Documents show Georgia's Secretary of State knew of Diebold patch
Published: Wednesday July 30, 2008
Georgia complained to Diebold about patch after election
On Dec. 3, 2002, Georgia Secretary of State Cathy Cox’s office faxed documents to the then-president of Diebold Election Systems Bob Urosevich listing a series of issues that occurred shortly before the November 2002 election.
Documents provided to RAW STORY by a whistleblower close to Cox’s office show that one of the key problems Georgia officials were trying to resolve was related to an unauthorized patch installed on machines prior to the election.
In one document, Cox’s office asked Urosevich for confirmation that a “0808 patch was applied to all systems; confirmation that the patch was not grounds for requiring the system to be recertified at national and state level; as well as verifiable analysis of the overall impact of the patch to the voting system” (See attached pdf, p. 3)
Cox didn’t know prior to the election that a patch had been installed, the source said. Cox, who is now president of Young Harris College in Georgia, returned phone calls but could not be reached for comment by press time.
“People working for Diebold were told to keep this quiet so Cox would not find out,” the whistleblower said. “They knew she was in over her head and had come to completely rely on Diebold. They controlled the warehouse, the machines, and the certification. There were no state employees.”
Diebold renamed itself Premier Election Solutions in 2007. The company has come under fire on numerous occasions for failing to protect its software from hackers, and its systems have been decertified in California. Maryland's House of Delegates voted to ban the company from its electronic voting in 2006, though the law didn't pass the Senate and state is now considering Premier for their optical scan systems.
According to this individual, this was the patch that he then passed on to cyber-security expert Stephen Spoonamore. Spoonamore, a highly regarded computer security specialist who has worked for US government agencies, has since come forward claiming that he took the Diebold patch to the Department of Justice -- specifically to the Cyber-Security/Cyber-Crime unit of the Computer and Intellectual Property Section -- after it was brought to his attention.
Calls to the Department of Justice seeking confirmation that Spoonamore had delivered the Diebold patch were not returned.
Initially, the whistleblower said, there were no concerns or questions regarding the $54 million contract, for which Diebold beat out eight other firms, to install a statewide electronic voting system. It was only after certain “red flag” events occurred that people inside the Secretary of State’s office, as well as Diebold employees, began to have suspicions, he added.
What initially raised questions, according to the source, was the behavior of then-Diebold CEO, Bob Urosevich, who personally flew in from Texas and applied the patch in just two counties, DeKalb and Fulton, both Democratic strongholds.
Another flag went up, this person added, when it became apparent that the patch installed by Urosevich had failed to fix a problem with the computer clock -- which employees from Diebold and the Georgia Secretary of State’s office had been told the patch was designed specifically to address.
The Secretary of State’s office became aware of this installation during the month after the November 2002 election, as the documents are dated Dec. 3. It's unclear how Cox handled the findings once she was made aware of the patch installation and other technical issues cited in the documents.