Publication abroad, which started a few days following the 2015 general election, and were later followed by publications in Israel, raised suspicions of material computer fraud in the election for the Knesset in 2015. Therefore, FOIA request was filed with the Central Election Committee, in an attempt to document development, validation, implementation, operation and security in compliance with binding standards. The FOIA response by the Central Election Committee provided information that is partly invalid, party misleading, and failed to provide the key records that were requested.
And yet, the Committee's FOIA response indicates:
- Validity and integrity of IT systems of the Committee mostly depended on one person - Mr Lazar Dudovitch, whose lawful appointment record the Committee failed to provide.
- The Committee also failed to provide the requested documentation of certification of validation of the systems by the same person.
- The Committee claims in its response that the systems were examined and certified by the Shin-Bet/Reem, but failed to provide any documentation of such certification. The State Ombudsman's report indicates critical failures in system security, which had not been corrected following his previous report. If indeed the Shin-Bet is involved, as claimed by the Committee, the matter has serious implications relative to the nature of the regime in Israel.
- The Committee's response tries to represent the publication of the election returns in the Committee's web site as an automatic, no human touch, one time only, unchangeable process.... However, recently adulterations of the data on the Committees web site have been repeatedly documented...
The alleged computer fraud in the 2015 election undermines the foundation of any lawful authority of the 20th Knesset and the current government.
Serious fraud was previously documented in IT systems of the courts, which amount to an unannounced regime change. Serious fraud has been repeatedly documented in IT systems of the Ministry of Justice. And the Knesset refuses to duly respond on FOIA request, pertaining to IT systems of the Knesset. Large-scale fraud in e-government in Israel represent transformation of the regime into the Post-truth Era.
A nation founded in computer fraud...
Read the complete post: http://inproperinla.blogspot.co.il/2017/01/2017-01-14-computer-fraud-in-2015.html
Figure 1: Election returns, as shown on the Central Election
Committee web-site. Left: Data for the March 17, 2015 election for the
20th Knesset. Right: Data for the January 22, 2013 election for the
19th Knesset. In September 2016, the data for the 2013 election was
adulterated. Today, it shows an exact copy of the 2015 election data,
including voting returns for parties that did not even exist in 2013.
The polling returns for the 19th Knesset, published in the Central
Election Committee web site, which are documented in this figure, are
patently false.
_____
_____
Figure 2: The allegations of computer fraud in the 2015 general election are mostly based on statistical analysis of the polling returns. The claim is that in the last two hours of the election day, votes were added on behalf of persons who did not exercise their right to vote through IT systems of the Central Election Committee. Reports by the State Ombudsman indicate that the systems has no valid log of entries, and that such critical failure had not been corrected following a previous State Ombudsman's report.
_____
מאהל
המחאה ת"א, 14 לינואר - תגובה נשלחה היום למשרד חופש המידע של ועדת
הבחירות המרכזית, לאחר קבלת תשובה של הועדה שלשום על בקשה על פי חוק חופש
המידע בעניין מערכות המידע של הוועדה. הבקשה הוגשה במטרה לנסות ולברר את
ישרת המערכות, בעקבות פרסומים בארץ ובחו"ל, שהחלו ימים ספורים לאחר בחירות
2015, והעלו טענות להונאת מחשבים ששינתה באופן מהותי את תוצאות הבחירות.
הבקשה
על פי חוק חופש המידע ביקשה תיעוד לאפיונן, פיתוחן, בדיקתן, הפעלתן
ואבטחתן של המערכות על פי נוהלי מדינה מחייבים לגבי מערכות מידע.
התגובה
שנשלחה היום לועדה אומרת שתשובת הועדה לוקה בחסר, ואינה מספקת תשובות
מתאימות לבקשה. התגובה מבקשת תשובה מתוקנת של הממונה על פי חופש המידע
בוועדת הבחירות המרכזית.
יחד עם זאת ממקדת תשובת הוועדה את החשדות בעניין אי ישרתן של מערכות המידע של הוועדה בתפקידו ותיפקודו של מר לזר דודוביץ, שעל פי התשובה היה אחראי לפיתוח והפעלת המערכות. כמו כן ממקדת תשובת הוועדה את שאלת מעורבות השב"כ-רא"מ בעניין זה.
יחד עם זאת ממקדת תשובת הוועדה את החשדות בעניין אי ישרתן של מערכות המידע של הוועדה בתפקידו ותיפקודו של מר לזר דודוביץ, שעל פי התשובה היה אחראי לפיתוח והפעלת המערכות. כמו כן ממקדת תשובת הוועדה את שאלת מעורבות השב"כ-רא"מ בעניין זה.
שמותיהם של שלושה עורכי דין מופיעים על התשובה המשובשת של ועדת הבחירות המרכזית:
אלעד נוה - ממונה על פי חוק חופש המידע, אורלי עדס - מנכ"לית ועדת הבחירות המרכזית, דין ליבנה - היועץ המשפטי, ועדת הבחירות המרכזית.
הונאת המחשבים הנטענת לגבי בחירות 2015, מערערת מיסודה את חוקיות סמכויותיהן של הכנסת ה-20 והממשלה הנוכחית.
הונאות חמורות תועדו בעבר גם במערכות המידע החדשות, שהותקנו בעשור האחרון בבתי המשפט, שכמותן כשינוי שיטת משטר בלתי מוכרז.
הונאות במחשוב משרד המשפטים תועדו שוב ושוב גם כן.
הכנסת מסרבת לענות כראוי על בקשה נפרדת על פי חוק חופש המידע לגבי מערכות המידע של הכנסת.
הונאות הענק במחשוב הממשלתי בישראל מייצגות את שדרוג המשטר לעידן הפוסט-אמת. ישראבלוף ממוחשב...
January 14, 2017
Attorney Elad Naveh
FOIA Officer, Central Election Committee
By email: hofeshmeida@knesset.gov.il
RE: Reply on your January 12, 2017 FOIA Response on my FOIA Request (1/1214/16) - IT systems of the Central Election Committee – development, validation, operation, security
Your response within 14 days is kindly requested. Time is of the essence!
Dear Attorney Naveh:
On January 12, 2017, I received by email your response [1] on my FOIA Request, referenced above. [2]
Following are my comments, and I herein request an amended response on my FOIA Request:
1. Paragraphs 1 a-c of my FOIA request seek documentation of lawful appointment of the person, who was charged with compliance of the systems with binding government standards pertaining to technical specifications, core management of development, independent examination (including validation) by a State employee. Your response (paragraphs 2-3) states the role in this regard of “Mr Lazar Dudovich, Committee employee, who serves as Head of IT and Operations in the Central Election Committee”. However, no documentation was provided of Mr Lazar Dudovich’s lawful appointment in this regard.
Therefore, I herein request again documentation of the lawful appointment of Mr Lazar Dudovich, or any person who appointed regarding compliance of IT systems of the Central Election Committee with binding State standsrds.
2. Paragraph 1a in my request seeks documentation of system specification, which was approved by a State employee, in conjunction with the signing of system development contract. Your response states (paragraph 1): “Attached herein are detailed documents of the legal tender for the “Democracy” system, including specification of the system and its various modules...”
a) Your response fails to include any documentation of certification by a State employee of the systems’ specifications.
b) Your response fails to provide the notice of the legal tender itself, and it is impossible to tell by the records, which you provided, what was the deadline for the legal tender and/or the date of signing the development contracts.
c) Your response fails to specify what the attached “ detailed documents of the legal tender” are, what was their signing dates. It also appears that the attachments include records from various sources, various editions, various dates, and a small number of records, based on unclear selection (see 7, below, regarding authentication of records).
Therefore, I herein request again documentation of system specification in conjunction with signing the system development contract, and its certification by a State employee, including name, authority, documentation of lawful appointment.
3. Paragraph 1c of my request seeks documentation of independent examination (including validation) of the systems by a State employee prior to implementation. Your response states (paragraph 4): “For each module in “Democracy” system detailed acceptance examinations were conducted prior to initiation of its use (transfer into production environment)… attached herein for example is Module 30 certificate of acceptance – party composition… “ (Record No 4, Table 1).
a) According to the “Party Composition Module” record (Record No 9, Table 1), such module is used primarily by the Central Election Committee CEO in the establishment of Polling Station Committees according to party composition. It is unclear why you provided only one “Certificate of Acceptance”, and why for this particular module, which is secondary to the main function of the systems.
b) The record, which is described in your response as “Module 30 certificate of acceptance” (Record No 4, Table 1), was filed by Malam Systems Inc as certificate of acceptance for “Module 30 Design File”. What “Design File” is, can be found in “Chapter – Realization” (Record No 7, Table 1), Article 4.2.3.5. It clarifies that certification of acceptance of “Design File” does not reflect detailed examination prior to implementation, and there is no way to conclude anything regarding certification of the module prior to its implementation (“transfer into production environment”) from such record, surely such record does not relate to any independent examination (including validation) by a State employee.
Therefore, I herein request again documentation of independent examination (including validation) of the systems by a State employee prior to implementation.
4. Paragraph 2 in my request seeks documentation of the person, who holds the ultimate administrative authority regarding the systems. Your response states (paragraph 5): “The ultimate administrative authority is held by Central Election Committee CEO – Attorney Orly Adas”. However, you failed to provide any documentation of such statement.
Therefore, I herein request again documentation the Central Election Committee CEO ultimate administrative authority relative to the systems (as far as she indeed holds the ultimate administrative authority in this matter).
5. Paragraph 3 in my request seeks documentation of the authority of a State agency (if any) relative to security of the systems. Your response states (paragraph 6): “The Central Election Committee operates through deliberations with the National Information Security Authority (Reem) [Shin Bet – jz], and acts according to its guidelines. The systems were examined and certified by Reem.”
a) Unauthorized response, which was previously received from a person, who appeared as Reem affiliate, adamantly claimed that the Shin-Bet/Reem held no duty or responsibility relative to security of IT systems of the Central Election Committee.
b) State Ombudsman report regarding the 2013 General Election states a critical failure in system security – nonexistence of a valid entry log. And the State Ombudsman report regarding the 2015 General Election states that the same critical failure had not been corrected following his previous report. Such failures in system security, in systems that were purportedly examined and certified by the Shin Bet/Reem would raise even more serious concerns.
Therefore, I herein request again documentation of examination and certification of the systems, relative to security, by a State agency (if any).
6. Paragraph 4 in my request seeks documentation of those who are authorized to publish information regarding General Election returns in the Central Election Committee web-site. Your response states (paragraph 7): “In such input locations, polling returns are keyed in directly into the computing system… at the end of the process the election returns are mechanically transferred for publication...” Based on the description that you provided, the reader may understand that the process of publishing the election returns in the Central Election Committee web site is an automated, no human interference, one time only, unchangeable process.
a) “Chapter – Realization” (Record No 5, Table 1), Article 2.19 says: “The system will include very sensitive data, and it must prevent any possible changes, or even reading, absent explicit authorization”.
b) Recently, repeat retroactive changes have been documented in the General Election returns data, which are published in the Central Election Committee web site (Figure 1).
אלעד נוה - ממונה על פי חוק חופש המידע, אורלי עדס - מנכ"לית ועדת הבחירות המרכזית, דין ליבנה - היועץ המשפטי, ועדת הבחירות המרכזית.
הונאת המחשבים הנטענת לגבי בחירות 2015, מערערת מיסודה את חוקיות סמכויותיהן של הכנסת ה-20 והממשלה הנוכחית.
הונאות חמורות תועדו בעבר גם במערכות המידע החדשות, שהותקנו בעשור האחרון בבתי המשפט, שכמותן כשינוי שיטת משטר בלתי מוכרז.
הונאות במחשוב משרד המשפטים תועדו שוב ושוב גם כן.
הכנסת מסרבת לענות כראוי על בקשה נפרדת על פי חוק חופש המידע לגבי מערכות המידע של הכנסת.
הונאות הענק במחשוב הממשלתי בישראל מייצגות את שדרוג המשטר לעידן הפוסט-אמת. ישראבלוף ממוחשב...
Following is the reply, sent today to the Central Election Committee, regarding FOIA request No. 1/1214/16.
January 14, 2017
Attorney Elad Naveh
FOIA Officer, Central Election Committee
By email: hofeshmeida@knesset.gov.il
RE: Reply on your January 12, 2017 FOIA Response on my FOIA Request (1/1214/16) - IT systems of the Central Election Committee – development, validation, operation, security
Your response within 14 days is kindly requested. Time is of the essence!
Dear Attorney Naveh:
On January 12, 2017, I received by email your response [1] on my FOIA Request, referenced above. [2]
Following are my comments, and I herein request an amended response on my FOIA Request:
1. Paragraphs 1 a-c of my FOIA request seek documentation of lawful appointment of the person, who was charged with compliance of the systems with binding government standards pertaining to technical specifications, core management of development, independent examination (including validation) by a State employee. Your response (paragraphs 2-3) states the role in this regard of “Mr Lazar Dudovich, Committee employee, who serves as Head of IT and Operations in the Central Election Committee”. However, no documentation was provided of Mr Lazar Dudovich’s lawful appointment in this regard.
Therefore, I herein request again documentation of the lawful appointment of Mr Lazar Dudovich, or any person who appointed regarding compliance of IT systems of the Central Election Committee with binding State standsrds.
2. Paragraph 1a in my request seeks documentation of system specification, which was approved by a State employee, in conjunction with the signing of system development contract. Your response states (paragraph 1): “Attached herein are detailed documents of the legal tender for the “Democracy” system, including specification of the system and its various modules...”
a) Your response fails to include any documentation of certification by a State employee of the systems’ specifications.
b) Your response fails to provide the notice of the legal tender itself, and it is impossible to tell by the records, which you provided, what was the deadline for the legal tender and/or the date of signing the development contracts.
c) Your response fails to specify what the attached “ detailed documents of the legal tender” are, what was their signing dates. It also appears that the attachments include records from various sources, various editions, various dates, and a small number of records, based on unclear selection (see 7, below, regarding authentication of records).
Therefore, I herein request again documentation of system specification in conjunction with signing the system development contract, and its certification by a State employee, including name, authority, documentation of lawful appointment.
3. Paragraph 1c of my request seeks documentation of independent examination (including validation) of the systems by a State employee prior to implementation. Your response states (paragraph 4): “For each module in “Democracy” system detailed acceptance examinations were conducted prior to initiation of its use (transfer into production environment)… attached herein for example is Module 30 certificate of acceptance – party composition… “ (Record No 4, Table 1).
a) According to the “Party Composition Module” record (Record No 9, Table 1), such module is used primarily by the Central Election Committee CEO in the establishment of Polling Station Committees according to party composition. It is unclear why you provided only one “Certificate of Acceptance”, and why for this particular module, which is secondary to the main function of the systems.
b) The record, which is described in your response as “Module 30 certificate of acceptance” (Record No 4, Table 1), was filed by Malam Systems Inc as certificate of acceptance for “Module 30 Design File”. What “Design File” is, can be found in “Chapter – Realization” (Record No 7, Table 1), Article 4.2.3.5. It clarifies that certification of acceptance of “Design File” does not reflect detailed examination prior to implementation, and there is no way to conclude anything regarding certification of the module prior to its implementation (“transfer into production environment”) from such record, surely such record does not relate to any independent examination (including validation) by a State employee.
Therefore, I herein request again documentation of independent examination (including validation) of the systems by a State employee prior to implementation.
4. Paragraph 2 in my request seeks documentation of the person, who holds the ultimate administrative authority regarding the systems. Your response states (paragraph 5): “The ultimate administrative authority is held by Central Election Committee CEO – Attorney Orly Adas”. However, you failed to provide any documentation of such statement.
Therefore, I herein request again documentation the Central Election Committee CEO ultimate administrative authority relative to the systems (as far as she indeed holds the ultimate administrative authority in this matter).
5. Paragraph 3 in my request seeks documentation of the authority of a State agency (if any) relative to security of the systems. Your response states (paragraph 6): “The Central Election Committee operates through deliberations with the National Information Security Authority (Reem) [Shin Bet – jz], and acts according to its guidelines. The systems were examined and certified by Reem.”
a) Unauthorized response, which was previously received from a person, who appeared as Reem affiliate, adamantly claimed that the Shin-Bet/Reem held no duty or responsibility relative to security of IT systems of the Central Election Committee.
b) State Ombudsman report regarding the 2013 General Election states a critical failure in system security – nonexistence of a valid entry log. And the State Ombudsman report regarding the 2015 General Election states that the same critical failure had not been corrected following his previous report. Such failures in system security, in systems that were purportedly examined and certified by the Shin Bet/Reem would raise even more serious concerns.
Therefore, I herein request again documentation of examination and certification of the systems, relative to security, by a State agency (if any).
6. Paragraph 4 in my request seeks documentation of those who are authorized to publish information regarding General Election returns in the Central Election Committee web-site. Your response states (paragraph 7): “In such input locations, polling returns are keyed in directly into the computing system… at the end of the process the election returns are mechanically transferred for publication...” Based on the description that you provided, the reader may understand that the process of publishing the election returns in the Central Election Committee web site is an automated, no human interference, one time only, unchangeable process.
a) “Chapter – Realization” (Record No 5, Table 1), Article 2.19 says: “The system will include very sensitive data, and it must prevent any possible changes, or even reading, absent explicit authorization”.
b) Recently, repeat retroactive changes have been documented in the General Election returns data, which are published in the Central Election Committee web site (Figure 1).
Figure 1: Election returns, as shown on the Central Election Committee web-site. Left: Data for the March 17, 2015 election for the 20th Knesset. Right: Data for the January 22, 2013 election for the 19th Knesset. In September 2016, the data for the 2013 election was adulterated. Today, it shows an exact copy of the 2015 election data, including voting returns for parties that did not even exist in 2013. The polling returns for the 19th Knesset, published in the Central Election Committee web site, which are documented in this figure, are patently false.
_____
_____
Therefore, I herein request again documentation of those who are authoritzed relative to the publication of Geneal Election returns in the Central Election Committee web site.
7. Your response, as received by me by email, included 26 electronic files, as detailed in Table 1, attached below. The main document (Record No 1, Table 1) is a January 12, 2016 letter by Attorney Elad Naveh, FOIA Officer, titled: “FOIA Request No 1/1214/16”.
a) The letter, referenced above, is an electronic record, bearing a “graphic signature”. As clarified by the May 31, 2012 Ombudsman of the Judiciary Decision (12/88/Tel-Aviv District) in the Judge Varda Alshech “Fabricated Protocols” scandal, such records are invalid, merely “drafts”. [3] Moreover, that scandal and other similar affairs clarified that the publication by government officers of false and misleading information, with the intention to defraud, under “graphic signatures”, is not treated as criminal conduct in the State of Israel today. Receipt of electronic files by email streamlines the work process, but absent the use of lawful electronic signatures, it is impossible to accept such records as valid response.
a) The letter, referenced above, is an electronic record, bearing a “graphic signature”. As clarified by the May 31, 2012 Ombudsman of the Judiciary Decision (12/88/Tel-Aviv District) in the Judge Varda Alshech “Fabricated Protocols” scandal, such records are invalid, merely “drafts”. [3] Moreover, that scandal and other similar affairs clarified that the publication by government officers of false and misleading information, with the intention to defraud, under “graphic signatures”, is not treated as criminal conduct in the State of Israel today. Receipt of electronic files by email streamlines the work process, but absent the use of lawful electronic signatures, it is impossible to accept such records as valid response.
Therefore, I herein request that your response, referenced above, and your response on instant reply be also provided by mail, on paper, bearing your “wet” hand-signatures.
b) Your response letter fails to detail the names, dates, and origin of the vast majority of the attached electronic records. The documents themselves are undated, unsigned, and fail to provide the names of their authors. Therefore, most of the attached electronic records are lacking regarding authentication.
b) Your response letter fails to detail the names, dates, and origin of the vast majority of the attached electronic records. The documents themselves are undated, unsigned, and fail to provide the names of their authors. Therefore, most of the attached electronic records are lacking regarding authentication.
Therefore, I herein request that you provide adequate authentication for the attachments of your response.
I expect your due timely response in this important matter.
Truly,
Joseph Zernik, PhD
Human Rights Alert (NGO)
OccupyTLV
Joseph Zernik, PhD
Human Rights Alert (NGO)
OccupyTLV
CC:
Social Activists, Israeli Freedom of Information Movement, Israel Democracy Institute, Association for Civil Rights in Israel, Members of Knesset, Computing and Cyber-security Experts
LINKS:
Social Activists, Israeli Freedom of Information Movement, Israel Democracy Institute, Association for Civil Rights in Israel, Members of Knesset, Computing and Cyber-security Experts
LINKS:
[1]
2016-12-14
Central Election Committee FOIA (1/1214/16)
: IT systems //
בקשה על פי חוק חופש המידע (1/1214/16) : מחשוב ועדת הבחירות המרכזית
[2]
2017-01-12
FOIA
Response (1/1214/16)
by the Central Election Committee,
in re
IT
systems //
תשובת
ועדת הבחירות המרכזית על בקשה על פי חוק
חופש המידע (1/1214/16)
בנידון
מערכות מידע
[3]
2012-05-31
Ombudsman of the Judiciary Decision
(12/ 88 /Tel-Aviv District) and
Israel Bar Association Complaint in the Judge
Varda Alshech “Fabricated Protocols” scandal
החלטת
נציב תלונות הציבור על השופטים (12/88/מחוזי
ת”א)
ותלונת
לשכת עורכי הדין בפרשת "הפרוטוקולים
המפוברקים"
של
השופטת ורדה אלשייך
Table 1: FOIA Response (1/1214/16) by the Central Election Committee, in re IT systems
Electronic
files, which were received by email on January 12, 2016, from FOIA
office of the Central Election Committee (page
numbers in the compiled file,
excluding the
cover table).
- Page// עמודFile name // שם הקובץ#1תשובה לבקשת חופש מידע 1-1214-16.pdf (~188 KB)FOIA Response3כתב מינוי ממונה חופש מידע.pdf (~119 KB)Appointment Record of FOIA Officer4אישור מודול 30 1.jpg (170 KB)Approval of Module 305פרק 1 - יעדים.pdf (~201 KB)Chapter 1 - Goals17פרק 2 - יישום.pdf (~271 KB)Chapter 2 - Implementation36פרק 3 - טכנולוגיה.pdf (~231 KB)Chapter 3 - Technology48פרק 4 - מימוש.pdf (~220 KB)Chpater 4 - Realization62מינהלה.pdf (~286 KB)Administration81מודול הרכב סיעתי.pdf (~71 KB)Module – Party Composition83מודול חשבות.pdf (~117 KB)Module - Accounting86מודול ממל.pdf (~145 KB)Module - Storage92מודול הדרכה.pdf (~159 KB)Module - Instruction98מודיעין בחירות.pdf (~78 KB)Module – Information Services106מודול קליטת פרוטוקולים.pdf (~91 KB)Module – Protocol Input110מודול 61 - שיעורי ההצבעה בבחירות.pdf (~97 KB)Module – Voting Rates115הצבעות במעטפות כפולות.pdf (~122 KB)Module – Double Envelope Voting123מודול שידורי תעמולה.pdf (~92 KB)Module – Election Advertisement Broadcasts128מודול קליטת תוצאות.pdf (~81 KB)Module – Polling Returns Input131הצבעות מיוחדות.pdf (~147 KB)Special Polling136הבהרות 4-16 -1.pdf (~104 KB)Clarifications 1137הבהרות 4-16 -2.pdf (~214 KB)Clarifications 2138הבהרות 4-16 -3.pdf (~200 KB)Clarifications 3144הבהרות 4-16 -4.pdf (~482 KB)Clarifications 4168הבהרות 4-16 -5.pdf (~105 KB)Clarifications 5170הבהרות 4-16 -6.pdf (~121 KB)Clarifications 6172הבהרות 4-16 -7.pdf (~107 KB)Clarifications 7
No comments:
Post a Comment