New insights on one of the most interesting election fraud stories of 2012…
This really happened
It’s a documented computerized voting system hack; it’s been in front of a grand jury; it shows a political pattern. It appears to have targeted three specific and interconnected candidates. It is being declared thwarted and they say it wouldn’t have worked. Officials claim the hack is untraceable.
Now here’s the truth: It could easily have worked, and I’ll describe how below, and by the way, Rocky and Bullwinkle could have caught these guys. The reason they weren’t apprehended is that crucial IP addresses were withheld from investigators during the period while trace routing logs were intact.
Two questions still need a real investigation: (1) Which persons did the actual handoff (and omission) of the IPs to state/federal investigators; and (2) Where was the Miami-Dade absentee database to be sent during the print and mail phase of this election?
Who needs soap operas when you’ve got elections?
Here’s the backstory: Beginning in July 2012, thousands of bogus requests for absentee ballots poured into the Miami-Dade elections Website for August primary election ballots. The requests hijacked identities of infrequent voters, and targeted just three precincts, containing two Republican candidates who were brothers and a third, allegedly a pretend-Democrat in a primary against a for-real Democrat, who has pleaded not guilty to charges that he lied on his campaign reports. But wait — the alleged ringer’s campaign manager also was having a romantic relationship with one of the Republican brothers.
As I said, this one is interesting. It gets more curious, and really quite disturbing.
Whoever stuffed the phony absentee ballot requests into the computer system did it clumsily. The system, made by VR Systems, was set up to flag excessive requests coming from the same source (“IP address”). At first, the requests came in from two Miami IP addresses and a third originating somewhere unspecified within the USA.
Apparently someone wised up then, realizing that with a warrant and the timeline, law enforcement can follow a domestic IP right to your front door. The fake ballot requests were aborted; then, after a short lag, they resumed, this time rerouted through foreign IP addresses. International traces can jump through more hoops than a circus clown and present jurisdictional obstacles for law enforcement.
Klutz or cover up?
Still, one wonders, who was doing this and why weren’t they apprehended already?
After all, the first illicit ballot requests came from traceable local IP addresses. State prosecutors, so the story goes, “did not obtain that information [the local IP addresses] as part of their initial inquiry, due to a miscommunication with the elections department.” Instead, the Miami-Dade state attorney’s office claimed they could not find the hacker because most of his or
her actions were masked by foreign IP addresses.
Embarrassingly (for investigators), The Miami Herald stuck three domestic IP addresses under the noses of investigators and asked what is going on with those. Then prosecutors said they will look into it. One would hope so, but … well you know. “It’s political.”
The investigation was treated doubtfully from the start. According to an e-mail regarding IP tracing quoted in the Miami Herald, a prosecutor in the cyber crimes unit wrote, “These are probably a dead end.”
Four months after the cyber-intrusion was detected, it was discovered that deputy elections supervisor for voter services Rosy Pastrana, a member of the Florida Republican Party, had not sent the traceable domestic IP addresses (two from Miami) to investigators, giving them only the foreign IPs. The delay in providing the addresses to prosecutors was “an oversight,” according to Bob Vinock, an assistant deputy elections supervisor for information systems, listed in voter rolls without party affiliation, wife associated with the Democratic Party.
In December 2012, four months after the absentee ballot invasion was detected, the local, traceable IP addresses were e-mailed to prosecutors, who promised to look into it. But in January, the Florida state attorney’s office signed off on a memo closing the case without any mention of what’s going on with those local IP addresses.
The Miami Herald has done excellent investigative reporting on this, making sure prosecutors could not overlook the local IPs, so maybe it’s not over yet. But then again, maybe by now the necessary logs have been deleted or overwritten.
The contract with VR Systems, the computer program that flagged the unusual IP activity, shows that Bob Vinock was in the loop during procurement. He knew it flagged suspicious IP requests. He may be a bit frustrated that the most traceable IPs took a four-month detour on their way to investigators. After all, it was Vinock’s stubborn e-swordsmanship which blocked intruding phone absentee requests as they flowed in.
I must say that I’m more curious about Rosy Pastrana, who has been in charge of not only voter registration, but absentee ballot processing and the elections mailroom, giving her a high degree of that valuable commodity and always the simplest route to election fraud: Inside Access.
It would never have worked? Not so fast!
News articles about the ballot request intrusion hasten to explain that it wouldn’t have worked, because when the ballots are mailed to thousands of people who didn’t request them, how would anyone get them voted and submitted? This overlooks a key part of the process: The ballot printing and mailing contractors.
A very interesting snippet in the news articles mentions that the requests used identities for people who usually don’t vote. Who has that information? Well, certainly Rosy Pastrana and probably Bob Vinock, and also many Florida political consultants. But an even more interesting thing about these various absentee processing databases is that they travel from hand to hand, government to private company, and sometimes take a side road to consultants along the way.
What reporters may not have known to ask is what happens with the absentee ballot request database during printing and mailing phases, because here’s where the opportunity lies.
Fresno County California has been sending their absentee database to their ballot printer (an on-the-books county contractor with approval from the state of California to print ballots). According to one of my sources, the ballot printing firm then turns around and sends the absentee request database to an off-the-public-record consultant named John Elder, whom some of you may remember from Chapter 8 of the Black Box Voting book (LINK); he is a convicted narcotics trafficker who teamed up with convicted embezzler Jeffrey Dean to print and mail ballots for King County, Washington and a number of other locations throughout the USA, until the light started to shine on them and they were removed from that position.
Elder then went on to create his own election consulting firm, which — among other things — has been middle-manning those absentee request databases for the ballot printer and the mailing firm.
Now, if you have a few thousand strategically targeted extra ballots that you know are bogus, and you reroute the database to an off-the-public-record consultant during the print and mail phase, you can deliver those ballots anywhere you want. They can all be sent to the same address; no one would know. They need never be mailed at all. In fact, an ex-employee at the John Elder/Jeff Dean ballot plant once pointed out to me that although they had a dumpster out back, sometimes at night they would leave black trash bags full of… something… on the curb near the street.
I’m not sure what vendor Miami-Dade County is using to print and mail ballots; some Florida counties use Runbeck, out of Arizona by way of Tampa. But regardless of who they use, it isn’t the Miami-Dade elections people who actually do the mailing. Whoever does the print and mail phase has both the absentee request database and total control over where absentee ballots go.
The Miami absentee hack went wrong, and was thwarted when someone tried to do the ballot request stuffing via the Web site. Besides triggering IP flags, the system automatically sent an e-mail to the real persons whose identities had been hijacked for bogus requests. (Atleast in the early stages, when the genius behind this let the real e-mail addresses stay in the database. Later, voter e-mails were converted to duds, like “firstname.lastname@example.org”, addresses that won’t go anywhere.)
Remember that if performed by someone who has inside access, a Web site isn’t needed to enter the ballot requests. A stack of requests can be inserted directly into the database by an admin, eliminating the need for IP addresses and doing an end-run on the e-mail notification feature.
Chain of custody
The problem with unrestricted vote-by-mail is that you can’t control chain of custody. Its not just chain of custody on pieces of paper, it’s custody of printing and mailing databases as well. In the end, with absentee voting, you really have no idea who actually inserts the ballots into the pool.
“We have possibly gotten way ahead of ourselves in encouraging people to vote by mail,” said Charles Stewart III, a political science professor at MIT and co-director of the Caltech-MIT Voting Technology Project. (2)
Gee whiz. Ya think?