Pima County Election Integrity Trial: Testimony of Mr. Merle King
Please see the Election Integrity Homepage for complete coverage and the latest news.
The county made a point of stressing that they only paid Mr. King $10
for his testimony, seeking to bolster his credibility with the judge: I
think they may have paid too much.
"The Man from Diebold" is the maybe-not-so-affectionate cognomen given to Mr. Merle King by election integrity activists at the trial. His testimony constituted the big hired gun for the defense – the county’s best hope to defend the honor of Diebold, and to justify the withholding of the database by explaining the risks inherent in the release of this data "into the wild," as King and the county’s attorneys put it.
Given that King clearly admits that an operator could rig an election using Diebold’s GEMS software, and may escape detection in doing so, he would seem to have failed his primary task of protecting Diebold’s reputation. Given that Bill Risner picked apart every threat scenario on cross-examination, making those threats seem vanishingly implausible, if not down-right impracticable, compared to the clear and admitted threat of a corrupt insider, he signally failed at the latter task as well.
King made the damaging admission that, to his knowledge, no outsider has ever even attempted to rig an election through hacking of the sort he hypothesizes. The only actual example of electoral mayhem he ever came up with was a guy with a hammer who tried to smash a touch-screen computerized polling machine. Apparently, we need to keep the location of hardware stores a secret.
I would not be surprised if attorneys across the nation will be studying Risner’s cross examination in preparation for their own suits to liberate Diebold’s and other vendors’ tabulator software databases for public scrutiny. It was just that good. A pleasure to watch, and, I’m sure, even more of a pleasure to deliver.
King’s expert testimony was the spine of the county’s case. Risner broke it like a professional wrestler taking on a rube from the crowd.
Risner used a tried and true technique: when confronted with an expert claim full of vague and alarming claims, simply ask, "How." When King claimed specific threats, such as the reprogramming of memory cards in scanners, or creating spurious ballots, or simply spreading chaos and uncertainty, Risner just got down to the business of asking exactly how these exploits would be accomplished.
What emerged was a taxonomy of threats that break down into three categories; the impractical, the absurd, and the unspecified.
Let’s start with the impractical. King described possible exploits using data that might be found in the databases; using the codes and ballot rotation information to reprogram precinct scanners to spoof the reading of ballots, and using ballot layout information to print spurious ballots that would result in misassigned votes.
Both exploits are certainly possible, but have two pre-requisites that make them impractical; they require that one acquire the needed information from the database before the close of the election (and the parties would get the databases only after the election was closed – and because of the preparation and execution time required, one would really need the information considerably in advance of the election), and they require physical access to election equipment (which would be very difficult due to security protocols such as tamper evident seals and mixed-party observers present during the exploits).
Risner also demonstrated that information in the databases needed for these exploits is often already in the public domain (such as ballot rotations and ballot layout), or that the exploit would be far easier to accomplish using other means (such as spoofing ballots by modifying early voting ballots with Photoshop).
Next, there was the absurd. Most vexing was the claim that some party with enough public esteem to be credible would squander that credibility by modifying the copy of the database provided them and claim publicly that theirs was the true outcome of the election. This was described repeatedly by defense counsel and witnesses as a realistic strategy for spreading chaos and uncertainty to undermine our elections and discredit the election system vendors involved (I think I can detect who promoted this particular trial strategy…). I call this the reputational suicide exploit. Bill Risner asked King rhetorically how long it would take before this theoretical party would be "tarred and feathered" and have to "high-tail it outta town."
You see, all political parties would receive the same database and the original would also be retained. It would be a trivial task to prove such claims to be a sham and then to destroy the credibility of the claimant – and the other political parties would be only too happy to help do so. There is a balance of power inherent in transparent security arrangements. Our own government’s separation of powers structure is such a security protocol – or, at least it is supposed to be… In any case, King’s claim really only applies to fringe conspiracy groups and malcontents who might get the database from "the wild."
At one point during King’s testimony, as he was describing hackers who persistently delved into the vulnerabilities of election systems, Jim March of BlackBoxVoting.org, who sat at the plaintiff’s counsel table typing messages to Risner calling bullshit on matters technical, typed during King’s testimony in a giant font size so that people in the audience behind him could see, "Gee, you think he’s talkin’ about me?" I think King certainly was really talking about him and folks like him. King’s "chaos theory" as it came to be known around the plaintiff’s table was really aimed at those who annoy and bedevil the vendors whom King and those like him speaks for. They might actually believe that these hacker-activists aim to bring down and discredit the election system: but most people readily understand that their aim is to strengthen democracy, not undermine it.
Another specimen in the absurdity menagerie is the leverage hypothesis. King claimed that information in the database could be used to reduce the probability space for a brute force attack on encrypted passwords in the database. That’s just true enough not to be perjury. What he certainly tried to avoid highlighting is the inconvenient fact that those passwords are constantly changed; so they are useless. And that cracking one password doesn’t give any leverage for cracking another; so they are useless. And that GEMS is vulnerable to a very simple exploit to avoid password protection with just a few clicks of the mouse; so they are useless.
The final category of threats I call the unspecified. These are the Rumsfeldian unknown unknowns. The claim is that hackers are wily beasts. You can never tell to what clever use they might put that additional jot of seemingly innocuous information. You can’t trust them, so it is good security to just deny them all the information you can. If this is sounding familiar, it should: it’s the Bush Administration’s approach to public information in the face of the terrorist threat – treat the public as if they were terrorists.
This is not only a rather contemptible policy for a free society, it is legally questionable in this context. You see, the county bears an evidentiary burden of persuasion as to the balancing test between the public interest in access and the government’s interest in confidentiality. By using such a vague and unspecified threat as an element of that burden, they are in essence saying that it is incumbent on the plaintiff to show that there is no possible harm. That is known as burden shifting – and it is a big no-no.
These vague imprecations underlie a lazy and deficient approach to security that the election integrity crowd refers to as "security through obscurity." Keeping a weakness secret is the worst possible way to implement security. Conservatives like to say "security through strength." Well, election integrity folks agree. Security systems around something as important and fundamental as our franchise should be robust and transparent systems that do not rely on dirty little corporate secrets; nor on just trusting any one person or group of people to do the right thing.
You see, the plain truth is that secrecy is cheap on the front-end and expensive on the back end. The corps have to pay the front-end costs of implementing security in the systems they vend, so they like secrets, not real security solutions. But the public pays all the back-end costs in stolen elections, undermined public confidence in the system, and unintended Presidencies that cost us lives, treasure, and precious reputation.
The EI movement is about putting those back-end costs back up front and forcing the corporations who only see a way to make a buck to meet much higher standards if they want to play a role in our elections. Lawsuits like this one, which expose this con game, and the con men like King who enable it, are an integral part of that fight.
I feel proud and humbled to have had the privilege to watch this work being done, and to have been inspired by the patriots doing it for no other reason than a burning love of democracy and the American way. As John Brakey of AuditAZ explained about why he does this work on his own time and his own dime, "Once your grand-daughter grabs you by the finger – that’s it, buddy. You’re done."
After the flip, the summary of Merle "the Man from Diebold" King’s testimony. Big props to David Safier for his able and tireless work to compile these summaries. Please recall that these are paraphrased condensed summaries, not transcripts…