Sunday, February 24, 2013

Shame on State Attorney's Office and Kudos to Herald On Absentee Ballot Fraud Follow Up: State Attorney Kathy Fernandez Rundle Asleep At The Wheel ... by gimleteye

We are critics of the Miami Herald, sometimes, but when the Herald does excellent work we are among the first to give credit where it is due. Consider the weekend report, "The case of the phantom ballots: an electoral whodunit" by Patricia Mazzei.

Eye On Miami broke the absentee ballot fraud issue, last year. We raised visibility of electoral corruption below the surface of Miami-Dade elections. (Check our archives)

But we could only take the story so far, as bloggers. It is great to see the Herald do the investigation and follow through that substantiates our belief that Miami-Dade county law enforcement could do more -- much more -- to thwart the subversion of democracy that continues, unabated, in Florida's most politically influential county.  (The Herald story notes Ana Sol Aliegro, the disappeared Republican campaign operative tied to the David Rivera corruption probe.) The Herald reports:
The foreman (of that grand jury), whose report made public the existence of the phantom requests, said jurors were eager to learn if a candidate or political consultant had succeeded in manipulating the voting system. But they didn’t get any answers.

“We were like, ‘Why didn’t anyone do something about it?’ ” foreman Jeffrey Pankey said.

The Miami-Dade state attorney’s office could not find the hacker because most of his or her actions were masked by foreign IP addresses. But at least some of the ballot requests originated in Miami and could have been further traced, The Herald found.
The rest of the story details incompetence at the State Attorney's Office -- under the helm of Kathy Fernandez Rundle -- in one of the most important areas of legal supervision: elections.

Given the volatility and publicity around elections violations that EOM helped to raise, it is astonishing that the State Attorney's Office did not pursue criminal acts with more diligence.

"On Friday, a day after The Miami Herald brought the domestic IP addresses to its attention, the office of State Attorney Katherine Fernández Rundle said it is reviewing them." That is not good enough. Fernandez Rundle should apologize to the voters and taxpayers of Miami Dade County for the manifest failure of the office to do its job in its key area of responsibility.

(for the full article, click the Herald website or 'read more')

Posted on Sat, Feb. 23, 2013
The case of the phantom ballots: an electoral whodunit

By Patricia Mazzei


About 2,000 rejected absentee ballots at Miami-Dade Elections Department, mostly for lack of signatures or review of signatures from the last election.

The first phantom absentee ballot request hit the Miami-Dade elections website at 9:11 p.m. Saturday, July 7. The next one came at 9:14. Then 9:17. 9:22. 9:24. 9:25.

Within 2½ weeks, 2,552 online requests arrived from voters who had not applied for absentee ballots. They streamed in much too quickly for real people to be filling them out. They originated from only a handful of Internet Protocol addresses. And they were not random.

It had all the appearances of a political dirty trick, a high-tech effort by an unknown hacker to sway three key Aug. 14 primary elections, a Miami Herald investigation has found.

The plot failed. The elections department’s software flagged the requests as suspicious. The ballots weren’t sent out.

But who was behind it? And next time, would a more skilled hacker be able to rig an election?

Six months and a grand-jury probe later, there still are few answers about the phantom requests, which targeted Democratic voters in a congressional district and Republican voters in two Florida House districts.

The foreman of that grand jury, whose report made public the existence of the phantom requests, said jurors were eager to learn if a candidate or political consultant had succeeded in manipulating the voting system. But they didn’t get any answers.

“We were like, ‘Why didn’t anyone do something about it?’ ” foreman Jeffrey Pankey said.

The Miami-Dade state attorney’s office could not find the hacker because most of his or her actions were masked by foreign IP addresses. But at least some of the ballot requests originated in Miami and could have been further traced, The Herald found.

Prosecutors did not obtain that information as part of their initial inquiry, due to a miscommunication with the elections department.

On Friday, a day after The Miami Herald brought the domestic IP addresses to its attention, the office of State Attorney Katherine Fernández Rundle said it is reviewing them.

Under state election laws, only voters, their immediate family members or their legal guardians can submit absentee-ballot requests. Violations may be considered felony fraud.

The thwarted attempt targeted voters in three districts: Democrats in Congressional District 26, where four candidates — including a suspected ringer criminally charged Friday with federal elections violations — were vying to take on vulnerable Republican Rep. David Rivera; and Republicans in Florida House districts 103 and 112, two competitive seats.

Nine candidates were involved in the campaigns: Joe Garcia, Gustavo Marin, Gloria Romero Roses and Justin Lamar Sternad in District 26; Manny Diaz Jr., Renier Diaz de la Portilla and Alfredo Naredo-Acosta in District 103; and Gus Barreiro and Alex Diaz de la Portilla in District 112.

Garcia, Diaz and Alex Diaz de la Portilla won their primary races, all by comfortable margins. In the end, the phantom absentee ballots would not have changed the results.

But there was no way to know that at the time. And the ballots would have brought more voters into the light-turnout election. The phantom requests targeted infrequent voters who had not applied for absentees, most of whom wound up not voting in the primary at all.

Only candidates, political parties and committees have access during an election to lists updated daily showing which voters have already requested and returned absentee ballots.

Garcia, Marin, Romero Roses, Diaz and Barreiro denied any involvement with the phantom-requests scheme.

So did Renier Diaz de la Portilla and a key consultant for his brother Alex, who declined to comment.

Naredo-Acosta, who did not visibly campaign, could not be reached. And Sternad, who pleaded not guilty Friday to charges that he lied on his federal campaign reports, declined to comment through his attorney, Rick Yabor.

There are links among some of the candidates who ran in different districts.

Sternad hired as his campaign manager Ana Sol Alliegro — an old flame of Alex Diaz de la Portilla who supported him in his race last year, according to rival Barreiro. Renier Diaz de la Portilla hired his brother to run his campaign, and both shared several political consultants.

But the family had nothing to do with phantom requests, Renier Diaz de la Portilla said.

“Absolutely not,” he said.

He was echoed by Elnatan Rudolph, head of the New Jersey-based Cornerstone Management Partners, a key political consultant for both Diaz de la Portillas.

“It doesn’t make any sense to me why someone would do that, because you’d still need the person to [vote for you],” he said.

Had the requests been filled, short of stealing the ballots from mailboxes, the campaigns would have been able to flood the targeted voters with phone calls, fliers and home visits to try to sway their vote.

Persuade enough of them, and you might flip the race.

The hacker adjusts

When the phantom requests were initially flagged, elections staff telephoned a dozen of the targeted voters to check whether they had really asked for absentee ballots. They hadn’t, said Rosy Pastrana, the deputy elections supervisor for voter services.

Lynn Sargent, 23, said she received an email July 8 confirming her absentee-ballot request — even though she had never submitted one.

“I was definitely concerned when I got it,” said Sargent, a Miami-Dade native who had recently moved to Connecticut. But the ballot never arrived, and she voted in her new state.

Once the department knew the requests were phony, it blocked the 15 IP addresses from which they originated. It took several tries — the hacker simply switched to a different address — before the requests stopped.

“Every time we saw that pattern, we would block the IP,” said Bob Vinock, an assistant deputy elections supervisor for information systems. “I guess they finally gave up.”

Then came the hardest part: trying to figure out who did it.

Pastrana, the deputy elections supervisor, sent a letter outlining the local findings and a list of 12 foreign IP addresses to the state attorney’s office on Aug. 8, records show.

On Aug. 21, Thomas Haggerty, a prosecutor in the cyber crimes unit, noted that the IP addresses were foreign, registered in India and the United Kingdom.

“The person requesting these ballots is obviously using a software/service/proxy servers to mask their true IP address,” Haggerty wrote in an email to Johnette Hardiman, the prosecutor leading the review. “These are probably a dead end.”

In December, as the state attorney’s office prepared its grand-jury report on absentee ballots, prosecutor Tim VanderGiesen, who was not involved with the August inquiry, got back in touch with elections. It wasn’t until then — four months later — that elections IT staffers realized Pastrana had never sent the state attorney’s office three additional IP addresses, corresponding with the very first phantom requests from early July.

All three addresses were domestic — at least two of them in Miami, a quick search of online IP addresses shows. The location of the third U.S. address is unclear.

The delay in providing the addresses to prosecutors was an oversight, Vinock said. On Dec. 12, he emailed the addresses to VanderGiesen. But they appear to have been lost in the shuffle.

A month later, on Jan. 15, Jose Arrojo, head of the public corruption unit at the state attorney’s office, signed off on Hardiman’s four-paragraph memo closing the phantom-request inquiry . It contained no reference to domestic IP addresses.

The domestic IP addresses are now being examined, Ed Griffith, a state attorney’s office spokesman, said Friday.

Armed with the complete information, prosecutors can now follow up, using their subpoena power to obtain the users’ physical addresses from Internet service providers.

With the locations in hand, they might then be able to identify the hacker’s residence or business, or the public place, such as a library or Starbucks, that he or she used to take advantage of wireless Internet, said Steven Rambam, a New York-based private investigator with extensive experience in computer database and privacy issues. There, prosecutors could try to obtain surveillance video to identify the person online at the time the ballot requests came in.

“If it’s McDonald’s, McDonald’s routinely has video of their entire premises, inside and out,” said Rambam, who reviewed the IP address origins for The Miami Herald.

Even the foreign IP addresses were worth checking out, he added.

“I’ve picked up the phone as a private investigator doing these investigations and spoken to the security-and-abuse departments at the Internet service providers and gotten cooperation,” Rambam said .

The elections department also sent prosecutors a map of the voters targeted by the phantom requests. Though the department didn’t draw any conclusions from the map, it clearly illustrates that the voters were in three specific districts.

The Jan. 15 “close-out” memo makes no mention of the map, or of prosecutors following up with any political campaigns. “The map provided us with little useful information in tracking down the source of the computer attacks,” Griffith said.

Telltale pattern

The map showed that the first requests — the ones that originated from at least two Miami-area IP addresses on July 7 and 8 — targeted Miami-Dade voters in Congressional District 26, which stretches from Kendall to Key West. A little more than a week later, on July 16, the requests resumed — this time from foreign IP addresses — for voters in Florida House districts 103 and 112. They stopped on July 24.

District 103 extends from Doral to Miramar; District 112 from Little Havana to Key Biscayne.

The Herald analysis showed that, in the congressional district, 466 of 472 requests targeted Democrats. In House District 103, 864 of 871 requests targeted Republicans, as did 1,184 of 1,191 requests in House District 112.

Requests came in twice for nearly 500 voters, and three times for seven of them. The elections department doesn’t consider multiple requests suspicious, because voters are allowed to submit two ballot requests per election, in case the first ballot gets lost, for example.

Only a smattering of the total 2,046 voters were registered outside the three districts.

What alerted the elections department to trouble was how quickly the requests rolled in from the same IP addresses.

Jane Watson, president of Tallahassee-based VR Systems, which provides elections software to Miami-Dade and 52 other Florida counties, said the software flags suspicious activity, such as when five or more requests originate from a single IP address.

There are other safeguards, too. When a voter submits an absentee request online, Miami-Dade doesn’t automatically send a ballot. The request is reviewed by an elections department staffer, who must manually sign off on sending it.

The online ballot-request form requires voter information available on a public database of registered voters. It also asks for an email address — which doesn’t have to be real.

Most of the email addresses on the phantom requests were formulaic and clearly fake — the voter’s first name at AOL, Gmail or Yahoo, for example — but the email addresses on at least some of the early requests were accurate. That is significant, because while those addresses are not publicly available from the voter file, political campaigns routinely compile email addresses through other sources.

To submit an online ballot request, the voter must verify a series of skewed letters and numbers — an extra step intended to make automated requests more difficult.

“That’s a barrier, but I’m told that for someone who’s sophisticated enough as a programmer, they can get over that hurdle,” Watson acknowledged.

In the past, Watson said her company has brought in online security experts from Florida State University to test the software and look for loopholes.

But neither the county nor the software vendor have changed their programs or policies since the August primary, Watson and the elections department said. The reason: The existing procedures worked, they said. The phantom requests were caught.

No special skills

Creating a computer program to automatically fill online ballot requests using voter information is not difficult, said Rambam, the private investigator. Pre-written programs, known as scripts, are available online and easy for amateur hackers to modify.

With a little more skill, the hacker behind the phantom requests could have included computer code to keep the program from triggering the elections department’s safeguard, Rambam said.

Once the program has been set up, purposely obscuring its origins through foreign IP addresses is also inexpensive, he added.

“And that, of course, is the most frightening thing: that any moderately or even marginally skilled programmer could have done this,’’ Rambam said.

That’s why the grand jury recommended requiring at least a login and password for voters to submit absentee ballot requests, said Pankey, the group’s foreman. It was one of 23 recommendations proposed by the grand jury, convened after Deisy Cabrera and Sergio Robaina, two Hialeah absentee ballot brokers, known as boleteros, were arrested shortly before the primary last August and charged with voter fraud. Both have pleaded not guilty.

No county official has followed up on the online security recommendation, which, unlike other grand-jury proposals, could be addressed locally, Pankey said Friday.

“You can’t go to your bank account — you can’t go to anything that is secured — without putting in at least a name and a password,” he said.

“Why should the elections be any different?”

Read more here:


Anonymous said...

Apologize? How about, resign?

Anonymous said...

Where do the tracks end? Exactly who committed this act? Why did they do it? Who were they trying to help and/or hurt? Why didn't someone immediately follow-up to locate the hacker? Since a federal election was involved, could the Feds assist in the investigation? Could charges be brought in federal court? Is there any evidence that this was tried and was successful in other elections?

Anonymous said...

This is a very important situation as it strikes at the heart of our democracy, our election system. There could be a two-pronged investigatory track. Electronically, we should be able to trace it. Since we know the races involved, get sworn statements from the candidates and their campaign operatives. We cannot allow this to go without punishment. Otherwise, we are going to be wide open to these criminal acts in the future and our democracy will suffer accordingly.

Anonymous said...

Rundle protects politicians first and foremost.
It just doesn't make any sense why the behavior of her office is so weak. The governor needs to appoint a special prosecutor and bypass Rundle when it comes to elections and politics.

Geniusofdespair said...

This is a who-done-it: Care to speculate?

Geniusofdespair said...

Well I would:
This was a primary election.

The scam was against voters who normally would have NOT voted.
What would the campaigns have done with the ballots and how would they have gotten hold of them?

The elections dept. is very lax on signature checks so I don't think the campaigns were worried about signatures. Perhaps the campaigns have someone at the post office main branch or inside elections mail room. Do they travel by truck? Maybe a campaign has gotten to a truck driver.

1 unrelated campaign (Rivera's). Since there were 3 campaigns and the other 2 were Republicans, you have to assume this was a Republican tactic since Rivera was already up to tricks in the Democratic primary (Stenard). This was one more. And the other two were brothers, so I would assume they are somehow involved together.

Had the plot worked to get all the ballots sent then what?? That is the million dollar question. From the map it is hard to even guess unless there is an insider in distribution between the home and elections.

The voters would have never tried to vote so no one would have been wiser if the voters never saw the the ballots. Perfect crime. Signatures would have flushed least half of them at elections. The only wrinkle is the ballot itself. I can't imagine a few hundred Democrats getting a ballot in the mail and not calling elections to complain that they didn't order it. I think they were not meant to EVER get the ballot. Stealing them all from mailboxes would be quite a chore. As you can see, I am going nowhere.

I am left with more questions than answers.

Geniusofdespair said...

One more wrinkle...the elections sends letters if they find a signature problem, to ask you to renew your signature as it didn't flush through.

So that is an additional problem the bad ones would have encountered, but the letters would be sent AFTER the election. I just don't see how this scam would have been of benefit.

Anonymous said...

Well, we have to begin by thinking like them. Whoever did it has no respect or appreciation for democratic values, no honor for our democracy, no respect for the right to vote, no respect for the competency of the Elections Department, and no fear of being caught and being punished. There would be no consequences for their actions. Their only concern was winning.

Anonymous said...

Those close out memos always come out VERY slow. Why was the State Attorney in such a rush on this one?

Anonymous said...

There is no guarantee that the voters, if they got the ballots, would have voted for the right candidate no matter how much they were coaxed by a campaign worker. they would just as likely support the opponent. They were not meant to get the ballots. Joe Garcia was a shoe in. Maybe his campaign was stuck in there as a ringer.

Anonymous said...

Absentee ballots could have backfired on the candidate doing the deed. I agree the ballots would have to be intercepted to make this work. The campaigns are told by elections when they are being delivered to each neighborhood. Maybe they are following behing the mail carrier, but how do they know which ones to pick up?

Anonymous said...

Rundle will continue to hide behind excuses as long as this community will allow it.

Anonymous said...

Did the missing woman ever appear?

Anonymous said...

Herald is a pay site now. Can't read the entire article.

Anonymous said...

But to intercept the mail is a federal offense. While hacking into the system could be one person, intercepting the mail would involve more than one person -a conspiracy.

Geniusofdespair said...

Next to last: hit READ MORE

Anonymous said...

Pay the fee. Cheap ass.

Anonymous said...

Candidates buy lists of voter, that range 1 thru 5 (1 being the voter that never votes, and 5 being the one that votes on everything). It's almost impossible to walk and visit ALL voters, so candidates focus on 5,4 & 3 ratings. Whoever did this, was obviously trying a to get the 1 & 2s. How? They knew they would be receiving an absentee ballot, so they would go visit them and try to persuade them for their votes. Of course, not all of them would vote, but some would go ahead and feel sorry for the candidate and give them their vote. These candidates were hoping this would give them the edge on a close election. They still walked and robocalled the 5,4 & 3s, but if they could get a percentage of the 1 & 2s..... especially if thousands of them were mailed out (50,000) ...who knows.

Anonymous said...

Common denominator on all 3 is Ana Alliegro. Works for Rivera and had relationships with Adlp. The DLP gang are scum.

Anonymous said...

there is no question: this smells like the brainchild devious strategy of Alex DLP. The 2 red areas (as seen in The Herald) are Republican districts (Alex and Renier). The blue are is mostly Democrtatic, BUT also Rivera's area. I am sure he has lots to do with this too.

Anonymous said...

Anyone catch the latest? Commissioner Carollo paid
His mother in law over $88,000 thru a corp she founded solely for the purpose of his last election run. Must be nice to wash money with you I laws help. These politicians are so crooked !!! Saw tis on the crespogram report.

Ps. I agree once that wench Alliegro is caught the whole DLP gang and Rivera are going to be dressed in orange.

Anonymous said...

Every candidate denied knowledge of the fraud except three. Two no comments, and one can't be found. Is this the same De La Portilla who sponsored the voter suppression law, the one that reduced the early voting days and caused the long lines at the polls during the general election?

Anonymous said...

What about the Balarts? The former mayors sister and his primary Hialeah fundraiser worked the Alvarez campaign and the Balarts. Millie (who used to work for Lincoln) used her computer at the office and other people were unaccounted during the elections.

Anonymous said...

I remember reading something about a mail truck in the Rivera election, but my memory is fuzzy. At the time, I believe the focus was campaign literature.

Anonymous said...

Didn't the investigators have at least one local IP address? Did they follow up?

Rundle should hire the Chinese hackers to find out who is guilty.

Anonymous said...

Everyone is who is criticizing the State Attorney should ask themselves, "Did I vote for her in the last election?" And don't use the excuse that there was no real alternative. Bozo would be a better alternative, because he would be voted out of office in 4 years. On the other hand, she'll be there till death.

Mensa said...

AS long as Rundle is in charge of getting rid of the bad guys, no politician will have to worry. She has allowed major thieves to hold office and never get bothered. I know a bit about this business and she is the worst person to follow the law.

Anonymous said...

I believe the GOP will protect Rivera because of his ties to Rubio. Better get the Dems working on that one.

Anonymous said...

The Democrats really don't have to do anything except watch them self-destruct.

Anonymous said...

I agree with one of the above anons--Rundle protects her fellow politicians. Can someone explain how in the world Bovo's aide got caught with 100+ absentee ballots and did not get in trouble? Because she helped with the Robaina uncle's investigation? I'm not an attorney but that doesn't make any sense. Yet, those who gave the orders for these people to commit fraud did not get in trouble. Unbelievable! Only in Miami.

Anonymous said...

this one is simple - just from your blog and the HERALD anyone can put together the common thread - the de la P's - they think the rules don't apply to them and if they do - let's change them - and yes - Miguel was the sponsor of the voters suppression Bill - and A de la P worked for Gimenez's election - the common thread are their two House races - thankfully the voters were not conned or manipulated and Jose Javier Rod won and Manny Diaz Jr - two great House Members -