Diebold deals, Scytl cryptography, Russian finance raise questions about Roskam win

Brian Mohr
12 min readJul 8, 2018

On Nov. 7, 2006, Peter Roskam beat Tammy Duckworth by 4,810 votes.

According to polls leading up to the race, the two were tied or Duckworth lead through the middle of October. Then it teetered toward Roskam for a few weeks until it went back to Duckworth. A month before the race, the Zogby/Reuters poll had Duckworth at +14.

The campaigns were fairly typical for IL politics. References were made about Duckworth’s (a war veteran and amputee) “cut-and-run” military strategy. There were visits by George and Laura Bush, John McCain, Michael J. Fox, Rosie O’Donnell and Barbra Streisand. Million$ were funneled in through outside PACs. Roskam was accused of unleashing 180,000 GOP robocalls in one week.

In the end, Roskam squeaked by and Duckworth conceded victory that night. Roskam’s been re-elected to the seat five more times.

Four months after the election, however, serious questions were raised regarding the validity of Roskam’s win.

According to poll watchers and election judges at more than 50 polling locations on election night, Diebold TSx voting machines and 25 Memory cards (with voter data) were left unsecured overnight at various polling places. One memory card was missing and one couldn’t be read.

Overall, there appeared to be no chain of custody in place for properly securing and storing the TSx machines and memory cards.

Various voting machines malfunctioned. Some did not become fully operational until hours after the 6 a.m. opening of polls. Others failed to work at all. There were issues with printer cartridges and printers that sometimes “mutilated” voters’ ballots and poll tape printouts.

All testing of the voting machines leading up to the election was done by contractors paid by Diebold.

DuPage County had three authorized Independent Testing Authorities to do the testing of the Diebold machines. But the vendors chose to use a series of companies: Nichols, PSInet, Metamore and Ciber who passed the work between one another until finally handing it off to Shawn Southworth and Jim Dearman.

The two developers, who were paid by the vendors, worked to review the source code and user interface. According to Southworth, “the labs don’t like to write anything negative in the reports because the vendors don’t like it…and they’re paying for it.”

In the reports final estimation: “…there is little basis for confidence in the results of the November 7, 2006 election held in DuPage County.”

For decades, the DuPage County Election Commission has failed to seek state permission before destroying records like poll tapes and voter ballots. The commission has maintained for years that it has the right to destroy any ballots and other election materials it wants.

From 2003–2006, the DuPage County government offices requested the disposal of records 568 times. In comparison, the Chicago Board of Elections filed 36 certificates requesting permission to destroy records since Jan. 1, 2003.

Robert Saar was the commission’s executive director from 1997–2017. His Linkedin profile lists him as still being in that position. In the mid 2000s, while working on the commission, he also sold elections products and worked for a company that received funding from elections industry vendors. He retired in 2017.

Earlier this year, Cathy Ficker Terrill, the commission’s new director, offered to resign because of election night issues last March.

After the polls closed, election officials discovered the “ender cards” were too thick to run through the voting machines that read paper ballots. So the results were delayed and it took the commission more than eight hours to count the ballots.

Terrill said she was shocked when she found out the faulty cards were provided by Liberty Systems. “The specs haven’t changed. It’s just this particular vendor — unbeknown to us — did not follow the specs.”

Liberty Systems had been awarded a $500,000 contract by commissioner J.P. “Rick” Carney to print the election ballots. Carney was the chairman of the DuPage Board of Election Commissioners from 2006–2012. Before that, he was a Republican primary candidate running against Roskam in the U.S. 6th District of Illinois.

Liberty Systems is owned by William Barrett, the former Vice President of Sales for Fidlar Doubleday. Fidlar Doubleday has been the “premier dealer” for Diebold Election Systems since 2003. In 2005, it signed a 20-year contract with Carney to supply voting machines, technical assistance and election materials for all elections held in DuPage County.

Fidlar Doubleday contributed $3,500 to Carney’s political campaigns in 2003 and 2004. He’d been the DuPage County Recorder from 1984–2004. When he retired from that position, Fidlar Doubleday paid $9,000 for his retirement party.

In December 2005, before voting for a $4 million purchase of 732 Diebold electronic touch-screen voting machines, Carney accepted $12,500 in campaign contributions from Fidlar Doubleday.

Most of the voting machines being used in Illinois are the Premier/Diebold (Dominion) AccuVote TS & TSx. They date back to 2005 when they were purchased with Help America Vote Act funds. HAVA stems from the questionable vote counts in counties around the country for the 2000 presidential elections.

Carney was the commission’s chairman until he was forced to resign six years ago after a report was released by an outside agency that concluded “improvements must be made to the commission’s credit card, ethics and procurement policies.”

In an effort to address the report as well as other recurring voting machine and printer issues, the county turned to Scytl. Scytl was founded by Carles Rovira and Andreu Riera in June 2001 as a spin-off from a research group at the Autonomous University of Barcelona. Riera was a pioneer academic researcher in e-voting security at the university.

Scytl has developed an “election-specific cryptographic security technology” that has at least 40 international patents and patent applications. It also sells and implements a suite of election software ranging from online voting to auditing of votes and training government and poll officials.

The company has teams in Dubai, Hong Kong, London, Ukraine and Bogota. It’s U.S. group is registered in Virginia and has offices in Tampa, FL and Oklahoma City.

Scytl’s online voting process:

It downloads the votes from each precinct where its devices are used and then stores the data on its own servers. It then consolidates and decrypts the votes using its “verifiable mix-net and secret sharing scheme.” Scytl’s software is used in at least 900 U.S. jurisdictions and in more than 35 countries.

The official DuPage County online election results are published on www.dupageresults.com, a public website that is “Powered by SCYTL.” Scytl’s system has also been used in Illinois’ Lake and Will counties.

Scytl’s client list is large and international. Some of its more notable clients include:

  • Yopolis: Russia’s first online “participation” platform. Scytl’s cryptographic security technology powers the “main social network for local eDemocracy in Russia.”
  • Ukraine Electoral Commission (OSCE) uses Scytl’s permanent online Election Training platform.
  • The European Union utilized its services for its eRepresentative tool so that it could develop a “virtual platform” to facilitate the remote collaborative work of members of parliaments.
  • In 2008, the City of Chicago signed a $500,000, 5-year contract with Syctl to implement its elections training platform and content. In 2015, Syctl provided “online election staff training platform and custom training content” for City of Chicago election staff.
  • Alaska, Arizona, Arkansas, Florida, Kentucky, Mississippi, New York, Oklahoma, Virginia, Washington, D.C., West Virginia all use various software and training programs run by Scytl.
  • The South Carolina Election Commission, Sarasota County, FL Supervisor of Elections Office, and the Organization of American States Staff Federal Credit Unions

Since 2010, the U.S. Dept. of Defense has used Scytl for online ballot delivery and for overseas military and civilian voters in 9 of the 20 States that agreed to participate in the program (New York, Washington, Missouri, Nebraska, Kansas, New Mexico, South Carolina, Mississippi and Indiana). It’s used by the most states of any U.S. vendor.

In January 2012, Scytl announced it had acquired 100% of SOE Software, the leading software provider of election management solutions in the United States. This made Scytl the largest provider of election software solutions in the industry.

The March 2015 state election in New South Wales, Australia was the world’s largest deployment of online voting to that date. More than 280,000 votes were returned through iVote, the online voting system built by Scytl. Prior to the vote, election officials said the vote was “. . . completely secret. It’s fully encrypted and safeguarded, it can’t be tampered with.”

Independent researches performed a security analysis of public portions of the iVote system. They found tracking code hosted to an outside server that could be used by hackers to perform a man-in-the-middle attack whereby the attacker could intercept connections from the voter’s browser to the server hosting the tracking code.

They could then replace the tracking code with malicious JavaScript and thereby change the operation of the iVote web app. Malware could then be used to steal the voter’s PIN and actually change their vote.

By the time some of the vulnerabilities were fixed, 66,000 iVotes had already been cast.

Scytl trained more than 11,000 poll workers for the 2016 Brexit referendum vote and the 2017 Parliamentary Election. The 2016 U.S. Presidential Election used Scytl for election night reporting, poll worker management, election training, electronic pollbook and electronic ballot delivery.

In the March 2018 U.S. elections, Scytl’s Election Night Reporting software was used state-wide by Arkansas, Georgia, Kentucky, and West Virginia and 53 counties to inform more than 20 million registered voters. Its Online Election Worker Training was used by the City of Chicago to train more than 7,000 temporary election workers.

Scytl’s list of investors have varying degrees of ties to Russian financial entities. Scytl has eight venture capital funds as shareholders:

  • Vulcan Capital is the personal investment fund owned by Paul Allen, billionaire co-founder of Microsoft. Allen invested $40 million in Syctl in 2014. Scytl has partnered with Microsoft to “digitally transform elections.” The two have collaborated to build the Scytl ePollBook. It uses Microsoft Dynamics CRM on a Microsoft SQL Server using standard Windows tablets to prevent “Election Day headaches by expediting voter check-in and verification.”
  • London-based Balderton Capital invested $9.2 million w/ Nauta Capital in Scytl. Balderton also lead a $6.5 million investment in Revolut, an international IT startup in the fintech sector.
    Revolut.com is an online financial services company that offers a pre-paid debit card, currency exchange, cryptocurrency exchange and peer-to-peer payments. Its banking services are used by almost 2 million people and more than 30,000 companies. This year, Revolut will launch in India, Russia, USA, Australia, Singapore, Hong Kong.
    Revolut announced in June it was partnering with QIWI Bank to offer Russian citizens basic financial services. Digital Sky Technologies (DST) Global, run by Russian tech billionaire Yuri Milner, recently invested $250 million in Revolut.
  • Vy Capital is a Dubai-based investment firm that’s run by former Goldman Sachs Banker Alexander Tamas, a former partner at DST. Tamas was Milner’s top deal maker working on DST’s Alibaba, Airbnb, Facebook, Groupon, Spotify and Twitter investments. He also worked on the $7 billion IPO of Mail.Ru Group and was on its board of directors.
  • Nauta Capital, a Spanish VC firm, has invested at least $20 million in Scytl. Carles Ferrer Roqueta, a General Partner at Nauta, is a Scytl board director.
    In 2011, Nauta Capital was the initial investor ($1 million) in Yuilop, a mobile messaging app. In 2012, Russia’s Bright Capital invested $4.5 million in Yuilop. Bright Capital is a venture capital firm based in Moscow. It’s run by Boris Ryabov and Mikhail Chuchkevich. Ryabov is the former Deputy General Director of RU-COM, a Russian industrial conglomerate. Bright Capital is the venture arm of the RU-COM Corporation.
    Bright Capital, with Allen’s Vulcan Capital’s cooperation, invested $30 million in Siluria Technologies, a biofuel company that’s developed a process to convert methane into liquid fuels like gasoline, diesel, or jet fuel.
  • Spinnaker Invest, along with WebCapital, invested $1 million in Scytl in 2001. Albert Ferrer of Spinnaker is on Scytl’s board.
  • Sapphire Ventures (formerly SAP Ventures) invested $20 million in Scytl in 2014. Then, with five of the other investors, another $13 million in 2017. SAP, Europe’s biggest software maker, provides the financial backing for Sapphire.
  • Industry Ventures has invested more than $50 million in Scytl. Its also invested million$ in Planet Labs, a producer of mini satellites that take images of the entire planet. Milner and DST have helped raise nearly $200 million for Planet. Peter Thiel’s Founder’s Fund is also an investor in Planet.
  • Adams Street Partners is a Chicago-based private equity firm that got caught up in Chicago Mayor Rahm Emanuel’s administration awarding pension investment contracts to preferred campaign donors. Adams Street, which received $70 million in new commitments from the pension system in 2013 and 2014, invested most of the pension funds with Madison Dearborn Partners. As of 2016, Madison Dearborn employees have donated more than $400,000 to Rahm’s campaigns.
    Adams Street has also donated $40,850 to Roskam’s campaigns since 2006. Both DuPage County and the City of Chicago have signed numerous contracts with Scytl.

On April 18, Scytl announced it was joining the U.S. Dept. of Homeland Security council on election security.

Scytl, Diebold, Facebook and Yandex also share various employees. Former Scytl developers and engineers now work at Facebook. There are former Yandex engineers at Facebook. One person who had previously been the head of News at Yandex, also helped w/ the “integration with Scytl platform for secure polls” at Yopolis, the RU community portal Scytl contracted w/ Ru to build.

Bob Urosevich was named managing director of Scytl’s Americas division in 2006. Bob, along with his brother Todd, created Diebold (now ES&S).

There is no real incentive for either company to improve the numerous security flaws in their voting machines and software. The incentive is for election vendors like ES&S and Scytl to have its voting technology in front of as many voters as possible. That gets done by “befriending” the local officials who decide the voting machine contracts.

In 2005, Larry Mandel, who was the President of the Elections Division for Fidlar, donated $1,000 to Roskam’s campaign. Roskam accepts funding from a number of well-known GOP investors who have spent millions to affect the outcomes of elections.

Roskam received $4,950 from the NRA for his 2006 race. Four months before the election, Roskam was the featured guest at an NRA rally in Addison, IL. Since 1997, he’s received nearly $20,500 from the NRA.

He has a 93% rating from the NRA and 100% rating from the registered IL arm of the NRA, The Illinois State Rifle Association (ISRA). Roskam’s received nearly $70,000 from Koch Industries since 2008.

Roskam is currently a member of the U.S. House Ways and Means Committee.

In 2013, he was investigated by the Office of Congressional Ethics for accepting a $25,000 trip to Taiwan sponsored by Chinese Culture University but paid for by the Taiwanese government.

As a politician, Roskam apparently has an interest in Ukraine and Israel. He’s the Republican Chairman of the House Democracy Partnership (HDP). The group’s purpose is “effective government and strengthen democratic institutions by assisting legislatures in emerging democracies.”

He traveled to Turkey to monitor the 2014 Ukraine elections. The following year, Roskam traveled with HDP to Ukraine and Georgia, where they met with parliamentarians, heads of state, and civil society organizations. Last year, he traveled with HDP to some of Russia’s neighboring countries to discuss possible Russian aggression.

Diebold has offices in Russia. Its office in Russia was registered in 1998 and in 2003, it established a subsidiary, “Diebold Self-Service.”

Diebold also builds ATMs and the software they run on. It bought Wincor Nixdorf, a German firm that builds ATMs, in April 2016 for $1.8 billion. It renamed itself Diebold Nixdorf.

In March 2017, Diebold Nixdorf signed a major deal with Russia’s Post Bank. “The strategy will allow for the discontinuation of traditional cashier stations, and enable consumers to perform all cash transactions including loan grant, settlement and deposits at the self-service systems.”

Diebold was sued by the SEC in 2013 for paying bribes to Russian officials. It paid $25.2 million in penalties for violating the Foreign Corrupt Practices Act.

“Diebold, through its Russian subsidiary, paid bribes in connection with the sale of ATMs to private banks in Russia. It falsified records in Russia in order to obtain and retain contracts to provide ATMs to state-owned and private banks in Russia, China and Indonesia. It made nearly $3 million in illicit payments to them.”

Diebold Nixdorf controls nearly 35% of the global ATM market. It’s currently the largest provider of ATMs in the United States.

Earlier this year, the FBI warned financial institutions that jackpotting attacks were on the rise in the U.S.

Thieves are using ATM malware like Ploutus-D to infect Diebold-specific ATMs. Ploutus-D is the latest version of Ploutus, which researchers believe was first used in Mexico in 2013. Hackers connect to the ATM via SMS or manually with a keyboard and instruct the machine to dispense unlimited cash.

In January, two men were charged with bank fraud stemming from a jackpotting scheme. The individuals were dressed in “Diebold technician uniforms.”

--

--

Brian Mohr
Brian Mohr

No responses yet