Fatally Flawed: Uncovering Election Fraud in Pima, AZ

Source: http://www.fatallyflawedthemovie.com/pages/story.html


The following is an introduction to a series of election fraud investigations and ensuing court cases in Pima County, AZ, spearheaded by investigators John Brakey of EDA, Jim March of BlackBoxVoting.org, attorney Bill Risner, and a host of election activists including AUDIT-AZ and the Arizona Democratic and Libertarian parties. The events are being recorded on video in the development of an EDA-sponsored feature documentary film, "Fatally Flawed."

Election Fraud: The Problems are Inside. The Solutions are Outside.

John Brakey became an elections investigator shortly after an eye-opening experience as an elections observer in 2004. In his home county in Arizona, pollworkers were "stacking the vote" by using a phony provisional list. When Brakey questioned the pollworkers about their procedure, the pollworkers suggested they "take a look in the back room." In this largely Hispanic district a few die-hard Republicans (re-registered as Democrats) apparently had in mind their own brand of democracy and were ready to "beat it into John Brakey."

Brakey later teamed up with Dr. David Griscom, (Adjunct Professor of Materials Science & Engineering, University of Arizona) to thoroughly analyze the inconsistencies within the 2004 elections in Pima County, Arizona. Lessons from 2004 prompted a greater awareness when it was needed most, in 2006.

After encountering considerable resistance to public scrutiny from the Elections Division of Pima County, Arizona, the Democratic Party had to sue the election asministrators of that county to examine critical public election data. The court ruled in favor of the Democratic Party and instructed the Pima County Elections Division to hand over the database files. These database files include computer databases from elections in between the years of 1996 and 2006.

A detailed analysis of the data files obtained in the 2007 public records suit provides substantial evidence of elections tampering by the Pima County Elections Department in the May 2006 election. That election included the RTA (Regional Transit Authority) Question 1 and 2 involving $ 2 billion dollars of taxpayer funding.

Sufficient, convictable evidence of foul play exists despite attempts by the Pima Elections Division to hide, alter, and suppress this evidence. The Pima Elections Division electronically manipulated existing database files, lost evidence containing an 'untainted' version of the database files, and illegally obtained possession of the database files during the legal process.

Suppression of evidence first occurred on the election evening of May 16th, when Ted Downing was serving as an election observer. Ted Downing contacted Donna Branch Gilby, the Democratic Party Chair, and she arrived with her husband, Bob Gilby. Through the glass of the tabulation center, they took a photograph of an instruction manual for Microsoft Access software.

The Access software can be used to manipulate election database files outside of the official GEMS tabulation software. At this time (between the hours of 8:00 PM and 9:00 PM), Downing and Gilby requested that a 'snapshot back-up' be taken of the data. Elections Director Brad Nelson refused. The time required to perform a 'snapshot back-up' is approximately two minutes. The last 'snapshot backup' was performed approximately 4 hours earlier, when the department finished scanning the mail-in ballots. Analysis of the electronic database shows a significant departure from the routine in how the elections data was handled in the previous five years.

This departure from the routine started on the same evening that Donna Branch Gilby and Ted Downing made known their suspicions about the integrity of the elections data. A huge number of precinct votes were processed on election night (after the election observers left the premises) and into the following morning. Contrary to routine practice and basic data security, no final daily backup was made after the votes were processed. In fact, no backup was ever made for the following three days. The number of precincts processed within this time period was as few as 118 and as many as 149 (out of 368). Additional mail-in and provisional votes trickled in throughout the week.

The most fundamental safeguard against compromising elections data is to create a back-up file on a routine basis or after a significant amount of processing takes place. Under normal circumstances, back-up data of the mid 2006 election would exist in these database files between the dates of May 16 and May 19th. This lack of any back-ups at the end of election night processing and in any of the three days that followed is caused by one of two reasons. The first reason is that Brian Crane, a Pima Elections IT staff worker, broke from a routine of at least 5 years and somehow forgot his habit of making back-ups of the data. Second, the backups were being created without an audit log trace and moved onto another drive. Analysis of the database logs confirms that Brian Crane had the means to make a database copy with no audit log trace.

An untraceable copy of the database was created by Crane on the 20th of May. That database copy remains on a hard drive entered as court evidence. If these database backups made outside the audit log trace were created between the 16th and the 19th of May, they would have to be removed from the drive at some point before the drive was acquired through a subpoena. The first public records request occurred much later in the year (September 14th), so the Pima County Elections Division was afforded sufficient time for any data manipulation.

The Arizona Secretary of State's office, however, had a copy of the RTA database that could not have been altered. By November of 2006, the Pima County Democratic Party had organized a whole crew to scrutinize the Pima County Elections. Around the same time, the Pima elections office requested that the Arizona Secretary of State return all of the elections data they held as back-up through the years.

All the back-up tapes from years of elections were shipped back to Pima County in a box. According to Pima County, the one tape in the box containing the unadulterated RTA database file was missing and never found. Pima County does have in possession, however, computer database files from elections within the years of 1996 and 2006. They may not be as pristine as the 'Secretary of State' tape that was lost, but enough information exists as proof of tampering.

Before it was analyzed by outside parties, this 'snapshot' of data was transferred to two identical drives and placed into a single box. This box was transported with security to the Pima County vault under a court order. The Democratic Party is grateful to have this data, because it risked a similar form of disappearance. Pima County employee John Moffat had removed the box of drives from the vault in violation of a court order. Fortunately, the Democratic Party's legal team quickly made this discovery and obtained the data without additional tampering.

The Pima County Elections Division has operated for years without any kind of public scrutiny or oversight. New demands for transparency appear to have prompted drastic measures involving the control and removal of evidence. In the days prior to this demand for transparency, tampering of the database files appeared to be absent any concern for outside searches into the databases. Arizona Attorney General Terry Goddard hired an outside organization called iBeta to analyze the RTA database log entries.

As the iBeta report put it: "The basis of the investigation is that there are log entries that point to tampering - but it is far easier to remove evidence of tampering from the logs than to actually tamper with the vote totals in the Microsoft Access database that the GEMS software uses. So it does not follow that someone with the knowledge to manipulate the GEMS data would neglect to alter the log file to remove the evidence of the manipulation."

The iBeta report is referring to a form of computer manipulation that requires the confirmation of two warning prompts. The changes appear to be deliberate and the unaltered log entries seem to be an oversight. Database logs also indicate the printing of summary reports that show the outcome of the elections before the elections were concluded. This activity is illegal and clearly intentional as each printing occurred ten minutes apart.

Here are the circumstances of this first round of data tampering:

1. On the morning of May 9th, 2006, the elections department performed an official logic and accuracy test.

2. On the morning of May 10th, 13,618 mail-in ballots were scanned in approximately four hours. Once the task was completed, Brian Crane made a backup copy labeled 'early day 1' at 12:27 PM. This 'backup snapshot' is now an additional file with the label 'early day 1' to denote the first day of scanning early (mail-in) votes. The disk now contains the main data file used continuously through the tabulation process and a 'backup snapshot'. No additional snapshots are recorded on this day.

3. On the morning of May 11th, Crane logs in 9:55 AM and, 31 seconds later and overwrites the previous day's 'backup snapshot'. Here is where he has to confirm with two warnings about the file overwrite. Not only is this act deliberate, but it is likely performed to change the results of the early vote totals tabulated in the previous day. Illegal summary reports were printed. They showed the current outcome of the election. These were time-stamped at 9:56 AM and 10:06 AM respectively, so they were deliberate actions occurring 10 minutes apart.

These events are significant because they show that:

1. Enough data was collected with the mail-in ballots to make a predictionif the election results.

2. There was sufficient time to manipulate the main database and change potential election results before the file overwrite. The 13,618 ballots were counted on that day by 12:27 PM. The overwrite didn't occur until the next morning.

3. An opportunity exists to verify that the changes to the database file were successfully implemented. A second printout was likely needed for someone other than Brian Crane.

A considerable amount of work was required to uncover the second round of data tampering. This is revealed in the recount of Oro Valley town council race, which also contained the ballot initiatives for RTA Questions 1 and 2. The Oro Valley race was subject to a recount as required by law because the margin of victory was 1/10th of 1% or less.

Ballot adjustments by the elections division is highlighted by the unusual amount of flash memory cards that somehow malfunctioned when transferring data. Pima County has 368 precincts and each precinct's election results are recorded on a flash memory card. After all the ballots are recorded on each card, the data is transmitted via phone modem to Pima County Elections' central tabulator.

In each precinct, as the memory cards are inserted into the computer, the computer reads the identifying signature on the memory cards before a successful transmission of data takes place. Once the transfer is completed, the cards are returned to the Pima County Elections division.

There are two indications in the database files that a significant number of cards malfunctioned when transferring data. The first was a very large number of precincts that were processed late on election night. The number of precincts processed within this time period (marked by the lack of any backup data) was as few as 118 and as many as 149 (out of 368). Precinct data delayed for this length of time is typically the result of modem transmission failures that require the physical transfer of the memory card to the central tabulator for upload.

The logs for the 2004 general election featured a far more complex ballot and a similar number of precincts (2004 had 358, 2006 RTA 368). This 2004 election experienced about 19 modem transmission failures or late uploads. The RTA modem or line failure rate appears to be unusually high.

The second indication was the very large number of cards that had to be uploaded to the computer more than once. During the RTA election cycle, 93 precincts worth of memory cards were uploaded at least twice -- in other words, something was 'wrong' with the first upload and it had to be repeated. One precinct (number 324) was reloaded as many as six times.

In stark contrast, the 2004 general election only had five memory card re-uploads. No complaint was made by the Pima County Elections Division to Diebold about these extraordinarily high failure rates of their cards. So if Diebold is not to blame for the massive data card failure, who is responsible?

In August of 2005, the Pima County elections office bought a 'crop scanner,' a device that provides the means for the Pima County Elections Division to alter memory cards. This device was able to connect the Diebold-supplied memory card to a standard PC and give that computer read/write access to the card. The data on the card created by and managed by Diebold software had no encryption and could be easily edited. This handheld crop-scanner device existed in the Pima elections office with no tracking or access controls from August 2005 through early 2007 when the Pima Democratic Party and their supporters uncovered it in a public records search.

Manipulation of data on individual precinct memory cards is a precarious proposition, especially with a large county like Pima. Of the 368 precincts, how many flash data cards would have to be manipulated to avoid detection? Which precincts should be manipulated to avoid detection? Answers to these questions are not cheap.

Prior to the May 2006 election, Pima County paid $75,000 to consultant (and former Pima County employee) James Barry. Barry was hired to study the four prior transportation bond measures (none had passed) and figure out on a precinct detail basis the necessary numbers to win an election initiative. The RTA campaign itself was appreciative of Barry's efforts and pitched in an additional $13,000 for his advice.

There is an additional hurdle when it comes to altering Diebold flash data cards. The movie "Hacking Democracy" contained a fine demonstration by computer security professional Harri Hursti, but manipulating data cards requires a certain level of expertise. Editing these flash data cards using a crop scanner without affecting the signature data and/or the successful transmission of data is a difficult task. The sheer number of data card failures in Pima County's May 2006 election suggests this kind of tampering was attempted, but not successfully.

The manipulated data required a lot more time and patience to finally load into Pima County's central tabulator on election evening and in the days of the Oro Valley recount. Detailed analysis of the Oro Valley recount turns indirect evidence of data card anomalies into direct evidence of election fraud. Additional back-ups of the database files resumed their appearances on May 19th and May 20th during the mandatory recount of the Oro Valley precincts.

In addition to the countywide ballot initiatives, Oro Valley had a city council race that required a recount. The Pima County Elections Division performed an illegal 'pre-recount analysis' before the official recount with no outside oversight, and subsequently manipulated the results to make the second result closely match the first result.

Out of 368 precinct memory cards, 93 were reloaded at least once. This includes all 22 precincts that make up Oro Valley. Of the 93 reloaded precinct memory cards, the bulk of the precincts in which the number of ballots changed were connected with Oro Valley. These data contain direct evidence of elections tampering because, in Oro Valley, some precinct totals are decreasing over time. The data were being manipulated to conform to a desired outcome.

On May 31st, 2006, the official recount of Oro Valley takes place and the results are within the margin of error. Dropping votes without the required disclosure or paperwork is a felony and this activity would never have been uncovered without the acquisition of the Pima County Elections databases.

From the night of the RTA election, the Pima County Elections Division found itself under intense public scrutiny. Some Pima County employees had a margin of success in suppressing, manipulating, and removing evidence. Fortunately for the citizens of Pima County, efforts by Pima County employees to conceal criminal activity have ultimately failed.