Members: Maricopa County Libertarian Party, EDA, AUDIT-AZ, ACER and PDA

Oversight Proposal: The Phoenix Project
Protecting the Arizona Vote in 2008

Project Overview:

Pima County (containing the city of Tucson) is 17% of the Arizona vote and is already in good shape with a strong team for the November election.

Maricopa County (containing the city of Phoenix) is 57% of the Arizona vote. The county runs a spectacularly insecure and non-transparent process. As some examples:

1) Much of our work will be base on our finding from the February Presidential Preference Election - FULL REPORT:
(5,769 KB)

2) They outsource basic election system operations to Sequoia employees.

3) They have threatened observers with arrest merely for observing the central tabulator system with binoculars. This is a standard of observation blockage unmatched nationally.

4) It took a lawsuit the day of the 2008 Presidential primaries to get Libertarian observers in at all.

5) They use the uncertified Sequoia “BPS” software to do ballot-prep in-house, which creates multiple megabytes of data in a format easy to hand-modify (Microsoft Access databases). This data from an UNcertified source (BPS) is pumped into the certified election system (WinEDS) in the days leading up to the election, yet the county's position backs Sequoia's: the BPS data is “propriety trade secret” because it contains their proprietary software (per a Sequoia-letterhead memo in our possession).

6) Cables containing vital election information run hidden through walls and ceiling panels, where it can be diverted or split off for any number of nefarious purposes.

The Arizona Secretary of State's office maintains the statewide voter registration database. This office is wildly partisan; SecState Jan Brewer was the AZ Bush campaign manager in AZ in 2004 and is an ardent McCain supporter today.

Voter registration patterns are at a minimum very odd. In the run-up to the 2004 general election, the voter registration peaked months AFTER election day, suggesting that many people trying to register for the general were delayed until after election day. Liberal-leaning voter registration drives (notably Acorn) were subjected to harassment and general threats – the SecState's office appears to have assumed that their voter registration drives were fraudulent.

Action Items:

We propose a three-pronged attack on this entire process:

Subproject A) We MUST file a public records suit for the election data in Maricopa – esp. the BPS data. We think this will be a fairly simple operation as lawsuits go, if the other side wants to avoid discovery. Under AZ law, all voting systems have to be Federally certified. Right now the position of the AZ SecState and the Federal election authorities (Election Assistance Commission) is that BPS doesn't need certification. We disagree but that's OK, because they've acknowledged publicly that it is NOT certified. Having done so, no court can support pumping “trade secret software” OUT of an uncertified process into a certified one. In other words, what Sequoia is presenting overall is a legal anathema under AZ law: code that only they know the contents of are being transferred to a live voting system. They cannot then use the existence of a warped process of this sort to maintain trade secrets.

Note that BPS depends upon having present a full copy of MS-Access in order to run. Which means by design, the whole system is hand modifiable, another anathema under the Federal oversight guidelines. It seems likely this is why the BPS product wasn't submitted for certification: even the worst of the labs might have choked on this security disaster of a product.

The good news is that Sequoia's contract with the county indemnifies the county for any legal costs spent protecting Sequoia trade secrets in a public records action. So while we sue Maricopa County, the costs and lawyers will be all from Sequoia – the company will have to underwrite the full costs of the suit plus pay any penalties. We'll be suing the county only on paper, the indemnity clause means Sequoia is the real defendant which is unusual in a public records action. And that in turn means that a court is much more likely to apply the damages multiplier theoretically available: it won't come out of the taxpayer's wallets. The level of misconduct by Sequoia more than warrants such a multiplier – and that means finding a lawyer for willing to fight this will be easy.

Also good news: whatever we learn in this process will have national implications, and if the security implications for BPS are as bad as we suspect, we may be able to trigger a national re-think on Sequoia's certification status and possible refunds to counties and states. This in turn affects the whole debate on whether certification as practiced today is even useful.

PROJECT COSTS: we budget $1,300 for costs, filings and at least one deposition (likely Joe Kanefield of the AZ SecState's office confirming that what Sequoia is doing is fundamentally legally flawed). There's an excellent chance of getting that back because costs and penalties don't hit public funds.

Subproject B) We must watch the Maricopa election process again – this time starting earlier and basing operations in Maricopa. We need to be present at the beginning-of-cycle Logic & Accuracy test to examine security implications as best we can, be present during the counting process in shifts if need be and follow up with public records digging.

Subproject C) We MUST dig deeper into the AZ SecState's registration process. This will be a public records dig of almost epic proportions. We must use a “broad net” approach, using records requests that net broad takes of documents that the agency can't fully purge. At present we know nothing about this system: who built the database, what are it's security implications, how are changes made and tracked, is there personal accountability for operators and much more. Is the contractor reliable, and do they have continuing access? Is it “hackable” by insiders OR outsiders, or both? We don't have ANY answers to these questions.
PROJECT COSTS: costs for “b” and “c” can be merged as they both involve work in Maricopa. We need to spend a solid month-plus up there. We think the best bet is to rent a house – the real estate market is hammered and lots of stuff is available cheap.

• House rental: budget $1,000 for a month but we can probably do better. The idea is to have a combined living/office space close to where the project activities are, saving money in every aspect (food/gas/lodging). A search on “temp rents” at shows possibilities from $550 to $900ish.

• John Roberts Brakey will need $1000 (offsetting his normal income and basic expenses).

• Jim March will need $400 for basic expenses (Internet/cellphone/etc.)

• Meals: $40/day for three people max (split): $1,200 (it will usually be far less)

• Gas: $300 - Jim's motorcycle will help.

• Public records: $800 (Max – this could happen if the SecState's office attempts to “bury us in paperwork.” I've seen this particular tactic before and it often backfires on the agency as they're not able to vet every piece of paper with the degree of scrutiny we will apply.)

Jim March, Member of the Board of Directors / 916-370-0347 (cell)

John Brakey, co-founder of AUDIT-AZ (Americans United for Democracy, Integrity, and Transparency in Elections, Arizona) & Co-Coordinator Investigations for Election Defense Alliance
5947 S Placita Picacho El Diablo
Tucson, AZ 85706
Home 520-578-5678
Cell 520-250-2360

EDA & AUDIT-AZ’s Mission: to restore public ownership and oversight of elections, work to ensure the fundamental right of every American citizen to vote, and to have each vote counted as intended in a secure, transparent, impartial, and independently audited election process.

"Never doubt that a small group of thoughtful, committed citizens can change the world. Indeed, it is the only thing that ever has." Margaret Mead