Paging the E-Voting Geek Squad!
Following public records requests in Riverside County, CA, the Election Defense Alliance has received a public copy of code used to program a recent election on an e-voting system made by Sequoia Voting Systems, Inc.
The result is a first-of-its kind public examination of such code, as now underway on a wiki page called the “Sequoia Voting System Study Project” which was created by the group this week.
“For the first time ever, the internal guts of a modern voting system will be publicly examined in a collaborative, open fashion,” the page explains before explaining that the code, prior to being released, was first given to Sequoia by Riverside County to strip out whatever they regarded as proprietary information.
“As near as we can tell,” the wiki page notes, “instead of stripping out proprietary stuff of any sort, Sequoia simply committed vandalism: they stripped the Microsoft SQL header data off the top, expecting that this would ruin access to the data under any possible database utility, making the contents unreadable.”
But according to project participant Jim March — a long time citizen e-voting watchdog and inveterate software geek — Sequoia didn’t succeed…
“We have Sequoia source code here, free and clear and legal to download, take apart and *openly* discuss,” he told The BRAD BLOG, “no NDAs, no arguments that it’s ‘stolen,’ no nothing. Sequoia gave it to us via public records, assuming they’d successfully sabotaged it. Ooops. Not well enough.”
We could tell ya more, but the real geeks actually interested and able to dig into this project can get far more over at the wiki site, so please have at it and let us know when you’ve made heads or tails of things so we can call for an arrest warrant for Sequoia company President Jack Blaine!
Blaine, who The BRAD BLOG readers may recall, is Sequoia’s CEO. As we reported in in what we considered to be an extremely explosive investigative report last year, we caught him on a company-wide conference call to employees — convened in response to another one of our exclusive investigative reports, which broke the news that the nearly-bankrupt company was on the verge of a hostile takeover by another voting machine company — admitting that his company doesn’t even own the intellectual property (IP) rights to their own voting systems as they have long been pretending.
Rather, those IP rights, for machines used across the U.S. electoral landscape, still belong to Smartmatic, a Venezuelan firm tied to Hugo Chavez. Sequoia had previously told federal investigators from the U.S. Treasury Department’s Committee on Foreign Investment in the United States (CFIUS) that they had divested the Venezuelan-based firm. But, they didn’t. They lied. And Blaine continues to lie to local election officials about it, as we detailed in our May 2008 exclusive which nobody in the corporate MSM subsequently bothered to cover.
Those machines and their secret software are still in use today, and now, after years of trying, may finally receive at least a partial examination from the public who is forced to use them in their own public elections.
hmmmmmmm… 🙂
And… while geeks “grok” the code…
Nobody is looking into the hardware at the doping level. Massive fail.
The voting systems themselves and the oversight process behind them at the federal and state levels is most definitely a fail.
But there’s a lot to be learned here. A whole lot.
For example: say you vote a write-in in one race. Anybody checking the database internally can, according to a couple of people who’ve looked at this so far (full confirmation needed!), figure out exactly who or what else you voted for, in every race. So if you use your own name as a write-in for a downticket race, you can sell your vote.
I don’t think that’s allowed, folks. Certainly worth knowing, eh?
And there’s much, much more.
With that said: it turns out I somehow screwed up the loading of the files on my machine, and so did at least one other person. Turns out the files were NOT vandalized by Sequoia and CAN be read as actual data in a database. That’s apparently the biggest mistake I made so far.
The problem with doing a totally public analysis like this is that my own warts can appear. So be it…especially where voting systems are concerned, public exams are the moral way to go. And at least I put the word “apparently” or the like right next to “vandalize”.
On the other hand, we do seem to be looking at an incompetent attempt to redact source code. Look at the data using Microsoft tools and yeah, it looks like they’re gone. More or less by accident, the source code reveal I pulled off was a lot like “un-erasing” files. In other words, you give a “delete” command, the computer doesn’t do so fully and the data can still be recovered.
That’s a bigger “oops” on Sequoia’s part than anything I’ve done :).
Want to bet that there aren’t 5 Supreme Court
justices who will say that “the attempt
equals the deed” and then rule that you are
illegally in possession of proprietary data
via, let’s say, a DMCA infringement?
Go ahead and bet… I need money for margarita mix, tequila, and salt & vinegar chips 🙂
http://www.voteinfo.net/docs/No...t_Of_Votes.pdf
page 55 shows moreno valley (in the totals) with 0 registered voters but 1 ballot cast
page 53 shows same @52337 moreno valley/3
this is what i call an “impossible number”,my working theory is an impossible number is a “tag” for an inaccurate command
I responded to a “proprietary software” comment on another site/different topic earlier. So I’ve had a little more time to think about it, other than my terse remark that went something like, “What are they hiding?” But there’s more to it than that. Any other software engineers out there? (Jim, you are, yes?)
First, the code you’re looking at here may not be the code running your election.
But more to the proprietary issue. Bottom line is even if you’re working with really complex systems, it’s much easier to start from the beginning and code your own stuff than it is to lift someone else’s code. Speaking of warts and wrinkles! It’s a lot easier to fix the one’s you know than to find and repair the other guys’. So all the proprietary hype, is just that. Hype.
Tech journalist David M. Williams at iTWire.com
investigated the recently released Sequoia database
and concluded that it was not vandalized and does
not contain “election control” code. See his
article at
http://www.itwire.com/content/v...8715/1141/1/2/
Does he have a good case?
Roy, from what I see from David M Williams @ iTWire.com you mentioned.
(by the way this is why I won’t even bother with this code, there’s much better people at finding such problems than myself)
anyway, Dave said this
“Within table VOTER we find records of voters but with such non-identifying fields as VOTER_ID, SERIAL_NUMBER and PRECINCT_ID. I can tell you that VOTER_ID 885 has SERIAL_NUMBER 41970 and is in PRECINCT_ID 594 but that doesn’t tell me who the person is or who they voted for, or even if they voted at all.”
And then goes on to kind of make it look like there’s no problem here.
But there is a problem dave, you said it yourself.
“that doesn’t tell me who the person is or who they voted for, or even if they voted at all.”
That my friend is a “broken chain of custody!” if it’s as you put it. And dave, on the hardware side, your going to find all electronic vote tabulation devices have this same underlying problem. In the case of hardware you can’t see the signal representing the vote. Or was dave physically present when the chips were doped? How does dave know no bad logic is inside each chip with it’s pretty little part number stamped on top? Unless you destroy every chip under an electron microscope and reverse engineer the results you wouldn’t know dave. Oh but the reality is all devices would then have to be destroyed for that to take place. Also notice finally dave, I specifically say, “electronic vote tabulation device” if it’s used to count votes it doesn’t matter what kind of ceramic, silicon, ttl, cmos, asic, whatever the hell they put in it. It’s irrelevant the arrangement of chips. Not even the power supply is monitored for anomalies. It’s because we can’t. Which means poll watchers can’t. No open source will help because of what it runs on which is invisible.
If I was a poll watcher the very first electronic vote tabulation device / machine I came across, I would have raised the issue and stuck to it on these points alone, until the machine was replaced with paper ballots which are physically watched by humans in an “unbroken chain of custody.” Physically seeing paper ballots humans can do, seeing electronic signals humans can not do. The software and firmware doesn’t matter in this light. I know OVC means well but they got to understand in the world of physics, code becomes irrelevant.
Phil,
Your argument for not depending on vote-tabulating equipment is sound (though I don’t agree we should be able to ascertain how any individual citizen voted).
However, that’s not what Dave was disputing. He was disputing whether there was any computer code in the database as released to the EDA.
But the point is now moot. Sequoia has now officially admitted that the database contained computer code, though not code for voting-machines. Here’s a quote from Sequoia’s statement, as reported at http://www.kesq.com/Global/story.asp?S=11357302
[Emphasis added.]
Does this leave Sequoia in the clear?
Not necessarily. Software of all types is subject to error. That includes the software that Sequoia mentions above. In particular, there have been reports of ballots laid out on a computer that were laid out incorrectly, and other reports of votes being accumulated incorrectly. Admittedly, operator error was the commonly reported cause of these problems. But can anyone claim that this type of software has always been without flaws, detected or as yet undetected?
So the code fragments in the EDA’s possession may still be worthy of study, even if they don’t control voting machines.
Not exactly. I’m more a sysadmin sort of geek and somewhat out of date unless we’re talking about recent Linux desktop setups.
Jim March, technically I have the data book collection of a “hardware engineer” while my asm skills are in fact rusty now. It still doesn’t change the basic concepts of how a chip is manufactured and how signals effect the chip. While it just takes me forever (literally) to program such devices. It doesn’t change the knowledge burned into my brain.
Roy Lipscomb said,
“I don’t agree we should be able to ascertain how any individual citizen voted).”
I agree Roy. It’s called transparency. Did I say we should show such data? My bad. I didn’t mean to say that. I guess I really am burned out.
If you look really carefully at what “I have been saying for years now”, the only one who SHOULD know is the voter. “Voter Validated”
But with the use of electronic signals through a plethora of unknown silicone logic the voter can NEVER know what his own vote was. Or if it even was counted. “Broken Chain of Custody”
With paper ballots, the voter can watch the “metal box” he dropped his ballot into.
So I think we are on the same page here. But since I been typing this so many times since 2004 I have become sloppy in explaining it.
I’m burned out frankly. Outlawing electronic vote tabulation devices should be a no brainer, but it continues because it’s too technical for average folk to understand, and it’s exploitable by those in the know.
Phil,
No need to apologize. As it turns out, it was my bad. My disagreement was targeting the quote in comment 8, beginning “Within table VOTER…” I mistakenly attributed that quote to you, instead of its true author, Dave Williams. Sorry for the confusion!
Take a look at this ….A Censored Headline and why it Matters: German High Court Outlaws Electronic Voting
Remarkably useful information….