day, Iran time. Following that contact, Twitter decided to postpone their maintenance so that it would take place in the middle of the night Iran-time, even though that meant it would be the middle of the day U.S. time. The Times noted that the move marked “the recognition by the United States government that an Internet blogging service that did not exist four years ago has the potential to change history in an ancient Islamic country.” So we wondered, who was this young guy with this remarkable insight?

Cohen was only 24 when he was hired into the Policy Planning Staff back in 2006. He’d received an undergraduate degree from Stanford and a master’s degree from Oxford, where he’d been on a Rhodes Scholarship. Oh, and he’d also talked his way into a visa for Iran (according to a December 2007 New Yorker profile), where he met young people his own age who threw underground house parties and made alcohol in bathtubs. “Iranian young people are one of the most pro-American populations in the Middle East,” Cohen told the New Yorker. “They just don’t know who to gravitate around, so young people gravitate around each other.” Cohen compiled his observations from that trip—and others to Lebanon, Syria, and Iraq—into a book released by Penguin, titled Children of Jihad: A Young American’s Travels Among the Youth of the Middle East (selected, by the way, as one of Kirkus Review’s “Best Books of 2007”).

The Times describes Cohen’s job today as “working with Twitter, YouTube, Facebook and other services to harness their reach for diplomatic initiatives in Iraq, Afghanistan and elsewhere.” In May, Cohen, whom CNN chose as one of its “Young People Who Rock,” organized a trip to Iraq for Twitter CEO Jack Dorsey and other new media executives “to discuss how to rebuild the country’s information network and to sell the virtues of Twitter,” as the Times put it. According to Federal News Radio, Dorsey has now been working with mobile companies in the Middle East “to establish a short code so that Iraqis can get on Twitter without actually having to have access to the internet.” “I’m a strong believer in the fact that access drives innovation,” Cohen told Federal News Radio. “In order for young people to have their innovative minds tapped into, they need to have access to the tools to do it, and I believe that cellphones and the internet will bring that.” Given Cohen’s background, it’s not surprising that he was the one to make the call on (and to) Twitter. It’s also an interesting indication about how these young kids, with their social media, might actually understand a thing or two about how the world works and how to get it to move in the direction you want it to go.



“Since Twitter started getting coverage for its role in the goings-on in Iran, commentators have expressed concern over which Twitter feeds are fake, and whether Twitter could be used to spread disinformation. The unofficial Twitter watchdog Twitspam has a list of “fake Iran election tweeters,” and their feeds make for fascinating examples of reverse propaganda in action.

Their techniques have different approaches and levels of subtelty. Some simply make up silly stories, like one user’s claim “BREAKINGNEWS: Ahmedinejads plane take off from Russia 2 hours ago & lost over BlackSea! Does he know how to swim? confrmation?” or another’s insistence that “Mussavi concedes, pleads halt to protest.” Others take a more egotistical approach, such as this user generously volunteering to become the leader: “Saturday – small groups organized by “ERAN SPAHBOD RUSTAM” will attack government buildings and basij.women,children stay home.” Finally, some Tweeters, in their rush to spread violence, seem rather unclear as to correct grammatical usage of Arabic words: “Get a mask and gloves – lets intifada tonight on the streets of Teheran – My group will barricade one street. Make your group 2. kick ass”

The most pernicious fake Twitter user, though, has been Persian_Guy, who’s not only provided fake news ( “Mussavi overheard: ‘We don’t need a black man’s help, that’s humiliating, at least not arab.'”) and calls for violence (“”non-Iranian Arabs waving Hamas/Hezbollah flags around the protests. Kill Arabs now, they are scums!”), but has even brought Twitter into the fake narrative. According to this user, “Twitter’s staff are ecstatic by what’s happening in Iran, “We’re so glad there’s chaos in Iran, finally Twitter is ‘useful.'”” Somehow, I doubt that will endear him to his fellow Tweeters.”

How Iran’s Hackers Killed Big Brother
BY Douglas Rushkoff / 6.16.09

“Perhaps the best indication for Americans that something important is going on in Iran right now is the fact that Twitter has delayed a scheduled downtime for maintenance in order for Iranians and others involved in the post-election digital melee to keep at it. For anyone lacking a Twitter feed and thus missing the intense virtual crossfire, what’s happening is nothing short of a test of Internet users’ ability to challenge not only a regime’s power over an election, but over the network itself. The effort alone constitutes a victory. Unlike the United States, where Facebook friends, Meetup groups, and other online innovations successfully elected a candidate who (at least initially) lacked top-down support, the Iranian power structure has less compunction about snuffing digital democracy. Incumbent Mahmoud Ahmadinejad is widely believed to have shut down Iranian access to Facebook as soon as it was clear his opponent’s supporters were using the social network to organize rallies and motivate voters. Not that Mousavi’s 36,000 Facebook friends at that point would have led to the undeniable landslide the opposition leader would have needed to actually win—but the heavy-handed gesture hinted at what was to come. It was the opening salvo in a digital war with global implications, and a blueprint for the democratizing influence of the Internet.

Now that Ahmadinejad has claimed victory, the blogosphere, Twitterverse, and the rest of the social-networking sphere is on virtual fire. Tens of thousands of messages per minute condemning the results as fraud are passing to and from Iran, as angry Iranians and sympathetic outsiders exchange datapoints, analysis, and on-the-ground coordinates. While only a small minority of these posts are from people actually organizing protests, rooting out provocateurs, or sending aid to victims of violence, it’s too easy to discount the more virtual interactions as trivial. Ahmadinejad sure hasn’t. His regime is working hard to stifle protest without completely unplugging Iran’s telecommunications infrastructure. Their tactics: limit cell service to in-country only, shut off text messaging, block transmissions to and from Facebook, and even shut down access to Friendfeed, a messaging aggregator extremely popular in Iran. They’re also identifying and then blocking messages from offending users and Web sites.

Iran’s Internet-savvy youth have fought back, however, exploiting “proxy servers” to make their messages appear to be coming from different sources, and exchanging the digital addresses of the ever-changing list of servers still capable of transmitting packets. Iran’s government counterattacked with a blockade, closing off the four Internet access routes it controlled, leaving just one pipe through Turkey for messages to breach it. One particularly aggressive opposition group responded by facilitating a “denial of service” attack on the Iranian government’s servers. All over the Internet, users of all nations can get easy instructions for how to install a small program that “pings” the offending servers so frequently that they crash, unable to handle the incoming requests. Of course, the problem with this strategy is that it also overloads the few, compromised pipelines into and out of the country.”




“The purpose of this guide is to help you participate constructively in the Iranian election protests through twitter.
1.Do NOT publicise proxy IP’s over twitter, and especially not using the #iranelection hashtag. Security forces are monitoring this hashtag, and the moment they identify a proxy IP they will block it in Iran. If you are creating new proxies for the Iranian bloggers, DM them to @stopAhmadi or @iran09 and they will distributed them discretely to bloggers in Iran.
2. Hashtags, the only two legitimate hashtags being used by bloggers in Iran are #iranelection and #gr88, other hashtag ideas run the risk of diluting the conversation.
3. Keep you bull$hit filter up! Security forces are now setting up twitter accounts to spread disinformation by posing as Iranian protesters. Please don’t retweet impetuosly, try to confirm information with reliable sources before retweeting. The legitimate sources are not hard to find and follow.
4. Help cover the bloggers: change your twitter settings so that your location is TEHRAN and your time zone is GMT +3.30. Security forces are hunting for bloggers using location and timezone searches. If we all become ‘Iranians’ it becomes much harder to find them.
5. Don’t blow their cover! If you discover a genuine source, please don’t publicise their name or location on a website. These bloggers are in REAL danger. Spread the word discretely through your own networks but don’t signpost them to the security forces. People are dying there, for real, please keep that in mind.
6. Denial of Service attacks. If you don’t know what you are doing, stay out of this game. Only target those sites the legitimate Iranian bloggers are designating. Be aware that these attacks can have detrimental effects to the network the protesters are relying on. Keep monitoring their traffic to note when you should turn the taps on or off.
7. Do spread the (legitimate) word, it works! When the bloggers asked for twitter maintenance to be postponed using the #nomaintenance tag, it had the desired effect. As long as we spread good information, provide moral support to the protesters, and take our lead from the legitimate bloggers, we can make a constructive contribution.
Please remember that this is about the future of the Iranian people, while it might be exciting to get caught up in the flow of participating in a new meme, do not lose sight of what this is really about.”

Secure Connection Tools
“This site was made by people – ‘hacktivists’ – who are imbued with a set of skills related to Internet Technology, who saw what the Iranian government was doing to it’s people to suppress it’s messages for democracy and it’s hope for a free and fair electoral process. So, what I guess you could say is that computer nerds around the world saw what was unfolding and thought “We should help these people, we have the ability and the tools …why not help them?””

“Free Accounts for Iranian Citizens: We are offering free IPRental accounts to all Iranian citizens who want completely anonymous web browsing via untraceable USA IP addresses. Change Your IP Address Instantly….Constantly : If you have a need to access the web from different IP addresses, IPRental is your answer! Our revolutionary IP address rotation service allows you to connect to an ever-changing pool of fresh IPs for 100% anonymous web surfing, effective classifieds postings, creating ratings reviews and comments, accessing USA sites from overseas, or any other reason you may need to change or hide your IP address. IPRental is NOT JUST ANOTHER PROXY SERVICE which just gives you access to as many static IPs as they control, all of which are typically in a contiguous block and already blocked by the sites you wish to access. Instead IPRental gives you access to a vast ever-changing pool of non-contiguous residential USA IP addresses, allowing you to change your IP address whenever you like! To get your account email us at: iran [at] iprental [dot] com ”

From Austin Heap, who setup the instructions: “Please don’t run this on a machine that you’re worried about or is used for production sites; and take basic security precautions, ie: moving ftp off the default port, using a firewall package, etc.”

S.F. techie helps stir Iranian protests
BY Matthew B. Stannard / June 17, 2009

Little about Austin Heap’s first online venture, a site hosting free episodes of the cartoon “South Park,” suggested he would one day use his computer skills to challenge a government. But for the past few days, Heap, an IT director in San Francisco, has been on the virtual front lines of the crisis in Iran, helping people there protest the presidential election, which opponents of the incumbent regime maintain was fraudulent. Hundreds of thousands of demonstrators have taken to the streets since Saturday, organizing and sharing news on sites such as Twitter, Facebook and YouTube. The Iranian government, in response, has blocked those sites, along with mobile phone service and other communications tools. But Iran has the highest number of bloggers per capita in the world, said Abbas Milani, director of the Iranian Studies Program at Stanford University, and they were undeterred. “People used Twitter, and people used their cell phones and used all kinds of mechanisms.”

Heap, 25, has never followed Iranian news much. But as reports of the election began dominating Twitter – but not, he believed, American mainstream news – Heap felt the same defiant frustration that led him in the past to butt heads with the music and movie industry associations by creating file-sharing sites. “I believe in free information,” he said Tuesday. “And I especially have no room for a tyrannical regime shutting up a whole population. I was 13 and able to take on a huge company like Comedy Central from my bedroom. With a computer, everybody has the power to do that.”

Proxy server a weapon
Heap’s weapon in the past few days was the proxy server, a computer configured to act as an intermediary between a computer user and the Internet. Such servers have many legitimate functions, such as speeding response times, and some illegitimate ones, such as helping spammers hide their identities. What interested Heap was the use of a proxy server to bypass censorship. Properly configured, a proxy server could identify Web surfers in Iran and route them to Twitter and other sites the government had restricted. People around the world were posting network addresses for such proxies on Twitter and elsewhere, Heap said, but there was no organization and the servers were unpredictable.

Simple first effort
Heap’s first effort was simple: a list of working proxy servers that he published Sunday afternoon. Almost immediately, those servers began to vanish. Perhaps spammers or pornographers, who constantly cruise the Internet looking for open proxies, were overwhelming the system, he thought.

It was only later that Iranians on Twitter warned Heap – and others publishing lists of open proxies – that by posting public lists they were exposing those proxies to attack. “I really didn’t expect their government to be this on top of it,” he said. “I know everybody knows about Twitter. But I didn’t think it was going to be to this extent.” So Heap took another tack, creating a password-protected list of proxy servers and giving only a handful of people access to each, reducing the possibility of a widespread attack. On his blog, he published simple instructions for configuring proxy servers.

Heap wasn’t the only techie setting up or promulgating proxies, but his easy-to-follow instructions quickly spread through Twitter and the blogosphere. Suddenly, people were sending him addresses for new proxy servers in Australia, Japan and Mexico. Traffic on his blog grew from a couple of dozen unique users a day to more than 100,000 in 24 hours. A woman in Canada asked him for help getting her Iranian family back online. On Twitter, a Tehran resident posted: “@austinheap Thank you for all you are doing to help my people. This support and kindness will never be forgotten.”

‘Almost made me cry’
“Most of the reactions from Iran have almost made me cry,” he said. “Having somebody tell me that their family thanks me – that’s the power of the Internet.” The last 24 hours have been less fun, Heap said. He’s had to figure out which of the professed Iranians contacting him he can trust and which might be seeking access to a proxy service to shut it down. Monday night, his site came under a denial-of-service attack – a flood of phantom file requests from the United Kingdom designed to bring his system to its knees. Tuesday morning he received his first e-mailed threats. Still, he thinks he’s doing the right thing. “If I can help them get their message out and help them tell the story and step back, that’s my job,” he said. “(But) my mom is terrified right now.”

By mid-Tuesday, Iran appeared to be blocking all non-encrypted Internet traffic, making the 1,600 new proxy-server addresses now in his in-box temporarily useless. But Heap was working with other professionals and companies seeking new ways to reconnect. “I haven’t been in the middle of an outpouring like this, ever. And it makes me incredibly proud of the IT community,” he said. While it’s not clear how much impact Heap’s efforts are having, history may look back on his tweets about proxy servers as a profound moment in political evolution, said Stanford’s Milani. “The regime probably doesn’t recognize it, but I can tell you, the marriage of civil disobedience with the social networking savvy is the death of despotism in these places,” he said. “If you combine these two, you have a very potent force.”





[RAND report by Paul de Armond in 2001 about 1999 WTO protest in Seattle]

“By the way, at the same press briefing, one reporter asked if the White House was considering beaming broadband capability into Iran via satellite so the opposition forces would be able to communicate with themselves and the outside world. Gibbs said he didn’t know such a thing was possible. (Is it?) But he said he would check on the technological feasibility and get back with an answer. That caused some head-scratching in the press room. If the United States could do that and was planning on doing so, wouldn’t this be one of those intelligence matters that Gibbs won’t discuss? But maybe some telecom entrepreneur or Silicon Valley whiz-kids can make this happen. The Google guys? The Twitter people? XM Radio? This is the sort of covert action that could be worth outsourcing—with the project manager actually taking full credit. Think of the endorsement possibilities: the Iranian Revolution…Brought to You by DIRECTV.”



Should We Spam Proxies to China? from the or-just-viagra-ads dept.
BY CmdrTaco / August 20 2007

“Frequent Slashdot Contributor Bennett Haselton is back with a story about fighting censorship with spam. He starts “Is it OK to send unsolicited e-mail to users in China, Iran, and other censored countries, telling them about new proxy sites for getting around Internet censorship? I hasten to add that I have NOT done this, am not planning on doing it and would not have any idea how to go about it anyway. Between the various companies that offer proxy services, I don’t know of anyone who is doing it (no, not even people who swore me to secrecy about it). But I think the question involves ethical issues that would not apply to most discussions of spam.”

It doesn’t seem that you could use conventional channels to advertise proxies to Chinese and Iranian users. If you bought ads on Google AdSense or a similar ad-serving network, China might threaten to block all ads served from that network unless they started screening out ads for anti-censorship services (especially in the case of Google, which seems to comply with most Chinese self-censorship demands). Then there’s the question of how to charge Chinese and Iranian users even small amounts for the services. It would not be a good idea to have the charges show up on their credit cards issued by Chinese banks. Paying small amounts with PayPal would be a little bit better since the charge would simply show up from “PayPal”, without revealing the recipient. And since all traffic to the PayPal site is encrypted over SSL, Chinese censors wouldn’t be able to detect or block users who were paying to circumvent the Great Firewall, unless they blocked all traffic to the PayPal site. But could PayPal be leaned on to provide the identities of Chinese users who were paying for circumvention services, under threat of having their site blocked otherwise? And the biggest impediment of all would be that once you start charging even $1 for a service, there’s a huge dropoff in people willing to sign up, even if they would have to spend much more than $1 worth of effort to find a free alternative somewhere else.

So, if circumvention services provide enough benefit to Chinese users, maybe spamming proxy sites would do more good than harm, and if the lack of freedom in the country means that you could not sell or advertise the services to Chinese users by conventional means, maybe that means spamming the proxy locations would be the only way to do this.”

Tiananmen Square and Technology
By David Houle / June 3, 2009

It was 20 years ago this week that the demonstrations in Tiananmen Square turned violent. After days of open demonstrations, the Chinese government had had enough and sent in the army. This led to one of the most iconic visual images of protest in recent decades: a single man standing right in front of four tanks, daring them to run him over.

The image is one that anyone over the age of 35 can remember as it flashed around the world, and represented the individual facing down superior force in a literal stand for freedom. It was this image that gave the communist Chinese government its first taste of international outrage as it was slowly moving toward a more open, capitalistic society. It was a government and a country unused to global scrutiny. While the crackdown on protestors continued, it was done quietly and out of camera range of foreigners and journalists. A single image had flashed around the world and had left an indelible mark on human consciousness.

One of the dynamics that led this single man to stand in front of the tanks was the impact of technology. When the government moved to end the demonstrations, it blocked all known communications channels, isolating the demonstrators. International TV and radio was jammed so the demonstrators had no idea whether there was support for them around the world. One thing the government missed was the new communications technology called the fax machine. Evidently in offices near Tiananmen Square and in universities there were fax machines. They were used by demonstrators to get the word out to the world. Much more importantly, the world responded, sending faxes by the hundreds, letting the demonstrators know that the whole world was watching. This is what gave the demonstrators strength. This is what emboldened the young man to stand in front of the tanks.

Fax technology was just a few years old in 1989. The fax machine first entered the office in the mid 1980s and didn’t make it into the home until the 1990s. It was this brand new technology of sending documents through phone lines that fueled the demonstrations. There were only a few million cell phones in the world in 1989, and certainly none available for the demonstrators at Tiananmen Square. So it was the fax machine using land lines that kept hope alive in Beijing.

What is striking is how much transformation in communications technology humanity has experienced in the 20 years since 1989. In 1995 there were 89 million cell phone subscribers in the world, in 2005 there were 2 billion, and today there are 4 billion! In 1995, the year the first commercial browser came to market, there were some 45 million people using the Internet. By 2005 that number had crossed 1 billion and there are close to 2 billion today. Cable and satellite TV was still in early stage growth in 1989, today they are global in reach. In 1989, the few laptops in the world were large, bulky and heavy and there weren’t very many of them.

Humanity is more globally connected than it has ever been. Terrorist attacks are caught on cell phone cameras and telecast to the world. Network news anchors speak live via videophone to correspondents anywhere in the world. Internet services such as Skype allow us all to cheaply communicate globally via video. Bandwidth expansion and data compression are such that a month’s worth of videos from YouTube equals what coursed through the Internet the entire year of 2000. We are constantly connected.

Communications technology may now provide us with more information than can possibly be absorbed and digested. The electronic feed trough of information is always on, and this can feel overwhelming. We move from the delight in access and availability to the desire to totally unplug. The good news for freedom and openness is that, with each technological step forward, barriers fall, dictators’ control lessens, ignorance decreases and people can take ever more informed actions.

The fax technology of 1989 provided the demonstrators with the knowledge that the whole world was watching, allowing one man to take an informed action that single-handedly stopped a phalanx of tanks. That was 20 years ago this week. How far we have traveled since then.

“Call these numbers to discuss the Iranian elections! Do NOT do from within Iran.”
President : 00989121196107 / 00989123274006
Esfandiyar Rahim-Masha’i – Vice President of Iran :
Council of Guardians : 00982166401012
Mojtaba Samareh-Hashemi – President’s trusted advisor and campaign manager : 00989121081443
Ali Akbar Javanfekr – Press advisor to the President : / 00989123279500 (telephone) / 00982164454028 (fax)
Gholamhoseyn Elham – Government spokesperson : 00989121486826

Amnesty International USA suggests the following:

write officials at:

Supreme Leader of the Islamic Republic
Ayatollah Sayed ‘Ali Khamenei,
The Office of the Supreme Leader
Islamic Republic Street –
End of Shahid Keshvar Doust Street,
Tehran, Islamic Republic of Iran

Minister of the Interior
Sadegh Mahsouli
Dr Fatemi Avenue
Tehran, Islamic Republic of Iran
Fax: +98 21 8 896 203

Answers From Sealand HavenCo CTO Ryan Lackey / July 03 2000

“A few weeks ago, you asked questions of Ryan Lackey, CTO for HavenCo, a company dedicated to providing secure off-shore data hosting from Sealand, a principality off the coast of England. Ryan has lately survived dental emergencies, the loss of a laptop (it dropped into the North Sea — how many people can say that?) and other stresses, but he’s followed through with some interesting answers. He even has some ideas for how you can make a lot of money, and lists the tools you need to start your own data haven. Kudos to Ryan for taking the time to answer so thoroughly.

[by Jamie Zawinski] Q: Why do you need physical security at all?
Lots of people are asking questions about physical security, and how you’re going to repel missiles and commandos, but I’ve got the opposite question: why do you need physical security and a physical location at all? Would not the best way to protect your customers’ data be to wrap it in hard crypto and distribute it far and wide across the whole of the net, ensuring that there is not a single point of failure or a single physical installation that can be isolated? As we’ve seen again and again recently, the best protection against censorship and other legal attacks is massive redundancy and decentralization.

[Ryan Lackey] A: This actually brings up several issues, which I will address in turn.

1. Physical location vs. distributed presence
You seem to be suggesting a distributed data store, a la Eternity, by Ross Anderson. Basically, a federation of servers on the net, possibly hidden servers interfaced to the outside world through remailers (such as Blacknet) or ZKS Freedom. These servers would move data around among themselves, opaque to the outside world, and users would be able to store their data, manually or automatically, on as many servers as possible. There would presumably be some kind of payment system so users could anonymously pay for documents to be stored (as if you run the system for free, it will end up collapsing due to a flood of useless content; if you use a MRU/LRU scheme for your caches, script kiddies will just run scripts to keep their favorite documents in the cache, dropping real content out).

While this approach is interesting from a theoretical standpoint, there are no production-quality systems ready yet. Additionally, there are fundamental limits to distributed computation — latency, as you add nodes, or threat of compromise, if you have very few nodes. We’re going to be incorporating some distributed cache technology which should provide our datacenters with some of the benefits of freenet/eternity type systems. Our system will, however, have a small number of very secure nodes, such as our facilities on Sealand, in which customers can conduct trusted transactions — the intermediate results are guaranteed confidentiality and integrity in processing.

The distributed data serving systems are also not practical for any transaction oriented site, especially low-latency transaction oriented sites, at least without a small number of trusted nodes to do the processing. Due to security constraints, this means tamper-resistant hardware, and since this hardware is expensive, it needs to be purchased in limited quantity, and protected from theft/attack, meaning you want to put it in a small number of high security physical environments. Since it becomes a critical link in all of your transactions, you also need high quality bandwidth. These distributed hosting systems are certainly interesting, but don’t really meet all the neets of our customers. If we borrow 10% of the technology in building a secure distributed cache system, we’ll be able to offer 95% of the benefits, as well.

2. Secret physical location vs. single well-defended point
If you’re going to have a physical location, there’s no easy way to distribute to a very large number of physical locations; you have a base cost per site, and your security is incredibly low until you spend a substantial multiple of that. There are definite economies of scale in running larger datacenters. Keeping physical locations secret is difficult. Keeping active physical sites, with actual servers connected to the net, secret, while still having decent pingtimes and large pipes, is almost impossible. You would need to go with hidden fiber cables laid through some kind of territory in which you could destroy anyone or anything looking for them, and your physical site would need to have the same density as the surrounding area, as well as no magnetic anomaly, or unusual power consumption, or whatever. Or, you could communicate by non-DFable HF SS radio, but that would severely limit your bitrates. I’d say this is basically hopeless.

3. How much of our security is HavenCo, vs. Sealand
A fair bit of the security on Sealand is related to protecting the Principality of Sealand from the kind of takeover which was attempted in 1978, rather than strictly necessary for HavenCo itself. HavenCo’s security is primarily due to tamper-resistant hardware and cryptography, not the site security of Sealand

Silicon Valley should step up, help Iranians

Tuesday, June 30, 2009

Ohio Secretary of State Hires Hackers To Test Voting Machines


Diebold Acknowledging Audit Log Flaws / March 20, 2009
“Earlier this week Premier Elections Solutions (formerly Diebold Election Systems) admitted in a hearing that the audit logs on its tabulation software fail to record significant events that occur on the machines — such as when an error in the software deletes votes or when election officials intentionally delete ballots from the system. These, of course, are the most basic events that an audit log should record.”

According to the California Sec.of State’s report: “The Clear buttons … allow inadvertent or malicious destruction of critical audit trail records in all Gems version 1.18.19 jurisdictions, risking the accuracy and integrity of elections conducted using this voting system. Five years after the company recognized the need to remove the Clear buttons from the GEMS audit log screens, not only Humboldt, San Luis Obispo and Santa Barbara Counties in California but jurisdictions in other parts of the country, including several counties in Texas and Florida, continue to use Gems version 1.18.19….”


Ohio Voting Security Review Released / 14 December 2007

Today Ohio Secretary of State Jennifer Brunner released the results of a comprehensive security review of the electronic voting systems used in her state. The study was similar in scope to the California top-to-bottom review conducted this summer (with which I was also involved), covering the systems used in Ohio. The project contracted several academic teams and others to examine the election procedures, equipment and source code used in that state, with the aim of identifying any problems that might render elections vulnerable to tampering under operational conditions.

The ten-week project examined in detail the touch-screen, optical scan, and election management technology from e-voting vendors ES&S, Hart InterCivic and Premier Election Systems (formerly Diebold). Project PI Patrick McDaniel (of Penn State) coordinated the academic teams and led the study of the Hart and Premier Systems (parts of which had already been reviewed in the California study). Giovanni Vigna (of WebWise Security and UCSB) led the team that did penetration testing of the ES&S system.

I led the University of Pennsylvania-based team, which examined the ES&S source code. This was particularly interesting, because, unlike Hart and Premier, the full ES&S source code suite hadn’t previously been studied by the academic security community, although ES&S products are used by voters in 43 US states and elsewhere around the world. The study represented a rather unique opportunity to contribute to our understanding of e-voting security in practice, both inside and outside Ohio.

My group — Adam Aviv, Pavol Cerny, Sandy Clark, Eric Cronin, Gaurav Shah, and Micah Sherr — worked full-time with the source code and sample voting machines in a secure room on the Penn campus, trying to find ways to defeat security mechanisms under various kinds of real-world conditions. (Our confidentiality agreement prevented us from saying anything about the project until today, which is why we may have seemed especially unsociable for the last few months.)

As our report describes, we largely succeeded at finding exploitable vulnerabilities that could affect the integrity of elections that use this equipment. The report is long and detailed, and speaks for itself far better than I can here. A brief statement from Patrick McDaniel and me can be found here:
Our full 334 page report can be downloaded (11MB, PDF format) from the Ohio Secretary of State’s web site at: .

There were other parts to the study (called “Project EVEREST”) than just the source code analysis, and, of course, there is also the question of how to actually secure elections in practice given the problems we found. The Ohio Secretary of State’s web site has a nice summary of the review and of the Secretary’s recommendations.

Sandy Clark
email : clarks [at] seas.upenn [dot] edu

Matt Blaze
email : blaze [at] cis.upenn [dot] edu

California voting systems code review now released / 2 August 2007

Readers of this blog may recall that for the last two months I’ve been part of a security review of the electronic voting systems used in California. Researchers from around the country (42 of us in all) worked in teams that examined source code and documents and performed “red team” penetration tests of election systems made by Diebold Election Systems, Hart InterCivic and Sequoia Voting Systems.

The red team reports were released by the California Secretary of State last week, and have been the subject of much attention in the nationwide press (and much criticism from the voting machine vendors in whose systems vulnerabilities were found). But there was more to the study than the red team exercises.

Today the three reports from the source code analysis teams were released. Because I was participating in that part of the study, I’d been unable to comment on the review before today. (Actually, there’s still more to come. The documentation reviews haven’t been released yet, for some reason.) Our reports can now be downloaded from .

I led the group that reviewed the Sequoia system’s code (that report is here:

The California study was, as far as I know, the most comprehensive independent security evaluation of electronic voting technologies ever conducted, covering products from three major vendors and investigating not only the voting machines themselves, but also the back-end systems that create ballots and tally votes. I believe our reports now constitute the most detailed published information available about how these systems work and the specific risks entailed by their use in elections.

My hats off to principal investigators Matt Bishop (of UC Davis) and David Wagner (of UC Berkeley) for their tireless skill in putting together and managing this complex, difficult — and I think terribly important — project. By law, California Secretary of State Debra Bowen must decide by tomorrow (August 3rd, 2007) whether the reviewed systems will continue to be certified for use throughout the state in next year’s elections, and, if so, whether to require special security procedures where they are deployed.

We found significant, deeply-rooted security weaknesses in all three vendors’ software. Our newly-released source code analyses address many of the supposed shortcomings of the red team studies, which have been (quite unfairly, I think) criticized as being “unrealistic”. It should now be clear that the red teams were successful not because they somehow “cheated,” but rather because the built-in security mechanisms they were up against simply don’t work properly. Reliably protecting these systems under operational conditions will likely be very hard. The problems we found in the code were far more pervasive, and much more easily exploitable, than I had ever imagined they would be.

Our reports speak for themselves (and they do a lot of speaking, I’m afraid, with over 300 pages released so far), so I won’t try to repeat what’s in them here. What follows are strictly my own thoughts about what we learned and how we did what we did. My group, which was based in Berkeley, looked at the source code of the Sequoia system. That system includes touch-screen and optical scan voting machines used at polling places and a back-end ballot preparation and vote tallying database at the elections headquarters. At over 800K lines of code, Sequoia’s was the largest of the three codebases reviewed, and ours was the largest team in the project (Arel Cordero, Sophie Engle, Chris Karlof, Naveen Sastry, Micah Sherr, Till Stegers and Ka-Ping Yee — a group of extraordinary talent and energy if ever there was one).

Reviewing that much code in less than two months was, to say the least, a huge undertaking. We spent our first week (while we were waiting for the code to arrive) setting up infrastructure, including a Trac Wiki on the internal network that proved invaluable for keeping everyone up to speed as we dug deeper and deeper into the system. By the end of the project, we were literally working around the clock. To protect the vendor’s proprietary software, our lab was in a small room on the UC Berkeley campus equipped with a lock not on the building master key, a monitored alarm, a safe in which we stored our disk drives when no one was there and an air-gapped isolated network of dedicated workstations. The ventilation in our small windowless room never quite worked, and whenever anyone had a cold we’d all eventually catch it. (Not that I’m complaining; the minor physical discomforts and long hours were tiny prices to pay for the opportunity to study the inner workings of something rarely exposed to outside scrutiny, and yet so central to our democracy.)

Because of the way the project was organized we didn’t have any actual voting machines at Berkeley, only source code. All the vendor hardware was in another secure room at the Secretary of State’s office in Sacramento and was intended primarily for use by the penetration test red teams. We ended up collaborating closely with the red team (based at UC Santa Barbara) that was working on our system (and who issued their own report).

So what can we learn from all this?
In spite of the short time and other sub-optimal conditions, the project found deeply-rooted security weaknesses in the software of all three voting systems reviewed. I was especially struck by the utter banality of most of the flaws we discovered. Exploitable vulnerabilities arose not so much from esoteric weaknesses that taxed our ingenuity, but rather from the garden-variety design and implementation blunders that plague any system not built with security as a central requirement. There was a pervasive lack of good security engineering across all three systems, and I’m at a loss to explain how any of them survived whatever process certified them as secure in the first place. Our hard work notwithstanding, unearthing exploitable deficiencies was surprisingly — and disturbingly — easy.

Much of the controversy around electronic voting concerns the possibility of hidden “backdoors” incorporated by a nefarious vendor. Properly obfuscated, such mischief would be almost impossible to detect. Yet our reports chronicle software weakened not by apparent malice but by a litany of elementary mistakes: static cryptographic keys, unsecured interfaces, poorly validated inputs, buffer overflows, and basic programming errors in security-critical modules. Deliberate backdoors in these systems, if any existed, would be largely superfluous.

Unfortunately, while finding many of the vulnerabilities may have been straightforward enough, fixing them won’t be. The root problems are architectural. All three reviewed products are, in effect, large-scale distributed systems that have many of their security-critical functions performed by equipment sent out into the field. In particular, the integrity of the vote tallies depends not only on the central computers at the county elections offices, but also on the voting machines (and software) at the polling places, removable media that pass through multiple hands, and complex human processes whose security implications may not be clear to the people who perform them. In other words, the designs of these systems expose generously wide “attack surfaces” to anyone who seeks to compromise them. And the defenses are dangerously fragile — almost any bug, anywhere, has potential security implications.

This means that strengthening these systems will involve more than repairing a few programming errors. They need to be re-engineered from the ground up. No code review can ever hope to identify every bug, and so we can never be sure that the last one has been fixed. A high assurance of security requires robust designs where we don’t need to find every bug, where the security doesn’t depend on the quixotic goal of creating perfect software everywhere. In the short term, election administrators will likely be looking for ways to salvage their equipment with beefed up physical security and procedural controls. That’s a natural response, but I wish I could be more optimistic about their chances for success. Without radical changes to the software and architecture, it’s not clear that a practical strategy that provides acceptable security even exists. There’s just not a lot to work with. I don’t envy the officials who need to run elections next year.

Is the e-voting honeymoon over?

Electronic Vote Rigging in Kentucky
Eight Clay County, Kentucky election officials were charged last week with conspiring to alter ballots cast on electronic voting machines in several recent elections. The story was first reported on a local TV station and was featured on the election integrity site BradBlog. According to the indictment, the conspiracy allegedly included, among other things, altering ballots cast on the county’s ES&S iVotronic touchscreen voting machines.

So how could this have happened?
The iVotronic is a popular Direct Recording Electronic (DRE) voting machine. It displays the ballot on a computer screen and records voters’ choices in internal memory. Voting officials and machine manufacturers cite the user interface as a major selling point for DRE machines — it’s already familiar to voters used to navigating touchscreen ATMs, computerized gas pumps, and so on, and thus should avoid problems like the infamous “butterfly ballot”. Voters interact with the iVotronic primarily by touching the display screen itself. But there’s an important exception: above the display is an illuminated red button labeled “VOTE”. Pressing the VOTE button is supposed to be the final step of a voter’s session; it adds their selections to their candidates’ totals and resets the machine for the next voter.

The Kentucky officials are accused of taking advantage of a somewhat confusing aspect of the way the iVotronic interface was implemented. In particular, the behavior (as described in the indictment) of the version of the iVotronic used in Clay County apparently differs a bit from the behavior described in ES&S’s standard instruction sheet for voters. A flash-based iVotronic demo available from ES&S shows the same procedure, with the VOTE button as the last step. But evidently there’s another version of the iVotronic interface in which pressing the VOTE button is only the second to last step. In those machines, pressing VOTE invokes an extra “confirmation” screen. The vote is only actually finalized after a “confirm vote” box is touched on that screen. (A different flash demo that shows this behavior with the version of the iVotronic equipped with a printer is available from ES&S here). So the iVotronic VOTE button doesn’t necessarily work the way a voter who read the standard instructions might expect it to.

The indictment describes a conspiracy to exploit this ambiguity in the iVotronic user interface by having pollworkers systematically (and incorrectly) tell voters that pressing the VOTE button is the last step. When a misled voter would leave the machine with the extra “confirm vote” screen still displayed, a pollworker would quietly “correct” the not-yet-finalized ballot before casting it. It’s a pretty elegant attack, exploiting little more than a poorly designed, ambiguous user interface, printed instructions that conflict with actual machine behavior, and public unfamiliarity with equipment that most citizens use at most once or twice each year. And once done, it leaves behind little forensic evidence to expose the deed.

Current electronic voting systems have been widely — and justifiably — criticized for being insufficiently secure against vote tampering and other kinds of election fraud. I led the team at U. Penn that examined the ES&S iVotronic — the same machine used in Kentucky — as part of the Ohio EVEREST voting systems study in 2007. We found numerous exploitable security weaknesses in these machines, many of which would make it easy for a corrupt voter, pollworker, or election official to tamper with election results. Other studies have reached similarly grim conclusions about most of the other e-voting products used in the US and elsewhere. But these results, alarming as they are, also raise a perplexing question: if the technology is so vulnerable, why have there been so few (if any) substantiated cases of these systems being attacked and manipulated in actual elections?

A plausible explanation is simply that the bad guys haven’t yet caught up with the rich opportunities for mischief that these systems provide. It takes time for attackers to recognize and learn to exploit security weaknesses in new devices, and touchscreen voting machines have been in wide use for only a few years (most US counties purchased their current systems after 2002, with funding from the Help America Vote Act). For example, the computers connected to the Internet were for a long time largely vulnerable to network-based attack, but it took several years before viruses, worms, and botnets became serious threats in practice. In other words, new technologies sometimes enjoy an initial relatively crime-free “attack honeymoon” in which even very weak defenses seem to be sufficient. But eventually, the criminals arrive, and, once they climb the learning curve, the world becomes a much more hostile place very quickly.

We might ask, then, what the (alleged) Kentucky conspiracy tells us about the e-voting attack honeymoon. Are the bad guys catching up? On the one hand, we might be comforted by the relatively “low tech” nature of the attack — no software modifications, altered electronic records, or buffer overflow exploits were involved, even though the machines are, in fact, quite vulnerable to such things. But a close examination of the timeline in the indictment suggests that even these “simple” user interface exploits might well portend more technically sophisticated attacks sooner, rather than later.

Count 9 of the Kentucky indictment alleges that the Clay County officials first discovered and conspired to exploit the iVotronic “confirm screen” ambiguity around June 2004. But Kentucky didn’t get iVotronics until at the earliest late 2003; according to the state’s 2003 HAVA Compliance Plan, no Kentucky county used the machines as of mid-2003. That means that the officials involved in the conspiracy managed to discover and work out the operational details of the attack soon after first getting the machines, and were able to use it to alter votes in the next election.

Yes, the technique is low-tech, but it’s also very clever, and not at all obvious. The only way for them to have discovered it would have been to think hard and long about how the machines work, how voters would use them, and how they could subvert the process with the access they had. And that’s just what they did. They found the leverage they needed quickly, succeeding at using their discovery to steal real votes, and apparently went for several years without getting caught. It seems reasonable to suspect that if a user interface ambiguity couldn’t have been exploited, they would have looked for — and perhaps found — one of the many other exploitable weaknesses present in the ES&S system.

But that’s not the worst news in this story. Even more unsettling is the fact that none of the published security analyses of the iVotronic — including the one we did at Penn — had noticed the user interface weakness. The first people to have discovered this flaw, it seems, didn’t publish or report it. Instead, they kept it to themselves and used it to steal votes.

Maryland Files Claim to Recover Voting Machine Expenses
BY Laura Smitherman / Baltimore Sun / 25 December 2008

After years of problems with the state’s touch-screen voting system, Maryland has filed a claim to recover $8.5 million from the maker of the machines, Premier Election Solutions, Attorney General Douglas F. Gansler announced yesterday. The claim seeks costs the state incurred to correct security gaps in the voting system that were uncovered several years ago by independent investigations. The state has paid $90 million under a contract with Premier, formerly known as Diebold, since 2001. During that time, the two parties have had a sometimes-rocky relationship as hitches in the voting system surfaced. “Under basic contract law, this is money that should be paid by Diebold or its successor and not by the taxpayers,” Gansler said in an interview. “This is sort of the final chapter of the touch-screen machines that we’ve had issues with in Maryland since we’ve gotten them.”

Last year, Gov. Martin O’Malley and the General Assembly decided to eventually dump the touch-screen equipment and instead move toward buying new optical-scan machines, which read paper ballots filled in by voters with pencil or pen and allow for a manual recount. The new system is expected to cost about $20 million. Premier President Dave Byrd said in a statement that the state’s claim appears to be based on “inaccurate and unfounded assumptions.” He also said the 2008 election, in which Premier’s machines were used, was one of the “smoothest” in the state’s history, culminating what he called a “seven-year track record of success.” The “claim may be an attempt to retroactively change the rules of the contracts, but it does not change or reflect the actual record of successful performance,” Byrd said.

State officials contend, however, that the November election came off with few glitches precisely because they had spent so much money on upgrades and technical fixes. According to the claim, the state Board of Elections has implemented, largely at its own expense, measures to correct flaws uncovered by assessments ordered by former Gov. Robert L. Ehrlich Jr. and by the General Assembly. Premier and the state haven’t always been on the outs. After warnings about security vulnerabilities from three computer experts – Johns Hopkins University professor Avi Rubin and the two hired by the state – a voter advocacy group sued in 2004. The group alleged that the state should not have certified Premier’s machines for use in elections. The state defended Premier at the time, and won.

That history is not lost on Premier, which said its good relations with the state made the attorney general’s recent claim “all the more of a surprise,” according to the company’s written response. The company said its system satisfies contractual security requirements and that the state decided to incorporate additional measures based on the reports it commissioned. The company’s response relied in part on the state’s legal defense from four years ago that contended no system is perfect and pointed out that there had not been a single report of a security breach. Premier also said that it has provided additional services and materials beyond what was required under the contract at no additional charge.

Other problems have surfaced that aren’t addressed in the state’s claim. Diebold had to replace parts in voting machines used in the 2004 election because of glitches in the “motherboard,” the main circuit board, that could cause the machines to freeze. Then in the 2006 primary election, the state’s new “e-poll books,” electronic check-in terminals made by Diebold that are distinct from the touch-screen voting units, crashed repeatedly. “Voter confidence and the integrity of the process were undermined by the use of these machines,” Gansler said. “It took nearly 10 years for us to figure out we shouldn’t be using them, but during the course of that time we did everything we could to ensure reliability.” The claim now goes before a state procurement officer, whose decision on the matter could then be petitioned to the Maryland State Board of Contract Appeals. Until the dispute is settled, the state is withholding payment on $4 million in bills for services Premier provided for the 2008 elections.

Diebold Faces GPL Infringement Lawsuit Over Voting Machines
BY Ryan Paul / Ars Technica / 04 November 2008

Artifex Software, the company behind the open source Ghostscript PDF processing software, has filed a lawsuit against voting machine vendor Diebold and its subsidiary Premier Election Solutions. Artifex says that Diebold violated the GPL by incorporating Ghostscript into commercial electronic voting machine systems. Ghostscript, which was originally developed in the late 80s, is distributed for free under the GNU General Public License (GPL). This license permits developers to study, modify, use, and redistribute the software but requires that derivatives be made available under the same terms. Companies that want to use Ghostscript in closed-source proprietary software projects can avoid the copyleft requirement by purchasing a commercial license from Artifex. Among commercial Ghostscript users who have purchased licenses from Artifex are some of the biggest names in the printing and technology industries, including HP, IBM, Kodak, Siemens, SGI, and Xerox.

Evidence of Diebold’s Ghostscript use first emerged last year when electronic voting machine critic Jim March was conducting analysis of Pima County voting irregularities. He brought a technical question to the Ghostscript mailing list relating to his investigation and mentioned in passing that Diebold’s use of Ghostscript could potentially fall afoul of the GPL. This view was shared by Ghostscript developer Ralph Giles, who referred the matter to the Artifex business staff so that it could evaluate the legal implications. “Seems likely that they are not respecting our software license in this case. We do not consider bundling as an integrated component intended to work with other software as ‘mere aggregation’ under the GPL,” wrote Giles in a mailing list post. According to InformationWeek, Artifex is seeking over $150,000 in damages and is calling for the court to block usage of the equipment. Security researchers have uncovered numerous security vulnerabilities in voting machines produced by several major vendors, including Diebold. The voting machine company has faced several high-profile lawsuits in the past, including one filed by the state of California, where Diebold machines were subsequently banned over fraudulent claims.

U.S. issues revised e-voting standards
BY Robert Lemos / 2009-06-01

“The National Institute of Standards and Technology (NIST) delivered an update on Monday to the United States’ electronic voting standards, adding more requirements to test systems for accuracy and reliability and additional rules to make paper audit trails easier to review. The draft revision, known as the Voluntary Voting System Guidelines (VVSG) version 1.1, adds more stringent recommendations for testing and auditing as well as requirements that election software and updates be digitally signed and improved ease-of-use for poll workers. The U.S. Election Assistance Commission (EAC) announced on Monday that the draft revision will be available for public comment for the next 120 days. “The guidelines announced today are designed to further improve the quality and efficiency of the testing conducted on voting systems,” John Wack, NIST voting team manager, said in a statement. “This enables improvements to be made sooner rather than later when the next full set of standards is finalized.”

Election systems have come under scrutiny following errors that have led to lost votes and software glitches that have shutdown machines on voting day. In 2007, an election system failure may have resulted in a loss for the Democratic challenger in a contest for one of Florida’s seats in the U.S. House of Representatives, when the configuration of the electronic ballot likely resulted in a large number of people in a Democratic-leaning county failing to vote. In midterm elections the prior year, many states took extra security precautions after researchers found that Diebold’s election systems contained a serious flaw.”

VVSG 1.1
Proposed Draft Revisions to 2005 Voluntary Voting System Guidelines

DUE TO LACK OF TRANSPARENCY, POSSIBILITY OF FRAUD,,4069101,00.html?maca=en-tagesschau_englisch-335-rdf-mp

Hacker named to Homeland Security Advisory Council
BY Elinor Mills / June 5, 2009

Jeff Moss, founder of the Black Hat and Defcon hacker and security conferences, was among 16 people sworn in on Friday to the Homeland Security Advisory Council. The HSAC members will provide recommendations and advice directly to Secretary of Homeland Security Janet Napolitano. Moss’ background as a computer hacker (aka “Dark Tangent”) and role as a luminary among young hackers who flock to Defcon in Las Vegas every summer might seem to make him an odd choice to swear allegiance to the government. (Although before running his computer conferences, Moss also worked in the information system security division at Ernst & Young.) I’d like to hear some of the banter as he rubs elbows with the likes of former CIA (Bill Webster) and FBI directors (Louis Freeh), Los Angeles County sheriff, Miami mayor, New York police commissioner, governors of Maryland and Georgia, former Colorado Sen. Gary Hart, and the president of the Navajo Nation.

In an interview late on Friday, Moss, who is 39, said he was surprised when he got the call and was asked to join the group.
“I know there is a newfound emphasis on cybersecurity and they’re looking to diversify the members and to have alternative viewpoints,” he said. “I think they needed a skeptical outsider’s view because that has been missing.” Asked if there was anything in particular he would advocate, Moss said: “There will be more cyber announcements in coming weeks and once that happens my role will become more clear. This meeting was focused on Southwest border protection… With things like Fastpass and Safe Flight, everything they are doing has some kind of technology component.”

Moss, who is genuinely humble, said he was “fantastically honored and excited to contribute” to the HSAC and not concerned with losing any street cred among what some would call his fan base. He did concede that his new position would give him an unfair advantage in Defcon’s “Spot The Fed” contest in which people win prizes for successfully outing undercover government agents. Security consultant Kevin Mitnick, who spent five years in prison on computer-related charges and was once the FBI’s most-wanted cybercriminal, praised Moss’ diplomacy, but said: “I’m surprised to see Jeff on the list. I would have expected (crypto/security guru and author) Bruce Schneier to be on the council.” Moss “is a great crowd pleaser” and “he’s just bad enough for them to say ‘we’re crossing the ranks,'” said journalist and threat analyst Adrian Lamo, who served two years of probation for breaking into computer networks. “But the reality is he’s as corporate as hiring someone out of Microsoft.”


Meet the nation’s first CIO
BY Galen Gruman / 2009-03-06

In a surprise announcement, President Obama has named the nation’s first federal CIO [1]: Vivek Kundra, CTO of the District of Columbia. (He has yet to name the position he did promise he would create: the first national CTO.) So who is Kundra, and what might his appointment mean for the federal government’s direction for and spending on technology? As the federal CIO, he will oversee a $71 billion IT budget and manage technology interoperability among agencies. Kundra told a press conference that he will investigate how the government might improve its technology investments and make more information accessible to citizens through the Internet. He’s done both as D.C.’s CTO.

The District of Columbia has been a leader in smart deployment of technology for years, boasting a succession of strong CTOs. Under Suzanne Peck’s tenure, previous to Kundra’s, D.C. was among the first to use SOA to rationalize software development [2] efforts, to use XML to make government operational data open for mashups [3], and to deploy next-gen wireless technology for public safety [4] and other agency usage. Kundra became CTO in 2006 and quickly staked out his own innovation focus. As D.C.’s CTO, Kundra has emphazied what he calls a stock-market approach to IT project management and the adoption of consumer technologies in business. Both approaches come from the same epiphany he recalls having: The technology most users employ at work is kludgy compared to what they use in their daily routines, even though consumer technologies are often less expensive or even free. “For some weird reason I cannot understand, the way we organize ourselves at work is so much less agile than what we do in our personal lives,” Kundra told InfoWorld. “Why not use consumer technology at work?”

The IT “stock market”
As D.C.’s CTO, Kundra hired a team of analysts to track projects — in the style of a financial analyst — on a daily basis. Smaller projects get bundled into “funds” of related efforts. Pretty quickly, the successes and failures were obvious. For example, the analysts discovered that a three-year enterprise content management project had made little progress and was run by project managers who had four previous failures. “It was not going anywhere. So I decided to ‘sell’ the stock — I killed the project — and put that capital elsewhere,” Kundra recalls. In this case, he redirected the money to add mobile laptops to police cars. The stock metaphor made sense to more business-minded leaders at the district, but Kundra admits he had to really sell the concept to most employees and the 87 agency heads served by his team. “It was an education,” he notes drily. What really sold the concept was the result: lower cost due to fewer long-burning misfires.

The stock approach also supplanted the traditional project management mentality of creating specifications and periodically assessing progress against them subjectively. “I wanted a more data-driven model — after all, the data is the data. If you’re over budget for two or three quarters, you can’t avoid being exposed,” Kundra says. “People don’t make tough decisions easily, so you have to show them the data. [As government leaders,] it’s our duty to make sure they’re not failing,” he adds. Objective measurements make that assessment easier. For Kundra, the stock-market approach is really just a metaphor for a technique driven by ongoing analytics. “You can use a different metaphor if that works better in your industry,” he says. But essential to success is a “ruthless discipline” in your data collection, analysis, and consequent management decisions.

Freeing up resources for meaningful innovation
Kundra was not focused solely on weeding out bad “stocks.” He also used this approach to free up capital for innovative bets. For example, he’s initiated a project that combines YouTube with Wikipedia to increase government’s accountability to citizens. All requests for proposals (RFPs) for city contracts are posted on a Web site in a wiki, with all bids being available as PDF attachments. Attendee lists from public hearings are scanned and posted as well, as are videos of hearings and even RFP presentations. Also posted or linked are any district communications with the potential vendors on the RFPs. If this effort succeeds, “no one can say that there are deals done behind closed doors,” he says. “It’s tough in tight budgets to find the innovative path,” Kundra notes, which is why he was so focused on gaining stock-market-like efficiencies in weeding out wasteful projects and identifying strong ones. Thanks to the savings already established from this approach, he was able to set up an R&D lab to test new ideas. The two areas of Kundra’s fancy are new-generation mobile devices — “I believe the iPhone is the future [5] for integrated voice, data and video” — and Web 2.0 technologies [6], thus the experiments using wikis and YouTube.





Error in Diebold Voting Software Caused Lost Ballots in California
BY Kim Zetter / December 8, 2008

“Humboldt County election director Carolyn Crnich discovered the missing ballots only because she happened to implement a new and innovative auditing system this year that was spearheaded by members of the public who helped her develop it. Humboldt County, which is a small county located in northern California near the Oregon border, implemented the Transparency Project, whereby every paper ballot (Humboldt uses only paper ballots) gets digitally scanned by a separate commercial scanner, not made by a voting machine company, so that the ballot images can then be posted on the internet for anyone to examine and conduct their own independent recounts. (See this post for more about how the Transparency Project works.)

It was through the Transparency Project that Crnich and Mitch Trachtenberg, a volunteer who helped design part of the project, discovered the problem with the Premier software on November 30th after they finished scanning all of the ballots through the Transparency Project’s commercial scanner two days before the county was required to certify its election results. After the county had already scanned and tabulated the 60,000+ ballots with the Premier voting system and created the official tally, the Transparency Project workers then spent 65 hours scanning the ballots into a Fujitsu scanner and creating digital images of each ballot. They discovered in doing so, that they had 216 more ballots recorded than the number of ballots that were counted by the Premier tabulation system.

Parke Bostrom, one of the Transparency Project volunteers, wrote in a blog post about the issue, “The audit log is not truly a ‘log’ in the classical computer program sense, but is rather a ‘re-imagining’ of what GEMS would like the audit log to be, based on whatever information GEMS happens to remember at the end of the vote counting process.”


“Under the Transparency Project, after the ballots are officially scanned and tabulated by the Premier system, they’re scanned a second time by a separate commercial scanner, not made by any voting machine company, so that the ballot images can then be posted on the internet for the public to examine and conduct independent recounts. Every ballot image is imprinted with a unique serial number as it’s scanned through the commercial scanner to verify its authenticity, and batches of ballot images are hashed to verify that they haven’t been altered before they’re posted online or saved to DVDs.

To make it easier for the public to tally the votes, Trachtenburg, an independent programmer who has launched a company called Trachtenberg Election Verification Software, wrote a program pro bono to allow anyone to sort through the Humboldt ballots by precinct or race. The sorting software, called Ballot Browser (image above right shows the software’s user interface), is an open source program written in Python to run on a Windows or Linux platform. The Humboldt version is running on Debian Linux Etch and uses a Fujitsu high-speed scanner also using Debian Linux.

Ballot Browser displays each ballot in a window and highlights the spot where it thinks the voter has made his choice. The display can be turned off to speed up scanning to 1,000 ballots an hour. Crnich said she got the idea for the project from Kevin Collins, who expressed concerns during a public meeting about the trustworthiness of proprietary voting systems. He wanted to know why it wasn’t possible for everyone to examine every ballot. “That was the seed,” Crnich told Threat Level.

But getting ballots into the hands of the public presented a problem. California’s election law says that once ballots are scanned and sealed in containers by poll workers after an election, they can’t be re-opened except to be recycled or destroyed or unless officials suspect there might be something wrong with the ballots. Crnich determined that the latter provided a possible loophole. Since there was already a strong public perception that there was something wrong with the ballots, she concluded that this was the permission she needed to make the ballots available for public perusal.

Trachtenberg said he came away from his first meeting with Crnich feeling very pleasantly surprised. “I just thought, ’she gets it, she gets it,’” he said. “I had contacted the previous election staff years ago complaining in particular that the [voting] system wouldn’t leave a paper audit trail. So I was really pleasantly surprised when I discovered that Carolyn was behind the idea of election transparency and wanted to get on board.”

Crnich convinced her board of supervisors to purchase an off-the-shelf Fujitsu high-speed scanner and the group launched the project in limited form during the June primary. Trachtenberg said before the launch they had trouble getting the scanner to work with their Linux scanning program, but contacted M. Allen Noah, administrator of the SANE Project (the open scanning protocol known as Scanner Access Now Easy that works with Linux), who advised them on how to make it work.

It took about five days to scan about 32,000 ballots cast in the primary election. The ballot scans amounted to about 8.2 GB of data and filled up 3 DVDs. They didn’t actually do a re-count of the ballots in June, however. They just did random spot checks to establish that their system worked. The number of ballots they scanned with their Fujitsu matched very closely the number they had scanned with the Premier system, with the exception of one or two ballots.

The November election, by contrast, was more complicated and took 65 hours to scan because the election involved 64,161 ballots that were double-sided. The volunteers were deputized before they started the project, and the chain-of-custody on the ballots was carefully controlled throughout the process. A county worker removed the ballots from secure storage, and the ballots were never left alone with one person at a time. The workers had to fill out forms carefully tracking the time the ballots left secure storage, the time at which they were unsealed from containers, and other steps.

Crnich said the partnership of technical experts with election staff turned out to be the perfect combination. “With my willingness to say yes let’s do what we can to make this a transparent and trusted election and with Mitch’s ability to develop the software in open source and make it available, it’s worked out I think to the advantage of voters in Humboldt County,” Crnich said. “[The point] was not to catch anybody or anything, it was just to make the information available to the public. Here it is. If you question our results, please look at it yourself.”

Once they’d finished scanning the November ballots, they knew immediately they had a problem because the number of ballots they scanned through the Fujitsu printer didn’t match the number of ballots that had been tabulated by the Premier system. They discovered that the Premier system had dropped a batch of 197 ballots from its tabulation software. The voting company has acknowledged that a problem with its software caused the system to drop the ballots and that the software has contained the error since 2004.

Trachtenberg said the problem they discovered underscored for him that proprietary voting systems and “secret counting” methods aren’t in the best interest of democracy. “Without any allegation of fraud, programmers make mistakes. And sometimes people like to hide their mistakes,” Trachtenberg said. “If it’s possible for people to do an independent count, they should be allowed, and we’re very fortunate in Humboldt that we had a registrar who not only allowed us to do an independent count but made it as easy as it could be. I think what you’ll find is a couple if years from now, this is going to be thought to be just common sense.”

The ballots from the November election haven’t been placed online yet because they’re still looking for a volunteer with sufficient bandwidth who is willing to host the data. In the meantime, members of the public can request DVD copies of the ballots by contacting the Humboldt County elections office. Here’s a video of Trachtenberg discussing how his open-source ballot software works.

Mitch Trachtenberg
email : mitch [at] tevsystems [dot] com


“[One] approach to the idea of encrypted ballots is Scantegrity II, designed by David Chaum, a computer scientist and cryptographer who, among many other things, invented the idea of digital cash. Instead of putting a cross next to the candidate’s name, a voter fills in an oval-shaped space, known as a bubble, next to the name. So far, that is similar to one widely used American system. However, in the case of Scantegrity the voter uses not an ordinary pen but a special one whose “ink” reacts with a pattern of two chemicals that has been printed inside the bubble. One of these chemicals darkens the whole bubble, so that its position (and thus the candidate voted for) can be recorded by a standard optical-reader. The other becomes visible in a contrasting colour to reveal a previously invisible three-character code, derived from a pseudorandom number generator. Since the optical readers employed by this system do not have character-recognition software, this code cannot be read by the vote-counting machine. But it can be noted by the voter on a detachable receipt at the bottom of the ballot paper. He can then, if he wishes, check things are in order by entering the serial number of his ballot paper into a website set up for the election. He should see in return the letter code he noted. If the code does not match, something is awry, and an investigation can start.”

David Chaum
email : david [at] chaum [dot] com


Dan Wallach
email : dwallach [at] cs.rice [dot] edu

E-Voting Firms Recognize That Open Source Software Exists…
But Seem Confused About What It Means
BY Mike Masnick / Apr 20th 2009

We’ve never quite understood why e-voting software shouldn’t be required to be public information. For the sake of actually allowing an open and transparent voting system, it’s hard to understand how any governing body would allow proprietary software to be used. There’s simply no way you can prove that the system is fair and transparent if the counting mechanism is totally hidden away. For years, the big e-voting firms have simply shrugged this off, but it looks like they’re at least open to discussing it. A trade group representing the big e-voting firms has put out a whitepaper discussing open source voting systems, where all they really do is show that they don’t actually understand much about open source technologies.

First, they claim that, even though they understand that “security through obscurity” isn’t effective, “there remains some underlying truths to the idea that software does maintain a level of security through the lack of available public knowledge of the inner workings of a software program.” Computer Science professor Dan Wallach does a nice job responding to that claim:

“Really? No. Disclosing the source code only results in a complete forfeiture of the software’s security if there was never any security there in the first place. If the product is well-engineered, then disclosing the software will cause no additional security problems. If the product is poorly-engineered, then the lack of disclosure only serves the purpose of delaying the inevitable. What we learned from the California Top-to-Bottom Review and the Ohio EVEREST study was that, indeed, these systems are unquestionably and unconscionably insecure. The authors of those reports (including yours truly) read the source code, which certainly made it easier to identify just how bad these systems were, but it’s fallacious to assume that a prospective attacker, lacking the source code and even lacking our reports, is somehow any less able to identify and exploit the flaws. The wide diversity of security flaws exploited on a regular basis in Microsoft Windows completely undercuts the ETC paper’s argument. The bad guys who build these attacks have no access to Windows’s source code, but they don’t need it. With common debugging tools (as well as customized attacking tools), they can tease apart the operation of the compiled, executable binary applications and engineer all sorts of malware. Voting systems, in this regard, are just like Microsoft Windows. We have to assume, since voting machines are widely dispersed around the country, that attackers will have the opportunity to tear them apart and extract the machine code. Therefore, it’s fair to argue that source disclosure, or the lack thereof, has no meaningful impact on the operational security of our electronic voting machines. They’re broken. They need to be repaired.”

The next oddity, is the claim that if a problem is found in open source software, then it won’t get fixed as quickly, because you have to wait for “the community” to fix it. That completely mistakes how open source software works. Again, Wallach points out how silly that is, noting that plenty of commercially-focused companies run open source projects, including maintaining and contributing code to the project. If these companies were to open source their code, there’s nothing stopping them from continuing to improve the security of the code. There’s no need to wait around… The paper has other problems as well, which Wallach discusses at the link above. To be honest, though, it’s quite telling that these firms don’t even seem to understand some of the basics of how open source software works.



Open-source e-voting gets LinuxWorld test run
BY Todd R. Weiss / August 6, 2008

Computer engineer Alan Dechert didn’t like what he saw during the controversial vote tallying in Florida in 2000’s presidential election. That was when he decided that there had to be a better way for U.S. citizens to safely and accurately cast their ballots. More than seven years later, Dechert is here at the LinuxWorld Conference & Expo, publicly displaying the open-source e-voting system he helped develop that fixes some of the problems that he and other critics found in the nation’s voting systems almost a decade ago. “I watched the 2000 election, and I was stunned that we didn’t know how to count ballots,” Dechert said.

In Florida, where paper punch-card ballots were used at the time in many counties, the nation watched in disbelief for weeks as the presidential election came down to the wire over punch cards that were analyzed individually and manually by voting officials. At issue was voter intent, as officials tried to decipher who voters had selected on the ballots, which often weren’t fully punched out by the machines that were supposed to mark the ballots. It took analysis of those ballots and a U.S. Supreme Court decision to finally decide the winner of that election, almost a month after the last polling place closed.

That December, Dechert co-founded the Granite Bay, Calif.-based Open Voting Consortium to try to help come up with a better way to vote in this country. “This was conceived as a pilot project for Sacramento County [Calif.] in December 2000,” he said. The idea was to create an electronic voting system that allows voters to make their candidate selections on a screen, then clearly print their ballots and have them scanned and tallied by reliable machines. By creating such a system, Dechert said, then “there’s no ambiguity about what the voter intended,” fixing one of the most glaring problems of the old punch-card systems and poorly designed ballot layouts. The system, which was set here at LinuxWorld for show attendees to view and vote in mock elections, runs on PCs loaded with Ubuntu Linux and the free, open source e-voting application created by the consortium.

For election officials, the system is a simple one that would allow voters to be sure of their choices before they leave the ballot-casting area, Dechert said. Officials could set up and create the ballot in any elections intuitively with a special software tool that would add candidate names, office titles and other relevant information without requiring major computing skills. The application runs on standard PC architecture and requires no specialized equipment. “They don’t have to do anything special,” Dechert said of local election officials who would use the system. “They don’t have to know anything special.”

By going to an open-source system, he said, the application’s code could be carefully and publicly analyzed for flaws and security issues, then could be fixed and made trustworthy for use. At least, that’s the position of open-source advocates who think they can build a better system than those created by proprietary vendors across the nation. “What we’re trying to advance is full public scrutiny, with many eyes on the code,” Dechert said.

The open-source system aims to address several concerns about traditional vendor-supplied e-voting systems in use across the U.S., he said, including the following:
* By being open source, the code can be checked at any time for flaws or problems by any qualified programmer or developer, making it more transparent and trustworthy.
* By using off-the-shelf PC hardware and printers and other peripherals, it’s much cheaper than custom, purpose-built e-voting consoles and equipment.
* It’s usable by handicapped voters and by voters who speak languages other than English.
* It contains a voter-verifiable and fully auditable paper record that can be preserved and is recountable.

“It could be used now,” Dechert said. Some local voting jurisdictions are in talks with the group now about looking further at the system, including local officials in at least one Maryland county, he said. For use in national elections, the system would have to be heavily analyzed and eventually certified as an election system, Dechert said. That process is part of the group’s future goals, he said.

Here in San Francisco, for the system in display on the show floor, mock voters entered a booth and stood in front of a computer screen that lay flat in front of them on a table. The voters then used a traditional computer mouse to make their selections on the one-screen ballot and then advanced the ballot selections with on-screen arrows. Voters could also choose to go back to check or change their selections. After completing the ballots, participants were asked to confirm their candidate or referendum-question selections several times, then were able to print their ballots on a printer also in the voting cubicle. Each voter then put the printed paper ballot in a manila folder and walked it over to a nearby election official, who electronically tallied and scanned it in front of the voter.

More than 300 people tried out the system yesterday. Project organizers set up a ballot with the three major party candidates in this year’s presidential election, as well as several referendum questions about e-voting and other topical public issues. Dick Turnquist, an IT manager at the Association of California Water Agencies in Sacramento, test-voted on the proposed system and said he liked what he experienced. “It certainly was easy enough to use. I probably would prefer it” to existing e-voting systems, Turnquist said. Greg Simonoff, an engineer at the California Department of Transportation, said he liked using the system but would prefer a touch-screen voting mechanism rather than a mouse-based system. Dechert said the mouse-based system is being used in the demonstration phase of the project to cut costs but would be replaced with a touch-screen system in production.

Alan Dechert
email : dechert [at] gmail [dot] com



Why machines are bad at counting votes
BY Wendy M Grossman / 30 April 2009

It’s commonly said that insanity is doing the same thing over and over again while expecting different results. Yet this is what we keep doing with electronic voting machines – find flaws and try again. It should therefore have been no surprise when, at the end of March, California’s secretary of state’s office of voting system technology assessment decertified older voting systems from Diebold’s Premier Election Solutions division. The reason: a security flaw that erased 197 votes in the Humboldt county precinct in last November’s presidential election.

Clearly, 197 votes would not have changed the national result. But the loss, which exceeds the error rate allowed under the Help America Vote Act of 2002, was only spotted because a local citizen group, the Humboldt County Election Transparency Project ( monitored the vote using a ballot-imaging scanner to create an independent record. How many votes were lost elsewhere? Humboldt county used Diebold’s GEMS operating system version 1.18.19 to tally postal ballots scanned in batches, or “decks”. The omission of votes was a result of a flaw in the system, where, given particular circumstances, it deletes the first deck, named “Deck Zero”, without noting it in the system’s audit logs.

Voting slips
Diebold recommended decertification of its older version, which should force precincts to upgrade and eliminate the flaw. But the secretary of state’s report notes flaws in the audit logs that will be harder to erase: wrongly recorded entry dates and times, and silent deletions of audit logs. “It’s nothing new,” says Rebecca Mercuri, a security consultant who studied voting systems for her 1999 doctoral dissertation. “These are all security flaws that are well known in the industry. Why are they acting as if this is the first time they’ve heard this?” The audit log problems were documented in Bev Harris’s 2004 book, Black Box Voting. Mercuri explains that election software belongs to the class of problems known as “NP-complete”, that is, problems computers cannot solve in a known amount of time. How much time have you got to test that a given voting system will function perfectly under all possible circumstances? “What are people going to do about it?” she asks. “Say we fixed it when it’s theoretically not possible to fix these things at any real level?”

So, it’s not fair just to pick on Diebold. Last month, election officials in Clay county, Kentucky, were charged with conspiring to alter ballots cast on ES&S iVotronic election machines in recent elections. The key: interface design. In most cases, voters cast ballots by pressing a big red button labelled “VOTE”. But some versions of the system require touching a “confirm vote” box on the screen to complete the ballot. It is alleged officials hid this fact from voters and would then “correct” and confirm the ballot after the voter had left. The officials have pleaded not guilty. Matt Blaze, a security researcher at the University of Pennsylvania, writes in his blog that if this were a strategy, “it’s a pretty elegant attack, exploiting little more than a poorly designed, ambiguous user interface, printed instructions that conflict with actual machine behaviour, and public unfamiliarity with equipment that most citizens use at most once or twice each year. And once done, it leaves behind little forensic evidence to expose the deed.”

But Diebold’s current problems aren’t limited to voting machines. More startling was the discovery of malware designed to attack its ATMs. Graham Cluley, a senior technology consultant for the security company Sophos, says the company found a sample in its archives. “If [the malware] were planted on the version of Windows on those Diebold machines,” Cluley says, “you could actually steal information from the cards being used on the device, and hackers with a specially crafted card would get a receipt with people’s information.” Diebold sent out a customer warning in January and provided a software update. As in the Kentucky voting machine case, the attack on Diebold’s ATMs requires inside access. “We’re seeing more and more organised criminal gangs because of the money they can make,” says Cluley, pointing out how difficult it would be to spot a legitimate maintenance engineer who’s been bought off installing an extra patch off a USB stick in a back pocket.

Black box recorder
For consumers, the problem is that both ATMs and voting machines are black-box technologies. You can count your cash and keep the receipt; but if someone else withdrew the money you can’t prove it wasn’t you. “It’s the same with voting,” Mercuri says. “You have no way to prove or disprove how you voted.” At least with voting, citizen groups are motivated to push for greater transparency. Jason Kitcat, Green councillor for Brighton and Hove, organised volunteers to observe e-voting trials in the 2007 local government elections in England and Scotland on behalf of the Open Rights Group. “We saw the same audit log issues,” he says. “We know from a computer science point of view that making an audit log that can’t be changed is impossible. But it seems as if there’s a huge disconnect between people who are computer-science literate, and the people delivering the policy.”

Besides, politicians like making uncontroversial decisions. Who could fault them for trusting a company that makes ATMs worldwide? Again, it comes back to humans. “The folks who buy ATMs [bank managers] and voting machines [election officials] don’t really want to pay for a facility that will make it easier for people to challenge them,” says Ross Anderson, a professor of security engineering at Cambridge University. “In the long run, of course, this ends up costing them more: fraud can lead to challenges that are systemic rather than local. Nevertheless, the purchasers may be rational. Most of the bank managers who bought crap ATM systems in the 80s are retired now – they got away with it. With voting machines, some vendors have been discredited in some countries, but lots of money has still been made.” That is, from us – the taxpayer and the bank customer.







Mike Connell: Bush IT Guru–KHOo8tkM

“ATTENTION: Employees of GovTech Solutions, New Media Communications,
and Technomania: If YOU know anything about Vote Tampering — the time
to speak up is Now!”

bonus link:
overly polite lady attempts citizen’s arrest of karl rove (fails)

Early Voting Sees Reports of Voter Intimidation, Machine “Malfunctions”

Early voting has begun, and problems are already emerging at the
polls. In West Virginia, voters using touchscreen machines have
claimed their votes were switched from Democrat to Republican. In
North Carolina, a group of McCain supporters heckled a group of mostly
black supporters of Barack Obama. In Ohio, Republicans are being
accused of trying to scare newly registered voters by filing lawsuits
that question their eligibility. We speak to NYU professor Mark
Crispin Miller, author of Loser Take All: Election Fraud and the
Subversion of Democracy.

Mark Crispin Miller, professor of media culture and communication at
New York University. He is the author of several books, most recently
Loser Take All: Election Fraud and the Subversion of Democracy,
2000-2008. His previous book is called Fooled Again: How the Right
Stole the 2004 Election and Why They’ll Steal the Next One Too.

AMY GOODMAN: Just days after reports that six early voters in at least
two West Virginia counties claimed their votes were switched from
Democrat to Republican, a couple in Nashville, Tennessee reported
similar problems with paperless voting machines. In West Virginia, one
voter said, ‘I hit Obama, and it switched to McCain. I am really
concerned about that. If McCain wins, there was something wrong with
the machines.” In Tennessee, a filmmaker couple also had difficulties
casting their vote for the Democratic candidate, the Brad Blog
reports. They had to hit the Obama button several times before it
actually registered, and in one case it momentarily flipped from Obama
to Green Party candidate Cynthia McKinney. Patricia Earnhardt said,
“The McKinney button was located five rows below the Obama button.”
The couple in Nashville were using machines made by the same company
as those in the counties in West Virginia—by Election Systems and
Software. Meanwhile, there are reports of longlines at early voting
sites in several other states, including somecounties in Texas,
Florida, Nevada and New Mexico.

Mark Crispin Miller is a media critic who’s been focused on voter
problems and election fraud in this country. He’s a professor at New
York University, author of several books. Most recently he edited
Loser Take All: Election Fraud and the Subversion of Democracy,
2000-2008. His previous book, Fooled Again: How the Right Stole the
2004 Election and Why They’ll Steal the Next One Too.

Mark Crispin Miller now joins us in the firehouse studio. Welcome to
Democracy Now!

MARK CRISPIN MILLER: Great to be here.

AMY GOODMAN: What are your concerns right now, Mark?

MARK CRISPIN MILLER: Well, you’ve referred to a couple of them
already. We now see a burst of vote flipping by machines,electronic
voting machines in a couple of states. This is something that we saw
in at least eleven states in the 2004 election, hundreds and hundreds
of people coming forward to say, “I pushed the button for Kerry, and
the button for Bush lit up.” So, clearly, this was a systematic
programming decision by the people in charge of the machines, which in
that case and this one is the Republican Party.We’re also seeing
systematic shortages of working voting machines in Democratic
precincts only. This is also something that did not happen only in
Ohio in 2004, but happened nationwide. That election was, in fact,

AMY GOODMAN: How do you know that?

MARK CRISPIN MILLER: Well, I know because there’s been an audit of the
vote in eighteen counties of Ohio by a researcher named Richard Hayes
Phillips, who had his team literally scrutinize every single ballot
that was warehoused in eighteen Ohio counties. They took over 30,000
digital photographs. This is not speculation, Amy. This is a
meticulous, careful, specific and conclusive demonstration that John
Kerry actually won some 200,000 votes in those eighteen counties only
that were taken away from him. Bush’s official victory margin, you may
recall, was about 118,000. So there is no question about it. Ohio was

AMY GOODMAN: When they—OK, so they have the pictures of all these—

MARK CRISPIN MILLER: Pictures, there’s a CD with this book that you can

AMY GOODMAN: But they have the pictures of the ballots.

MARK CRISPIN MILLER: Of the variously altered, mutilated ballots, yes.
Ballots with stickers placed over the square that people had blacked
in for Kerry/Edwards; somebody else blacks in Bush/Cheney.Thousands
and thousands of ballots that were pre-marked before they were
distributed, so that people would mark different boxes on them, and
then they would be invalidated.

Even more chilling is the fact that after Phillips did his research,
the boards of elections in fifty-five Ohio counties destroyed all or
some of their ballots in defiance of a court order. So we have
criminal behavior here of a kind of grand and systematic kind. But the
point is—not to engage in what Sarah Palin calls finger-pointing
backwards, the point here is to note that we’re dealing with a
consistent pattern of subversive behavior by the Republican Party
since2000 and extending all the way up to the present. What we’re
seeing now is an especially brazen and diverse range of dirty tricks
and tactics that are being used both to suppress the vote and also to
enable election fraud.

AMY GOODMAN: Ohio has been very much in the news this past week, not
around the issue of voter suppression, but around the issue of
fraudulent registration forms, the concern about them being handed in
by the organization ACORN.

MARK CRISPIN MILLER: Yeah, the whole ACORN thing is a first-class
propaganda drive. ACORN has done nothing wrong. ACORN has,however,
been guilty of trying to register low-income citizens to vote.Because
they’ve been in the sights of the Republican Party for several years
now, they’ve always been extremely scrupulous about checking the
registration forms that they garner from their volunteers.

You know, they pay people, basically, to register other voters. So,
naturally, from time to time, some volunteer who wants the money will
fill out a registration form, you know, with Mickey Mouse or the names
of the Dallas Cowboys, something like that. Precisely because that is
an ever-present possibility, the people at ACORN have always
scrupulously checked the forms before submitting them.

And ten days ago, what they did was, in Las Vegas, their office in Las
Vegas, they found a number of these suspicious forms, handed them over
directly to the Secretary of State in Nevada, and his response was to
turn around and say, “Aha! Here is evidence that you’re conspiring to
commit voter fraud.” Now, that effort, that drive went from Nevada to
Missouri to Ohio, and now we hear that the FBI is investigating ACORN.

The important point here, Amy, is that voter fraud is practically
nonexistent. Several studies have taken a close look at this and found
that there really is no voter fraud of this kind.

AMY GOODMAN: Robert Greenwald of Brave New Films has put out a new
short film about ACORN and the attacks against them. Let me play an

SEN. JOHN McCAIN: We need to know the full extent of Senator
Obama’s relationship with ACORN, who is now on the verge of maybe
perpetrating one of the greatest frauds in voter history in this
country, maybe destroying the fabric of democracy.

GOV. SARAH PALIN: John and I are calling on the Obama campaign
to release communications it has had with this group and to do so

CARMEN ARIAS: These attacks on ACORN are part of a pattern of
voter suppression that the GOP has been carrying on for a long time.

PAUL WEYRICH: They want everybody to vote. I don’t want
everybody to vote. Elections are not won by a majority of people. They
never have been, from the beginning of our country, and they are not
now. As a matter of fact, our leverage in the elections, quite
candidly, goes up as the voting populace goes down.

ANDREW SULLIVAN: The McCain campaign has now two camps.And one
of them is already assuming that he’s lost, and he’s aiming for the
post-election warfare in the Republican Party, and part of that isthe
ACORN strategy, which is trying to delegitimize the result in advance,
if Obama were to win, by saying it was rigged by minority voters.
That’s what this is about.

SEN. JOHN McCAIN: Someone here keeps yelling “ACORN, ACORN.”
Now, let me just say to you, there are serious allegations of voter
fraud in the battleground states across America. They must be

NATHAN HENDERSON-JAMES: Let’s look at North Carolina. We turned
in 28,000 applications in North Carolina, and there are investigations
into four of them right now. Over 95 percent of the cards we turned in
were error-free. So we’re talking about an extremely small percentage
of the overall 1.3 million cards collected. To suggest that this is
some kind of widespread criminal conspiracy is just absurd.

radical—extremist community group.

CARMEN ARIAS: This is hardly the first time that these Rove-
style tactics have been used to suppress low-income minorities.

NATHAN HENDERSON-JAMES: They did it in 2000.

GREG PALAST: Voters were being removed from the registries by
the Secretary of State, Katherine Harris.

NATHAN HENDERSON-JAMES: They did it in 2004.

UNIDENTIFIED: Evidence has emerged that in the last presidential
election the Republican Party organized efforts to suppress the votes
of active-duty military, low-income and minority voters by challenging
their registrations. The Republicans put in motion a plan to hold down
the Democratic vote in key battleground states. Many are convinced
that Republican officials broke the law.

NATHAN HENDERSON-JAMES: And they’re doing it again right now.

CARMEN ARIAS: Suppressing the low-income minority voters can
swing an entire election. A handful of improperly filled-out voter
registration cards cannot.

AMY GOODMAN: That, an excerpt of a piece by Robert Greenwald and Brave
New Films. Professor Mark Crispin Miller?

MARK CRISPIN MILLER: Yeah, well, I think he hit the nail right on the
head. The important point to get here is that the party that is itself
engaging in disenfranchisement on a massive scale, the deliberate,
systematic disenfranchisement of arguably millions of Americans, is
clouding the issue by accusing—essentially accusing its victims of
doing the same thing. OK?

Voter fraud—I want to repeat this—is virtually nonexistent.There have
been several academic studies of this notion of whether individuals
actually stuffed ballot boxes or show up at polling places pretending
to be somebody else. There’s actually not a single known case of any
such type of voter fraud being prosecuted by the Department of
Justice. And yet, that notion of voter fraud is used as the pretext
for taking steps that do demonstrably result in tens of thousands of
people being unable to vote, you see? It’s a really masterful
strategy.And I only wish that the Democratic Party had all this time
been aggressive in pointing out that the Republicans are the party
engaged in disenfranchisement.

AMY GOODMAN: Mark Crispin Miller, we have to break. When we come back,
I want to ask you about a man named Stephen Spoonamore—


AMY GOODMAN: —a prominent expert, supposedly, on computer fraud, and
what he has to say. Stay with us.


AMY GOODMAN: Mark Crispin Miller, professor of media, culture and
communication at New York University is our guest. His most recent
book, Loser Take All. Who is Stephen Spoonamore?

MARK CRISPIN MILLER: Stephen Spoonamore is a conservative Republican,
a former McCain supporter and, most importantly, a renowned and highly
successful expert at the detection of computer fraud. That’s his
profession. He works for major banks. He works for foreign
governments. He works for the Secret Service. Those are his clients.

He knows personally the principal players in Bush-Cheney’s conspiracy
to subvert our elections through electronic means since 2000, and he
has named these principal players. Specifically, he has named a man
named Mike Connell. Mike Connell, according to Spoonamore, is Karl
Rove’s computer guru. This is the guy who has helped Bush-Cheney fix
election results through computers since Florida 2000, in Ohio in
2004, also in the stolen re-election of Governor Don Siegelman in
Alabama in 2002, also in the stolen re-election of Senator Max Cleland
in Georgia in 2002.


MARK CRISPIN MILLER: Well, basically, they use a kind of architecture
that’s called Man in the Middle, and it involves shunting election
returns data through a separate computer somewhere else. This is
something that computer criminals do all the time with banks.
Spoonamore explains that the Man in the Middle setup is extremely
effective and basically undetectable as a way to change election

Now, the scariest thing is that Connell told Spoonamore that the
reason why he has helped Bush-Cheney still these elections for the
last eight years has been to save the babies. See? We have to
understand that there’s a very powerful component of religious
fanaticism at work in the election fraud conspiracy. We saw a little
bit of that in Greenswald’s film, where Paul Weyrich was talking about
how we don’t want people voting.

AMY GOODMAN: The conservative activist.

MARK CRISPIN MILLER: Well, because the majority is a majority of
unbelievers. They’re pro-choice. They’re corrupt. They’re evil. They
don’t get it. It’s therefore necessary to fix election results in
order to prevent the unjust and the unrighteous from taking over.

AMY GOODMAN: Professor Mark Crispin Miller, you keep saying the
election was clearly stolen in 2004. This is not a widelyheld belief.
Why do you think more information is not known about this?

MARK CRISPIN MILLER: Because the press and the Democratic Party have
steadfastly refused simply to mention, much less discuss, the

AMY GOODMAN: You talked to John Kerry.

MARK CRISPIN MILLER: I talked to John Kerry. In fact, the last time I
was with you, I was here to talk about that conversation with him. On
October 28th, 2005, we met. I gave him a copy of my book Fooled Again,
and we discussed the last election, and he told me, with some
vehemence, that he believed it was stolen.

AMY GOODMAN: In Ohio in 2004—and Ohio, key battleground state right now


AMY GOODMAN: And we remember at Kenyon, for example, those long, long
lines in 2004, people waiting for hours.


AMY GOODMAN: When you talk about the computer setup for 2004, explain

MARK CRISPIN MILLER: Well, what happened was, with the election
results that were coming into Ken Blackwell’s website, right, in real

AMY GOODMAN: The former Secretary of State of Ohio.

MARK CRISPIN MILLER: The former Secretary of State.

AMY GOODMAN: The former chair of the Bush-Cheney campaign there.

MARK CRISPIN MILLER: And co-chair of Bush-Cheney and a big-time
election thief and an ardent theocrat, by the way. The election
returns went basically from his website to another computer that was
in a basement in Chattanooga, Tennessee, under the control of
Spoonamore and a guy with another private company, another
evangelical.The data was shunted through that computer and then back
to the Secretary of State’s website.

Spoonamore says that this Man in the Middle setup has only one
purpose, and that is fraud. There’s no other reason to do it. And he
believes that such a system is still in place in Ohio, it’s in place
in a number of other states. And the crucial fact to bear in mind
here,since we’re talking about John McCain attacking ACORN and so on,
is that Mike Connell is now working for John McCain.

Now, on the strength of Spoonamore’s testimony, right, it’s driving a
RICO lawsuit in Ohio. On the strength of his testimony, Connell has
been subpoenaed. He was subpoenaed last week for a deposition, so that
he can answer questions on the record, under oath, about what he’s
been up to. He and a bevy of Republican lawyers have been very, very
vigorously fighting this subpoena, because, of course, they don’t want
him to testify ’til after Election Day.

AMY GOODMAN: Professor Mark Crispin Miller, the Bradley Effect that is
being discussed, explain what it is and how you feel it’s being used.

MARK CRISPIN MILLER: The Bradley Effect is a theory which holds that
African American candidates do better in pre-election polls than they
do in elections, because white racists are shy about admitting to
pollsters that they wouldn’t vote for a black man. So they will tell
pollsters, “Sure, I’ll vote for him.” Then they sneak into the polling
booth and listen to the inner Klansman, you know, they vote as

Now, the problem with this theory is that there are almost no examples
of its having happened. It’s named for Tom Bradley, the mayor of Los
Angeles, who ran for the governor of California and did much better in
polls beforehand than he did on Election Day. Well, it turns out, if
you study that race, that the reason why he lost was that a lot of bad
news about his tenure in Los Angeles came out just before the
election. That’s the reason why people often lose elections. There are
only two races that we know of where the Bradley Effect may arguably
have obtained, both in 1989: Doug Wilder’s run for the governor of
Virginia and David Dinkins’s first run for the mayor of New York,
where Dinkins didn’t do as well as we thought he would. Well, in his
second run, the polls were dead on.

The point is, we’re talking about two races that may form the basis
for this idea that Barack Obama, with his enormous lead, may lose
because of millions and millions of closet racists, you know, who will
say one thing to pollsters, out of a fear of not seeming politically
correct, and then vote a different way. I’ll tell you why I worry
about this. Something that you very, very badly need to steal
elections, aside from the apparatus and the volunteers and all the
money and everything, is a narrative. You have to have a convincing
rationale toexplain an upset victory. Four years ago, the rationale
was millions of values voters materialized on the horizon at the end
of the day, and like Jesus with loaves and fishes, they suddenly
multiplied and voted for Bush, and then they disappeared. Well,
there’s no evidence that that actually happened. But it served as a
narrative. This time, I’m afraid the primary narrative will be racism:
Barack Obama actually lost, despite all predictions, because so many
Americans are racist.

I think that this is, first of all, unverifiable. We don’t know that
it’s true, whereas we do know all the stuff about vote suppression and
election fraud. But I’m afraid that people will be encouraged to
accept this line to prevent them from taking a hard look at the real
reasons why Obama may have “lost”—and I put “lost” in quotation marks.

AMY GOODMAN: Mark Crispin Miller, I want to thank you for being with
us. Mark Crispin Miller is a professor at New York University and
author of, well, the latest book he edited, this came out just this
summer, Loser Take All: Election Fraud and the Subversion of
Democracy, 2000-2008.

DIEBOLD, SAIC REPORT, ETC,_says_gop_computer_security_expert/

‘Here, in this shattering new interview, Stephen Spoonamore goes into
harrowing detail about the Bush regime’s election fraud, past, present
and–if we don’t spread the word right now–to come. Since he’s the
only whistle-blower out there who knows the perps themselves, and how
they operate, we have to send this new piece far and wide.

Here Spoon tells us that McBush’s team–i.e.,Karl Rove and his
henchpersons–have their plan in place to steal this next election: by
51.2% of the popular vote, and three electoral votes. He also talks
about the major role played by the Christianist far right in the
electronic rigging of the vote.

And he defines our electronic voting system as a major threat to US
national security, calling for it to be junked ASAP, in favor of hand-
counted paper ballots.

Since Spoon is a Republican and erstwhile McCain supporter, as well as
a noted specialist in nosing out computer fraud, his testimony is
essential–not only for its expertise, but, no less, for the impact
that his views will surely have on those Republicans who have been
loath to see what Bush Co. has done to our election system.
That whole story’s just about to break . . . starting with today’s
news on a breakthrough in the lawsuit that Spoon’s testimony has
enabled, and on other aspects of that all-important case.’  –MCM


Full-length video

Spoonamore video in 10 YouTube episodes

It’s a network, people

Electronic voting machines are a national security threat

The genie is out of the bottle. . .

Fifty ways to steal an election

Mike Connell: Bush IT Guru–KHOo8tkM

The Rapp Family: Ohio election cover-up

Evangelicals and voting machines

Paper ballots please

McCain/Palin will win by theft

People should doubt the vote, it’s being stolen

and forward this to your friends who understand computers


e/ info [at] connelldonatelli [dot] com
p/ 703.647.5862
‘Netcraft is showing that an event happened in the Ohio 2004 election
that is difficult to explain. The Secretary of State’s website,which
handles election reporting, normally is directed to an Ohio-based IP
address hosted by the Ohio Supercomputer Center. On Nov. 3 2004,
Netcraft shows the website pointing out of state to a server owned by
Smartech Corp. According to the American Registry on Internet Numbers,
Smartech’s block of IP addresses –
encompasses the entire range of addresses owned by the Republican
National Committee. Smartech hosted the recently notorious
domain used from the White House in apparent violation of the
Presidential Records Act, from which thousands of White House emails
‘On two occasions in recent elections, a third-party source
recordedthat the Ohio election results website
‘’ wasoperating at an IP address which falls
within the range assigned toservice hosted by Chattanooga, TN-based
SMARTtech Corp. The IP addressassigned to ‘’,, lies between IPaddresses assigned to and which are managed bythe RNC and affiliates.’

Akron Headquarters
302 N. Cleveland-Massillon Rd.
Akron, OH 44333
v/ 330.665.3483
f/ 330.665.3486
info [at] govtechsolutions [dot] com


Election Systems & Software, Inc. (ES&S)
11208 John Galt Blvd.
Omaha, NE 68137 USA
Toll Free: 1-800-247-8683
Phone: 402-593-0101
Fax: 402-593-8107
email : info [at] essvote [dot] com


801 Broad Street
Suite 220
Chattanooga, TN 37402
Phone (423) 664-7678
email : support [at] airnetgroup [dot] com

‘… Jeff Averbeck, CEO of Smartech, which is running theRepublican
websites, says, ‘Politics today is getting people to get upand do
something.’ More than 1 million volunteers and 6 million e-mailand
letter-writing activists have signed up for the Republicans thisyear
over the Web.’

Coptix Inc.

Coptix Inc. (web), another Chattanooga-based company, ‘provides backup
DNS hosting for Smartech/Airnet.’ [1]
50 E. Main Street
Postal Box 2026
Chattanooga, Tennessee 37408
Telephone: 423.822.6850
Facsimile: 423.825.2001
email: info [at] coptix [dot] com

From the archive, originally posted by: [ spectre ]


Can You Count On These Machines?
By CLIVE THOMPSON  /  January 6, 2008

Jane Platten gestured, bleary-eyed, into the secure room filled with
voting machines. It was 3 a.m. on Nov. 7, and she had been working for
22 hours straight. “I guess we’ve seen how technology can affect an
election,” she said. The electronic voting machines in Cleveland were
causing trouble again.

For a while, it had looked as if things would go smoothly for the
Board of Elections office in Cuyahoga County, Ohio. About 200,000
voters had trooped out on the first Tuesday in November for the
lightly attended local elections, tapping their choices onto the
county’s 5,729 touch-screen voting machines. The elections staff had
collected electronic copies of the votes on memory cards and taken
them to the main office, where dozens of workers inside a secure,
glass-encased room fed them into the “GEMS server,” a gleaming silver
Dell desktop computer that tallies the votes.

Then at 10 p.m., the server suddenly froze up and stopped counting
votes. Cuyahoga County technicians clustered around the computer,
debating what to do. A young, business-suited employee from Diebold —
the company that makes the voting machines used in Cuyahoga — peered
into the screen and pecked at the keyboard. No one could figure out
what was wrong. So, like anyone faced with a misbehaving computer,
they simply turned it off and on again. Voilà: It started working —
until an hour later, when it crashed a second time. Again, they
rebooted. By the wee hours, the server mystery still hadn’t been

Worse was yet to come. When the votes were finally tallied the next
day, 10 races were so close that they needed to be recounted. But when
Platten went to retrieve paper copies of each vote — generated by the
Diebold machines as they worked — she discovered that so many printers
had jammed that 20 percent of the machines involved in the recounted
races lacked paper copies of some of the votes. They weren’t lost,
technically speaking; Platten could hit “print” and a machine would
generate a replacement copy. But she had no way of proving that these
replacements were, indeed, what the voters had voted. She could only
hope the machines had worked correctly.

As the primaries start in New Hampshire this week and roll on through
the next few months, the erratic behavior of voting technology will
once again find itself under a microscope. In the last three election
cycles, touch-screen machines have become one of the most mysterious
and divisive elements in modern electoral politics. Introduced after
the 2000 hanging-chad debacle, the machines were originally intended
to add clarity to election results. But in hundreds of instances, the
result has been precisely the opposite: they fail unpredictably, and
in extremely strange ways; voters report that their choices “flip”
from one candidate to another before their eyes; machines crash or
begin to count backward; votes simply vanish. (In the 80-person town
of Waldenburg, Ark., touch-screen machines tallied zero votes for one
mayoral candidate in 2006 — even though he’s pretty sure he voted for
himself.) Most famously, in the November 2006 Congressional election
in Sarasota, Fla., touch-screen machines recorded an 18,000-person
“undervote” for a race decided by fewer than 400 votes.

The earliest critiques of digital voting booths came from the fringe —
disgruntled citizens and scared-senseless computer geeks — but the
fears have now risen to the highest levels of government. One by one,
states are renouncing the use of touch-screen voting machines.
California and Florida decided to get rid of their electronic voting
machines last spring, and last month, Colorado decertified about half
of its touch-screen devices. Also last month, Jennifer Brunner, the
Ohio secretary of state, released a report in the wake of the Cuyahoga
crashes arguing that touch-screens “may jeopardize the integrity of
the voting process.” She was so worried she is now forcing Cuyahoga to
scrap its touch-screen machines and go back to paper-based voting —
before the Ohio primary, scheduled for March 4. Senator Bill Nelson, a
Democrat of Florida, and Senator Sheldon Whitehouse, Democrat of Rhode
Island, have even sponsored a bill that would ban the use of touch-
screen machines across the country by 2012.

It’s difficult to say how often votes have genuinely gone astray.
Michael Shamos, a computer scientist at Carnegie Mellon University who
has examined voting-machine systems for more than 25 years, estimates
that about 10 percent of the touch-screen machines “fail” in each
election. “In general, those failures result in the loss of zero or
one vote,” he told me. “But they’re very disturbing to the public.”

Indeed, in a more sanguine political environment, this level of error
might be considered acceptable. But in today’s highly partisan and
divided country, elections can be decided by unusually slim margins —
and are often bitterly contested. The mistrust of touch-screen
machines is thus equal parts technological and ideological. “A tiny
number of votes can have a huge impact, so machines are part of the
era of sweaty palms,” says Doug Chapin, the director of, a nonpartisan group that monitors voting reform.
Critics have spent years fretting over corruption and the specter of
partisan hackers throwing an election. But the real problem may simply
be inherent in the nature of computers: they can be precise but also
capricious, prone to malfunctions we simply can’t anticipate.

During this year’s presidential primaries, roughly one-third of all
votes will be cast on touch-screen machines. (New Hampshire voters are
not in this group; they will vote on paper ballots, some of which are
counted in optical scanners.) The same ratio is expected to hold when
Americans choose their president in the fall. It is a very large chunk
of the electorate. So what scares election observers is this: What
happens if the next presidential election is extremely close and
decided by a handful of votes cast on machines that crashed? Will
voters accept a presidency decided by ballots that weren’t backed up
on paper and existed only on a computer drive? And what if they don’t?

“The issue for me is the unknown,” Platten told me when we first spoke
on the phone, back in October. “There’s always the unknown factor.
Something — something — happens every election.”

NEW VOTING TECHNOLOGIES tend to emerge out of crises of confidence. We
change systems only rarely and in response to a public anxiety that
electoral results can no longer be trusted. America voted on paper in
the 19th century, until ballot-box stuffing — and inept poll workers
who lost bags of votes — led many to abandon that system. Some
elections officials next adopted lever machines, which record each
vote mechanically. But lever machines have problems of their own, not
least that they make meaningful recounts impossible because they do
not preserve each individual vote. Beginning in the 1960s they were
widely replaced by punch-card systems, in which voters knock holes in
ballots, and the ballots can be stored for a recount. Punch cards
worked for decades without controversy.

Until, of course, the electoral fiasco of 2000. During the Florida
recount in the Bush-Gore election, it became clear that punch cards
had a potentially tragic flaw: “hanging chads.” Thousands of voters
failed to punch a hole clean through the ballot, turning the recount
into a torturous argument over “voter intent.” On top of that, many
voters confused by the infamous “butterfly ballot” seem to have
mistakenly picked the wrong candidate. Given Bush’s microscopic margin
of victory — he was ahead by only a few hundred votes statewide — the
chads produced the brutal, monthlong legal brawl over how and whether
the recounts should be conducted.

The 2000 election illustrated the cardinal rule of voting systems: if
they produce ambiguous results, they are doomed to suspicion. The
election is never settled in the mind of the public. To this date,
many Gore supporters refuse to accept the legitimacy of George W.
Bush’s presidency; and by ultimately deciding the 2000 presidential
election, the Supreme Court was pilloried for appearing overly

Many worried that another similar trauma would do irreparable harm to
the electoral system. So in 2002, Congress passed the Help America
Vote Act (HAVA), which gave incentives to replace punch-card machines
and lever machines and authorized $3.9 billion for states to buy new
technology, among other things. At the time, the four main vendors of
voting machines — Diebold, ES&S, Sequoia and Hart — were aggressively
marketing their new touch-screen machines. Computers seemed like the
perfect answer to the hanging chad. Touch-screen machines would be
clear and legible, unlike the nightmarishly unreadable “butterfly
ballot.” The results could be tabulated very quickly after the polls
closed. And best of all, the vote totals would be conclusive, since
the votes would be stored in crisp digital memory. (Touch-screen
machines were also promoted as a way to allow the blind or paralyzed
to vote, via audio prompts and puff tubes. This became a powerful
incentive, because, at the behest of groups representing the disabled,
HAVA required each poll station to have at least one “accessible”

HAVA offered no assistance or guidelines as to what type of machine to
buy, and local elections officials did not have many resources to
investigate the choices; indeed, theirs are some of most neglected and
understaffed offices around, because who pays attention to electoral
technology between campaigns? As touch-screen vendors lobbied
elections boards, the machines took on an air of inevitability. For
elections directors terrified of presiding over “the next Florida,”
the cool digital precision of touch-screens seemed like the perfect

IN THE LOBBY OF JANE PLATTEN’S OFFICE in Cleveland sits an AccuVote-
TSX, made by Diebold. It is the machine that Cuyahoga County votes on,
and it works like this: Inside each machine there is a computer
roughly as powerful and flexible as a modern hand-held organizer. It
runs Windows CE as its operating system, and Diebold has installed its
own specialized voting software to run on top of Windows. When the
voters tap the screen to indicate their choices, the computer records
each choice on a flash-memory card that fits in a slot on the machine,
much as a flash card stores pictures on your digital camera. At the
end of the election night, these cards are taken to the county’s
election headquarters and tallied by the GEMS server. In case a memory
card is accidentally lost or destroyed, the computer also stores each
vote on a different chip inside the machine; election officials can
open the voting machine and remove the chip in an emergency.

But there is also a third place the vote is recorded. Next to each
machine’s LCD screen, there is a printer much like one on a cash
register. Each time a voter picks a candidate on screen, the printer
types up the selections, in small, eight-point letters. Before the
voter pushes “vote,” she’s supposed to peer down at the ribbon of
paper — which sits beneath a layer of see-through plastic, to prevent
tampering — and verify that the machine has, in fact, correctly
recorded her choices. (She can’t take the paper vote with her as
proof; the spool of paper remains locked inside the machine until the
end of the day.)

Under Ohio law, the paper copy is the voter’s vote. The digital
version is not. That’s because the voter can see the paper vote and
verify that it’s correct, which she cannot do with the digital one.
The digital records are, in essence, merely handy additional copies
that allow the county to rapidly tally potentially a million votes in
a single evening, whereas counting the paper ballots would take weeks.
Theoretically speaking, the machine offers the best of all possible
worlds. By using both paper and digital copies, the AccuVote promised
Cuyahoga an election that would be speedy, reliable and relatively

Little of this held true. When the machines were first used in
Cuyahoga Country during the May 2006 primaries, costs ballooned — and
chaos reigned. The poll workers, many senior citizens who had spent
decades setting up low-tech punch-card systems, were baffled by the
new computerized system and the rather poorly written manuals from
Diebold and the county. “It was insane,” one former poll worker told
me. “A lot of people over the age of 60, trying to figure out these
machines.” Since the votes were ferried to the head office on small,
pocket-size memory cards, it was easy for them to be misplaced, and
dozens went missing.

On Election Day, poll workers complained that 143 machines were
broken; dozens of other machines had printer jams or mysteriously
powered down. More than 200 voter-card encoders — which create the
cards that let voters vote — went missing. When the machines weren’t
malfunctioning, they produced errors at a stunning rate: one audit of
the election discovered that in 72.5 percent of the audited machines,
the paper trail did not match the digital tally on the memory cards.

This was hardly the first such incident involving touch-screen
machines. So it came as little surprise that Diebold, a company once
known primarily for making safes and A.T.M.’s, subsequently tried to
sell off its voting-machine business and, failing to find a buyer,
last August changed the name of the division to Premier Election
Solutions (an analyst told American Banker that the voting machines
were responsible for “5 percent of revenue and 100 percent of bad
public relations”).

Nearly a year after the May 2006 electoral disaster, Ohio’s new
secretary of state, Jennifer Brunner, asked the entire four-person
Cuyahoga elections board to resign, and Platten — then the interim
director of the board — was tapped to clean up the mess. Platten had
already instituted a blizzard of tiny fixes. She added
responsibilities to the position of “Election Day technician” — filled
by young, computer-savvy volunteers who could help the white-haired
poll workers reboot touch-screens when they crashed. She bought
plastic business-card binders to hold memory cards from a precinct, so
none would be misplaced. “Robocalls” at home from a phone-calling
service reminded volunteers to show up. Her staff rewrote the
inscrutable Diebold manuals in plain English.

The results were immediate. Over the next several months, Cuyahoga’s
elections ran with many fewer crashes and shorter lines of voters.
Platten’s candor and hard work won her fans among even the most
fanatical anti-touch-screen activists. “It’s a miracle,” I was told by
Adele Eisner, a Cuyahoga County resident who has been a vocal critic
of touch-screen machines. “Jane Platten actually understands that
elections are for the people.” The previous board, Eisner went on to
say, ridiculed critics who claimed the machines would be trouble and
refused to meet with them; the new replacements, in contrast,
sometimes seemed as skeptical about the voting machines as the
activists, and Eisner was invited in to wander about on election
night, videotaping the activity.

Still, the events of Election Day 2007 showed just how ingrained the
problems with the touch-screens were. The printed paper trails caused
serious headaches all day long: at one polling place, printers on most
of the machines weren’t functioning the night before the polls opened.
Fortunately, one of the Election Day technicians was James Diener, a
gray-haired former computer-and-mechanical engineer who opened up the
printers, discovered that metal parts were bent out of shape and
managed to repair them. The problem, he declared cheerfully, was that
the printers were simply “cheap quality” (a complaint I heard from
many election critics). “I’m an old computer nerd,” Diener said. “I
can do anything with computers. Nothing’s wrong with computers. But
this is the worst way to run an election.”

He also pointed out several other problems with the machines,
including the fact that the majority of voters he observed did not
check the paper trail to see whether their votes were recorded
correctly — even though that paper record is their legal ballot. (I
noticed this myself, and many other poll workers told me the same
thing.) Possibly they’re simply lazy, or the poll workers forget to
tell them to; or perhaps they’re older and couldn’t see the printer’s
tiny type anyway. And even if voters do check the paper trail, Diener
pointed out, how do they know the machine is recording it for sure?
“The whole printing thing is a farce,” he said.

What’s more, the poll workers regularly made security errors. When a
touch-screen machine is turned on for the first time on Election Day,
two observers from different parties are supposed to print and view
the “zero tape” that shows there are no votes already recorded on the
machine; a hacker could fix the vote by programming the machine to
start, for example, with a negative total of votes for a candidate.
Yet when I visited one Cleveland polling station at daybreak, the two
checkers signed zero tapes without actually checking the zero totals.
And then, of course, there were the server crashes, and the recording
errors on 20 percent of the paper recount ballots.

Chris Riggall, a spokesman for Diebold, said that machine flaws were
not necessarily to blame for the problems. The paper rolls were
probably installed incorrectly by the poll workers. And in any case,
he added, the paper trail was originally designed merely to help in
auditing the accuracy of an election — it wasn’t supposed to be robust
enough to serve as a legal ballot, as Ohio chose to designate it. But
the servers were indeed an issue of the machine’s design; when his
firm tested them weeks later, it found a data bottleneck that would
need to be fixed with a software update.

The Nov. 6 vote in Cuyahoga County offered a sobering lesson. Having
watched Platten’s staff and the elections board in action, I could see
they were a model of professionalism. Yet they still couldn’t get
their high-tech system to work as intended. For all their diligence
and hard work, they were forced, in the end, to discard much of their
paper and simply trust that the machines had recorded the votes
accurately in digital memory.

THE QUESTION, OF COURSE, is whether the machines should be trusted to
record votes accurately. Ed Felten doesn’t think so. Felten is a
computer scientist at Princeton University, and he has become famous
for analyzing — and criticizing — touch-screen machines. In fact, the
first serious critics of the machines — beginning 10 years ago — were
computer scientists. One might expect computer scientists to be fans
of computer-based vote-counting devices, but it turns out that the
more you know about computers, the more likely you are to be terrified
that they’re running elections.

This is because computer scientists understand, from hard experience,
that complex software can’t function perfectly all the time. It’s the
nature of the beast. Myriad things can go wrong. The software might
have bugs — errors in the code made by tired or overworked
programmers. Or voters could do something the machines don’t expect,
like touching the screen in two places at once. “Computers crash and
we don’t know why,” Felten told me. “That’s just a routine part of

One famous example is the “sliding finger bug” on the Diebold AccuVote-
TSX, the machine used in Cuyahoga. In 2005, the state of California
complained that the machines were crashing. In tests, Diebold
determined that when voters tapped the final “cast vote” button, the
machine would crash every few hundred ballots. They finally intuited
the problem: their voting software runs on top of Windows CE, and if a
voter accidentally dragged his finger downward while touching “cast
vote” on the screen, Windows CE interpreted this as a “drag and drop”
command. The programmers hadn’t anticipated that Windows CE would do
this, so they hadn’t programmed a way for the machine to cope with it.
The machine just crashed.

Even extremely careful programmers can accidentally create bugs like
this. But critics also worry that touch-screen voting machines aren’t
designed very carefully at all. In the infrequent situations where
computer scientists have gained access to the guts of a voting
machine, they’ve found alarming design flaws. In 2003, Diebold
employees accidentally posted the AccuVote’s source code on the
Internet; scientists who analyzed it found that, among other things, a
hacker could program a voter card to let him cast as many votes as he
liked. Ed Felten’s lab, while analyzing an anonymously donated
AccuVote-TS (a different model from the one used in Cuyahoga County)
in 2006, discovered that the machine did not “authenticate” software:
it will run any code a hacker might surreptitiously install on an
easily insertable flash-memory card. After California’s secretary of
state hired computer scientists to review the state’s machines last
spring, they found that on one vote-tallying server, the default
password was set to the name of the vendor — something laughably easy
for a hacker to guess.

But the truth is that it’s hard for computer scientists to figure out
just how well or poorly the machines are made, because the vendors who
make them keep the details of their manufacture tightly held. Like
most software firms, they regard their “source code” — the computer
programs that run on their machines — as a trade secret. The public is
not allowed to see the code, so computer experts who wish to assess it
for flaws and reliability can’t get access to it. Felten and voter
rights groups argue that this “black box” culture of secrecy is the
biggest single problem with voting machines. Because the machines are
not transparent, their reliability cannot be trusted.

The touch-screen vendors disagree. They point out that a small number
of approved elections officials in each state and county are allowed
to hold a copy in escrow and to examine it (though they are required
to sign nondisclosure agreements preventing them from discussing the
software publicly). Further, vendors argue, the machines are almost
always tested by the government before they’re permitted to be used.
The Election Assistance Commission, a federal agency, this year began
to fully certify four private-sector labs to stress-test machines.
They subject them to environmental pressures like heat and vibration
to ensure they won’t break down on Election Day; and they run mock
elections, to verify that the machines can count correctly. In almost
all cases, if a vendor updates the software or hardware, it must be
tested all over again, which can take months. “It’s an extremely
rigorous process,” says Ken Fields, a spokesman for the voting-machine
company ES&S.

If the machines are tested and officials are able to examine the
source code, you might wonder why machines with so many flaws and bugs
have gotten through. It is, critics insist, because the testing is
nowhere near dilligent enough, and the federal regulators are too
sympathetic and cozy with the vendors. The 2002 federal guidelines,
the latest under which machines currently in use were qualified, were
vague about how much security testing the labs ought to do. The labs
were also not required to test any machine’s underlying operating
system, like Windows, for weaknesses.

Vendors paid for the tests themselves, and the results were considered
proprietary, so the public couldn’t find out how they were conducted.
The nation’s largest tester of voting machines, Ciber Inc., was
temporarily suspended after federal officials found that the company
could not properly document the tests it claimed to have performed.

“The types of malfunctions we’re seeing would be caught in a first-
year computer science course,” says Lillie Coney, an associate
director with the Electronic Privacy Information Commission, which is
releasing a study later this month critical of the federal tests.

In any case, the federal testing is not, strictly speaking, mandatory.
The vast majority of states “certify” their machines as roadworthy.
But since testing is extremely expensive, many states, particularly
smaller ones, simply accept whatever passes through a federal lab. And
while it’s true that state and local elections officials can generally
keep a copy of the source code, critics say they rarely employ
computer programmers sophisticated enough to understand it. Quite the
contrary: When a county buys touch-screen voting machines, its
elections director becomes, as Warren Parish, a voting activist in
Florida, told me, “the head of the largest I.T. department in their
entire government, in charge of hundreds or thousands of new computer
systems, without any training at all.” Many elections directors I
spoke with have been in the job for years or even decades, working
mostly with paper elections or lever machines. Few seemed very

The upshot is a regulatory environment in which, effectively, no one
assumes final responsibility for whether the machines function
reliably. The vendors point to the federal and state governments, the
federal agency points to the states, the states rely on the federal
testing lab and the local officials are frequently hapless.

This has created an environment, critics maintain, in which the people
who make and sell machines are now central to running elections.
Elections officials simply do not know enough about how the machines
work to maintain or fix them. When a machine crashes or behaves
erratically on Election Day, many county elections officials must rely
on the vendors — accepting their assurances that the problem is fixed
and, crucially, that no votes were altered.

In essence, elections now face a similar outsourcing issue to that
seen in the Iraq war, where the government has ceded so many core
military responsibilities to firms like Halliburton and Blackwater
that Washington can no longer fire the contractor. Vendors do not
merely sell machines to elections departments. In many cases, they are
also paid to train poll workers, design ballots and repair broken
machines, for years on end.

“This is a crazy world,” complained Ion Sancho, the elections
supervisor of Leon County in Florida. “The process is so under control
by the vendor. The primary source of information comes only from the
vendor, and the vendor has a conflict of interest in telling you the
truth. The vendor isn’t going to tell me that his buggy software is
why I can’t get the right time on my audit logs.”

As more and more evidence of machine failure emerges, senior
government officials are sounding alarms as did the computer geeks of
years ago over the growing role of private companies in elections.
When I talked to Jennifer Brunner in October, she told me she wished
all of Ohio’s machines were “open source” — that is, run on computer
code that is published publicly, for anyone to see. Only then, she
says, would voters trust it; and the scrutiny of thousands of computer
scientists worldwide would ferret out any flaws and bugs.

On Nov. 6, the night of the Cuyahoga crashes, Jeff Hastings — the
Republican head of the election board — sat and watched the Diebold
technicians try to get the machines running. “Criminy,” he said.
“You’ve got four different vendors. Why should their source codes be
private? You’ve privatized the essential building block of the
election system.”

The federal government appears to have taken that criticism to heart.
New standards for testing voting machines now being implemented by the
E.A.C. are regarded as more rigorous; some results are now being
published online.

Amazingly, the Diebold spokesman, Chris Riggall, admitted to me that
the company is considering making the software open source on its next
generation of touch-screen machines, so that anyone could download,
inspect or repair the code. The pressure from states is growing, he
added, and “if the expectations of our customers change, we’ll have to
respond to that reality.”

IF YOU WANT TO GET a sense of the real stakes in voting-machine
politics, Christine Jennings has a map to show you. It is a sprawling,
wall-size diagram of the voting precincts that make up Florida’s 13th
district, and it hangs on the wall of her campaign office in Sarasota,
where she ran for the Congressional seat in November 2006. Jennings, a
Democrat, lost the seat by 369 votes to the Republican, Vern Buchanan,
in a fierce fight to replace Katherine Harris. But Jennings quickly
learned of an anomaly in the voting: some 18,000 people had
“undervoted.” That is, they had voted in every other race — a few
dozen were on the ballot, including a gubernatorial contest — but
abstained in the Jennings-Buchanan fight. A normal undervote in any
given race is less than 3 percent. In this case, a whopping 13 percent
of voters somehow decided to not vote.

“See, look at this,” Jennings said, dragging me over to the map when I
visited her in November. Her staff had written the size of the
undervote in every precinct in Sarasota, where the undervotes
occurred: 180 votes in one precinct, 338 in another. “I mean, it’s
huge!” she said. “It’s just unbelievable.” She pointed to Precinct
150, a district on the south end of Sarasota County. Buchanan received
346 votes, Jennings received 275 and the undervote was 133. “I mean,
people would walk in and vote for everything except this race?” she
said. “Why?”

Jennings says he believes the reason is simple: Sarasota’s touch-
screen machines malfunctioned — and lost votes that could have tipped
the election in her favor. Her staff has received hundreds of
complaints from voters reporting mysterious behavior on the part of
the machines. The specific model that Sarasota used was the iVotronic,
by the company ES&S. According to the complaints, when voters tried to
touch the screen for Jennings, the iVotronic wouldn’t accept it, or
would highlight Buchanan’s name instead. When they got to the final
pages of the ballot, where they reviewed their picks, the complainants
said, the Jennings-Buchanan race was missing — even though they were
sure they’d voted in it. The reports streamed in not merely from
technophobic senior citizens but also from tech-savvy younger people,
including a woman with a Ph.D. in computer science and a saleswoman
who actually works for a firm that sells touch-screen devices. (Even
Vern Buchanan’s wife reported having trouble voting for her husband.)

If the election had been in Cuyahoga, the paper trail might have
settled the story. But the iVotronic, unlike Cuyahoga’s machines, does
not provide a paper backup. It records votes only in digital memory:
on a removable flash-memory card and on an additional flash-memory
chip embedded inside the machine. Since the Jennings-Buchanan election
was so close, state law called for an automatic recount. But on a
paperless machine like the iVotronic, a recount is purely digital — it
consists of nothing but removing the flash memory inside the machine
and hitting “print” again. Jennings did, indeed, lose the recount;
when they reprinted, elections workers found that the internal chips
closely matched the original count (Jennings picked up four more
votes). But for Jennings this is meaningless, because she says it was
the screens that malfunctioned.

As evidence, she brandishes pieces of evidence she says are smoking
guns. One is a memo from ES&S executives, issued in August 2006,
warning that they had found a bug in the iVotronic software that
produced a delay in the screen; after a voter made her choice, it
would take a few seconds for the screen to display it. This, Jennings
noted, could cause problems, because a voter, believing that the
machine had not recorded her first touch, might push the screen again
— accidentally deselecting her initial vote. Jennings also suspects
that the iVotronic’s hardware may have malfunctioned. An August HDNet
investigation by Dan Rather discovered that the company manufacturing
the touchscreens for the iVotronic had a history of production flaws.
The flaw affected the calibration of the screen: When exposed to
humidity — much like the weather in Florida — the screen would
gradually lose accuracy.

Elections officials in Sarasota and ES&S hotly disagree that the
machines were in error, noting that the calibration problems with the
screens were fixed before the election. Kathy Dent, Sarasota’s
elections supervisor, suspects that the undervote was real — which is
to say, voters intentionally skipped the race, to punish Jennings and
Buchanan for waging a particularly vitriolic race. “People were really
fed up,” she told me. Other observers say voters were simply confused
by the ballot design and didn’t see the Jennings-Buchanan race.

To try to settle the question, a government audit tried to test
whether the machines had malfunctioned. The state acquired a copy of
the iVotronic source code from ES&S and commissioned a group of
computer scientists to inspect it. Their report said they could find
no flaws in the code that would lead to such a large undervote.
Meanwhile, the state conducted a mock election, getting elections
workers to repeatedly click the screens on iVotronic machines, voting
Jennings or Buchanan. Again, no accidental undervote appeared. Early
results from a separate test by an M.I.T. professor found that when
voters were presented with the Sarasota ballot, over 16 percent
accidentally skipped over the Jennings-Buchanan race — suggesting that
poor ballot design and voter error was, indeed, part of the problem.

These explanations have not satisfied Jennings and her supporters.
Kendall Coffey, one of Jennings’s lawyers, has a different theory: the
votes were mostly lost because of a “nonrecurring software bug” — a
quirk that, like the sliding-finger bug, only crops up some of the
time, propelled by voter actions that the audits did not replicate,
like a voter’s accidentally touching the screen in two places at once.
For her part, Jennings brushes off the idea that voters were punishing
her and Buchanan. Plenty of Congressional fights are nasty, she says,
but they almost never yield 13 percent undervotes.

And on and on it goes. ES&S and Sarasota correctly point out that
Jennings has no proof that a bug exists. Jennings correctly points out
that her opponents have no proof a bug doesn’t exist. This is the
ultimate political legacy of touch-screen voting machines and the
privatization of voting machinery generally. When invisible, secretive
software runs an election, it allows for endless mistrust and muttered
accusations of conspiracy. The inscrutability of the software —
combined with touch-screen machines’ well-documented history of weird
behavior — allows critics to level almost any accusation against the
machines and have it sound plausible. “It’s just like the Kennedy
assassination,” Shamos, the Carnegie Mellon computer scientist,
laments. “There’s no matter of evidence that will stop people from
spinning yarns.”

Part of the problem stems from the fact that voting requires a level
of precision we demand from virtually no other technology. We demand
that the systems behind A.T.M.’s and credit cards be accurate, of
course. But if they’re not, we can quickly detect something is wrong:
we notice that our balance is off and call the bank, or the bank
notices someone in China bought $10,000 worth of clothes and calls us
to make sure it’s legitimate. But in an election, the voter must
remain anonymous to the government. If a machine crashes and the
county worries it has lost some ballots, it cannot go back and ask
voters how they voted — because it doesn’t know who they are. It is
the need for anonymity that fuels the quest for perfection in voting

Perfection isn’t possible, of course; every voting system has flaws.
So historically, the public — and candidates for public office — have
grudgingly accepted that their voting systems will produce some errors
here and there. The deep, ongoing consternation over touch-screen
machines stems from something new: the unpredictability of computers.
Computers do not merely produce errors; they produce errors of
unforeseeable magnitude. Will people trust a system when they never
know how big or small its next failure will be?

ON THE FRIDAY BEFORE the November elections in Pennsylvania, I
wandered into a church in a suburb of Pittsburgh. The church was going
to serve as a poll location, and I was wondering: Had the voting
machines been dropped off? Were they lying around unguarded — and
could anyone gain access to them?

When I approached the side door of the church at 6 p.m., two women
were unloading food into the basement kitchen. (They were visitors
from another church who had a key to get in, but they told me they’d
found the door unlocked.) I held the door for them, chatted politely,
then strolled into the otherwise completely empty building. Neither
woman asked why I was there.

I looked over in the corner and there they were: six iVotronic voting
machines, stacked up neatly. While the women busied themselves in
their car, I was left completely alone with the machines. The
iVotronics had been sealed shut with numbered tamper seals to prevent
anyone from opening a machine illicitly, but cutting and resealing
them looked pretty easy. In essence, I could have tampered with the
machines in any way I wanted, with very little chance of being
detected or caught.

Is it possible that someone could hack voting machines and rig an
election? Elections officials insist that they are extremely careful
to train poll workers to recognize signs of machines that had been
tampered with. They also claim, frequently, that the machines are
carefully watched. Neither is entirely true. Machines often sit for
days before elections in churches, and while churches may be
wonderfully convenient polling locations, they’re about as insecure a
location as you could imagine: strangers are supposed to wander into
churches. And while most poll workers do carefully check to ensure
that the tamper seals on the machines are unbroken, I heard reports
from poll workers who saw much more lax behavior in their colleagues.

Yet here’s the curious thing: Almost no credible scientific critics of
touch-screen voting say they believe any machines have ever been
successfully hacked. Last year, Ed Felten, the computer scientist from
Princeton, wrote a report exhaustively documenting the many ways a
Diebold AccuVote-TSX could be hacked — including a technique for
introducing a vote-rigging virus that would spread from machine to
machine in a precinct. But Felten says the chance this has really
happened is remote. He argues that the more likely danger of touch-
screen machines is not in malice but in errors. Michael Shamos agrees.
“If there are guys who are trying to tamper with elections through
manipulation of software, we would have seen evidence of it,” he told
me. “Nobody ever commits the perfect crime the first time. We would
have seen a succession of failed attempts leading up to possibly a
successful attempt. We’ve never seen it.”

This is a great oddity in the debate over electronic voting. When
state officials in California and Ohio explain why they’re moving away
from touch-screen voting, they inevitably cite hacking as a chief
concern. And the original, left-wing opposition to the machines in the
2004 election focused obsessively on Diebold’s C.E.O. proclaiming that
he would help “Ohio deliver its electoral votes” for Bush. Those fears
still dominate the headlines, but in the real world of those who
conduct and observe voting machines, the realistic threat isn’t
conspiracy. It’s unreliability, incompetence and sheer error.

IF YOU WANTED to know where the next great eruption of voting-machine
scandal is likely to emerge, you’d have to drive deep into the middle
of Pennsylvania. Tucked amid rolling, forested hills is tiny
Bellefonte. It is where the elections board of Centre County has its
office, and in the week preceding the November election, the elections
director, Joyce McKinley, conducted a public demonstration of the
county’s touch-screen voting machines. She would allow anyone from the
public to test six machines to ensure they worked as intended.

“Remember, we’re here to observe the machines, not debate them,” she
said dryly. The small group that had turned out included a handful of
anti-touch-screen activists, including Mary Vollero, an art teacher
who wore pins saying “No War in Iraq” and “Books Not Bombs.” As we
gathered around, I could understand why the county board had approved
the purchase of the machines two years ago. For a town with a
substantial elderly population, the electronic screens were large,
crisp and far easier to read than small-print paper ballots. “The
voters around here love ’em,” McKinley shrugged.

But what’s notable about Centre County is that it uses the iVotronic —
the very same star-crossed machine from Sarasota. Given the concerns
about the lack of a paper trail on the iVotronics, why didn’t Centre
County instead buy a machine that produces a paper record? Because
Pennsylvania state law will not permit any machine that would
theoretically make it possible to figure out how someone voted. And if
a Diebold AccuVote-TSX, for instance, were used in a precinct where
only, say, a dozen people voted — a not-uncommon occurrence in small
towns — then an election worker could conceivably watch who votes, in
what order, and unspool the tape to figure out how they voted. (And
there are no alternatives; all touch-screen machines with paper trails
use spools.) As a result, nearly 40 percent of Pennsylvania’s counties
bought iVotronics.

Though it has gone Democratic in the last few presidential elections,
Pennsylvania is considered a swing state. As the political consultant
James Carville joked, it’s a mix of red and blue: you’ve got
Pittsburgh and Philadelphia at either end and Alabama in the middle.

It also has 21 electoral-college votes, a relatively large number that
could decide a tight presidential race. Among election-machine
observers, this provokes a shudder of anticipation. If the
presidential vote is close, it could well come down to a recount in
Pennsylvania. And a recount could uncover thousands of votes recorded
on machines that displayed aberrant behavior — with no paper trail.
Would the public accept it? Would the candidates? As Candice Hoke, the
head of Ohio’s Center for Election Integrity, puts it: “If it was
Florida in 2000 and Ohio in 2004, everyone is saying it’s going to be
Pennsylvania in 2008.”

The prospect of being thrust into the national spotlight has already
prompted many counties to spar over ditching their iVotronics. The
machines were an election issue in Centre County in November, with
several candidates for county commissioner running on a pledge to get
rid of the devices. (Two won and are trying to figure out if they can
afford it.) And the opposition to touch-screens isn’t just coming from
Democrats. When the Pennsylvania Republican Rick Santorum lost his
Senate seat in 2006, some Santorum voters complained that the
iVotronics “flipped” their votes before their eyes. In Pittsburgh, the
chief opponent of the machines is David Fawcett, the lone Republican
on the county board of elections. “It’s not a partisan issue,” he
says. “And even if it was, Republicans, at least in this state, would
have a much greater interest in accuracy. The capacity for error is
big, and the error itself could be so much greater than it could be on
prior systems.”

GIVEN THAT THERE IS NO perfect voting system, is there at least an
optimal one? Critics of touch-screen machines say that the best choice
is “optical scan” technology. With this system, the voter pencils in
her vote on a paper ballot, filling in bubbles to indicate which
candidates she prefers. The vote is immediately tangible to the
voters; they see it with their own eyes, because they personally
record it. The tallying is done rapidly, because the ballots are fed
into a computerized scanner. And if there’s a recount, the elections
officials can simply take out the paper ballots and do it by hand.

Optical scanning is used in what many elections experts regard as the
“perfect elections” of Leon County in Florida, where Ion Sancho is the
supervisor of elections. In the late ’80s, when the county was
replacing its lever machines, Sancho investigated touch-screens. But
he didn’t think they were user-friendly, didn’t believe they would
provide a reliable recount and didn’t want to be beholden to a private-
sector vendor. So he bought the optical-scanning devices from Unisys
and trained his staff to be able to repair problems when the machines
broke or malfunctioned. His error rate — how often his system
miscounts a ballot — is three-quarters of a percent at its highest,
and has dipped as low as three-thousandths of a percent.

More important, his paper trail prevents endless fighting over the
results of tight elections. In one recent contest, a candidate claimed
that his name had not appeared on the ballot in one precinct. So
Sancho went into the Leon County storage, broke the security seals on
the records, and pulled out the ballots. The name was there; the
candidate was wrong. “He apologized to me,” Sancho recalls. “And
that’s what you can’t do with touch-screen technology. You never could
have proven to that person’s satisfaction that the screen didn’t show
his name. I like that certainty. The paper ends the discussion.”
Sancho has never had a legal fight over a disputed election result.
“The losers have admitted they lost, which is what you want,” he adds.
“You have to be able to convince the loser they lost.”

That, in a nutshell, is what people crave in the highly partisan arena
of modern American politics: an election that can be extremely close
and yet regarded by all as fair. Not only must the losing candidate
believe in the loss; the public has to believe in it, too.

This is why Florida’s governor, Charlie Crist, stung by the debacle in
Sarasota, persuaded the state to abandon its iVotronic machines before
the 2008 presidential elections and adopt optical scanning; and why,
in Ohio, Cuyahoga County is planning to spend up to $12 million to
switch to optical scanning in the next year (after the county paid $21
million for its touch-screens just a few years ago).

Still, optical scanning is hardly a flawless system. If someone
doesn’t mark a ballot clearly, a recount can wind up back in the
morass of arguing over “voter intent.” The machines also need to be
carefully calibrated so they don’t miscount ballots. Blind people may
need an extra device installed to help them vote. Poorly trained poll
workers could simply lose ballots. And the machines do, in fact, run
software that can be hacked: Sancho himself has used computer
scientists to hack his machines. It’s also possible that any complex
software isn’t well suited for running elections. Most software firms
deal with the inevitable bugs in their product by patching them;
Microsoft still patches its seven-year-old Windows XP several times a
month. But vendors of electronic voting machines do not have this
luxury, because any update must be federally tested for months.

There are also serious logistical problems for the states that are
switching to optical scan machines this election cycle. Experts
estimate that it takes at least two years to retrain poll workers and
employees on a new system; Cuyahoga County is planning to do it only
three months. Even the local activists who fought to bring in optical
scanning say this shift is recklessly fast — and likely to cause
problems worse than the touch-screen machines would. Indeed, this
whipsawing from one voting system to the next is another danger in our
modern electoral wars. Public crises of confidence in voting machines
used to come along rarely, every few decades. But now every single
election cycle seems to provoke a crisis, a thirst for a new
technological fix. The troubles of voting machines may subside as
optical scanning comes in, but they’re unlikely to ever go away.


Clive Thompson, a contributing writer for the magazine, writes
frequently about technology.


dchapin [at] electionline [dot] org

Federal Election Commission
National Association of Secretaries of State
National Association of State Election Directors
National Association of County Recorders, Election Officials and

From the archive, originally posted by: [ spectre ]


Over the past several months, the state of California conducted the most comprehensive security review yet of electronic voting machines. People I consider to be security experts analyzed machines from three different manufacturers, performing both a red-team attack analysis and a detailed source code review. Serious flaws were discovered in all machines and, as a result, the machines were all decertified for use in California elections.

The reports are worth reading, as is much of the commentary on the topic. The reviewers were given an unrealistic timetable and had trouble getting needed documentation. The fact that major security vulnerabilities were found in all machines is a testament to how poorly they were designed, not to the thoroughness of the analysis. Yet California Secretary of State Debra Bowen has conditionally recertified the machines for use, as long as the makers fix the discovered vulnerabilities and adhere to a lengthy list of security requirements designed to limit future security breaches and failures.

While this is a good effort, it has security completely backward. It begins with a presumption of security: If there are no known vulnerabilities, the system must be secure. If there is a vulnerability, then once it’s fixed, the system is again secure. How anyone comes to this presumption is a mystery to me. Is there any version of any operating system anywhere where the last security bug was found and fixed? Is there a major piece of software anywhere that has been, and continues to be, vulnerability-free?

Yet again and again we react with surprise when a system has a vulnerability. Last weekend at the hacker convention DefCon, I saw new attacks against supervisory control and data acquisition (SCADA) systems — those are embedded control systems found in infrastructure systems like fuel pipelines and power transmission facilities — electronic badge-entry systems, MySpace, and the high-security locks used in places like the White House. I will guarantee you that the manufacturers of these systems all claimed they were secure, and that their customers believed them.

Earlier this month, the government disclosed that the computer system of the US-Visit border control system is full of security holes. Weaknesses existed in all control areas and computing device types reviewed, the report said. How exactly is this different from any large government database? I’m not surprised that the system is so insecure; I’m surprised that anyone is surprised.

We’ve been assured again and again that RFID passports are secure. When researcher Lukas Grunwald successfully cloned one last year at DefCon, industry experts told us there was little risk. This year, Grunwald revealed that he could use a cloned passport chip to sabotage passport readers. Government officials are again downplaying the significance of this result, although Grunwald speculates that this or another similar vulnerability could be used to take over passport readers and force them to accept fraudulent passports. Anyone care to guess who’s more likely to be right?

It’s all backward. Insecurity is the norm. If any system — whether a voting machine, operating system, database, badge-entry system, RFID passport system, etc. — is ever built completely vulnerability-free, it’ll be the first time in the history of mankind. It’s not a good bet.

Once you stop thinking about security backward, you immediately understand why the current software security paradigm of patching doesn’t make us any more secure. If vulnerabilities are so common, finding a few doesn’t materially reduce the quantity remaining. A system with 100 patched vulnerabilities isn’t more secure than a system with 10, nor is it less secure. A patched buffer overflow doesn’t mean that there’s one less way attackers can get into your system; it means that your design process was so lousy that it permitted buffer overflows, and there are probably thousands more lurking in your code.

Diebold Election Systems has patched a certain vulnerability in its voting-machine software twice, and each patch contained another vulnerability. Don’t tell me it’s my job to find another vulnerability in the third patch; it’s Diebold’s job to convince me it has finally learned how to patch vulnerabilities properly.

Several years ago, former National Security Agency technical director Brian Snow began talking about the concept of “assurance” in security. Snow, who spent 35 years at the NSA building systems at security levels far higher than anything the commercial world deals with, told audiences that the agency couldn’t use modern commercial systems with their backward security thinking. Assurance was his antidote:

Assurances are confidence-building activities demonstrating that:
1. The system’s security policy is internally consistent and reflects the requirements of the organization,
2. There are sufficient security functions to support the security
3. The system functions to meet a desired set of properties and
*only* those properties,
4. The functions are implemented correctly, and
5. The assurances *hold up* through the manufacturing, delivery and
life cycle of the system.”

Basically, demonstrate that your system is secure, because I’m just not going to believe you otherwise.

Assurance is less about developing new security techniques than about using the ones we have. It’s all the things described in books like “Building Secure Software,” “Software Security,” and “Writing Secure Code.”  It’s some of what Microsoft is trying to do with its Security Development Lifecycle (SDL). It’s the Department of Homeland Security’s Build Security In program. It’s what every aircraft manufacturer goes through before it puts a piece of software in a critical role on an aircraft. It’s what the NSA demands before it purchases a piece of security equipment. As an industry, we know how to provide security assurance in software and systems; we just tend not to bother.

And most of the time, we don’t care. Commercial software, as insecure as it is, is good enough for most purposes. And while backward security is more expensive over the life cycle of the software, it’s cheaper where it counts: at the beginning. Most software companies are short-term smart to ignore the cost of never-ending patching, even though it’s long-term dumb.

Assurance is expensive, in terms of money and time for both the process and the documentation. But the NSA needs assurance for critical military systems; Boeing needs it for its avionics. And the government needs it more and more: for voting machines, for databases entrusted with our
personal information, for electronic passports, for communications systems, for the computers and systems controlling our critical infrastructure. Assurance requirements should be common in IT
contracts, not rare. It’s time we stopped thinking backward and pretending that computers are secure until proven otherwise.

California reports:

Commentary and blog posts:

California’s recertification requirements:

DefCon reports:

US-VISIT database vulnerabilities:

RFID passport hacking:

How common are bugs:

Diebold patch:

Brian Snow on assurance:

Books on secure software development:

Microsoft’s SDL:

DHS’s Build Security In program:

This essay originally appeared on

** *** ***** ******* *********** *************

More Voting News

California Secretary of State Bowen’s certification decisions are online.
She has totally decertified the ES&S Inkavote Plus system, used in
L.A. County, because of ES&S noncompliance with the Top to Bottom
Review.  The Diebold and Sequoia systems have been decertified and
conditionally recertified.  The same was done with one Hart Intercivic
system (system 6.2.1).  (Certification of the Hart system 6.1 was
voluntarily withdrawn.)  To those who thought she was staging this
review as security theater, this seems like evidence to the contrary.
She wants to do the right thing, but has no idea how to conduct a
security review.

Florida just recently released another study of the Diebold voting
machines.  They — and it was real security researchers like the
California study, and not posers — studied v4.6.5 of the Diebold TSx
and v1.96.8 of the Diebold Optical Scan.  (California studied older
versions (v4.6.4 of the TSx and v1.96.6 of the Optical Scan).
The most interesting issues are (1) Diebold’s apparent “find-then-
approach to computer security, and (2) Diebold’s lousy use of
cryptography.  More here:

The UK Electoral Commission released a report on the 2007 e-voting and
e-counting pilots.  The results are none too good.

And the Brennan Center released a report on post-election audits:

My previous essays on electronic voting, from 2004:

My previous essay on electronic voting, from 2000:


This was news to me, and as a web dev, I’m shocked by the brazenness
of this.

As a web dev, you might be interested to read this page and this page
and learn that there are 41 domains that share mailservers with, including:

Surprised? I wasn’t. Some of the organizations sharing nameservers,
besides those listed in the first link above, include Scooter Libby’s
defense fund and Capitol Resource Group, one of the lobbying firms
implicated in Santorum shoveling hundreds of thousands of dollars
through his charity into the RNC. It’s a wide wide world of fun!

Seriously though, you can go to the robtex lookup and pretty much pick
a link at random that shares nameservers with, Whois it or
ping it whatever you like, and you’ll find something interesting. It’s
just ridiculous. Everything just leads deeper down the rabbit hole.”
posted by spiderwire at 8:40 PM on April 24

In Violation of Federal Law, Ohio’s 2004 Presidential Election Records
Are Destroyed or Missing
By Steven Rosenfeld, AlterNet
Posted on July 30, 2007, Printed on August 16, 2007

Two-thirds of Ohio counties have destroyed or lost their 2004
presidential ballots and related election records, according to
letters from county election officials to the Ohio Secretary of State,
Jennifer Brunner.

The lost records violate Ohio law, which states federal election
records must be kept for 22 months after Election Day, and a U.S.
District Court order issued last September that the 2004 ballots be
preserved while the court hears a civil rights lawsuit alleging voter
suppression of African-American voters in Columbus.

The destruction of the election records also frustrates efforts by the
media and historians to determine the accuracy of Ohio’s 2004 vote
count, because in county after county the key evidence needed to
understand vote count anomalies apparently no longer exists.

“The extent of the destruction of records is consistent with the
covering up of the fraud that we believe occurred in the presidential
election,” said Cliff Arnebeck, a Columbus attorney representing the
King Lincoln Bronzeville Neighborhood Association, which filed voter
suppression suit. “We’re in the process of addressing where to go from
here with the Ohio Attorney General’s office.”

“On the one hand, people will now say you can’t prove the fraud,” he
said, “but the rule of law says that when evidence is destroyed it
creates a presumption that the people who destroyed evidence did so
because it would have proved the contention of the other side.”

Brunner’s office confirmed the 2004 ballots were missing, but declined
to comment.

“Because this case is still pending, Secretary of State Jennifer
Brunner is unable to comment on this,” said Jeff Ortega, a
spokesperson. “Ultimately, whether the boards of elections are in
violation of a federal court order is a matter for the court to

The missing presidential election records were discovered this past
spring by Brunner, a Democrat and former judge who was elected
Secretary of State in 2006. Her predecessor, Republican J. Kenneth
Blackwell, was sued in August 2006 by a Columbus community
organization that alleged the former Secretary of State and other
“unnamed” officials “selectively and discriminatorily designed and
implemented procedures for the allocation of voting machines in a
manner to create a shortage for certain urban precincts where large
numbers of African-Americans resided,” according to the complaint.

Under federal and Ohio law, all ballots and election records from
federal races must be preserved for 22 months after Election Day,
which fell on Sept. 2, 2006. While election integrity activists and
reporters from a Columbus website,, had sought the
ballots and other election records soon after the presidential
election, Blackwell would not allow county boards to release the
ballots, citing court challenges to the 2004 results and a 2005 suit
from the League of Women Voters alleging the state was not following
the newest federal election law, the Help America Vote Act. By spring
2006, after the League’s lawyers stipulated they were not challenging
the 2004 election results, some counties began to release their 2004
election records. Scrutiny of those records raised questions about the
conduct of the election and some county vote totals.

On Aug. 23, 2006, lawyers for the King Lincoln Bronzeville
Neighborhood Association notified the Secretary of State’s office of
their voter suppression suit. The following day Blackwell’s office
sent letters to all 88 of Ohio’s county Boards of Election, notifying
them of the suit. It is customary for public officials to preserve
potential evidence when notified of pending litigation. Blackwell
negotiated with opposing attorneys and agree to send a directive to
election boards saying the ballots should be retained. Ian Urbina, a
New York Times reporter working on the story, reported that Blackwell
said he would be creating a process whereby county election officials
could eventually review and dispose of the 2004 ballots.

On Sept. 11, 2006, U.S. District Judge Algenon Marbley ordered the
election boards “to preserve all ballots from the 2004 Presidential
election, on paper and in any other format, including electronic data,
unless and until such time otherwise instructed by this Court.”

Two months after Marbley’s order, Blackwell lost the race for governor
to Democrat Ted Strickland and Brunner was elected Secretary of State.
During the following winter and spring, Brunner and the state’s
attorneys began negotiating a settlement for the voter suppression
suit, according to lawyers involved in those talks. Part of that
agreement, which has not yet been brought before the federal district
court, was the creation of a statewide repository of the 2004
presidential ballots. When conducting an inventory and attempting to
collect those records, Brunner’s office learned that seven counties
had no ballots to turn over and 56 counties only had partial records
from the 2004 vote.

“This is not just a violation of a 22-month ballot retention law. It
is a violation of a court order,” Arnebeck said. “Blackwell told the
New York Times that he would create a clearance procedure before
destroying any ballots. The combination of Blackwell’s directive and
my letter should have been enough to give the counties notice.”

What happened to the 2004 ballots

The presidential ballots and election records were lost, misplaced,
damaged by water, taken to landfills — all apparently by mistake, due
to miscommunications, or because the local election administrators
were not aware of the state ballot preservation law or the federal
court order, according to letters to Brunner’s office from the various
county election boards.

“Our staff unintentionally discarded boxes containing Ballot Pages as
requested in (Brunner’s) Directive 2007-07 due to unclear and
misinterpreted instructions,” wrote Butler County Board of Election
Director Betty McGary and Deputy Director Lynn Kinkaid in a May 9
memo. “Several boxes containing all the wire-bound ballot pages were
discarded into a Rumpke dumpster. The dumpster would have been emptied
into the local landfill.”

“The Hamilton County (Cincinnati) Board of Elections was unable to
transfer the unvoted precinct ballots and soiled precinct ballots,”
wrote John Williams, Hamilton County Director of Elections on May 16,
2007. “To the best if my knowledge, the above ballots were
inadvertently shredded between January 19th and 26th of ’06 in an
effort to make room for the new Hart voting system.”

“No one could remember the disposition of said ballots,” wrote Mike
Keeley, of Clermont County’s Board of Elections on May 10, 2007,
referring to the “unvoted” or unused ballots from the 2004
presidential election.

Since the 2004 election, a handful of media organizations, civil
rights groups, attorneys, historians and authors have been
investigating how the president won in Ohio by 118,775 votes. These
inquiries have had two primary focuses: examining Republican-led voter
suppression tactics and problems with the vote count, suggesting vote
count fraud.

The partisan voter suppression tactics have been easier to document.
Before the election, Blackwell, who was co-chair of the state’s Bush-
Cheney campaign, issued numerous administrative orders that fueled an
extreme partisan climate. One of the most notable came as Ohio was
seeing large voter registration drives in mid-2004. Blackwell issued
an order, which he later rescinded under pressure, saying only voter
registrations on 80-pound paper would be accepted and processed. At
the time, Republican Gov. Robert Taft told reporters that directive
could disenfranchise 100,000 voters. The state Republican Party also
threatened to send thousands of poll challengers to local precincts,
to ensure only properly registered voter exercised that right.

On Election Day in many Ohio cities, the turnout — or voter
accommodation rate — in these traditional Democratic strongholds was
markedly lower than in nearby suburbs, where Republicans have tended
to be the majority. In Columbus, the King Lincoln Bronzeville
Neighborhood Association sued saying African-American voters in
Franklin County were disenfranchised because urban precincts received
fewer voting machines per capita than the whiter, wealthier suburbs.
They noted urban precincts had many more voting machines during the
spring primary.

Ohio’s Secretary of State and Attorney General are engaged in
settlement talks in the neighborhood association suit, suggesting the
voter suppression claims have merit. In contrast, the case for
Republican vote count fraud in the rural areas has been much harder to
prove, even as the certified vote count is problematic in some

Compared to Ohio’s Democratic urban core, turnout in the Republican
districts was higher than the 2000 election. Moreover, in a handful of
counties there were vote count anomalies that made post-election
observers question whether Bush’s vote was padded. The most notable
example is more than 10,000 voters from several Bible belt counties
who voted for Bush and voted in favor of gay marriage, if the results
are true. In a dozen rural counties, virtually unknown Democrats at
the bottom of the ballot received more votes that Kerry, an oddity in
a presidential year.

Reporters associated with and Arnebeck’s legal team
hoped the court order preserving the 2004 ballots would enable them to
investigate how these results occurred. Depending on the ballot type
and vote-counting machine used, they have theories about how Bush’s
vote could have been inflated. But because many of these rural
counties apparently have destroyed the very 2004 election records that
would clarify what happened, it is now virtually impossible to
determine what happened.

In Warren County, where county election officials said on Election Day
that the FBI had declared a homeland security alert — which they
later retracted — ballots were diverted to a warehouse before
counting. The local media was not allowed to observe the vote count.
According to a letter from the Warren County Board of Election to
Brunner’s office, the election board cannot find 22,000 unused ballots
from the election.

“The missing records reveal where the fraud occurred,” said Arnebeck.
“You take as an example, Warren County. It is well documented that
there was a phony homeland security alert and that was the excuse for
excluding the public and the press from observing what was going on
during Election Day. So the missing unused ballots would suggest that
ballots were remade to fit the desired result.”

“The same situation occurred in Clermont County,” he said. “We have
sworn affidavits from people who saw white stickers placed over the
Kerry-Edward ovals in this optical scan county,” he said, referring to
one way of masking a would-be Kerry vote, because optical-scan
machines read ink marks on paper ballots. “So the missing unused
ballots would suggest they were used to remake ballots to reflect the
desired vote for Bush.”

Many rural Ohio counties did not have vote count problems, Arnebeck
said. But enough did have significant problems that called for further

“The Attorney General says the rural counties all say human error was
to blame (for the missing ballots),” he said. “There are some counties
where ballots are missing and we don’t believe anything was wrong with
the vote count. But there are others where that human error covers up
what we think was vote count fraud.”

Another big category of votes that will never be explained are the
nearly 129,000 ballots that were rejected by voting machines and not
counted. Many of these 2004 ballots — a mix of computer punch cards,
paper ballots to be marked by ink and electronic votes — are among
the incomplete 2004 election records. One post-election analysis found
94,000 of these ballots come from Democratic-majority precincts, and
estimated these that ballots could have cost Kerry an additional
26,000 votes.

{Steven Rosenfeld is a senior fellow at and co-author of
What Happened in Ohio: A Documentary Record of Theft and Fraud in the
2004 Election, with Bob Fitrakis and Harvey Wasserman (The New Press,

None Dare Call It Stolen:
Ohio, the Election, and America’s Servile Press
MARK CRISPIN MILLER / Harper’s Magazine v.311, n.1863 1 aug 2005

Whichever candidate you voted for (or think you voted for), or even it
you did not vote (or could not vote), you must admit that last year’s
presidential race was if nothing else pretty interesting. True, the
press has dropped the subject, and the Democrats, with very few
exceptions, have “moved on.” Yet this contest may have been the most
unusual in U.S. history; it was certainly among those with the
strangest outcomes. You may remember being surprised yourself. The
infamously factious Democrats were fiercely unified-Ralph Nader
garnered only about 0.18 percent of the national vote-while the
Republicans were split, with a vocal anti-Bush front that included
anti-Clinton warrior Bob Barr of Georgia; Ike’s son John Eisenhower;
Ronald Reagan’s chairman of the Joint Chiefs of Staff, William J.
Crowe Jr.; former Air Force Chief of Staff and onetime “Veteran for
Bush” General Merrill “Tony” McPeak; founding neo-con Francis
Fukuyama; Doug Bandow of the Cato Institute, and various large
alliances of military officers, diplomats, and business professors.
The American Conservative, co-founded by Pat Buchanan, endorsed five
candidates for president, including both Bush and Kerry, while the
Financial Times and The Economist came out for Kerry alone. At least
fifty-nine daily newspapers that backed Bush in the previous election
endorsed Kerry (or no one) in this election. The national turnout in
2004 was the highest since 1968, when another unpopular war had swept
the ruling party from the White House. And on Election Day, twenty-six
state exit polls incorrectly predicted wins for Kerry, a statistical
failure so colossal and unprecedented that the odds against its
happening, according to a report last May by the National Election
Data Archive Project, were 16.5 million to 1. Yet this ever-less-
beloved president, this president who had united liberals and
conservatives and nearly alI the world against himself this president
somehow bested his opponent by 3,000,176 votes.

How did he do it? To that most important question the commentariat,
briskly prompted by Republicans, supplied an answer. Americans of
faith a silent majority heretofore unmoved by any other politician had
poured forth by the millions to vote “Yes!” for Jesus’ buddy in the
White House. Bush’s 51 percent, according to this thesis, were roused
primarily by “family values.” Tony Perkins, president of the Family
Research Council, called gay marriage “the hood ornament on the family
values wagon that carried the president to a second term.” The pundits
eagerly pronounced their amens-“Moral values,” Tucker Carlson said on
CNN, “drove President Bush and other Republican candidates to victory
this week”-although it is not clear why. The primary evidence of our
Great Awakening was a post-election poll by the Pew Research Center in
which 27 percent of the respondents, when asked which issue “mattered
most” to them in the election, selected something called “moral
values.” This slight plurality of impulse becomes still less
impressive when we note that, as the pollsters went to great pains to
make clear, “the relative importance of moral values depends greatly
on how the question is framed.” In fact, when voters were asked to
“name in their own words the most important factor in their vote,”
only 14 percent managed to come up with “moral values.” Strangely,
this detail went little mentioned in the post-electoral commentary.1

The press has had little to say about most of the strange details of
the election-except, that is, to ridicule all efforts to discuss them.
This animus appeared soon after November 2, in a spate of caustic
articles dismissing any critical discussion of the outcome as crazed
speculation: “Election paranoia surfaces: Conspiracy theorists call
results rigged,” chuckled the Baltimore Sun on November 5. “Internet
Buzz on Vote Fraud Is Dismissed,” proclaimed the Boston Globe on
November 10. “Latest Conspiracy Theory-Kerry Won Hits the Ether,” the
Washington Post chortled on November 11. The New York Times weighed in
with “Vote Fraud Theories, Spread by Blogs, Are Quickly Buried”-making
mock not only of the “post-election theorizing” but of cyberspace
itself, the fons et origo of all such loony tunes, according to the

Such was the news that most Americans received. Although the tone was
scientific, “realistic,” skeptical, and “middle-of-the-road,” the
explanations offered by the press were weak and immaterial. It was as
if they were reporting from inside a forest fire without acknowledging
the fire, except to keep insisting that there was no fire.2 Since
Kerry has conceded, they argued, and since “no smoking gun” had come
to light, there was no story to report. This is an oddly passive
argument. Even so, the evidence that something went extremely wrong
last fall is copious, and not hard to find. Much of it was noted at
the time, albeit by local papers and haphazardly. Concerning the
decisive contest in Ohio, the evidence is lucidly compiled in a single
congressional report, which, for the last half-year, has been
available to anyone inclined to read it. It is a veritable arsenal of
“smoking guns”-and yet its findings may be less extraordinary than the
fact that no one in this country seems to care about them.

On January 5, Representative John Conyers of Michigan, the ranking
Democrat on the House Judiciary Committee, released Preserving
Democracy: What Went Wrong in Ohio. The report was the result of a
five-week investigation by the committee’s Democrats, who reviewed
thousands of complaints of fraud, malfeasance, or incompetence
surrounding the election in Ohio, and further thousands of complaints
that poured in by phone and email as word of the inquiry spread. The
congressional researchers were assisted by volunteers in Ohio who held
public hearings in Columbus, Cleveland, Toledo, and Cincinnati, and
questioned more than two hundred witnesses. (Although they were
invited, Republicans chose not to join in the inquiry.)3
1Another poll, by Zogby International, showed that 33 percent
of voters deemed “greed and materialism” the most pressing moral
problems in America. Only 12 percent of those polled cited gay

2 Keith Olbermann, on MSNBC, stood out as an heroic exception,
devoting many segments of his nightly program Countdown to the myriad
signs of electoral mischief, particularly in Ohio.

3 The full report can he downloaded from the Judiciary
Committee’s website at democrats/
ohiostatusrept1505.pdf  [Local copy of the report, Preserving
Democracy: What Went Wrong in Ohio – Status Report of the House
Judiciary Committee Democratic Staff 5jan2005 (3.13 MB PDF)] and is
also, as of May, available as a trade paperback, entitled What Went
Wrong in Ohio. I should note here that, in a victory for family
values, the publishers of that paperback are my parents, Jordan and
Anita Miller.

Preserving Democracy describes three phases of Republican chicanery:
the run-up to the election, the election itself, and the post-election
cover-up. The wrongs exposed are not mere dirty tricks (though Bush/
Cheney also went in heavily for those) but specific violations of the
U.S. and Ohio constitutions, the Voting Rights Act, the Civil Rights
Act of 1968, the National Voter Registration Act, and the Help America
Vote Act. Although Conyers trod carefully when the report came out,
insisting that the crimes did not affect the outcome of the race (a
point he had to make, he told me, “just to get a hearing”), his report
does “raise grave doubts regarding whether it can he said that the
Ohio electors selected on December 13, 2004, were chosen in a manner
that conforms to Ohio law, let alone Federal requirements and
constitutional standards.” The report cites “massive and unprecedented
voter irregularities and anomalies” throughout the state-wrongs,
moreover, that were hardly random accidents. “In many cases,” the
report says, “these irregularities were caused by intentional
misconduct and illegal behavior, much of it involving Secretary of
State J. Kenneth Blackwell, the co-chair of the Bush-Cheney campaign
in Ohio.” 4

The first phase of malfeasance entailed, among many other actions,
several months of bureaucratic hijinks aimed at disenfranchising
Democrats, the most spectacular result of which was “a wide
discrepancy between the availability of voting machines in more
minority, Democratic and urban areas as compared to more Republican,
suburban and exurban areas.” Such unequal placement had the
predictable effect of slowing the voting process to a crawl at
Democratic polls, while making matters quick and easy in Bush country:
a clever way to cancel out the Democrats’ immense success at
registering new voters in Ohio. (We cannot know the precise number of
new voters registered in Ohio by either party because many states,
including Ohio, do not register voters by party affiliation. The New
York Times reported in September, however, that new registration rose
25 percent in Ohio’s predominantly Republican precincts and 250
percent in Ohio’s predominantly Democratic precincts.)
4 When contacted by Harper’s Magazine, Blackwell spokesman
Carlo LoParo dismissed Conyers’s report as a partisan attack. “Why
wasn’t it more than an hour’s story?” he asked, referring to the lack
of media interest in the report. “Everybody can’t be wrong, can they?”

At Kenyon College in Gambier, for instance, there were only two
machines for 1,300 would-be voters, even though “a surge of late
registrations promised a record vote.” Gambier residents and Kenyon
students had to stand in line for hours, in the rain and in “crowded,
narrow hallways,” with some of them inevitably forced to call it
quits. “In contrast, at nearby Mt. Vernon Nazarene University, which
is considered more Republican leaning, there were ample waiting
machines and no lines.” This was not a consequence of limited
resources. In Franklin County alone, as voters stood for hours
throughout Columbus and elsewhere, at least 125 machines collected
dust in storage. The county’s election officials had “decided to make
do with 2,866 machines, even though the analysis showed that the
county needs 5,000 machines.”

It seemed at times that Ohio’s secretary of state was determined to
try every stunt short of levying a poll tax to suppress new voter
turnout. On September 7, based on an overzealous reading of an obscure
state bylaw, he ordered county boards of elections to reject all Ohio
voter-registration forms not “printed on white, uncoated paper of not
less than 80 lb. text weight.” Under public pressure he reversed the
order three weeks later, by which time unknown numbers of Ohioans had
been disenfranchised. Blackwell also attempted to limit access to
provisional ballots. The Help America Vote Act-passed in 2002 to
address some of the problems of the 2000 election-prevents election
officials from deciding at the polls who will be permitted to cast
provisional ballots, as earlier Ohio law had permitted. On September
16, Blackwell issued a directive that somehow tailed to note that
change. A federal judge ordered him to revise the language, Blackwell
resisted, and the court was forced to draft its own version of the
directive, which it ordered Blackwell to accept, even as it noted
Blackwell’s “vigorous, indeed, at times, obdurate opposition” to
compliance with the law.

Under Blackwell the state Republican Party tried to disenfranchise
still more Democratic voters through a technique known as “caging.”
The party sent registered letters to new voters, “then sought to
challenge 35,000 individuals who refused to sign for the letters,”
including “voters who were homeless, serving abroad, or simply did not
want to sign for something concerning the Republican Party.” It should
be noted that marketers have long used zip codes to target, with
remarkable precision, the ethnic makeup of specific neighborhoods, and
also that, according to exit polls last year, 84 percent of those
black citizens who voted in Ohio voted for Kerry.

The second phase of lawlessness began the Monday before the election,
when Blackwell issued two directives restricting media coverage of the
election. First, reporters were to he barred from the polls, because
their presence contravened Ohio’s law on “loitering” near voting
places. Second, media representatives conducting exit polls were to
remain 100 feet away from the polls. Blackwell’s reasoning here was
that, with voter turnout estimated at 73 percent, and with many new
voters so blissfully ignorant as to have “never looked at a voting
machine before,” his duty was clear: the public was to he protected
from the “interference or intimidation” caused by “intense media
scrutiny.” Both cases were at once struck down in federal court on
First Amendment grounds.
5 Let it not be said that the Democrats rose wholly above the
electoral fray: in Defiance County, Ohio, one Chad Staton was arrested
on 130 counts of vote fraud when he submitted voter-registration forms
purportedly signed by, among others, Dick Tracy, Jeffrey Dahmer,
Michael Jackson, and Mary Poppins. Of course, depending on party
affiliation, the consequence of election misdeeds varies. Staton, who
told police he was paid in crack for each registration, received fifty-
four months in jail for his fifth-degree felonies; Blackwell, for his
part, is now the G.O.P. front-runner for governor of Ohio.

Blackwell did manage to ban reporters from a post-election ballot-
counting site in Warren County because-election officials claimed-the
FBI had warned of an impending terrorist attack there. The FBI said it
issued no such warning, however, and the officials refused to name the
agent who alerted them. Moreover, as the Cincinnati Enquirer later
reported, email correspondence between election officials and the
county’s building services director indicated that lockdown plans
“down to the wording of the signs that would he posted on the locked
doors” had been in the works for at least a week. Beyond suggesting
that officials had something to hide, the ban was also, according to
the report, a violation of Ohio law and the Fourteenth Amendment.

Contrary to a prior understanding, Blackwell also kept foreign
monitors away from the Ohio polls. Having been formally invited by the
State Department on June 9, observers from the Organization for
Security and Cooperation in Europe, an international consortium based
in Vienna, had come to witness and report on the election. The
mission’s two-man teams had been approved to monitor the process in
eleven states-but the observers in Ohio were prevented from watching
the opening of the polling places, the counting of the ballots, and,
in some cases, the election itself. “We thought we could he at the
polling places before, during, and after” the voting, said Soren
Søndergaard, a Danish member of the team. Denied admission to polls in
Columbus, he and his partner went to Blackwell, who refused them
letters of approval, again citing Ohio law banning “loitering” outside
the polls. The two observers therefore had to “monitor” the voting at
a distance of 100 feet from each polling place. Although not
technically illegal, Blackwell’s refusal was improper and, of course,
suspicious. (The Conyers report does not deal with this episode.)

To what end would election officials risk so malodorous an action? We
can only guess, of course. We do know, however, that Ohio, like the
nation, was the site of numerous statistical anomalies-so many that
the number is itself statistically anomalous, since every single one
of them took votes from Kerry. In Butler County the Democratic
candidate for State Supreme Court took in 5,347 more votes than Kerry
did. In Cuyahoga County ten Cleveland precincts “reported an
incredibly high number of votes for third party candidates who have
historically received only a handful of votes from these urban areas”-
mystery votes that would mostly otherwise have gone to Kerry. In
Franklin County, Bush received nearly 4,000 extra votes from one
computer, and, in Miami County, just over 13,000 votes appeared in
Bush’s column after all precincts had reported. In Perry County the
number of Bush votes somehow exceeded the number of registered voters,
leading to voter turnout rates as high as 124 percent. Youngstown,
perhaps to make up the difference, reported negative 25 million votes.

In Cuyahoga County and in Franklin County-both Democratic strongholds-
the arrows on the absentee ballots were not properly aligned with
their respective punch holes, so that countless votes were miscast, as
in West Palm Beach back in 2000. In Mercer County some 4,000 votes for
president representing nearly 7 percent of the electorate mysteriously
dropped out of the final count. The machines in heavily Democratic
Lucas County kept going haywire, prompting the county’s election
director to admit that prior tests of the machines had failed. One
polling place in Lucas County never opened because all the machines
were locked up somewhere and no one had the key. In Hamilton County
many absentee voters could not cast a Democratic vote for president
because county workers, in taking Ralph Nader’s name off many ballots,
also happened to remove John Kerry’s name. The Washington Post
reported that in Mahoning County “25 electronic machines transferred
an unknown number of Kerry votes to the Bush column,” but it did not
think to ask why.

Ohio Democrats also were heavily thwarted through dirty tricks
recalling Richard Nixon’s reign and the systematic Bullying of Dixie.
There were “literally thousands upon thousands” of such incidents, the
Conyers report notes, cataloguing only the grossest cases. Voters were
told, falsely, that their polling place had changed; the news was
conveyed by phone calls, “door-hangers,” and even party workers going
door to door. There were phone calls and fake “voter bulletins”
instructing Democrats that they were not to cast their votes until
Wednesday, November 3, the day after Election Day. Unknown
“volunteers” in Cleveland showed up at the homes of Democrats, kindly
offering to “deliver” completed absentee ballots to the election
office. And at several polling places, election personnel or hired
goons bused in to do the job “challenged” voters black voters in
particular to produce documents confirming their eligibility to vote.
The report notes one especially striking incident:

In Franklin County, a worker at a Holiday hill observed a team of
25 people who called themselves the “Texts Strike Force” using
payphones to make intimidating ells to likely voters, targeting people
recently in the prison system. The “Texas Strike Force” paid their way
to Ohio, but their hotel accommodations were paid for by the Ohio
Republican party, whose headquarters is across the street. The hotel
worker heard one caller threaten a likely voter with being reported to
the FBI and returning to jail it lie voted. Another hotel worker
called the police, who came but did nothing.

The electoral fraud continued past Election Day, But by means far more
complex and less apparent than the bullying that marked the day
itself. Here the aim was to protect the spoils, which required the
prevention of countywide hand recounts by any means necessary. The
procedure for recounts is quite clear. In fact, it was created by
Blackwell. A recount having been approved, each of the state’s eighty-
eight counties must select a number of precincts randomly, so that the
total of their ballots comes to 3 percent (at least) of the county’s
total vote. Those ballots must then he simultaneously hand counted and
machine counted. If the hand count and the new machine count match,
the remaining 97 percent of the selected ballots may he counted by
machine. If, however, the totals vary by as little as a single vote,
all the other votes must be hand counted, and the results, once
reconfirmed, must be accepted as the new official total.

The Ohio recount officially started on December 13-five days after
Conyers’s hearings opened-and was scheduled to go on until December
28. Because the recount (such as it was) coincided with the inquiry,
Conyers was able to discover, and reveal in his report, several
instances of what seemed to he electoral fraud.

On December 13, for instance, Sherole Eaton, deputy director of
elections for Hocking County, filed an affidavit stating that the
computer that operates the tabulating machine had been “modified” by
one Michael Barbian Jr., an employee of Triad GSI, the corporate
manufacturer of the county’s voting machinery.

Ms. Eaton witnessed Mr. Barbian modify the Hocking County computer
vote tabulator before the announcement of the Ohio recount. She
further witnessed Barbian, upon the announcement that the Hocking
County precinct was planned to he the subject of the initial Ohio test
recount, make further alterations based on his knowledge of the
situation. She also has firsthand knowledge that Barbian advised
election officials how to manipulate voting machinery to ensure that
[the] preliminary hand recount matched the machine count.6

The committee also learned that Triad similarly intervened in at least
two other counties. In a filmed interview, Barbian said that he had
examined machines not only in Hocking County hut also in Lorain,
Muskingum, Clark, Harrison, and Guernsey counties; his purpose was to
provide the Board of Elections with as much information as possible
-“The more information you give someone,” he said, “the better job
they can do.” The report concludes that such information as Barbian
and his colleagues could provide was helpful indeed:

Based on the above, including actual admissions and statements by
Triad employees, it strongly appears that Triad and its employees
engaged in a course of behavior to provide “cheat sheets” to those
counting the ballots. The cheat sheets told them how many votes they
should find for each candidate, and how many over and under votes they
should calculate to match the machine count. In that way, they could
avoid doing a full county-wide hand recount mandated by state law. If
true, this would frustrate the entire purpose of the recount law-to
randomly ascertain if the vote counting apparatus is operating fairly
and effectively, and if not to conduct a full hand recount.

6 In May 2005, Eaton was ordered by the Hocking County
Board of Elections to resign from her position.

The report notes Triad’s role in several other cases. In Union County
the hard drive on one tabulator was replaced after the election. (The
old one had to he subpoenaed.) In Monroe County, after the 3 percent
hand count had twice failed to match the machine count, a Triad
employee brought in a new machine and took away the old one. (That
machine’s count matched the hand count.) Such operations are
especially worrying in light of the fact that Triad’s founder, Brett
A. Rapp, “has been a consistent contributor to Republican
causes.” (Neither Barbian nor Rapp would respond to Harper’s queries,
and the operator at Triad refused even to provide the name of a press

There were many cases of malfeasance, however, in which Triad played
no role. Some 1,300 Libertarian and Green Party volunteers, led by
Green Party recount manager Lynne Serpe, monitored the count
throughout Ohio.7 They reported that: In Allen, Clermont, Cuyahoga,
Morrow, Hocking, Vinton, Summit, and Medina counties, the precincts
for the 3 percent hand recount were preselected, not picked at random,
as the law requires. In Fairfield County the 3 percent hand recount
yielded a total that diverged from the machine count-but despite
protests from observers, officials did not then perform a hand recount
of all the ballots, as the law requires. In Washington and Lucas
counties, ballots were marked or altered, apparently to ensure that
the hand recount would equal the machine count. In Ashland, Portage,
and Coshocton counties, ballots were improperly unsealed or stored.
Belmont County “hired an independent programmer (`at great expense’)
to reprogram the counting machines so that they would only count votes
for President during the recount.” Finally, Democratic and/or Green
observers were denied access to absentee, and/or provisional ballots,
or were not allowed to monitor the recount process, in Summit, Huron,
Putnam, Allen, Holmes, Mahoning, Licking, Stark, Medina, Warren, and
Morgan counties. In short, the Ohio vote was never properly recounted,
as required by Ohio law.

7 The recount itself was the result of a joint application
from the Green and Libertarian parties.

That is what the Democratic staff of the House Judiciary Committee
found, that is what they distributed to everyone in Congress, and that
is what any member of the national press could have reported at any
time in the last half year. Conyers may or may not have precisely
captured every single dirty trick. The combined votes gained by the
Republicans through such devices may or may not have decided the
election. (Bush won Ohio by 118,601 votes.) Indeed, if you could
somehow look into the heart of every eligible voter in the United
States to know his or her truest wishes, you might discover that Bush/
Cheney was indeed the people’s choice. But you have to admit-the
report is pretty interesting.

In fact, its release was timed for maximum publicity. According to the
United States Code (Title 3, Chapter 1, Section 15), the President of
the Senate-i.e., the U.S. Vice President-must announce each state’s
electoral results, then “call for objections.” Objections must he made
in writing and “signed by at least one Senator and one Member of the
House of Representatives.” A challenge having been submitted, the
joint proceedings must then be suspended so that both houses can
retire to their respective chambers to decide the question, after
which they reconvene and either certify or reject the vote.

Thus was an unprecedented civic drama looming on the day that
Conyers’s report appeared. First of all, electoral votes had been
contested in the Congress only twice. In 1877 the electoral votes of
several states were challenged, some by Democrats supporting Samuel
Tilden, others by Republicans supporting Rutherford B. Hayes. In 1969,
Republicans challenged the North Carolina vote when Lloyd W. Bailey, a
“faithless elector” pledged to Richard Nixon for that state, voted for
George Wallace.8 And a new challenge would he more than just
“historic.” Because of what had happened-or not happened-four years
earlier, it would also be extraordinarily suspenseful. On January 6,
2001, House Democrats, galvanized by the electoral larceny in Florida,
tried and failed to challenge the results. Their effort was aborted by
the failure of a single Democratic senator to join them, as the law
requires. Al Gore-still vice president, and therefore still the
Senate’s president-had urged Democrats to make no such unseemly waves
but to respect Bush’s installation for the sake of national unity.
Now, it seemed, that partisan disgrace would he redressed, at least
symbolically; for a new challenge from the House, by Representative
Stephanie Tubbs-Jones of Ohio, would be cosigned by Barbara Boxer,
Democratic senator from California, who, at a noon press conference on
January 6, heightened the suspense by tearfully acknowledging her
prior wrong: “Four years ago I didn’t intervene. I was asked by Al
Gore not to do so and I didn’t do so. Frankly, looking back on it, I
wish I had.”
8 Offended by the president-elect’s first cabinet
appointments (Henry Kissinger, Daniel Patrick Moynihan, et al.),
Bailey was protesting Nixon’s liberalism.

It was a story perfect for TV a rare event, like the return of
Halley’s comet; a scene of high contention in the nation’s capital; a
heroine resolved to make things right, both for the public and
herself. Such big news would highlight Conyers’s report, whose
findings, having spurred the challenge in the first place, would now
inform the great congressional debate on the election in Ohio.

As you may recall, this didn’t happen-the challenge was rejected by a
vote of 267-31 in the House and 74-1 in the Senate. The Boston Globe
gave the report 118 words (page 3); the Los Angeles Times, 60 words
(page 18). It made no news in the Wall Street Journal, USA Today,
Newsweek, Time, or U.S. News & World Report. It made no news on CBS,
NBC, ABC, or PBS. Nor did NPR report it (though Talk of the Nation
dealt with it on January 6). CNN did not report it, though Donna
Brazile pointedly affirmed its copious “evidence” on Inside Politics
on January 6. (Judy Woodruff failed to pause for an elaboration.) Also
on that date, the Fox News Channel briefly showed Conyers himself
discussing “irregularities” in Franklin County, though it did not
mention the report. He was followed by Tom DeLay, who assailed the
Democrats for their “assault against the institutions of our
representative democracy.” The New York Times negated both the
challenge and the document in a brief item headlined “Election Results
to Be Certified, with Little Fuss from Kerry,” which ran on page 16
and ended with this quote from Dennis Hastert’s office, vis-à-vis the
Democrats: “They are really just trying to stir up their loony left.”

Indeed, according to the House Republicans, it was the Democrats who
were the troublemakers and cynical manipulators-spinning “fantasies”
and “conspiracy theories” to “distract” the people, “poison the
atmosphere of the House of Representatives” (Dave Hobson, R., Ohio),
and “undermine the prospect of democracy” (David Dreier, R., Calif.);
mounting “a direct attack to undermine our democracy” (Tom DeLay, R.,
Tex.), “an assault against the institutions of our representative
democracy” (DeLay); trying “to plant the insidious seeds of doubt in
the electoral process” (J. D. Hayworth, R., Ariz.); and in so doing
following “their party’s primary strategy: to obstruct, to divide and
to destroy” (Deborah D. Pryce, R., Ohio).

Furthermore, the argument went, there was no evidence of electoral
fraud. The Democrats were using “baseless and meritless
tactics” (Pryce) to present their “so-called evidence” (Bob Ney, R.,
Ohio), “making allegations that have no basis of fact” (Candice
Miller, R., Mich.), making claims for which “there is no evidence
whatsoever, no evidence whatsoever” (Dreier). “There is absolutely no
credible basis to question the outcome of the election” (Rob Portman,
R., Ohio). “No proven allegations of fraud. No reports of widespread
wrongdoing. It was, at the end of the day, an honest election” (Bill
Shuster, R., Pa.). And so on. Bush won Ohio by “an overwhelming and
comfortable margin,” Rep. Pryce insisted, while Ric Keller (R., Fla.)
said that Bush won by “an overwhelmingly comfortable margin.” (“The
president’s margin is significant,” observed Roy Blunt, R., Mo.) In
short, as Tom DeLay put it, “no such voter disenfranchisement occurred
in this election of 2004-and, for that matter, the election of 2000.
Everybody knows it. The voters know it, the candidates know it, the
courts know it, and the evidence proves it.”

That all this commentary was simply wrong went unnoticed and/or
unreported. Once Bush was reinaugurated, all inquiries were apparently
concluded, and the story was officially kaput. By March talk of fraud
was calling forth the same reflexive ridicule that had prevailed hack
in November-but only now and then, on those rare moments when somebody
dared bring it up: “Also tonight,” CNN’s Lou Dobbs deadpanned
ironically on March 8, “Teresa Heinz Kerry still can’t accept certain
reality. She suggests the presidential election may have been rigged!”
And when, on March 31, the National Election Data Archive Project
released its study demonstrating that the exit polls had probably been
right, it made news only in the Akron Beacon-Journal.9 The article
included this response from Carlo LoParo, Kenneth Blackwell’s
spokesman: “What are you going to do except laugh at it?”

In the summer of 2003, Representative Peter King (R., N.Y.) was
interviewed by Alexandra Pelosi at a barbecue on the White House lawn
for her HBO documentary Diary of a Political Tourist. “It’s already
over. The election’s over.

9 On the other hand, the thesis that the exit polls were
flawed had been reported by the Associated Press, the Washington Post,
the Chicago Tribune, USA Today, the San Francisco Chronicle, the
Columbus Dispatch,, MSNBC, and ABC (which devoted a Nightline
segment to the “conspiracy theory” that the exit polls had been

We won,” King exulted more than a year before the election. When asked
by Pelosi-the daughter of House Minority Leader Nancy Pelosi-how he
knew that Bush would win, he answered, “It’s all over but the
counting. And we’ll take care of the counting.”

King, who is well known in Washington for his eccentric utterances,
says he was kidding, that he has known Pelosi for years, that she is
“a clown,” and that her project was a “spoof.” Still, he said it. And
laughter, despite the counsel of Kenneth Blackwell’s press flack,
seems an inappropriate response to the prospect of a stolen election-
as does the advice that we “get over it.” The point of the Conyers
report, and of this report as well, is not to send Bush packing and
put Kerry in his place. The Framers could no more conceive of
electoral fraud on such a scale than they could picture Fox News
Channel or the Pentagon; and so we have no constitutional recourse,
should it be proven, finally, that the wrong guy “won.” The point of
our revisiting the last election, rather, is to see exactly what the
damage was so that the people can demand appropriate reforms. Those
who say we should “move on” from that suspicious race and work instead
on “bigger issues”-like electoral reform-are urging the impossible;
for there has never been a great reform that was not driven by some
major scandal.

“If a nation expects to he ignorant and free, in a state of
civilization,” Thomas Jefferson said, “it expects what never was and
never will be.” That much-quoted line foretells precisely what has
happened to us since “the news” has turned into a daily paraphrase of
Karl Rove’s fevered dreams. Just as 2+2=5 in Orwell’s Oceania, so here
today the United States just won two brilliant military victories,
9/11 could not have been prevented, we live in a democracy (like the
Iraqis), and last year’s presidential race “was, at the end of the
day, an honest election.” Such claims, presented as the truth, are
nothing but faith-based reiteration, as valid as the notions that one
chooses to be homosexual, that condoms don’t prevent the spread of
HIV, and that the universe was made 6,000 years ago.

In this nation’s epic struggle on behalf of freedom, reason, and
democracy, the press has unilaterally disarmed-and therefore many good
Americans, both liberal and conservative, have lost faith in the
promise of self-government. That vast surrender is demoralizing,
certainly, hut if we face it, and endeavor to reverse it, it will not
prove fatal. This democracy can survive a plot to hijack an election.
What it cannot survive is our indifference to, or unawareness of, the
evidence that such a plot has succeeded.


Letter To The Editor of Harper’s Magazine

*FOR PUBLICATION* letters [at] harpers [dot] org 26 July ’05

Dear Editor:

Mr. Miller (‘None Dare Call it Stolen’, July 2005) briefly mentions
evidence that a coordinated, nationwide vote fraud was perpetrated by
Bush et al., but he harms democracy by not investigating it. Exit
polls by their nature are very precise: i.e. in only one of every 4.6
billion (!) presidential elections should (as actually happened)
Bush’s announced final margin exceed the exit poll’s margin of error
in the 16 states whose exit polls predicted that Kerry was about to
win, (methodology and discussion at:×79760).
The claimed counts are even more unlikely when you consider that every
one of such discrepancies occurred in either a close (“swing”) or an
important high population state, and that all employed secret vote
counting (instantly changeable once uploaded to computers).

A news media consortium conducts the exit polls and admits the
discrepancy, but attributes it to faulty exit polls-e.g. their
pollsters were too far from old Bush voters to reach them, or they
preferred to interview young Kerry voters. They “forget” to ask why
this never happened before! Also, why did a news media commentator,
looking at his laptop on PBS’s Newshour suddenly exclaim “Wait a
minute-something’s changing in Florida!” (paraphrase), at about 6 pm
Eastern? Until late afternoon, both campaigns exuded signs that Kerry
had won. So why was the Bush team suddenly overjoyed (as filmed by
PBS’s Frontline), after consulting their extensive network of local
results in late afternoon (which is why they were previously glum)?

The answers lie in the paper ballots locked away in hundreds of rooms.
Are the party hacks who mostly control access to this evidence in key
states honest enough to allow an impartial recount of them, or have
they already altered this permanent record? Statisticians know what
all such evidence means, and have called for such a recount (see

Tony Tweedale, MS (Env. Studies)
ttweed [at] wildrockies [dot] org

From the archive, originally posted by: [ spectre ]


Network Hosting Attorney Scandal E-Mails Also Hosted Ohio’s 2004 Election Results

OFFICE OF SPECIAL COUNSEL TO INVESTIGATE KARL ROVE,0,3535547.story?coll=la-home-headlines

Low-key office launches high-profile inquiry

The Office of Special Counsel will investigate U.S. attorney firings
and other political activities led by Karl Rove.

By Tom Hamburger, Times Staff Writer / April 24, 2007

WASHINGTON – Most of the time, an obscure federal investigative unit
known as the Office of Special Counsel confines itself to monitoring
the activities of relatively low-level government employees, stepping
in with reprimands and other routine administrative actions for such
offenses as discriminating against military personnel or engaging in
prohibited political activities.

But the Office of Special Counsel is preparing to jump into one of the
most sensitive and potentially explosive issues in Washington,
launching a broad investigation into key elements of the White House
political operations that for more than six years have been headed by
chief strategist Karl Rove.

The new investigation, which will examine the firing of at least one
U.S. attorney, missing White House e-mails, and White House efforts to
keep presidential appointees attuned to Republican political
priorities, could create a substantial new problem for the Bush White

First, the inquiry comes from inside the administration, not from
Democrats in Congress. Second, unlike the splintered inquiries being
pressed on Capitol Hill, it is expected to be a unified investigation
covering many facets of the political operation in which Rove played a
leading part.

“We will take the evidence where it leads us,” Scott J. Bloch, head of
the Office of Special Counsel and a presidential appointee, said in an
interview Monday. “We will not leave any stone unturned.”

Bloch declined to comment on who his investigators would interview,
but he said the probe would be independent and uncoordinated with any
other agency or government entity.

The decision by Bloch’s office is the latest evidence that Rove’s
once- vaunted operations inside the government, which helped the GOP
hold the White House and Congress for six years, now threaten to mire
the administration in investigations.

The question of improper political influence over government decision-
making is at the heart of the controversy over the firing of U.S.
attorneys and the ongoing congressional investigation of the special
e- mail system installed in the White House and other government
offices by the Republican National Committee.

All administrations are political, but this White House has
systematically brought electoral concerns to Cabinet agencies in a way
unseen previously.

For example, Rove and his top aides met each year with presidential
appointees throughout the government, using PowerPoint presentations
to review polling data and describe high-priority congressional and
other campaigns around the country.

Some officials have said they understood that they were expected to
seek opportunities to help Republicans in these races, through federal
grants, policy decisions or in other ways.

A former Interior Department official, Wayne R. Smith, who sat through
briefings from Rove and his then-deputy Ken Mehlman, said that during
President Bush’s first term, he and other appointees were frequently
briefed on political priorities.

“We were constantly being reminded about how our decisions could
affect electoral results,” Smith said.

“This is a big deal,” Paul C. Light, a New York University expert on
the executive branch, said of Bloch’s plan. “It is a significant
moment for the administration and Karl Rove. It speaks to the growing
sense that there is a nexus at the White House that explains what’s
going on in these disparate investigations.”

The 106-person Office of Special Counsel has never conducted such a
broad and high-profile inquiry in its history. One of its primary
missions has been to enforce the Hatch Act, a law enacted in 1939 to
preserve the integrity of the civil service.

Bloch said the new investigation grew from two narrower inquiries his
staff had begun in recent weeks.

One involved the fired U.S. attorney from New Mexico, David C.

The other centered on a PowerPoint presentation that a Rove aide, J.
Scott Jennings, made at the General Services Administration this year.

That presentation listed recent polls and the outlook for battleground
House and Senate races in 2008. After the presentation, GSA
Administrator Lorita Doan encouraged agency managers to “support our
candidates,” according to half a dozen witnesses. Doan said she could
not recall making such comments.

The Los Angeles Times has learned that similar presentations were made
by other White House staff members, including Rove, to other Cabinet
agencies. During such presentations, employees said they got a not-so-
subtle message about helping endangered Republicans.

White House spokesman Scott M. Stanzel said the Hatch Act did not
prohibit providing informational briefings to government employees.

Responding to a letter of complaint to the White House from 25
Democratic senators, Stanzel said: “It is entirely appropriate for the
president’s staff to provide informational briefings to appointees
throughout the federal government about the political landscape in
which they implement the president’s policies and priorities.”

However, questions have emerged about the PowerPoint presentations,
including whether Doan’s comments crossed the line and whether the
presentations violated rules limiting political activity on federal

Whether legal or not, the multiple presentations revealed how widely
and systematically the White House sought to deliver its list of
electoral priorities.

In the course of investigating the U.S. attorney matter and the
PowerPoint presentations, Democratic congressional investigators
discovered e-mails written by White House personnel using accounts
maintained by the Republican National Committee.

For example, they discovered that Jennings, a special assistant to the
president and deputy director of political affairs in the White House,
was using an e-mail with the domain name of “” that the RNC

That domain name showed up in e-mail communications from Jennings
about how to replace U.S. Atty. H.E. “Bud” Cummins III of Arkansas to
make room for Timothy Griffin, a Rove protege, in such a way as to
“alleviate pressure/implication that Tim forced Bud out.”

Another Jennings e-mail using the RNC account requested that
department officials meet with a former New Mexico campaign advisor
who wanted to “discuss the U.S. Atty situation there.”

The growing controversy inspired him to act, Bloch said.

“We are acting with dispatch and trying to deal with this because
people are concerned about it … and it is not a subject that should
be left to endless speculation,” he said.


tom [dot] hamburger [at] latimes [dot] com



Network Hosting Attorney Scandal E-Mails Also Hosted Ohio’s 2004
Election Results

By Steven Rosenfeld and Bob Fitrakis / Free Press /  April 23, 2007

Did the most powerful Republicans in America have the computer
capacity, software skills and electronic infrastructure in place on
Election Night 2004 to tamper with the Ohio results to ensure George
W. Bush’s re-election?

The answer appears to be yes. There is more than ample documentation
to show that on Election Night 2004, Ohio’s “official” Secretary of
State website — which gave the world the presidential election
results — was redirected from an Ohio government server to a group of
servers that contain scores of Republican web sites, including the
secret White House e-mail accounts that have emerged in the scandal
surrounding Attorney General Alberto Gonzales’s firing of eight
federal prosecutors.

Recent revelations have documented that the Republican National
Committee (RNC) ran a secret White House e-mail system for Karl Rove
and dozens of White House staffers. This high-tech system used to
count and report the 2004 presidential vote- from server-hosting
contracts, to software-writing services, to remote-access capability,
to the actual server usage logs themselves — must be added to the
growing congressional investigations.

Numerous tech-savvy bloggers, starting with the online investigative
consortium and their November 2006 article cross-
posted by contributor luaptifer to Dailykos, and Joseph Cannon’s blog
at, outed the RNC tech network. That web-
hosting firm is SMARTech Corp. of Chattanooga, TN, operating out of
the basement in the old Pioneer Bank building. The firm hosts scores
of Republican websites, including, and

The software created for the Ohio secretary of state’s Election Night
2004 website was created by GovTech Solutions, a firm co-founded by
longtime GOP computing guru Mike Connell. He also redesigned the Bush
campaign’s website in 2000 and told “Inside Business” magazine in
1999, “I wouldn’t be where I am today without the Bush campaign and
the Bush family because the Bushes truly are about family and I’m
loyal to my network.”

Ohio’s Cedarville University, a Christian school with 3,100 students,
issued a press release on January 13, 2005 describing how faculty
member Dr. Alan Dillman’s computing company Government Consulting
Resources, Ltd, worked with these Republican-connected companies to
tally the vote on Election Night 2004.

“Dillman personally led the effort from the GCR side, teaming with key
members of Blackwell’s staff,” the release said. “GCR teamed with
several other firms — including key players such as GovTech
Solutions, which performed the software development — to deliver the
end result. SMARTech provided the backup and additional system
capacity, and Mercury Interactive performed the stress testing.”

On Election Night 2004, the Republican Party not only controlled the
vote-counting process in Ohio, the final presidential swing state,
through a secretary of state who was a co-chair of the Bush campaign,
but it also controlled the technology that allowed the tally of the
vote in Ohio’s 88 counties to be reported to the media and voters.

Privatizing elections and allowing known partisans to run a key
presidential vote count is troubling enough. But the reason Congress
must investigate these high-tech ties is there is abundant evidence
that Republicans could have used this computing network to delay
announcing the winner of Ohio’s 2004 election while tinkering with the

Did Ohio Republican Secretary of State J. Kenneth Blackwell or other
GOP operatives inflate the president’s vote totals to secure George W.
Bush’s margin of victory? On Election Night 2004, many of the totals
reported by the Secretary of State were based on local precinct
results that were impossible. In Clyde, Ohio, a Republican haven, Bush
won big after 131 percent voter turnout. In Republican Perry County,
two precincts came in at 124 percent and 120 percent respectively. In
Gahanna Ward 1, precinct B, Bush received 4,258 votes despite the fact
that only 638 people voted for president. In Concord Southwest in
Miami County, the certified election results proudly proclaimed at 679
out of 689 registered voters cast ballots, a 98.55 percent turnout. later found that only 547 voters had signed in.

These strange election results were routed by county election
officials through Ohio’s Secretary of State’s office, through partisan
IT providers and software, and the final results were hosted out of a
computer based in Tennessee announcing the winner. The Cedarville
University releases boasted the system “was running like a champ.” It
said, “The system kept running through the early morning hours as
users from around the world looked to Ohio for their election

All the facts are not in, but enough is known to warrant a serious
congressional inquiry. Beginning with a timeline on Election Night
after a national media consortium exit poll predicted Democrat John
Kerry would win Ohio, the first Ohio returns were from the state’s
Democratic urban strongholds, showing Kerry in the lead.

This was the case until shortly after midnight on Wednesday, Nov. 3,
when for roughly 90 minutes the Ohio election results reported on the
Secretary of State’s website were frozen. Shortly before 2am EST
election returns came in from a handful of the state’s rural
Republican enclaves, bumping Bush’s numbers over the top.

It was known Bush would carry rural Ohio. But the vote totals from
these last-to-report counties, where Karl Rove said there was an
unprecedented late-hour evangelical vote giving the White House a
moral mandate, were highly improbable and suggested vote count fraud
to pad Bush’s numbers. Just how flimsy the reported GOP totals were
was not known on Election Night and has not been examined by the
national media. But an investigation by the House Judiciary Committee
Democratic staff begun after Election Day 2004 and completed before
the Electoral College met on Jan. 6, 2005, was first to publicly point
to vote count fraud in rural Ohio.

That report, “Preserving Democracy: What Went Wrong in Ohio,” cited
near-impossible vote totals, including 19,000 votes that were
mysteriously added at the close of tallying the vote in Miami County.
The report cited more than 3,000 apparently fraudulent voter
registrations — all dating back to the same day in 1977 in Perry
County. The report noted a homeland security emergency was declared in
Warren County, prompting its ballots to be taken to a police-guarded
unauthorized warehouse and counted away from public scrutiny, despite
local media protests.

In our book, “What Happened in Ohio: A Documentary Record of Theft and
Fraud in the 2004 Election” (The New Press, 2006), we go beyond the
House Judiciary Democratic report to analyze precinct-by-precinct
returns and we print copies of the documents upon which we base our
findings. We found many vote-count irregularities based on examining
the certified results, precinct-level records and the actual ballots.

The most eyebrow-raising example to emerge from parsing precinct
results was finding 10,500 people in three Ohio’s ‘Bible Belt’
counties who voted to re-elect Bush and voted in favor of gay
marriage, if the official results are true. That was in Warren, Butler
and Clermont Counties. The most plausible explanation for this
anomaly, which defies logic and was not seen anywhere else in the
country, was Kerry votes were flipped to Bush while the rest of the
ballot was left alone. While we have some theories about how that
might have been done by hand in a police-guarded warehouse, could full
Republican control of the vote-counting software and servers also have
played a role?

The early returns on the Secretary of State’s website suggest
Blackwell’s vote-tallying and reporting system could manipulate large
blocks of votes. Screenshots taken during the early returns in
Hamilton County, where Cincinnati is located, gave Green Party
presidential candidate David Cobb 39,541 votes, which was clearly
incorrect. Similarly, early return screenshots in Lucas County, where
Toledo is located, gave Cobb 4,685 votes, another clear error. (The
screenshots are in our book). Were these innocent computer glitches or
was a GOP vote-counting and reporting system moving and dumping Kerry

There’s more evidence the late returns from Ohio’s Republican-majority
countryside were not accurate. During the spring and summer of 2006,
several teams of investigators associated with, notably
one team led by Ron Baiman, a Ph.D. statistician and researcher at
Chicago’s Loyola University, examined the actual election records from
precincts in Miami and Clermont Counties. These records — from poll
books where voters sign in, to examining the actual ballots themselves
— were not publicly accessible until last year, under orders from
Ohio’s former Republican Secretary of State. Baiman compared the
number of voters who signed in with the total number of votes
attributed to precincts. He found hundreds of “phantom” votes, where
the number of voter signatures was less than the reported vote total.
That discrepancy also suggests vote count fraud.

There was other evidence in the observable paper trail of padding the
vote, including instances in Delaware County where in one precinct,
359 of the final punch-card ballots cast on Election Day contained no
Kerry votes, which means the day’s last voters all were Bush
supporters, which also is improbable. In another Delaware County
precinct, Bush allegedly received the last 210 votes of the day. Were
partisan local election workers trying to mask what was happening
electronically to tilt the vote count?

Ohio’s 2004 ballots were to be destroyed last September. However that
fate was blocked by a federal judge, who ruled in the early phase of
trying a Voting Rights Act lawsuit that accused Ohio officials of
suppressing the minority vote in Ohio’s cities. The state’s new
Secretary of State and Attorney General, both Democrats, are now
holding settlement talks for that suit, suggesting its claims have
merit. However, unlike Florida after the 2000 election, there still
has yet to be a full accounting of Ohio’s presidential vote.

What’s clear, however, is the highest ranks of the Republican Party’s
political wing, including White House counselor Karl Rove, a handful
of the party’s most tech-savvy computer gurus and the former
Republican Ohio Secretary of State, created, owned and operated the
vote-counting system that reported George W. Bush’s re-election to the
presidency. Moreover, it appears the votes that gave Bush his 118,775-
vote margin of victory — the boost from Ohio’s countryside — have
yet to be confirmed as accurate. Instead, the reporting to date
suggests that what happened on the ground and across Ohio’s rural
precincts is at odds with the vote tally released on Election Night.

As numerous congressional committees attempt to retrieve and examine
the secret White House e-mails surrounding Attorney General Alberto
Gonzales’ firing of eight federal prosecutors, those panels must also
probe the privatization and partisan manipulation of the 2004
presidential vote count in Ohio. The lessons from 2004 have yet to be
fully understood or learned.

Similarly, the House Administration Committee, which is expected to
soon mark up H.R. 811, a bill by Rep. Rush Holt, D-NJ, to regulate
electronic voting technology, also must take heed. The vote count and
outcome of American elections cannot be left in the hands of known
partisans, who can control and manipulate how the votes are counted
and what is reported to the media and American people.

Public vote counts on private, partisan servers and secret proprietary
software have no place in a democracy.