Skip to main content

The Los Angeles BMD voting system as currently certified for use in LA County in the March 3, 2020 election faces serious problems. I have been an election observer for many years, and have brought demonstrated problems to the attention of the County Supervisors in the past.

Los Angeles BMD voting system

I also call attention to some misrepresentations made by Registrar Logan to the Board of Supervisors on January 28, 2020. It appears from the transcript that none of the Supervisors are familiar with the certification, the conditions, nor with the failed testing. I encourage them to read them, so they can see for themselves why this system is inappropriate for use in an election absent important modifications, suggested below.

The test results are detailed starting on page 12 of the Functional Test Report, and starting on page 17 of the Security and Communications Testing. They include:

Absent urgent and immediate action by the Board of Supervisors, the debacle about to unfold in our county will make Iowa look like a happy picnic.

  • The BMD system failed all of the security tests performed by Freeman, Craft, McGregor Group, from what I can see by reading the documents. If not all, then certainly most.
  • The BMD system failed multiple functionality tests as well.
  • As shown in the tests, these failures constitute a breaches of California code. Each code violation is listed in the respective tests.
  • Common sense observations show additional security problems.
  • Absent urgent and immediate action by the Board of Supervisors, the debacle about to unfold in our county will make Iowa look like a happy picnic.
  • Please note that the certification adds a few “fixes” to be made before the Nov. election, permitting the code violations to remain during the March 3 election. For this election, the software and hardware continue to be easily accessible without any detection.
  • I will include simple, easily implementable suggestions to minimize the current systemic defects. These could be instituted within a week.
  • I highly advise the hiring of an election integrity expert to inspect and remedy the second part of the equation: i.e. scanning and counting. I recommend either of two names for such task, both highly reputable: Bev Harris and John Brakey. I will be glad to provide information re their many years of election integrity work. They are both nationally known experts.

The failed tests are all extremely serious, and include, but are not limited to(quotes are verbatim from the SOS site):

  • It is possible to insert or remove ballots from both the BMD and ballot transfer boxes.
  • Access to the configuration files for BMD and BMG was prohibited, but could be obtained for everything else.
  • The ability to boot from USB ports allows election data to be modified.”
  • Seals, locks, labels and sensors can all be bypassed.
  • Lack of full disk encryption
  • High dependency on root access, too many people have root access.
  • Locks and tamper seals are subject to picking and removal without detection (all parts of the system)
  • Unrestricted access to workstation cases
  • If a voter tries to vote for more than the allowable number of candidates, the BMD cancels the first choice and records the second without informing the voter of the change.
  • Unvalidated cryptographic modules
  • The unrestricted access to, and the ability to boot from, the USb port allows access to voting data.
  • The printer cover allows access to the ballot box and can be opened without detection.
  • There is no documentation (serial numbers) for the version numbers of hundreds of support packages.
  • The testers were able to gain access to the electronic event logs. (I.E. we will not know if the system has been violated.)
  • The testers were able to gain access to thee system REGARDLESS of mitigations.
  • The paper jams are 5X more frequent than allowable by CA code. (sic)
  • A jam in the ballot box requires the box to be opened.
  •  (The election management system was not tested and testing was for only the software and equipment tested in December.)

Additional failures

Mr. Logan told Supervisors that “it (ballot) will go into a secure ballot box where it will remain until it goes back to our office”. However, testing shows that the boxes are not secure, even when sealed. The remedy agreed to by the registrar and SOS, is a better seal. But, these boxes are visibly small. They also have dual access. They hold 200 ballots, at best, depending on how the ballots fall into the box. That means they will need to be opened, emptied, and closed multiple times, and the ballots placed into a real ballot box. When I asked about this at a demo center, the County employee assured me that a seal will be placed on the box, the seal and ballots removed, and a new seal placed each time they open the box. However, this violates simple chain of custody of ballots. Using these ballot boxes entails a lot of physical handling of our ballots by 1000 different people or more, over 11 days and nights.

Easy fix: Order 1000 large, secure ballot boxes, with a padlock kept in a secure, no human access location, such as a police station. The ballot boxes must never be opened during the 11 days and nights. Only the voters should touch their ballots, which are placed by those voters directly into the secured ballot boxes. You should also order the plastic ballot boxes removed from the BMDs, which solves the problem of the frequent paper jams, which are in violation of California code.

And a third problem created by the LA system; ballots should never be placed under a printer head. Doing so can add votes, and or void ballots. A time should be set for setting up the ballot boxes for public inspection, and a time for closing and sealing the boxes with public inspection to take to Norwalk, because the public must be able to verify chain of custody. The public must be able to verify chain of custody. This replaces the current system featuring small plastic units that are sealed and unsealed, then sealed again, then unsealed once more, by at least 1000 different people over 11 days and nights, is not secure, nor is it in any way a good idea.

The so-called “human readable paper ballot” is not to be counted in the proposed system. Instead our votes are translated to a QR code, which is scanned and tallied at Norwalk. This does not meet the definition of a voter verifiable ballot, because the voter can not read the QR code, which is what is actually counted . In fact, with all of the additional security concerns, it would be rather easy to choose any group of voters and switch those votes, or remove a ballot measure for one precinct, or by zipcode, or by age. We will never know, unless every voter has a Q code machine to decode the Code for voter inspection before placing their ballot into a secure ballot box..

The fix for this would be: Remove the QR codes, or hand count every paper ballot, using the jury summonsing procedure if needed to guarantee ample counters. Oregon has outlawed the use of QR codes because they may be used to change votes.

Studies show that when BMDs are used, rather than voter marked ballots, errors and elimination of races are NOT noticed by the voters 60 to 93% of the time, although the voters inspected their printed ballots.

The fix: Provide a table for the voter to go to examine her/his ballot calmly. With a notification to “take your time inspecting your ballot. “ Since we will be using a separate, more secure ballot box, the voter can step away from the BMD, without the pressure of finishing quickly because other voters may be waiting.

POLL scan: Poll scan should be disallowed completely and turned off. We cannot be sure that the vote has been translated into a code which faithfully and transparently REPRESENTS the intent of the voter. For our votes to be verifiable, they must be in a human, voter legible, language.

Scanning: There is a system, designed by John Brakey, called “the Brakey method” by other election integrity scholars. As the ballets are scanned, each scan is made public. This can be posted online, for example. There are no voter identifying factors on the cast ballots. Therefore, making the images public poses no type of security risk to anyone. These images do belong to the public. It is an easy way to allow the public to verify the vote count. It encourages public participation in elections. It provides a hand count without the expense. It is the ONLY way, absent manual hand counting, to ensure fair and accurate vote counting. Mr. Brakey has obtained the ballot images per court order in the Alabama special election of 2017. It is my belief that he, in fact, saved that election from intended election fraud by doing so. This is a way for the Supervisors to conduct the election for the voters, for an honest and fair election, and to encourage voter turnout!

Bev Harris proved that “fractioning” is prevalent in US voting tabulation, i.e. any chosen group of voters’ votes can be given more or less weight during tabulation. As Clint Curtis, a software engineer (NASA) testified to the OHIO congress 15+ years ago, he can easily insert malware into a digital election system, which will then destroy itself, and never be detected. Coupled with the electronic pollbook, this system is perfect for such a violation. You can chose voters by zipcode, age, language, or any other criteria, to disenfranchise. This might happen via the QR code, or as the ballots are fed under the printer head, or during tabulation. Any person who tells you this system is secure is misleading you.

Please note that in the 2016 presidential election, here in LA, a volunteer found thousands of ballots in Norwalk being remade by computer, eliminating their presidential votes. 2000+were already completed, with some 60,000 total estimated by Mr. Logan. Mr. Logan agreed to count those votes. That is why a hearing in front of the Supervisors was not requested.

Similarly, Mr. Logan admittedly lost 49,000 votes with the double bubble ballot which became a national scandal. I was the person who brought that to the supervisors’ attention many years ago. Our calculation at the time was 80,000 lost votes. Those votes were never recovered. These were NPP voters. In fact I had personally warned Mr. Logan weeks before the election that this would happen. These events and many more have been forgiven by the BOS as ”errors”. Voters do not want such errors in this election. The “errors” tend to happen to Latino communities, young voters, and NPP voters consistently in Los Angeles County. Again, Mr. Logan was warned weeks beforehand, as soon as the ballot design was made public, that this would happen. (common sense) He declined to fix the issue, a bubble asking “Do you want to vote for President?”, advising us that it would not cause any problem. Los Angeles voters were disenfranchised. They lost their presidential votes because they declined to check an extra box, which is of course, not legal to require.

In this instance, the ballot design was outsourced to the Diebold corporation, and the request was made by the CA Democratic party, according to Mr. Logan. Notably , in LA County, the vote by mail ballots have been received by the same corporation, just with a name change. This outsourcing contract was signed in 2001, and was confirmed to be still in effect in 2016. This makes voting by mail unsafe in LA County. This fact is generally unknown, and hidden by saying the VBM ballots are received in Norwalk, which is true. You, the Supervisors, have approved each renewal of that contract.

Scroll to Continue

Recommended Articles

In election after election, these “errors” ,i.e. loss of the ability to vote on election day, or loss of the votes themselves, are clearly foreseeable. Election after election, we advise on how to fix the obvious problems. In every election, Mr. Logan ignores the simple, inexpensive fixes. (E.g. the fix of printing more ballots in 2008, for example. )Instead voters reported seeing posters in the precincts saying “Your provisional vote counts! “ And 200 trucks full of generic yellow ballots, which were not legal for use as ballots under CA statute.

The gravity of the certification and use of this system is far-reaching. The fallout will be large, once the public and press become aware.. The articles by Brad Friedman are correct, though called “misinformation” at the BOS on January 28. By calling the undeniable facts, as published by the SOS, “misinformation”, Mr. Logan ignores the testing info. Most of the “conditions” are to be met AFTER the March 3 election. Please verify this by reading the attached SOS documents. Mr. Logan advised you that “We will meet the conditions”. He did not tell you that they do not apply to the upcoming primary!

Misrepresentations to the Supervisors by the Registrar on Jan.28, 2020:

  • “It is secure and reliable.” (The tests contradict this.)

“It is not a networked system”. Of course it is! (Later corrected by Mr Logan, but I’m not sure the Supervisors understand that it IS exactly a networked system, and yes, that is a problem.) It would not work otherwise. The epollbooks (networked) are clearly a security flaw, as anyone can go in to our registrations and make alterations. As the tests inform, no one could detect such change. LA County has a long history of registration changes made by someone other than the voters. Digitizing makes alterations even easier and faster. The paper voter registration cards at Norwalk are being destroyed. It was through the signature cards that voters could verify the alterations made by others. The new system actually eliminates paper signatures and roster books, two important items which help to enable verification of a fair and honest election.

  • “There are going to be people who wish things were different…false information…. use trusted information”. The documents contained here with are true.
  • “They don’t maintain any information about the voter.” Of course they do! Name, address, party, how you vote, by mail, etc, date of birth, precinct, and which local elections you vote in.
  • They mark in a way that is unambiguous.” Mr. Logan failed to explain that it is the CODE, which will be counted. The code is illegible to the voting public, making it maximally ambiguous
  • “One of the things that we face is that there is a lot of misinformation”. The disinformation, in this case, comes straight from Mr. Logan, misrepresenting the testing and it’s implications.
  • Mr. Logan failed to clarify for Supervisor Kuehl, when she believed “It is only a ballot marking device.” It is much more. I suggest we use it only as a ballot marking device in this election, which minimizes many security risks and a few functional flaws.
  • When asked about the conditions, of the certification, Mr. Logan assured her that the conditions are de minimus. “Every voting system…contains conditions. On average the ….had 18-20 conditions. Our system had 30 conditions…. you know things like to have our headlights on when it’s raining….” (In fact, it is 100% insecure, failed the tests, and is to be used as is, with only the addition of “better seals”, and USB port covers.” It will still have connectable software for this election. and a digital voter database is not secure.)
  • “The system was independently tested” (The sentence itself is accurate. But, the tests gave the system an “F”, rather than an “A”, as Mr. Logan implied. The SOS included instructions to the testers that they NOT give opinions as to whether the system is suitable for use in an election. No one should hesitate to ask the testers if they think the system is suitable or not.

Unfortunately, the Supervisors have been misinformed about the BMD system. Equally unfortunately, the SOS conditionally certified it, even though it does not obey state law, i.e. the minimum requirements.

You, the Supervisors, were unaware of the foregoing at the meeting on January 28th, and believed that the communities had “false information about the system”. But now you know. Please review the tests and take immediate action to stop the most egregious aspects of the BMD system before allowing its use in our County.

Just read the tests and the Certification, and it becomes obvious. Look at the plastic ballot container with voters’ eyes. Even though certified for use, you can stop the use of the most egregious and insecure parts of the system. The national public is slowly becoming aware of the upcoming problems in CA, especially LA County. California and Georgia have been cited as the states most likely to have widespread election fraud during the primaries.

These remedies I’ve suggested are easy, fast, and inexpensive. They will not guarantee a 100% secure election. But they will ameliorate the current system’s many vulnerabilities. The BMDS, right now, are ripe and ready for multiple alterations of the votes and/or vote counts. Across the country voters are starting to call for a permanent ban on BMDs. It is true that this system is excellent for some disabled groups. I also applaud the addition of names on the ballots, which we have requested to Mr. Logan since approx. 2007. Unfortunately he thought the storage cost would be higher, preferring to spend millions of dollars for poorly designed ballots which disenfranchised voters.

To recap, I encourage you to adopt the following measures immediately. I urge you to discuss this on Tuesday, Feb. 11 and to act quickly to secure our March 3 election!

  • Replace the insecure ballot boxes with new, large, secure, metal ballot boxes, including large padlocks, which keys are kept/held by the police or sheriffs.
  • Encourage the public to watch the ballot boxes, including when transported to the Registrar’s office for counting.
  • Disable/remove all QR codes.
  • Disable the poll pass scanners used for cell phone voting by code.
  • New chain of custody and security measures for ballots sent by mail. Again, sheriffs or police should be entrusted with care of the ballots, which should stay in secure ballot boxes until the count. Right now, we only know that these ballots are going to multiple P O Boxes. And that from 2001 to 2016, they were received by the Diebold Corporation, now called ES&S, which corporation is not reputable.
  • Encourage voters to spend as long as possible examining their ballots, given the propensity to not notice errors when ballots are computer generated. Tables or a place to sit, and signage are all that is needed.
  • Publish the ballot scans on the internet as they are being scanned, so the public and other stakeholders can verify the tally.

There is a chance for you to step in quickly and save this County’s election from what is surely to become a “fiasco” or a “scandal”, absent your immediate action.

I would be glad to speak with Supervisors personally, if you wish. I can be reached at 424-293-2576. I look forward to hearing from a member of your team regarding your position once you are familiar with the facts. I ask that you schedule time to hear from the public on Feb 18, unless these precautions have been approved on Feb. 11.

Robin Gibson