Help Black Box Voting Examine ES&S Software

Gottesser writes, "Bev Harris of Black Box Voting has asked for the help of the Slashdot community. She would like people to take a look at ES&S's central tabulator software and start reporting on their impressions of it. This is a past release of the software but it is similar to the applications in production. Sorry, no source code." Read on for Bev's request and pointers to the code repositories. Update 23:38 GMT by SM Bev has confirmed that blackbox1.org is indeed owned by BlackBoxVoting making both a comment in the discussion and a post on the front page of blackboxvoting.org to help assuage reader fear/doubt.

From Bev:

"ES&S 'Unity' central tabulator software.

Software stash: three zip files --
http://www.blackbox1.org/ems.zip
http://www.blackbox1.org/un5.zip
http://www.blackbox1.org/Unity.zip

User Manuals for ES&S software can be found here:
http://www.bbvforum s.org/forums/messages/2197/2864.html

This is the ES&S central tabulator software, the ES&S counterpart to the Diebold GEMS central tabulator software. No source code, sorry, and no software for the precinct machines. This is reportedly one generation back, but from what I'm told has significant similarities to the new stuff. I would appreciate it if you can provide me with feedback on your impressions after looking at it. You may want to Slashdot it or whatever.

Best,

Bev Harris
Founder
Black Box Voting

I won't ask...

[Grakun]

I won't ask where this came from...

Re:I won't ask...

[Volante3192]

From what I can tell... blackbox1.org.

That's good enough for me!

Re:I won't ask...

I wonder if the story is legitimate. The domain is "blackbox1.org"... but shouldn't it be "blackboxvoting.org"? Is this story a scam?

I don't see any mention of this on the real blackboxvoting.org site, and blackbox1.org was just registered anonymously a month ago through "Domains by Proxy".

Could this be an attempt to infect thousands of Slashdot users with a trojan? Seems odd to have these binary downloads from an unknown server, with no official attestation... even the user who submitted the story, Gottesser, was created recently and has no real info in the profile.

Re:I won't ask...

[Spunkee]

Agreed. This is a bullshit story. Way to go Slashdot!

Re:I won't ask...

[mackyrae]

99% of /. is using Linux. Only 1% will be affected.

Re:I won't ask...

[From+A+Far+Away+Land]

It's fine to demonstrate to government officials why they are being defrauded by companies into accepting electronic voting and tabulation. It's a bit of a red herring though, because the issue would be moot if we demonstrated to electors and elections officials how insane it is to rely on invisible bits to decide elections when the pencil and paper method is extremely hard to corrupt in a First World country like the USA.

I commend Slashdot's earlier efforts on defeating Diebold. Now we have to take this information to the people who have the power to just say no to elecronic voting. And those people don't appear to be the millions of minority-race, elderly, and average electors who are disenfranchised by them.

Re:I won't ask...

[Frosty+Piss]

For what it's worth (not much), both blackbox1.org and blackboxvoting.org are hosted at Rackspace...

Re:I won't ask...

[chis101]

99% may claim to use Linux, but I guarantee you that 99% is not even close to the true figure.

Re:I won't ask...

I looked a little more, and found more strange information:

blackboxvoting.org = 72.3.135.10
(That ip address reverse resolves to blackboxvoting.org, which is expected.)

blackbox1.org = 72.32.2.234
(That ip address reverse resolves to floridawebmasters.com....)

Checking the floridawebmasters.com site, there's not any useful information. It's either in development, or a scam site placeholder. Maybe the reverse resolution is broken because someone forgot to update the records, or maybe the server was hacked and is just being used to host the files. Or maybe the files are being hosted on an account from digitaleel.com, which seems to have the same owner as floridawebmasters.com.

Re:I won't ask...

Uh, it's called a joke, and it just flew over your head.

Re:I won't ask...

[dieth]

Use Linux to Run VMWare To Run Windows To Run Internet Explorer 7 to Post on Slashdot Press the Magic "revert" button and all the badness goes away.

Re:I won't ask...

[mackyrae]

Thank you. Someone gets it.

Re:I won't ask...

[emilzug]

What a bunch of fuck heads you are. You have to see the documentary Hacking Democracy. It was on the net last week. Bev is the main person, it's about how Deibold stole the elections. It's an amazing true documented thing. See the documentary first, then help if you can. Stop your attacks on someone that really needs help.

Re:I won't ask...

[Flendon]

It was on the net last week.

This is still available on the HBO site and is titled Hacking Democracy. You can also lookup the schedule for when it will air on TV again. Excellent movie which shows lies told by Diebold and an actual hack of one of their boxes. It can occasionally be found on Google video in a higher resolution, but the link I had is now dead.

bahaha

[thejrwr]

real smart, i hope his serves can handle the slashdot effect of huge PDFs being downloaded 1 million times

Don't bother

[jrivar59]

I would argue that examining this software is counter productive, and not a good use of resources.

The fact that it is closed and "secret" is offensive enough on its own to protest for change. If democratic election is not the most obvious case for open source (and open hardware), then nothing is.

Re:Don't bother

[CastrTroy]

How does open source software help voting machines anyway. I mean, how do you prove that the code that's released and analyzed is actually the code loaded onto the thousands (or more) of voting machines around the country? There's too little transparency with computerized voting. I don't care how many people have verified the code is secure, because nobody will be verifying that the code on every voting machine is the code it's supposed to be. It's much easier to just use hand counted paper ballots.

Re:Don't bother

[Chris+Burke]

True, and I'll go further. Trying to examine the software for flaws makes it sound as though evident flaws in the software are the problem with the current crop of voting machines. They are not. The problem with the current crop of voting machines is that they do not produce a paper ballot that is the actual counted ballot.

Software is an illusion. You, as in a non-employee of an electronic voting firm, will never be able to prove that whatever software you audit and trust is actually running on the machine. You will never be able to guarantee that there isn't malicious code in the machine. You will never be able to prove it has no bugs. You will never be able to prove that it actually stored your vote in its internal memory exactly as you recorded it.

However, you can be sure that a printed ballot has correctly recorded your vote, because you can read it.

Give me a printed paper ballot, and I won't need to check the software for bugs. If it prints my ballot correctly, it's good enough. If it screws up, it's buggy. That easy.

Re:Don't bother

[SkunkPussy]

If you know the source code of the software (including build options etc), and the compiler/linker versions that have been used to build it, it will be possible to prove whether or not the binary code on the machine was generated from the source code in front of you.
To be more precise, you will be able to prove that the source code in front of you combined with those compiler/linker options generates the same binaries as exist on the machine. If your compilation does not generate the exact same binaries, then someone has some explaining to do.
This is the advantage of OSS voting code - it allows independent verification of the process without requiring a huge amount of trust to be invested in any stage of the process.

Re:Don't bother

[Aceticon]

I would argue that examining this software is counter productive, and not a good use of resources.

The fact that it is closed and "secret" is offensive enough on its own to protest for change. If democratic election is not the most obvious case for open source (and open hardware), then nothing is.

Agreed - this is very much a case of a social problem, not a technical problem.

Either the source code should be open sourced or the source code should be checked by and independent, technical-savy third party.

Throwing enormous amounts of manhours into first understanding how the hardware works (yes, you first have to read the docs on the hardware just to figure out the CPU used, not to mention the peripherals - and i even haven't checked if enough info is available on things such as where in the I/O addressing space is each peripheral) and then disassembling and understanding low level assembly code of one specific version of the program (and of the hardware itself) is an enormous waste of time.

Even if somebody does find out something fishy, the manufacturer can always claim it was a bug and they fixed it already in a newer version. What would you do then, get some slashdoters spending a lot of time again examining the new version????

Still, this being /. there probably is some nutter^W^W^W^W^W^Wperson out there with a knowledge of embedded systems and assembly, an irrisitible urge to tackle impossible challenges and enough time on his/her hands to do it - just don't expect any sort of timelly response or good documentation ;)

Re:Don't bother

[daveschroeder]

Why aren't we simply fighting for a permanent voter-verified paper trail, instead of always saddling every e-voting initiative with demands that EVERYTHING, hardware and software, be open source?

Don't get me wrong: I'm not saying it's not a good idea.

What I'm saying is this: since, even if recounts must be requested every time, a permanent voter-verified paper trail (and a true comprehensive system with regular audits and comparisons between paper vote counts and tabulations) solves almost everything, why are we instead trying to essentially unseat established, commercial enterprise e-voting vendors?

Wouldn't a more productive approach be to simply get a paper trail into place, since even an open source system is almost as worthless without one?

Keep in mind, too, that an open source system still needs to go through complex certification processes and code freezing just like the commercial products do. Even though the commercial products aren't "open source", the certification process allows for the necessary level of inspections by election agencies and external entities. The problem was the certification procedures being routinely ignored or bypassed for convenience, something that can just as easily happen with an "open source" solution.

The problem is that doing an electronic, anonymous, secret ballot that also exists in a system that attempts to enforce one-vote-per-person, combined with all the complexities and vagaries of local municipal and county systems is a lot harder than doing a vertically integrated system for one corporate customer (such as a bank).

Keep in mind, too, that much of the legislation (such as the Help America Vote Act) that essentially mandated e-voting in the hopes of ensuring uniform access to modern voting equipment was done in response to complaints about unfairness and inconsistency with manual systems in the 2000 elections, and not just in Florida. The one critical error was not explicitly recognizing that an electronic secret ballot is a hard thing to do, even without corruption, fraud, and incompetence, and a paper trail wasn't specifically mandated. And no, that wasn't by design. It was an error of omission.

Now, states, counties and municipalities have had to shell out hundreds of thousands, and sometimes millions, more dollars to add and retrofit certified paper trail functionality to existing systems (which, indeed, many are doing). But all e-voting vendors offer it. It just costs a lot of money.

So instead of trying to push out enterprise vendors with multi-million dollar contracts (which is essentially what demanding "all open source" would do, since no commercial vendor is going to open up ALL of their software and hardware code and designs), why not just work to get a permanent voter-verified paper trail in place in as many places as possible as soon as possible, perhaps even mandating it via legislation, since that will be required no matter what system is implemented?

What's more important: the egos of the people who have a vendetta against Diebold, Sequoia, and ES&S, or actually getting a mechanism into place as quickly as possible that guarantees votes will be accurately cast and counted (and at a minimum immediately shows if there is a problem? (And yes, I DO expect the burden of actually looking at the piece of paper to verify that it's correct to fall on the person who is voting.)

Re:Don't bother

[Smidge204]

But would you be able to prove that the binary that is actually being used is the one made from the public source? You could even install the software yourself but that doesn't mean someone can't sneak in their own version and hide it.

That's what the parent was saying - can you guarantee that the public source code is actually used at the time the votes are tallied? Verifying binaries is not enough.
=Smidge=

Re:Don't bother

[lcde]

Contact your representative and support the Paper Ballot Act of 2006.

Requires the use of paper ballots for Presidential races.

Re:Don't bother

[kimgkimg]

For those of you who don't know what the issues are with these voting machines (and more importantly, the voting machine companies.) Take a look at the HBO documentary: Hacking Democracy. http://www.hbo.com/docs/programs/hackingdemocracy/ index.html It's also apparently available to be viewed on Google video: http://video.google.com/videoplay?docid=-723679120 7107726851

Re:Don't bother

[CastrTroy]

My sibling poster seems to have gotten the point. You can verify 1 executable, but you can't verify all the executables, on all the voting machines. This is a significant problem, because someone has physical access to those machines. Think about game consoles. We've all seen what happens when you put a mod chip in a unit that was once thought only to run specific signed software. The point is, is that you can get these voting machines to run any software you like, and there's nothing guaranteeing you that when you walk up to that machine on election day, that it will be running the correct software.

Re:Don't bother

[broller]

Give me a printed paper ballot, and I won't need to check the software for bugs. If it prints my ballot correctly, it's good enough. If it screws up, it's buggy. That easy.

That's not exactly true. I could create a machine that prints a ballot that shows whatever voting choices you made, and internally it records whatever voting choices that I made. The "Hacking Democracy" documentary about Black Box Voting shows that it is already possible to change votes in the machine while printing a paper summary that looks legit (with different results).

Re:Don't bother

[Chris+Burke]

From my first post, emphasis added: The problem with the current crop of voting machines is that they do not produce a paper ballot that is the actual counted ballot.

I'm not talking about a paper summary, I'm talking about a paper ballot.

That's the point. You can do whatever the hell you want inside the machine, perform whatever trickery you want, but if it prints a ballot with the choices I made on it, then that is all that matters and your trickery was for naught.

Anticipating the next question of "why electronic voting at all then?", the answer is the same reason we moved to it in the first place: preventing poorly formatted ballots from causing invalid votes, and for accessibility reasons.

Re:Don't bother

[geoffspear]

GP said: The problem with the current crop of voting machines is that they do not produce a paper ballot that is the actual counted ballot.

If they count the paper ballots, it doesn't matter what the machine is recording internally.

I'd go so far as to say that it might be enough to just count some of the paper ballots, at random, to make sure they match what the electronic records say they should. If not, recount all of the paper and throw out the electronic records. And start indicting (and/or summarily executing; your standards for how draconian society should be over blatant manipulation of voting should be may vary) executives from voting machine companies.

Re:Don't bother

So you save the voter-verified printed ballots in a traditional ballot box, and if anything looks fishy, THOSE are manually recounted. Better yet, a small number of precincts are randomly selected for a manual recount in any case.

Re:Don't bother

[geoffspear]

Wow. Looking into that bill on Thomas, I found a ton of other bills titled something to the effect (like the one you reference above) of "To amend the Help America Vote Act to require voter-verified paper ballots and for other purposes", one of which, HR 939, was last seen when it was being referred to the subcommittee on Crime, Terrorism, and Homeland Security. I didn't read the full text of the legislation, but from the summary it had nothing to do with any of those 3 things. Was this a message from the leadership of the committee that anyone who wants to reform elections is a terrorist?

Re:Don't bother

[Chris+Burke]

If you know the source code of the software (including build options etc), and the compiler/linker versions that have been used to build it, it will be possible to prove whether or not the binary code on the machine was generated from the source code in front of you.

No, you cannot prove it, because you cannot know that the software/hardware isn't lying to you. It's like a rootkit, designed to fool you into thinking everything is normal while simultaneously subverting the machine. It's only even conceivable to do this with some kind of Trusted Computing platform, but there's the rub -- when it is you the user who does not trust the manufacturer, how do you know that the Trusted Computing encryption chip isn't similarly designed to lie to you?

OSS is nice, but it does not solve the fundamental problem. Until we solve that fundamental problem, lobbying for open source is counter-productive. It will be a more difficult fight, and it won't fix anything. The real fight is for paper ballots. Once we know the machine is working right because it prints our ballots correctly, then we can worry about the source code if there is still a reason to.

Re:Don't bother

[Bent+Mind]

Why aren't we simply fighting for a permanent voter-verified paper trail,
I completely agree.

So instead of trying to push out enterprise vendors with multi-million dollar contracts (which is essentially what demanding "all open source" would do, since no commercial vendor is going to open up ALL of their software and hardware code and designs),
This part I don't understand. How would requiring open source software in such a small niche market push enterprise vendors out? Patent and copyright still protect those designs. I suppose someone could adapt the software to run on a PDA. However, I can't imagine an election office using this setup.

To me, I trust voting with a device I can see. I inherently distrust magic black boxes (or grey as I recall the Diebold boxes being). I don't see how publishing the source would prevent commercial sales.

Re:Don't bother

[bheading]

What I'm saying is this: since, even if recounts must be requested every time, a permanent voter-verified paper trail (and a true comprehensive system with regular audits and comparisons between paper vote counts and tabulations) solves almost everything, why are we instead trying to essentially unseat established, commercial enterprise e-voting vendors?

You guys are totally missing the point.

Why would anyone ask for a recount ? Two reasons :

(a) the vote is really close and people feel there might have been an error. (with electronic voting this should not happen, no two recounts will generate different results. If they do, something REALLY weird is going on ..

(b) A number of people feel that their vote was not recorded correctly.

Consider case B. On an electronic voting system, where votes are recorded anonymously, how can you prove that the vote recorded matches the vote that was actually cast ?

Re:Don't bother

[DragonWriter]

Why aren't we simply fighting for a permanent voter-verified paper trail, instead of always saddling every e-voting initiative with demands that EVERYTHING, hardware and software, be open source?

Instead implies that the people seeking open solutions are not seeking voter verified trails. While I've met people concerned about voter-verified paper trails that are not concerned with open solutions, I've never met anyone who goes the other way, so I think you are misunderstanding the problem.

We're seeking "reliable, trustworthy elections".

Voter verified paper trails are an essential component of that.

Open hardware specifications and open (in the publicly disclosed sense, at least) source code are also an essential component of that.

What I'm saying is this: since, even if recounts must be requested every time, a permanent voter-verified paper trail (and a true comprehensive system with regular audits and comparisons between paper vote counts and tabulations) solves almost everything, why are we instead trying to essentially unseat established, commercial enterprise e-voting vendors?

Recounts generally aren't authorized in all cases, but only in cases that are extremely close or specified partial verification procedures suggest problems. And recounts are expensive. Voter verified paper trails do not, in and of themselves, solve all problems.

Even though the commercial products aren't "open source", the certification process allows for the necessary level of inspections by election agencies and external entities.

That's disputable, but in part irrelevant. The point is not to have an election that the secretary of state can trust, but one that is to the greatest extent possible independently verifiable and can be held to be trustworthy with justification by the public at large. The certification procedures did not, in many cases, check the kind of security they should have, an open solutions rather than secret ones could not have concealed many of the flaws that survived through certification.

The problem was the certification procedures being routinely ignored or bypassed for convenience, something that can just as easily happen with an "open source" solution.

That's part of the problem, of course, and isn't solved by open source (although the financial incentive to let it slide because agencies have sunk millions into machines that no other vendor can support, OTOH, is removed by open solutions, if the policy is done right.)

Re:Don't bother

[letxa2000]

The MD5 of the binary being used must be somehow used as a key to encode the votes. The encrypted vote would be delivered to the election center and the voter would receive a printout with the same encrypted vote (along with plain-English if you'd like) and the voter could go home and, if he was so compelled, type in the monster-long encoded vote into the central election website to verify that the right version of the software was being used and also to verify his encrypted vote matches the English-printed version of his vote which he would presumably have verified against what he meant before he left the machine.

Also, any solution should not use an Operating System, be it Windows or Linux. There's way too much stuff in the OS that would also have to be verified in the same way; if the right binary is running but the wrong version of the OS, there's all kinds of opportunity for bad stuff there. Any voting system should be microcontroller-based and there's no reason why it couldn't be written in less than 64k with the entire program being in a single 64k flash/ROM. With microcontrollers with no OS, you are truly looking at ALL of the code. Any OS-based voting system is, in my opinion, far too complex to be trustworthy and far too easy to modify for fraud.

Re:Don't bother

[kevinadi]

lobbying for open source is counter-productive.

Not to mention dangerous. You can't really prove that the source code is used to generate the executable, but they can argue that the source is perfectly fine and lie about the executable. More vote mangling can happen that's cannot be proven. It'll be disastrous.

Re:Don't bother

[Chris+Burke]

Yeah, good point, all the people asking for source shows that if they get source they'll think they're okay. Ugh. Let's kill this stupid idea.

Re:Don't bother

it will be possible to prove whether or not the binary code on the machine was generated from the source code in front of you.

Never met a root-kit, have you? You can't prove that any software is running on a machine. You can ask it "hey are you running X," and it can say "Yep." You can say "I don't believe you, show me the version." "Legit Code v1.00p" "Show me the hash." "FFE3-D87A-8910-B4C5"

All the while, it is running some other code and has been programmed to show you the legitimate code when you ask it questions about what it's running. Maybe it even has the legit code running inside a virtual machine so that it can answer any question that you ask correctly and pass any "testing" that you run. It just does all the fraudulent tabulations and reporting in another VM that isn't activated until someone enters "execute code orange" as their write-in candidate.

You cannot see what is happening in the machine. You can only access its input/output routines, and they can be subverted by the firmware, a root-kit, a trojan, a VMM, or any other scheme.

The only way to have secure voting is though a voter-verified paper ballot.

Re:Don't bother

[kbielefe]

You forgot the most common reason for requesting a recount:

(c) A number of people feel that the majority voted incorrectly.

On an electronic voting system, where votes are recorded anonymously, how can you prove that the vote recorded matches the vote that was actually cast?

I'd like to see a random serial number displayed on the screen that you can use to look up your vote in the official results later. It's still anonymous because you can't prove that you're voter #960 in precinct 304, for example, and you can't prove anything if there is a discrepancy, but at least you could have confidence if it was recorded correctly, and prompt an audit if it wasn't.

Re:Don't bother

[mrogers]

If the machine used commodity hardware, you could be fairly confident that the correct software was running by verifying the disk image before and after the election. Hardware tampering would still be possible, but surely it would be harder to carry out and easier to detect than software tampering?

Re:Don't bother

[SkunkPussy]

The MD5 of the binary being used must be somehow used as a key to encode the votes.

Despite my position above, how are you going to prevent a malicious binary using the MD5 of the correct binary to encode the votes?

Re:Don't bother

[SkunkPussy]

Yes - let's just use mechanical systems where the weaknesses are well understood. Fcuking politicians should never advocate technological solutions to problems as by and large they don't have a fcuking clue.

Re:Don't bother

[letxa2000]

This is more of a hardware design issue than software and, as I said, this entire voting project is a job for OS-less microcontrollers, not Linux or Windows.

The operating program would run on one microcontroller; this is the program that would drive the touch-screen, present options, etc. The electronic result of a vote would be sent via a serial bus to an 'encrypting microcontroller.' At that time, the operating program's microcontroller would be stopped (clock turned off) and the encrypting microcontroller would actually go out and read the entire program that is being run on the operational microcontroller and use that as the key to encrypt the vote data it just received. This encrypted data would then be sent to the database and also printed out in encrypted and English-readable form for the voter to verify.

To prevent fraud, the encrypting microcontroller would just be protected with that material you can put over ICs on a circuit board that makes it impossible to even see the IC and you can't get to the IC without totally destroying the material on top of it. That is to say, the encypting microcontroller could not even be seen (let alone changed) without completely mangling the circuit board.

The program running on the voting machine could be stored in flash memory and modified, but those modifications would be apparent to the encrypting microcontroller and all votes generated by the corrupt machine would not be decodable as a valid vote.

Re:Don't bother

[SkunkPussy]

so how do you verify that the code on the encrypting microcontroller is the correct code? do you remove the microcontroller after the election and e.g. examine it with a Scanning Tunnellign Microscope to verify that it contains the appropriate circuitry and EPROM code thus destroying each voting machine?

Surely any vulnerabilities you could have with the operating microcontroller could also be present in the encrypting microcontroller?

Re:Don't bother

Why a fucking paper TRAIL?
Your a fucking shill! Or a retard.

The only reason for wanting VVPT can be, you still want to electronically fuck with the vote tabulations, meanwhile leaving the paper uncounted.
The PAPER WILL NEVER BE COUNTED in this scenario! DO YOU FUCKING HEAR ME? NEVER! And the electronic signal is invisible, so in effect you have denied me the right to vote, because my vote can no longer be validated.

WHAT WE NEED HERE IS
PAPER BALLOTS, PUBLICALLY HAND COUNTED, IN THE LIGHT OF THE DAY.

Now if you want to use electronics to PRINT that mother fucking paper ballot to BE publically hand counted manually.
I could probably go for that. It would help the folks that need to vote using a tube in the mouth.

As long as your not mixing up what I say, and trying to count electronically. That is where it us FUCKED UP is when you COUNT ELECTRONICALLY!
Basically we are talking a PRINTER.

electronics should not been introduced to our elections, when paper is the only thing that can be validated in the first place! Now judges instead of voters are deciding candidates! THIS IS AN UNCONSTITUTIONAL FUCKING OUTRAGE! CALL TO ARMS! how do you fucking know a terrorist didn't fuck with the digitized data? Or create the electronics? Some parts come from fucking CHINA~!! MOTHERFUCKER!

So a big FUCK YOU for suggesting Voter Verified Paper TRAIL -- FUCK A TRAIL!
I don't want to TRACK DOWN my vote, I want to COUNT my vote.
Open source, Closed source. It don't fucking matter! IT'S ELECTRONIC, IT'S INVISIBLE!

God Damn it!!!
I want the CONSTITUTION restored!
I want my RIGHT TO VOTE restored!

You can take all the rest of your fucking bullshit with you on your DRAFTED BY SELECTIVE SERVICE way to IRAQ!

I want a PAPER BALLOT COUNTED PUBLICALLY HAND COUNTED. PERIOD.

Is this legal?

[ubersonic]

I'm really wondering how legal it is to post commercial software to the web.

As far as I know this executables are copyrighted and someone will get into a lot of troubles for posting them.

Also note, why is this blackbox1.org and not blackboxvoting.org?

Re:Is this legal?

ems.zip
fhill503.rpt
Well it looks like it came from deep in the heart of TEXAS!

GENERAL ELECTION OF OFFICIALS RPT0010 000033 CITY OF FOREST HILL, TEXAS MAY 3, 2003 123BALLOTS COUNTED - TOTAL RMAYOR RPT0030 000214JAMES L. GOSEY 000314MALINDA MILLER RPT0040001001000600482005000022COUNCILMEMBER, PLACE 4 000618GLADYS M. HARDEMAN RPT0050 000708WRITE-IN

Re:Is this legal?

[pegr]

As far as I know this executables are copyrighted and someone will get into a lot of troubles for posting them.
 
I download copyrighted software from the web all the time. Most recently, it was the Fedora linux distro and that contains copyrighted code from thousands of copyright holders!
 
As for this particular bit of code, I'd say a strong defense is "compelling public interest". It's not like the copyright holder can demonstrate damages (like we could use the code to sell voting machines...). On the other hand, bogus code could be very damaging to the copyright holder, but then that just reenforces the compelling public interest now doesn't it!

Re:Open that source up!

BlackBox is concerned with the closed nature of electronic voting systems. The software linked to is not created by BlackBox. They are non-technical people concerned with the state of eVoting in the US. They are trying to get technical people to look at some of the code and show it for the crap that it probably is.

Re:Open that source up!

[UdoKeir]

Umm, this isn't BlackBox's software. BlackBox.org don't make voting machines. If anything, they oppose them.

Legit?

[Khammurabi]

Please say someone at Slashdot verified this post with the people at Blackbox voting, and didn't unwittingly just fall for someone's email or post to get the organization in trouble.

Re:Legit?

[mzs]

It is hard to tell for sure since blackbox1 and bbvforums are both using Domains by Proxy. It is possible that someone else registered blackbox1 using DomainsByProxy for the whois info. There are links from blackboxvoting to bbvforums, but o links to blackbox1.

Re:Open that source up!

[FunWithKnives]

If BlackBox is worried about people saving a list of exploits for a zero-day attack they can put their software through a strict accreditation process before they reveal their final release.

Actually, BlackBoxVoting.org is an organization that is fighting for change in electronic voting systems. ES&S is the company in question. I agree with what you're saying, but I think you got a little mixed up there. :P

Mod parent up.

[CyberVenom]

There is something odd going on here.
blackboxvoting.org is indeed registered to Bev Harris, but blackbox1.org is registered to "Registration Private" by "Domains by Proxy".

Re:Mod parent up.

Domains by Proxy is a shady service offered by GoDaddy to subvert the intent of the ICANN rules regarding domain registration. Surprising that ICANN allows it and makes one wonder how certain companies obtain such loophole$.

Re:Mod parent up.

[entrylevel]

I disagree, AC. Domains by proxy is a good service designed to prevent insane idiots from coming to your home address and beating your face in because they disagree with your blog. Basically it is a virtual P.O. box. If you want the real contact info, call or write the proxy in the whois record, and once the real contact gives permission, you'll get the real contact info.

Also, there is now a post on http://www.blackboxvoting.org/ stating that these files are actually posted by them, and on a different server to avoid a slashdotting.

Re:Dont Help BBV

[Nasarius]

DemocratUnderground

Ah, another Republican so bumfuzzled by the English language that they don't understand the difference between an adjective and a noun. Can't you at least get the proper name of a website right?

Is this the real software?

[parvenu74]

Is this the software that was programmed by ES&S for their machine or is this the code that was inserted onto the machines by the hired hackers of the evil, election stealing politicians, as demonstrated on HBO? I've got to know these things...

Re:Open that source up!

[wiz31337]

Actually, I subconsciously knew that, I was just frantically typing to get first post. I got caught up in the heat of the moment. Sorry fellow /.'ers. I meant to say ES&S not BlackBox, my bad.

No source code, sorry

[syntap]

How does one reliably examine software without the source code? Why would anyone bother spending time on this? What, we're supposed to look at an executable and say "yeah, looks like things can't be faked, hacked, or misinterpreted"?

Re:No source code, sorry

[skids]

...with a dissasembler.

Yes, it's work what she's asking for.

Re:No source code, sorry

Nobody said reverse-engineering was easy, young grasshopper.

Re:No source code, sorry

[Daniel+Boisvert]

How does one reliably examine software without the source code?

I haven't looked at any of this sort of thing in awhile, but the easiest way used to be to disassemble it into assembly and read that. It's not /that/ obscure a skill. Folks in the security community use similar methods for analyzing worm/virus code pretty regularly.

The last time I looked, I seem to remember some folks working on decompilers that would produce higher-level languages (mostly C, that I recall), but have no idea if anybody ever got 'em working well.

Re:No source code, sorry

[Chris+Burke]

The last time I looked, I seem to remember some folks working on decompilers that would produce higher-level languages (mostly C, that I recall), but have no idea if anybody ever got 'em working well.

It's been about five years since I touched one, but they work well enough. They do a fine job of identifying basic blocks, variables, and functions, and produce code that can be fed back into a compiler. The big problem is that it's still largely unreadable because it doesn't have any of the conceptual meaning conveyed by the original code -- i.e. descriptive function/variable names.

Re:No source code, sorry

[Daniel+Boisvert]

That's good to know--thank you for the update. :)

Re:No source code, sorry

[Unnngh!]

You don't need the source code, don't even need a disassembler. I know that it would take me the better part of the next two months to get a grip on the assembly behind a windows app. Having the source code would be a different story.

The first thing you want to do is figure out, broadly, what it's supposed to do. Install the software. Get it running. Look over the buttons and menu options. Look over the manual. Next I'd start examining the likely inputs and outputs. What data gets fed into the software? What does it output? What does it store? How does it store it? It may be worthwhile to find an external way to read the datastore (e.g. opening an access database in access) or that may come later.

Now that you have an idea of how the software works, start examining how it handles inputs of different types. What are the expected inputs? Does it handle those properly? What are some unexpected inputs that are still input-able by the UI? What are some unexpected inputs that would not be possible or likely through the UI, i.e. a deliberately or intentionally corrupted input file or stream. Can you inject arbitrary values into the software where there should be none? Can you get the software to perform unexpected operations by manipulating the input? Attack the UI deliberately, perform operations in unexpected sequences, etc.

During this process I guarantee that you will make the application break somewhere, if you're creative enough. Now you want to take the unexpected behavior that you caused and find some way to exploit it. In this case, one must ask, is there some way to manipulate the vote count through exploitation of the defect in the code? Better yet, is there some way to accomplish this manipulation strictly through the UI that generated the input? Or at least, with minimal rights to the aggregated input data, in this case? Can you make the software change the count through manipulating the UI of the counting application?

Coders fall into routines and often repeat the same mistakes over and over. If you find one type of defect (e.g. SQL injection vulnerability), chances are you will find others like it. If they miss proper RI checking in one place, chances are they do so in others. You start to get a feel for how the program works and how it breaks. If you have written enough code of a similar nature, after a few hours or days of fooling around, you will probably have a very good idea of how the application is organized and even have an inkling of the code that went behind it without ever seeing a line of source or assembly.

It was software made for profit in a closed-source environment, so they did not disclose or fix all the bugs they found during test. That's the way of closed source, proprietary software. They presumably fixed larger crashes and glaring problems but left the smaller stuff alone in the interest of adding features and meeting deadlines. These smaller issues and poor design decisions will make up the weaknesses in the code that can ultimately be exploited for fun and profit.

Re:No source code, sorry

Using Ztree
from the ess.zip
C:\bbv\ess\ems\A

9C0110C011C012C013C014C015C016C017C018C019C0120C01 1C012C013C014C01FPOL 1RO 1SEQ 1PR 1G000101H0001A1TARRANT COUNTY, TEXAS
3PEBTXMAVOTE FORSPRSMART PACK RDRPROPROPOSITIONSEQPACK SEQUENCEPOLPOLL NUMBERCTYCITY TAX IDA2-1**!We, the undersigned, c
ertify that**the above results are true and**correct.**** Signature of Election Officials:****** __ ***7HA3B8S0410C0614C
0410C0410L0612R0818L0410R0612C1832L15VOTE FOR5BDEM1DEMOCRATIC PARTYREP2REPUBLICAN PARTYA614A2-2*** __ ****** __ ****70A2

  000008B0 31 85 FF 2A F4 2A 80 21 57 65 2C 20 74 68 65 20 1**!We, the
  000008C0 75 6E 64 65 72 73 69 67 6E 65 64 2C 20 63 65 72 undersigned, cer
  000008D0 74 69 66 79 20 74 68 61 74 81 02 2A 2A 80 1E 74 tify that**t
  000008E0 68 65 20 61 62 6F 76 65 20 72 65 73 75 6C 74 73 he above results
  000008F0 20 61 72 65 20 74 72 75 65 20 61 6E 64 84 02 2A are true and*
  00000900 2A 80 08 63 6F 72 72 65 63 74 2E 9A 02 2A 2A A4 *correct.**
  00000910 02 2A 2A 80 20 53 69 67 6E 61 74 75 72 65 20 6F ** Signature o
  00000920 66 20 45 6C 65 63 74 69 6F 6E 20 4F 66 66 69 63 f Election Offic
  00000930 69 61 6C 73 3A 82 02 2A 2A A4 02 2A 2A A4 03 2A ials:*****

I guess we could run disasm on the binaries, but what's the point, this shit is DOS fuckin 5 crap with batch files from what I see so far.
How secure is DOS? Oh wait...
pkzip204g in there hah hah hah what is this a fucking failed bbs sysop trying to make an electronic voting system?

Neat, all we have to do is Print it and sign it!

Here's some Cool Sys0p-y shit
CLS
REM Business Records Corporation
REM Automatic Election Returns Operation Installation
REM
REM [ AINSTALL d h ] d=DISKETTE DRIVE h=HARD DRIVE
REM AINSTALL.BAT will install the BRC AERO software from the
REM diskette drive specified to the hard drive specified.
REM This installation requires that you have a BRC Mainmenu
REM System installed; everything else you need to run AERO for
REM your state and equipment type is contained on these diskettes.
REM AINSTALL.BAT must be the first file on each diskette.
PAUSE

echo Beginning installation...

REM Preparing directories...
IF NOT EXIST %2:\ELEC MKDIR %2:\ELEC
IF NOT EXIST %2:\ELECDATA MKDIR %2:\ELECDATA

REM Deleting previous version...
IF EXIST %2:\ELEC\RUNCOBOL.COM ERASE %2:\ELEC\RUNCOBOL.COM
IF EXIST %2:\ELEC\MSEL*.COB ERASE %2:\ELEC\MSEL*.COB
IF EXIST %2:\ELEC\PSEL*.COB ERASE %2:\ELEC\PSEL*.COB
IF EXIST %2:\ELEC\*.TSK ERASE %2:\ELEC\*.TSK
IF EXIST %2:\ELEC\AERO.BAT ERASE %2:\ELEC\AERO.BAT
IF EXIST %2:\ELEC\AEROVIEW.BAT ERASE %2:\ELEC\AEROVIEW.BAT
if exist %2:\*.dsp erase %2:\*.dsp
if exist %2:\elecdata\*.acl erase %2:\elecdata\*.acl
ERASE %2:\*.OBJ
ERASE %2:\ELECDATA\*.OBJ
ERASE %2:\ELEC\MA*.OBJ
ERASE %2:\ELEC\PA*.OBJ

Got's a nice autoexec.bat file that tells something about the box it was on.
Can't wait to get the un5.zip and Unity.zip I hope there are some .exe files in there!

Slashdot phishing?

[MyNymWasTaken]

"Run these executables and report what you think about them; sorry, source code." ... and the links provided are *not* from the organization being represented.

Did anybody fall for this ploy and actually download and run those executables?

Re:Slashdot phishing?

[joe+155]

I think that this might be a little dodgy too, but I won't install anything unless it comes in open-source and at least one person I trust - or me for very simple programs - has looked over the source code. Practically for me this means all my software comes through yum via the fedora repos.

I'm a little disapointed that /. has encouraged people to do this which is suspicious at best

Legality

[mattwarden]

Um, before I download this software onto my computer, would Beth like to comment on (a) how she got it, and (b) to what extent it is legal for her to be housing it on her server?

Re:Legality

In Soviet Russia, trojan downloads you!

Re:Legality

[PinkPanther]

...and, as others have pointed out, how we can tell that what is downloaded is really from BBV? The linked domain blackbox1.org is not the same as blackboxvoting.org .

Re:Legality

[kaan]

I just got on blackboxvoting.org and called the primary phone number, and Bev Harris answered the phone. She said she could not disclose where she obtained the software, but that it was legitimate, real software. She set up another domain to prevent /. of their primary domain. Run a traceroute and you'll see that both blackboxvoting.org and blackbox1.org are hosted with Rackspace. Phishers do not use Rackspace, they use domains in Russia or where ever.

This is not a phishing scam, it's really from Bev, and she's trying to solicit help from the /. community to dig into this stuff.

Oh, and yes, I'm posting similar comments in reply to all of the "is this real?" comments... Moderators: please do not mod me down without calling them yourself (go to blackboxvoting.org for phone number).

Kaan

Re:Legality

[ben+there...]

The traceroute for one actually leads to floridawebmasters.com after going through rackspace.net.

See my traceroute.

Why would Black Box Voting in Renton, WA hire a local Florida webmaster, who doesn't even have a real company homepage?

(I admit, I'm not going to call them)

Re:Legality

[mattwarden]

I'm not concerned with the domain name issue, really. But, she can't disclose how she got the software? Then I'm not going to download it onto my machine, potentially exposing myself to liability.

You want me to help out? I need the information necessary to make sure I'm not breaking the law. I saw Hacking Democracy. They know the law well. They make sure they don't break the law when they're at polling places or hunting through garbage, etc. I would think they'd expect me to want to do the same...

Re:Legality

[kaan]

The traceroute for one actually leads to floridawebmasters.com after going through rackspace.net.

Yep, I saw the same thing, don't know what to tell you.

12 vlan901.core1.dfw1.rackspace.com (72.3.128.21) 986.452 ms 756.475 ms 999.809 ms
13 aggr3a.dfw1.rackspace.net (72.3.129.11) 763.390 ms 1227.111 ms 1247.636 ms
14 floridawebmasters.com (72.32.2.234) 1504.584 ms 756.088 ms 250.646 ms

(I admit, I'm not going to call them)

Well, maybe you should call them. It will take 1 minute, probably less time than it would take you to write another response to this comment.

Their phone number is on their website:
http://www.blackboxvoting.org/contact.html

Re:Legality

[Qzukk]

Why would Black Box Voting in Renton, WA hire a local Florida webmaster, who doesn't even have a real company homepage?

It's probably a cheap shared hosting server that has multiple virtual domains on one IP address, and the "floridawebmasters.com" site is the one that comes up in a reverse resolution.

Re:Legality

[dircha]

If you are more concerned about the absolutely remote chance that you would be sued for downloading (not distributing) this software than you are in evaluating the security and fairness of this software in the public interest, then perhaps you shouldn't have spent the time to post.

Honestly. You think they will successfully prosecute you for inspecting software that is employed to safeguard the foundation of our democratic civilization? Or that they will dare even attempt to?

The answer to your question and to this is: no.

Re:Dont Help BBV

That's right, attack the messenger. The software is the issue, only you want to beat up the person raising the question. Well, when you have kicked the beejeezus out of the the voting machine companies and given them the works, then lets go after Bev. Then, lets go after YOU!

Re:Dont Help BBV

[EasyT]

DemocratUnderground exposed Bev Harris as a phony a long time ago.

Maybe you could back that claim up with a supporting link so that we can judge for ourselves?

Re:Dont Help BBV

[jeramybsmith]

Pardon me, DemocraticUnderground. Or DU for short. Happy?

http://journals.democraticunderground.com/Kelvin%2 0Mace/2

So much for the center...

[__aaclcg7560]

Is there a reason why my computer is leaning to left now that I'm running the software?

Re:So much for the center...

[VGPowerlord]

Is there a reason why my computer is leaning to left now that I'm running the software?

Someone made a typo in the source code. It's supposed to be leaning to the right. Or maybe that was Diebold's software.

Re:So much for the center...

[Dragoonmac]

ES&S FAQ ...
  1.4 "Is there a reason why my computer is leaning to left now that I'm running the software?"

Yes, it's a well known fact that gravity has a liberal bias. ...

slashdotting

[Paladin144]

You may want to Slashdot it or whatever.

Yes. Yes, we will.

Now stand back and let us get to work. We live for this shit... To some people it's just a job, but not to us, man. It's a passion. When we saved those baby orcas by slashdotting all of S.P.E.C.T.R.E.'s servers it was like.... wow, man. I've never felt so free.

I don't think of myself as a hero. I'm just doin' my job, ma'am.

Re:slashdotting

Damn, there aren't enough karma points for how funny that was.

Re:Dont Help BBV

[jeramybsmith]

Try using a tool called google? There are some wonderful Bev Harris crackpot links on the web including old Art Bell show stuff. Don't feel limited to the piece DemocraticUnderground compiled on her.

They are on the same server though

[ben+there...]

Answer records
blackbox1.org    1    NS    ns.rackspace.com    86339s
blackbox1.org    1    NS    ns2.rackspace.com    86339s

Additional records
ns.rackspace.com    1    A    69.20.95.4    159770s
ns2.rackspace.com    1    A    65.61.188.4    159770s

Answer records
blackboxvoting.org    1    NS    ns.rackspace.com    86258s
blackboxvoting.org    1    NS    ns2.rackspace.com    86258s

Additional records
ns.rackspace.com    1    A    69.20.95.4    159721s
ns2.rackspace.com    1    A    65.61.188.4    159721s

Re:They are on the same server though

[ubersonic]

A friend of mine downloaded the files and ran them through a virus scanner. Sure if this is a new trojan/virus it would most likely not find anything. But there are 10370 files in those 3 zips and many names seem to imply its indeed the GEMS software.

Thought I'm still certain Diebold has a copyright on those files and providing them for download might get someone into deep troubles. - Yes even if Diebold has accidently released them via their FTP server*, its still illegal to redistribute.

* As mentioned in hacking democracy Hacking Democracy

Re:They are on the same server though

[refitman]

From post #16828208:

Our domain, blackboxvoting.org (and the forums, on bbvforums.org, and the document archives, on bbvdocs.org) are on one server. These ES&S program files are on another server entirely because they are quite large and would slow down our blackboxvoting.org site.

I won't say where they came from. I've checked them out to the extent possible, and they appear to be the real thing. In any situation like this you have to consider that the software might have changed significantly, or that someone could have left a honey pot out there, but I don't think this is a honey pot, not going to publish why on an Internet site. There is a good possibility that current versions have significant changes. Looking over these files should tell us a lot about how the ES&S programmers think, programming styles, etc. I haven't had time to look at the files at all, and I'm not a programmer. This program is designed to run on Windows, according to the user manuals, so I imagine you can just install it and start tinkering, as we did with the Diebold GEMS program. Some of the material refers to "Aero," which is definitely an older version that grew into the Unity program.

No source code was provided (no source code was provided for the Diebold GEMS program, either, remember). The software is only for the election management system/central tally system, and we have so far been unable to get programs for the precinct-based individual voting machines, nor for the ES&S equivalent of the memory card, which they call the "PEB".

Black Box Voting is receiving very credible reports of ES&S meltdowns in several states, though they always seem to have a temporary technician around to promise everyone their vote was not lost. Hard to explain, of course, since 18,000 votes are missing in action right now in Sarasota Florida, with about 300 votes separating the candidates for a U.S. House of Representatives race.

We are getting reports of ES&S anomalies from BOTH political parties.

If anyone has any questions, you can e-mail me at the e-mail address on the blackboxvoting.org Web site.

Best,

Bev Harris

Founder Black Box Voting

Software for Precinct Machines

[Rob+the+Bold]

They note they don't have software for the precinct machines. The iVotronic software for the precinct machines would be a little harder to read for the general programmer, because it runs on a custom-built embedded device. But it is 386EX compilable, so it might be possible. It's certainly more hack-resistant from the outside due to the more proprietary nature of the system (greater obscurity). I don't believe the linux-based iVotronic was ever revived after the project was cancelled in June 2003.

The source code was reviewed by a thrid party in early 2003, but it wasn't the same code that was built into the device executable. Third-party auditors required that very specific code formatting and behavior rules be followed. These rules were not followed in the production version, and therefore the entire software suite for the iVotronic was patched to the auditors' standards. This code compiled, but I don't believe that it was put into production. It certainly wasn't tested for functionality before being audited.

One Achiles' heal of the iVotronic would be the fact that they're made overseas in the Philippines, which could be a potential weak point for inserting something malicious. Just a thought.

Atter the analysis is done...

[Dave21212]

We should take a vote using GEMS to see if the Diebold software is good or not :) I'm predicting a landslide !

Seriously though, I'm a little disapointed in the comments so far. First, this is not a political/partisan issue. Second, you don't need the source code to evaluate the operation of this software. Sure, it would be easier if we had it, but are you telling me that nobody here knows how to run a debugger or decompile some simple windows code ??? How many of you are drooling at the chance to take a whack at this stuff ? Go to it !@

For you people whining about no source code, how about you leave the real hacking to the real hackers and go back to your QA jobs :) Besides, I think it will be interesting to see what people come up with *without even having the source* - it's more of a real world test that way.

Re:Atter the analysis is done...

> Seriously though, I'm a little disapointed in the comments so far. First, this is not a political/partisan issue. Not post before you is taking any sides, purely discussion based on the code. No parties mentioned. Trying to karma whore for your links? Are you?

Re:Atter the analysis is done...

While there exists a detectable problem, P [sic: while (1)]:
Hacker finds a hole in the code (P).
Evil company patches said hole. Uses P.R./lobbyists to claim that P is an isolated incident and that everything is alright. The small portion of the people who matter will believe e.c. over hacker (even if hacker has a phd in computer science and is a respected security analyst).
Evil company then will say that it isn't their fault that the "mean old law-breaking hackers" won't leave them alone. Ignoring that it is their fault and responsibility that the hackers _can_ break their stuff.

Besides, the company can most likely fix problems faster than people (without code) can find them. And people have ridiculously low standards when it comes to software.

Even if this becomes a scandal, which it won't unless someone is bribed, and they'll need to be caught red-handed for anyone to believe it (it is too Saturday morning cartoon evil to be considered true). It would have to be a slow news week for this to even have a chance (an election itself would drown this out).

The only way I can think of for this issue to have a _chance_ at making the news is if the machines are hacked to claim something messed up (like declaring the winner to be the "Boston Tea Party") or are outright destroyed (there is a place near where I live that during multiple elections a person has stolen / thrown the ballots into a river).

Thus, this entire endeavour of creating proof-of-concept hacks are an exercise in futility. Proving a problem exists will only create a patch, not a solution.

Re:Atter the analysis is done...

[KevinIsOwn]

And that patch will ensure people can't use that particular exploit against the machines in our elections! Those patches could help prevent voter fraud. So go at it, play with EMS/Unity/un5. Your participation can make a difference.

Re:Atter the analysis is done...

[kevinadi]

Well, the version is the one before the current one. So even if this one works, there's no telling the current one will be the same. "Generally the same" doesn't mean it is. All it takes is one line of code to cheat an election, but the source will still be 99.9% similar.

All in all, I say it's a waste of time AND a possible trap. Now blackbox can argue "it's been examined by the community". However, they can still cheat on the actual voting machine itself since what's available is only the tabulator.

I'm probably overly paranoid, but paper voting is the only means to an election. Simple, no hiding anything, can be counted physically and cheating takes a lot of effort. The only drawback is time.

Re:Dont Help BBV

[denttford]

I believe GP was referring to this admin posting, which, while not exactly describing her as a phony, describes her at the very least as a difficult person to deal with, and after several temporary bans from their board, is persona non grata there.

The procedure is what matters.

[Chandon+Seldon]

The important thing isn't the voting software, it's an effective voting procedure.

There is a known effective voting procedure using paper ballots, ballot boxes, and little old ladies (err... party representatives) to count them. This procedure has one important property: fraud attempts tend to get thwarted because the little old ladies will yell when something fishy happens. ANY VOTING SYSTEM WITHOUT THIS PROPERTY SHOULD NOT EVEN BE CONSIDERED.

It may be possible to design a voting procedure using computers that is similarly effective. Here's the important thing: it needs to retain the property that little old ladies observing the process can immediately tell if something fishy is going on. NO FULLY COMPUTERIZED SYSTEM CAN HAVE THAT PROPERTY.

Someone suggested the following system here on Slashdot:

1. Paper ballots are marked, either with sharpies / pens or from touch-screen ballot generating machines.
2. They go into standard ballot boxes.
3. Those ballots are brought to a central tallying location using the standard ballot-box protection procedures.

At the central tallying location, for each race:

1. The ballots are put into a sorting machine that sorts based on the votes in that race.
2. Observers check the sorted piles to make sure that they are properly sorted.
3. The sorted piles are put into a counting machine - there's your counts. If the counts look wrong based on pile size to any observer, it's manual count time.

If any candidate, observer, or 50 signatures question the validity of the counting machine's results - a manual recount occurs for that precinct. Every time - no "but that would be effort" bullshit.

This system takes all the properties of the hand count system and preserves them while spending money to gain two properties: Ballot generating machines for the blind, and fast counting for people who think that matters. Ballot generating machines are an easy problem, and sorting / counting machines are pretty cheap. We might have to use heavy cardstock for the ballots to survive the sort/count process for every race - that's $50 I'm willing to spend.

Re:The procedure is what matters.

[cdrguru]

Yes, and for centuries we haven't cared if the error margin of the little old ladies was 1% or even 2%. If one precinct's results got flipped around because of errors, it didn't matter because of the sheer number of precincts and their small size - usually much less than 100 people per precinct for most of the last 200+ years.

Unfortunately, we are now caring a lot more about accuracy. The current manual processes can't handle the requirements for 100% accuracy or at least accuracy way beyond 0.9%. Could it be done with manual processes? Sure, banks used to do this completely manually all the time. It just takes time and more people. And duplication of efforts to ensure quality.

Not going to fly here, for a couple of reasons. One is there aren't enough workers. Another is that we can either count the votes fast or listen to the news reports because they will report results based on exit polls, surveys and guesswork.

Re:The procedure is what matters.

[Chandon+Seldon]

First, speed of counting is not something that we can sacrifice trustworthiness (or accuracy) for. If the news reports a result, and the count comes back a week later with some other result... so be it. The politicians are going to have to stop sucking at PR and make proper public statements in the few hours after the election - the correct statement is either "Yea, the exit polls said I only got 20% of the votes, that sucks" or "This one's pretty close, I guess we'll have to wait for the official result to see who won."

Second, I agree that accuracy is something that needs to be built into the system. I'd argue that little old ladies are accurate, and that if they're not we can solve the problem with *more* little old ladies. If that's not good enough, we can move to the sort & count system I described.

In the end, I see this as being really simple: Sacrificing the ability for non-technical observers to immediately spot fraud is NOT ACCEPTABLE. I don't care if we're getting free sports cars in exchange, that's not a design property we can trade away and still have a legitimate democracy.

Re:The procedure is what matters.

Here's the important thing: it needs to retain the property that little old ladies observing the process can immediately tell if something fishy is going on.

I think I see the problem...the spec for these machines was ambiguous!

When they said, "This machine should have LOL security", the engineers (who were likely frequent IM users) naturally assumed that meant "Laugh Out Loud" security, which is exactly what they implemented. But now it seems clear that the spec-writers were really specifying "Little Old Lady" security...

Given how well they made the first versions security laughable, I think it's safe for us to just update the spec and have them re-write the security portion of their product.

Re:The procedure is what matters.

3. Those ballots are brought to a central tallying location using the standard ballot-box protection procedures.

What is with you American's insistence on centralized counting? This is an easily parallelizable problem. Count them at the polling site. You have people from both parties at the site already to oversee the votes, have them oversee the count as well.

A centralized count just makes for more weaknesses. Something could happen to ballots in transit. Someone could infiltrate the central location (much larger reward than tampering with one polling site). Heck, there could even be an accident at the central site that takes it offline and ruins its credibility (fire, flood, heart-attack, other distraction).

Count them on site. Phone (or whatever) the results in. The reps from each party go home that night with the count form their site and report it to party central. Party central can verify that they were recorded correctly afterwards.

Many counting sites are just as easy to protect, but they are much harder to attack through their distributed nature.

Re:The procedure is what matters.

[Chandon+Seldon]

You're probably right. I was just visualizing votes get counted in my home town - the ballot boxes from the three precincts are brought to Town Hall to be counted. If you've already got observers for each candidate at the polling locations doing the count right there might be a good plan.

Re:The procedure is what matters.

[kbielefe]

their small size - usually much less than 100 people per precinct

I was going to ask where you live, then I saw that infinadyne is in Chandler, right next door to me in Gilbert. Most precincts are about 1000-1500 voters. In Maricopa County, there are only 14 out of 1142 precincts with less than 100 voters. The average precinct size is 1298. Our biggest precinct (0996 in NW Peoria) had 4414 registered voters, and the smallest (1142 in Bartlett Canyon area) had zero registered voters as of the last primary election.

Still, considering turnout varies widely depending on the election, it's still well within easy manual count range. For example, only 57 republicans and 18 democrats went to the polls in my precinct in the September primary, but turnout for presidential elections is in the 600's.

Re:They are NOT on the same server

[TheSpoom]

C:\Documents and Settings\Jamie>nslookup blackbox1.org
*** Can't find server name for address 192.168.0.1: Non-existent domain
*** Default servers are not available
Server: UnKnown
Address: 192.168.0.1

Non-authoritative answer:
Name: blackbox1.org
Address: 72.32.2.234

C:\Documents and Settings\Jamie>nslookup blackboxvoting.org
*** Can't find server name for address 192.168.0.1: Non-existent domain
*** Default servers are not available
Server: UnKnown
Address: 192.168.0.1

Non-authoritative answer:
Name: blackboxvoting.org
Address: 72.3.135.10

They are not on the same server, they are just both hosted by Rackspace. It would be easy for someone to setup a server on the same host to make it look like they were the same organization.

Re:Don't bother -- excellent point for paper audit

[irenaeous]

Very good point. I hope you get modded up.

The State of California now requires a paper audit trail. I asked a friend of mine who works as a poll worker volunteer about the system used in Orange County, California. She gave me a detailed and intelligent response with specific information on how it works now. I posted these under another article, but it didn't the attention that I thought her remarks merited. I am also interested in any responses to them.

The "OC" uses voting machines with a paper audit trail system developed by Hart-Intercivic.

Here is what my friend had to say:

The current electronic voting machines consist of a Judge's Booth Controller (JBC) & a daisy chain of (usually) 8 electronic voting screens w/Voted Paper Audit Transaction Systems (VPATS). The JBC governs all of the screens, but is not connected to any VPATS, each of which is independent to its own voting screen. The entire system is completely self-contained -- it does not hook into any other computer system. It only hooks into the wall plug to give it power.

The first voter (a non-volunteering, random citizen who just happens to be first in line) signs the OPEN POLLS paper tape that verifies that no votes have been cast on the JBC for that election. Each voter is given a temporary access code that allows him/her to vote on an assigned electronic screen. The number is randomly assigned by the JBC volunteer & has no connection to the voter's identity. It expires as soon as the voter casts his/her ballot and/or a brief period of time elapses with no voting activity on the electronic screen. The voter enters his/her access code, then chooses his/her vote for each candidate/race on the electronic screen. When he/she is finished choosing, a review screen displays all of the choices & prints the same review on the attached VPAT, which the voter can see, but cannot touch (it is sealed inside the VPAT machine). When the voter verifies that this is his/her correctly voted ballot, the ballot is cast electronically & is reprinted on the VPAT (again, the voter can read it, but cannot access it).

No poll worker can access the VPATS (actually for the duration of the election & counting, neither can a ROV employee), nor can they change the electronic screen. If the voter makes a mistake, the entire ballot must be cancelled & the voter must start again. Once the voting day is finished, & the JBC prints out an additional summary of all the votes cast during the day at that polling place, everything is turned back into the ROV (through a system of manual labor all done by community volunteers, supervised by a ROV employee). The VPATS go to one location. The printed JBC summaries (beginning & ending) go to another location. The JBC goes to a third location. All votes are tallied (by a mixed group of employees & community volunteers) in each of the 3 locations, & compared. If there are discrepancies, the VPAT tally is generally preferred first, then the JBC printed summary, then the JBC electronic count. (There could be legitimate reasons to change the ranking, but I don't know what those are. They are printed out & available to the public.)

About absentee ballots (which I am using this time since we are working a polling place not near our own precinct) -- once they reach the Registrar of Voter's (ROV) office, the unopened envelope is recorded so that you cannot vote again by showing up at the polls, & then it is transferred to a completely different office before it is ever opened. The different office has no access to the list of registered voters. There the envelope is opened & the ballot is taken out & separated from the envelope. All the envelopes are isolated elsewhere, the ballots are bundled together & transferred to a different office, where they are counted by non-employee community citizen volunteers like me.

Personally, I have no confidence in any system without the paper audit trail requirements, and none in Diebold in particular.

this is legitimate, it's not phishing

[kaan]

I just got on blackboxvoting.org and called the primary phone number, and Bev Harris answered the phone.

I spoke to her for about 5 minutes, explained that an article showed up on /. and there were questions about its authenticity. She said it was legit, they set up a new domain name so they don't hammer their primary server (they've gotten a ton of traffic lately). She said she could not disclose where she obtained the executable code, but that it was real software and she wanted feedback from the slashdot community.

This is not a phishing scam, it's really from Bev, and she's trying to solicit help from the /. community to dig into this stuff.

Kaan

Re:this is legitimate, it's not phishing

[joe+155]

Well, its obviously not practical for us all to do this, and with such a low UID it seems like I can trust you. In any case;

1) How is this software legal to distribute in the way that it is being done? Can she supply information about why it is legal, even i she won't say where it came from?
2) Even if it is legal for us to download it and posses it, how can we usefully examine the software unless hack it it in such a way which will probably break the DMCA (or other laws)

If she won't say where she got it from then I'm going to assume that it is illegal. Also if this is illegal then isn't /. now also guilty under the DMCA, and possibly other laws?

Re:this is legitimate, it's not phishing

[kaan]

1) How is this software legal to distribute in the way that it is being done? Can she supply information about why it is legal, even i she won't say where it came from?

I asked Bev the same thing, she didn't want to say very much about it. So I'll add my own commentary: legality aside, if you piss off somebody big enough, they will find a way to shut you down, no matter what. Black Box Voting has had problems with this in the past (as explained in Hacking Democracy, where Bev originally found Diebold's Gems software on a public ftp server, her website was shut down, but not before many others had downloaded the contents).

2) Even if it is legal for us to download it and posses it, how can we usefully examine the software unless hack it it in such a way which will probably break the DMCA (or other laws)

Good question. The answer is, "you probably can't". The DMCA probably applies here, and probably says it's illegal for us to even discuss their proprietary software. I suggested to Bev that she try to participate in the discussion on /. because there are going to be some tough questions, especially when the initial comments are, "this whole thing looks bogus".

If she won't say where she got it from then I'm going to assume that it is illegal. Also if this is illegal then isn't /. now also guilty under the DMCA, and possibly other laws?

I can't disagree with you. Bev said she could not disclose anything about where it came from, because it would likely reveal who it came from, and she couldn't do that. I don't know what to tell you. The DMCA probably applies, and that's just something you'll have to decide on your own.

I would further suggest that you consider whether voting software for public elections should be so secret as to be hidden behind a generic law such as the DMCA. That's really the issue here - everything about electronic voting is a secret, and her organization is trying to expose that.

Kaan

Re:this is legitimate, it's not phishing

[hAckz0r]

The DMCA was designed to keep people from circumventing encryption methodologies. It does not prevent research for security purposes. Disclosing the problems with the code is very different than showing everyone how to get around the encryption (if any) that protects some resource. Any researcher has to make tough choices in what to say and what not to say as a balance of making the system safe to use or overreaching the goals of a security analyst. Trashing the companies software should not be the goal, but rather having a system that works and is publicly verifiable should be the main challenge.

I love Open Source, but proprietary systems should not be discounted. We need to employ strict software assurance methodologies so that everyone can be sure of the systems we are going to trust with the very future of our Democracy. The companies that want to market these products should be forced by contract to provide everything, including source code, binaries, and hardware to a panel of independent (not the political party) security engineers before allowing such a product to be used for any public election. That panel needs to be organized by representatives of the people and not the corporations or political parties. The reports generated by this group must have a peer review for completeness by a second independent security team before the selection of any equipment could be made. Only a system receiving unanimous approval from both teams should ever be considered, and the election itself should be monitored by people well versed in both computer and physical security practices, not the manufacturer or incumbents or political organizers.

As a software security professional and scientist I would gladly volunteer for either task given the opportunity.

Files contain Election Data from Tarrant County

The files contain Election data from Tarrant County for the past five years. Any guesses as to how long they will be accessible?

Re:They are NOT on the same server

[ben+there...]

Yea you're right. I was just about to post a followup. The traceroute for blackbox1.org leads to floridawebmasters.com, unlike blackboxvoting.org. Black Box Voting is based in Renton, WA.

TraceRoute to 72.32.2.234 [blackbox1.org]
Hop    (ms)    (ms)    (ms)        IP Address    Host name
1    1    0    0        x
2    0    0    0        x
3    0    0    0        x
4    1    0    1        38.99.206.177    -
5    1    1    1        66.28.64.65    g10-3-0.core01.iah01.atlas.cogentco.com
6    10    6    6        66.28.4.97    p5-0.core01.dfw01.atlas.cogentco.com
7    7    Timed out    6        154.54.2.94    t3-1.mpd01.dfw01.atlas.cogentco.com
8    8    6    6        154.54.6.66    t4-4.mpd01.dfw03.atlas.cogentco.com
9    7    6    7        154.54.11.194    verio.dfw03.atlas.cogentco.com
10    7    7    7        129.250.3.226    xe-4-1.r03.dllstx09.us.bb.gin.ntt.net
11    7    7    8        157.238.225.58    d1-4-0-21.a12.dllstx01.us.ce.verio.net
12    7    7    7        72.3.128.21    vlan901.core1.dfw1.rackspace.com
13    7    7    7        72.3.129.11    aggr3a.dfw1.rackspace.net
14    7    7    7        72.32.2.234    floridawebmasters.com

Legit? Yes

[kaan]

I just got on blackboxvoting.org and called the primary phone number, and Bev Harris answered the phone.

I spoke to her for about 5 minutes, explained that an article showed up on /. and there were questions about its authenticity. She said it was legit, they set up a new domain name so they don't hammer their primary server (they've gotten a ton of traffic lately). She said she could not disclose where she obtained the executable code, but that it was real software and she wanted feedback from the slashdot community.

This is not a phishing scam, it's really from Bev, and she's trying to solicit help from the /. community to dig into this stuff.

Oh, and yes, I'm posting this same comment in reply to all of the "is this real?" comments... Moderators: please do not mod me down without calling them yourself (go to blackboxvoting.org for phone number).

Kaan

Re:Legit? Yes

[Odin's+Raven]

Appreciate the thought and effort, kaan, but folks are still in the position of accepting one stranger's (your) word to confirm another stranger's (Gottesser's) claim that a site we can't directly verify (blackbox1.org) is truly being run by BBV.

If someone from BBV happens to be monitoring /. - a stronger confirmation might be if there were an announcement on the blackboxvoting.org homepage by Bev stating that the /. story is accurate, and containing links to the files on blackbox1.org (to further confirm that the files are known to BBV). Bonus points if the confirmation notice on BBV contains checksums for the files on blackbox1.org, so that people can feel more confident that whatever they've downloaded matches the files that BBV uploaded to blackbox1.org. (Basic idea being that a blackhat trying to alter the downloads would have to take over both the main BBV website and blackbox1.org, otherwise the downloads and checksums wouldn't match.)

Re:Legit? Yes

[kaan]

Appreciate the thought and effort, kaan, but folks are still in the position of accepting one stranger's (your) word to confirm another stranger's (Gottesser's) claim that a site we can't directly verify (blackbox1.org) is truly being run by BBV.

Already done. Check http://www.blackboxvoting.org/ and see for yourself.

Re:Legit? Yes

[Odin's+Raven]

Cheers, kaan - yep, I see the note Bev added to BBV. Hopefully someone with mod points can bump your reply up. :-)

I've said it before

[SQLz]

Computers are just not designed to accept input, and increment and integer. Its crazy talk, more science fiction than reality.

"Hello World" comes to voting.

Hmmm. I've always wondered why software is really needed for the process of voting. You'd think that adding numbers would be the simplest thing in the world.

Re:Dont Help BBV

Whats the deal with Republicans always trying to call the Democratic party the 'Democrat Party' and then acting like it's a mistake?
How can anyone ever get into a real debate when we're always stuck at the 7th grade level?

But...

[MaxPowerDJ]

Does it run in Linux?
Seriously, I am wining this up and see what I can do with it

Re:But...

[Rob+the+Bold]

Does it run in Linux?

There was a linux version in the works in 2003 of the iVotronic, but the project was cancelled. Don't know if it was ever revived.

Re:But...

[hellvis80]

Yes. It runs pretty good in wine.

story is legitimate, I just talked to Bev by phone

[kaan]

I just got on blackboxvoting.org and called the primary phone number, and Bev Harris answered the phone. This is legitimate. I talked to her for about 5 minutes, explained that an article showed up on /. and there were questions about its authenticity. She said it was legit, they set up a new domain name so they don't hammer their primary server (they've gotten a ton of traffic lately). She said she could not disclose where she obtained the executable code, but that it was real software and she wanted feedback from the slashdot community. This is really from Bev, and she's trying to solicit help from the /. community to dig into this stuff.

Kaan

Re:story is legitimate, I just talked to Bev by ph

[AJWM]

So you say. How do we know who you are?

(Nothing personal, just illustrating the chains of trust necessarily involved in any security.)

Thanks for checking. If you really did ;-)

Hi, I'm Bev Harris. There's nothing fishy here.

[Bev+Harris+at+BlackB]

Our domain, blackboxvoting.org (and the forums, on bbvforums.org, and the document archives, on bbvdocs.org) are on one server. These ES&S program files are on another server entirely because they are quite large and would slow down our blackboxvoting.org site.

I won't say where they came from. I've checked them out to the extent possible, and they appear to be the real thing. In any situation like this you have to consider that the software might have changed significantly, or that someone could have left a honey pot out there, but I don't think this is a honey pot, not going to publish why on an Internet site. There is a good possibility that current versions have significant changes. Looking over these files should tell us a lot about how the ES&S programmers think, programming styles, etc. I haven't had time to look at the files at all, and I'm not a programmer. This program is designed to run on Windows, according to the user manuals, so I imagine you can just install it and start tinkering, as we did with the Diebold GEMS program. Some of the material refers to "Aero," which is definitely an older version that grew into the Unity program.

No source code was provided (no source code was provided for the Diebold GEMS program, either, remember). The software is only for the election management system/central tally system, and we have so far been unable to get programs for the precinct-based individual voting machines, nor for the ES&S equivalent of the memory card, which they call the "PEB".

Black Box Voting is receiving very credible reports of ES&S meltdowns in several states, though they always seem to have a temporary technician around to promise everyone their vote was not lost. Hard to explain, of course, since 18,000 votes are missing in action right now in Sarasota Florida, with about 300 votes separating the candidates for a U.S. House of Representatives race.

We are getting reports of ES&S anomalies from BOTH political parties.

If anyone has any questions, you can e-mail me at the e-mail address on the blackboxvoting.org Web site.

Best,

Bev Harris
Founder
Black Box Voting

Re:Hi, I'm Bev Harris. There's nothing fishy here.

Hopefully you are Bev Harris, but you see that there's no way for us to know. I could create a Slashdot account claiming to be Elvis, and nobody could verify whether the King had truly returned.

It would help significantly if there were a post either on the home page of blackboxvoting.org, or in the bbvforums.org forums under your name. This way there would be some credible record that this information did truly come from Bev Harris.

Re:Hi, I'm Bev Harris. There's nothing fishy here.

[letxa2000]

Hi, I'm Bev Harris. There's nothing fishy here. (Score:5, Informative) by Bev Harris at BlackB (1026740)

I'm sorry, I don't trust anyone with a uid that high.

Re:Hi, I'm Bev Harris. There's nothing fishy here.

[cpuffer_hammer]

Why no PGP/GPG Signature? For someone working at this level, posting a public key and signing messages would be a good idea. This is not to suggest that the email is not authentic, but to suggest the question could be set to rest.

Charles Puffer

Re:Hi, I'm Bev Harris. There's nothing fishy here.

[JasonTik]

Aren't slashdot signup email addresses verified? Check the domain on the one associated with that poster's account.

Re:Hi, I'm Bev Harris. There's nothing fishy here.

[BandwidthHog]

You participated in a few discussions here about three years ago under this username and I had that account marked as a Friend. Had you logged in with those same credentials today, a bunch of us would have been certain you were you.

That said, good to see ya again, and keep up the good fight!

Re:Hi, I'm Bev Harris. There's nothing fishy here.

[Bev+Harris+BlackBox]

Are you sure you're the real Bev Harris? ;-)

Re:Hi, I'm Bev Harris. There's nothing fishy here.

[flonker]

Incidentally, a subdomain under blackboxvoting.org such as www2.blackboxvoting.org instead of an entirely new domain would belay quite a bit of suspicion, albeit we slashdotters are generally a paranoid bunch.

Re:Dont Help BBV

[jeramybsmith]

The sad thing is, a call to support legitimate voting watchdog groups followed by a quote of Bev Harris acting like a creationist about her voting conspiracies is down modded to a troll immediately. 2 of the replies so far have been people mad because I left the "ic" out of DU's name as if I was besmirching the political party that site favors. This site is a decent enough news source but when its used as a tool for the kooks I get up in arms. Bev Harris' people are one step away from shadow government kooks and a quick read of their forums will show you that.

To Bev....

[DrLov3]

Computer security 101

AS soon as you get physical access, security has been breached.

It's possible to make observations without source

[kaan]

How does one reliably examine software without the source code?

You're right, you can't tell as much from an executable as you can from looking at source. But it's still possible to make observations about behavior, operation, ways to break it or alter election results, all without looking at the source. I'm sure if Bev (or anyone else) could get the source code for the voting software, she would do so. For now, this is all she's got.

Why would anyone bother spending time on this?

Because our public elections are run through secret software that nobody knows about, nobody will explain, and nobody understands. So we're supposed to just sit back and say, "oh well"? Does it bother you that there are recorded, documented instances of candidates receiving negative votes? Like, "less than 0". Doesn't that concern you? It should.

just edit the rpt file,or dbf files to fix vote

Looks like a person could just edit the rpt files or the dbf files to fix your vote.

Just like the Diebold GEMS where you could edit the database (MSACCESS) this is looks about the same (DBF files). Lots of dbf editors fit on a little thumb drive. zik-zak

Re:just edit the rpt file,or dbf files to fix vote

in the manuals there is a section on updating the election results manually.
Which is putting in any result you want including changing results, not hard
to have your candidate report a win!

Re:story is legitimate, I just talked to Bev by ph

[DShard]

I am torn... normally I trust anyone with a lower slashdot ID than myself. But I can't trust both of you.

Re:Dont Help BBV

[Truekaiser]

hmm the only one i see who is astro turfing is you.

Re:story is legitimate, I just talked to Bev by ph

[kaan]

So you say. How do we know who you are?

Well, you don't know who I am, and there's not much I can do to earn instant creditibility with you. So I would suggest you go to http://www.blackboxvoting.org/contact.html yourself, and call the primary contact number. When I did that, Bev answered the phone herself. It will take about a minute to call and ask a few questions, and if you do call, please post back here. That way, it will be two nameless /. readers who say Bev (and www.blackbox1.org) is legit, not just me. :)

(Nothing personal, just illustrating the chains of trust necessarily involved in any security.)

I completely agree, as far as you know, I'm just some guy with a low uid.

Thanks for checking. If you really did ;-)

I did, and you're welcome. :)

Re:story is legitimate, I just talked to Bev by ph

[rob1980]

Great, so instead of /.'ing her website we're going to /. her phone instead. :)

FYI: This is now reported on Black Box Voting

[Bev+Harris+at+BlackB]

Hopefully putting to rest any questions as to who is who. I posted this discussion at Slashdot as the lead story on blackboxvoting.org Cheers.

Re:Dont Help BBV

[EasyT]

So when someone asks "Can you support your argument?" your reply is "Support it yourself"? That's kind of a loser defense.

Fellow slashdotter "dentford" was good enough to reply with the link that you were probably referring to. As dentford states in that post, Bev Harris is not described there as a phoney at all, but instead is described as difficult and perhaps as abusive in some of her posting on the DU message board.

Switching to Google, as you suggested, a search on "Bev Harris phony" yields plenty of links, but most of them seem to reporting positively on Bev Harris and her work, with the word "phony" being used in this context to describe many electronic voting machines and their accuracy. I only saw one site that detailed some difficulty obtaining an IRS financial filing from her, but even that didn't describer her as a "phony".

Oh, but now I see that you've switched from calling her a "phony" (meaning not genuine, fraudulent) to "crackpot" (meaning an eccentric or foolish person).

In light of your inability to support your own argument, in light of the fact that your "argument" is vague at best, in light of the fact that your posting history shows that this is not the first materially unsupported attack post against Bev Harris and Black Box Voting, and in light of the fact that the very search you recommended tends to support Bev Harris rather than undermine her, I've decided not to give up on her, but to instead give up on you. You are now my first /. foe. Thank you and goodbye.

How was this obtained?

[slackmaster2000]

BlackBoxVoting is essentially "Bev Harris", and it's an organization concerned about the implications of electronic voting.

No point in getting into the goods and bads of electronic voting, because all we have here is somebody not associated with ES&S posting a copy of the ES&S software. Another slashdotter has posted at least three times in this discussion that this is all legit because he called and spoke with Bev Harris -- but Bev Harris is *not* from ES&S. Her validation does not make the software legal to obtain.

I found a very interesting little news article from two years ago: http://www.seattleweekly.com/news/0410/040310_news _blackbox.php

"Harris started surfing the Web. On Jan. 23, 2003, she hit the mother lode. On an unprotected Web site, she found 40,000 files of Diebold Election Systems' source code--the guts of software to run touch-screen voting machines. ... After a little soul searching, Harris downloaded the Diebold software files. It took 44 hours, and they filled seven CDs. By July 2003, after months of informal review and discussion among her friends and allies, Harris decided to allow Scoop, an "unfiltered" news Web site in New Zealand (www.scoop.co.nz/mason), to make the files available to anyone who wanted them. It wasn't a decision she made lightly."

Given her past actions (and without getting into the ethical or moral value of her crusade) I highly doubt that she has the legal right to distribute the software that she's making available today.

Re:How was this obtained?

[n4t3]

Personally I am very concerned about electronic voting, especially in cases where there is no verifiable paper trail produced by the machines. The obvious benefits of having a machine tally the votes has to be weighted against the importance of having fair and open elections where the outcome can be verified.

That said, I very much hope that the sudden appearance of this proprietary code this doesn't have anything to do with a recent theft of Diebold software.

Re:How was this obtained?

[dissy]

Given her past actions (and without getting into the ethical or moral value of her crusade) I highly doubt that she has the legal right to distribute the software that she's making available today.

Most likely, you are correct.

By using traditional copyright law, the copy SHE has is perfectly legal, since only diebold broke the law and voilated copyright by distributing it (Unless of course they decide to not sue themselfs, by granting themselfs permission to distribute it to her, and thus abide by copyright law.)
However, without diebolds permission, she has no rights under copyright to distribute it further.

The thing that bothers me is the government is actually allowing this software to be copyrighted in the first place. By the nature of what its doing (democracys future in this country is riding on this softwares sholders) the govt should instantly revoke ALL ip protection for this software, copyright, pattent, trade secret, everything.

It's sickening that the govt is allowing someone to potentially commit treason with this get out of jail free card of copyright protection, and that he isnt in prison for the crime.

Not only that...

[Burz]

You are correct... perhaps the only way to tell for sure would be to compile the software on-the-spot after performing diffs to check for authenticity. Plus the OS and compiler would have to be verified as not being tampered with.

People--- Maintaining the integrity of anonymous transactions just isn't compatible with the nature of complex computing systems. Even fully-identified transactions, as in banking, are precarious enough to warrant an industry of anti-malware (which sadly, often cannot create a secure environment).

Add to that the idiosyncracies and exploitability of what is essentially Personal Computing hardware consisting of billions of logic gates and almost infinately maleable storage media... all to record a few bits of information per transaction?

That is asking for trouble.

Even if polling authorities can somehow effectively and independantly verify the source code logic, there is no way to be sure about the hardware logic, as each IC is effectively its own "Black Box" that cannot be peered into.

Finally, a computerized ballot is an invisible ballot. The bits being displayed on the touchscreen are only a proxy for the bits being recorded, and the opportunities for de-linking the display information with the recorded info are myriad. The concept of a voting system where the voter never actually sees the ballot they are casting is bizarre and tragic.

For the above reasons, only physical ballots can ultimately be considered as real. Any such voting system that does not print a physical ballot is a fraud.

Re:Not only that...

[kbielefe]

For the above reasons, only physical ballots can ultimately be considered as real. Any such voting system that does not print a physical ballot is a fraud.

It's the decision that matters, not the medium on which it is recorded. The counting is outside of the voter's control as soon as he leaves the polling place in any case.

Computerized ballots could actually be more secure if implemented correctly. Unfortunately, the need to provide both anonymity and verifiability is a serious technical challenge. Here is my crack at it:

• A voter self-selects a unique ID, which will appear on a public list of ballots cast along with the contests that voter voted in, but not how he voted. This prevents precincts from "misplacing" votes.
• A random voter number between 1 and the number of registered voters in a precinct is displayed on the screen after the vote, but no certified receipt is given to associate that number with that person. Results are indexed by that number. The person can then verify their vote was recorded properly, but has no proof of that to give someone who wants to buy their vote.
• That still leaves the problem of how to prevent malicious software from giving two people with identical ballots the same random voter number and spoofing another ballot. Suggestions?

Re:Not only that...

[CastrTroy]

The counting is outside of the voter's control as soon as he leaves the polling place in any case

Thats why when they use hand counted paper ballots they let people watch. In Canada, they let the candidates or their reps watch the counting. Which is good because all parties are allowed to watch the counting, to ensure it's done fairly.

Re:Not only that...

[Burz]

I have thought about it, and think there is no way to guarantee against tampering of he verification indexes. Even with cryptography, trust is implicit on both sides.

There is ultimately no substitute for the forensic tracability of a physical ballot. OTOH an anonymous ballot which cannot be sensed directly is no ballot at all... manual verification before submission is inherent in the balloting process.

Ask and ye shall receive...

It would help significantly if there were a post either on the home page of blackboxvoting.org, or in the bbvforums.org forums under your name. This way there would be some credible record that this information did truly come from Bev Harris.

Ask and ye shall receive... there's an update on their primary website
http://www.blackboxvoting.org/

Post MD5 checksums of these files.

[Dr_Barnowl]

Dear Bev, While it's not a 100% surety, a good way of adding credence to the provenance of these files would be to post MD5 checksums of the three archive files on a visibly accessible page at blackboxvoting.org Your neighbourhood friendly ubergeek should be able to oblige you. Or yourself, you seem to be pretty well versed. Much kudos to you. I watched Hacking Democracy the other night, and if it hadn't been such serious material, I would have been wetting myself with laughter at how craptastically awful the GEMS software is. I shall have a poke around in the material in a non self-endangering manner for a while.

Re:story is legitimate, I just talked to Bev by ph

[Jeremiah+Cornelius]

How low do you have to go?

The software DOES matter.

[Burz]

You just said that a physical ballot must be printed in order for the machines to be trusted.

So I agree with what you're saying, except the general sentiment that software doesn't matter. If it doesn't print a ballot that the voter examines and hands to a polling clerk, then its bogus.

Re:The software DOES matter.

[Chandon+Seldon]

My point is that if you're printing a ballot that the voter is going to inspect, and the voter can clearly see that the ballot is correct, then the software can do whatever it wants - print random ballots, print ballots that only mark Green Party candidates, who cares - the voter will see it and it will get fixed with no possibility of vote fraud as the result of the voting machine code.

If the voting machine code matters, then the design has already failed. An arbitrary voter can easily verify a paper ballot, but there's no way for an arbitrary voter to verify (and therefore have reason to trust) some code running on a voting machine they're using.

Can we mod a story?

[filesiteguy]

I'd like to mark this story as -1, troll. Can I do that?

What a waste of space! /me shakes head

Re:Dont Help BBV

Whats the deal with Republicans always trying to call the Democratic party the 'Democrat Party' and then acting like it's a mistake?

Yeah... "Chimpy" and the "Rethugs" are just awful that way.

Another tidbit of info

[Anti_Climax]

ES&S is the company contracted in Arkansas to provide electronic voting machines. Unfortunately it's a little too late for Randy Wooten

Is this really any use?

[Vellmont]

There is a good possibility that current versions have significant changes.
Which is exactly what the software producers will claim when any issues are brought up that people find.

"That bug has been fixed in the release version. What you have is beta software never intended to be used in an election". Or "That vulnerability could never happen because of safeguards that exist in other parts of the system we won't tell you about".

Or worse, pundits will just claim:
"We have no way of knowing if the version released on the internet wasn't modified by someone else before release".

I guess my question is, how do you expect the release of this software will help change anything? Since you can't be certain about the validity of the source or what's been changed, what use is it? Conclusions based on questionable evidence become questionable.

Just something to think about, since I'm sure the spin machines will be in high gear to minimize any impact of anything that's found. Just be prepared for the usual responses.

I WILL ask. -- It may be bogus.

[darkonc]

It looks to me like this is potentially an attempt by someone to potentially infect thousands of Slashdot users' boxes. The site (blacbox1) is anonymously registered, the front page is a generic 'oops' page, and about the only things that it seems to have in common with blackboxvoting is that they both appear to be hosted by rackspace (but on different subnets).

I'd only open these files on a sandboxed/honeypot box.

Re:I WILL ask. -- It may be bogus.

[Oztun]

The other thing they have in common is on blackboxvoting.com where it says yes this is real.

Go figure ?

[bheading]

What is the point in evaluating voter machine software, source code or otherwise ?

There is no way to prove that the software evaluated was actually the exact software deployed on the machine.

Democratic electronic voting is an impossibility. You cannot do it.

Re:Go figure ?

[adrianmonk]

Democratic electronic voting is an impossibility. You cannot do it.

I'm not convinced that it is an impossibility. I am convinced that so far nobody has done it, but I am not willing to rule out that it is possible somebody could.

I think it's important to look at it from several angles. One of them is procedure, which someone else has already mentioned. Even for good old-fashioned paper voting, a proper procedure is necessary to make sure someone doesn't stuff the ballot boxes or similar. The procedures need to be transparent so that they can be verified by several different people.

Another angle is information theory. One of the chief problems with some (all?) existing systems is that they seem to think that it's OK to maintain only a count of votes. Every time there is a vote, the counter is incremented, etc. The information about the original votes is destroyed and only the count remains. This is different than with paper ballots: with paper ballots, the votes themselves are recorded. Then the count is created by totaling up the votes. If necessary, a recount can be accomplished by totaling up the original votes again, because the information about the original votes continues to exist. I think it should be a requirement of any voting system (electronic or otherwise) that information about individual votes is not destroyed.

Of course then there is the issue of the physical media. Most electronic storage can be rewritten, which is unacceptable if the information is to preserved (as above). So a proper electronic voting system would require information to be stored in a medium that can't be changed once it is written. RAM, hard disk, and flash are not reasonable solutions, but there are other solutions that might be. For instance, PROM would work: a bit can be written by applying current that burns out a fuse. Once burnt, the fuse cannot be "unburnt". Notice that I am talking about PROM here, not EPROM or EEPROM (in which, for both, one of the "E"s stands for "erasable"), although EPROM (not EEPROM) could probably work well too if there were a physical seal on the window you use to erase it.

I think, in general, a proper electronic voting system would need to use something other than a general-purpose computer as a platform. It might need to be have all its programming written in ROM or PROM so that it cannot be changed. It might need to have dedicated hardware. It might need to be something other than a von Neumann machine. It certain needs to have code that is very small, something on the order of a few thousand lines total. That rules out building on top of an existing database or operating system.

If voting machines had dedicated logic (i.e. NAND gates or whatever) that could allow input of the votes to some write-once media (like PROM), and if there were a way to verify the data on the PROM (preferably through a separate machine), recording votes electronically seems feasible. It would be even better if every component of the chain were modular and standardized and built so that its performance can be exhaustively tested. For bonus points, the exact behavior of a chip, down to the signal timing, of the chips involved could be specified precisely. Then you can run several chips (with the program logic on them) from several sources in parallel, with hardware on all the outputs to verify they are outputting the same things at the same time. You can have, say, 4 chips processing the same inputs, then on every logic line coming out from each of the chips, put a small network of gates to compare whether they are either all high or all low and raise an alarm if not. (Of course you only check for some part of the cycle of the clock; it's not necessary for them to make all the transitions at the same time as long as they make them within some time interval.)

Forget the DMCA and the law!

[bussdriver]

Do not assume we have a better system today just because we do not have the same mess of yesteryear. We have a new mess with new problems to which the next generation will look back and wonder what was wrong with us.

How do you want to be remembered?
Would you have wanted to be a person "towing the line" in the 1960s or somebody who marched with Martin Luther King =>1 time?

Laws are not moral nor are they usually written by moral politicians.

Testing

[plopez]

It would be called blackbox testing....

google or wikipedia blackbox testing for a descritpion.

Re:Testing

Bottom Line:

1) This IS a very important issue. Period.

2) It certainly looks like the Republicans decided to NOT try and steal many races last week, and to pretty much let the voters really speak (unlike 2000, 2002, and 2004 !). Not sure why. Apparently the point is they want to "prove" that the new voting machinery "actually works". And that Congress's sinister "HAVA" Act was good, and is working.

3) The only proper, verifiable, fair system of voting is to use paper ballots. That is what the Canadians have wisely stuck to for decades. None of this electronic tabulation stuff.

4) We must push for paper ballots! Or else kiss America as a country-that's-a-democracy goodbye forever in '08.

It must be a little shocking...

[peterlombardo]

If Bev is new to the Slashodot community she might be a little concerned about all of the information that the Slashdot community is pulling up on her: articles, history, background, domain name registration, phone number at the office etc..

If she's not on Wikipedia, I bet she will be within the hour.

Re:It must be a little shocking...

[Bev+Harris+at+BlackB]

Not to worry. Some of the posts for years have been by a Diebold employee using several different screen names. In fact, we traced him to at least one account on Slashdot. He posted smears about various people in the election integrity movement, and he had/has accounts on Bradblog, DemocraticUnderground, the Yahoo finance message board for Diebold, on Black Box Voting, on his own web site, on Slashdot, and on Fark, among others. By tracing an IP on one of his troll posts to his own little blog, where he and his wife posted photos of their cars and houses we were able to get a positive ID on him. He called himself an "HTML ninja" and a spy. Well, Diebold's Rob Pelletier was perhaps the dumbest ninja in history because he accidentally captured himself on his wife's webcam posting messages.

So watch this thread for a tense man on a webcam as I post the link to a report, with photos and video, showing how we found out the identity of one of the Diebold's Internet smear squad. Here it is: http://www.blackboxvoting.org/diebold-PRmachine.pd f

Now, as to what you can find without access to source code:

- In Diebold's GEMS, we found that the software contains a double set of books that allows it to pass spot checks -- i.e. random hand count audits -- while still cooking the books

- In Diebold's GEMS, we found that the MS Access database tables do not bother with referential integrity

- In Diebold's GEMS, we found that you can alter results using either a Visual Basic script or Java Script. This was demonstrated on a real election system and is shown in the HBO film "Hacking Democracy" which is showing all month and is on the "on demand" programming right now.

- In Diebold's GEMS, we found a customized set of programs using interpreted code, which is banned by the FEC

Looking at the ES&S Unity software, which they will certainly claim has been changed, will nevertheless tell us something about the original architecture and how the programmers think. It will tell something about the programming culture. It will tell something about any commercial off-the-shelf software used with the databases, and knowledge about those programs will in turn provide information about the kinds of vulnerabilities these guys were willing to put in a voting system.

It may help to craft public records requests, based on guesses as to what vulnerabilities might still be in the system, and thereby elicit more information. And remember, this is the government. Not everyplace could afford new voting systems, so they have a legacy problem. They have to make new versions backward compatible to some extent.

In a vacuum, even a little opening can cause a rush of new knowledge. Hopefully the Unity programs will provide enough hints we can pry loose more information through public records requests, voting machine inspections, and in legal discovery. It will certainly give us ideas for some questions to ask.

Looks like it came from Tarrant County, TX.

[Afecks]

The revision date says 1/16/2001. Here's a screen shot.

Cool! Free Software

[Noodles]

Thanks to Slashdot/BBV for the links to free software! Please provide links to Photoshop, Office, and HalfLife while you are at it.

Really, what is the difference?

Crazy idea...

[C10H14N2]

How about the machine counts the paper ballot you filled out and drops it in a bin? That's what my precinct uses and most people puzzled over the sight of the one, single touch-screen machine, barely giving it notice, much less use.

Re:Crazy idea...

[Chris+Burke]

How about the machine counts the paper ballot you filled out and drops it in a bin?

Yeah, and in theory, it could also tell you if it couldn't read the ballot because it was badly formed. Okay, machines can already do that, though in some notable cases in Florida this capability was disabled (but people just assumed it was because those voters were idiots).

I do think an electronic ballot machine has some advantages. I like the part of e-voting where I can easily browse candidates, click buttons that show the full text of any propositions or measures being voted on, easily change a vote if I decide to change my vote, and so on. I like the idea of eliminating penciling errors by having the computer print it. I like the accessibility options e-voting can give.

In my ideal e-voting world, you'd have one machine that prints ballots on card stock in a human-and-machine readable format (with the same markings, not human-readable-text and a barcode). You'd take the ballot it prints out and put it in a different machine that could count the vote. In fact, because the format of the ballot would be a matter of public record, anyone could make a ballot counting machine and after passing some basic certification (that it doesn't mangle ballots for example) could bring it to the election to verify that their machine got the same count as everyone else's machine.

Of course something simple like you describe works. As long as there is the paper record which is considered authoritative, and the machine count only an initial estimate, then that's a voting system I support.

Re:Cool! Free Software

[pitpe]

Thanks to Slashdot/BBV for the links to free software! Please provide links to Photoshop, Office, and HalfLife while you are at it. Really, what is the difference?

The public interest? Deficiencies in the voting process should be of intesrest to everyone- BBV presumably feel its of sufficient interest to justify breaking the law (I am of course assuming they haven't received it legitamately). If you take it a step further and believe that voting machines have been rigged, you potentially also have the defence of investigating/preventing a crime.

Here's one difference:

[Bev+Harris+at+BlackB]

Any of us can go out and buy Photoshop, Office, and HalfLife and get at least an operational overview of what they do and how they work.

None of us can buy the secret voting system software that we are forced to use as the sole means of exercising our voice as owners of our own government. Citizens own the government, not the other way around.

When you own something, you have to have a way to convey your management decisions. As citizens, the way we invoke our management rights is through our vote, and the system that defines, authenticates, records and counts our vote is owned by someone else who says we not only can't look at the source code, we can't even install a working version of the compiled code to see anything at all about how it works.

That's what's different. This situation is more akin to the owner of Halflife being told he is not allowed to see how his own product works.

Re:Here's one difference:

[strikethree]

You are missing the point. What you are doing is likely illegal; however, I find it to be highly ethical.

strike

Re:Dont Help BBV

Come on, he can't even get his own name right, how do you expect him to spell a difficult word like democratic?

Hey, J, it's Jeremy. Keep trying, you'll get it :)

Oh for CHRISTS Sake...

[certain+death]

Grab it, play with it in a Virtual machine and see WTF it is. Everyone know, just as Microsoft and Other OS Programmers do, they reuse code. I would be willing to bet that 98% of the code in the current machines is either this code, or work that was derived from this, so I don't know about the rest of you but I am whipping out my copy of IDA Pro and having at it!!

Can't hurt to help BBV

[rHBa]

I'd never thought to use the friend/foe feature of slashdot but now you mention it I think this is a good use. What has jeramybsmith got against Bev Harris anyway? I mean who sees one slightly bad, unsupported claim about someone who, at worst, is harmless (unless you work for Diebold, Sequoia et al) and decides they have to save the world from her 'evil propaganda'?

Sounds like he's the one with something to hide... ...or maybe he's just bitter because his mum spelled his name wrong...

unity 5.71 election data manager

The file un5.zip contains an installer for what appears to be ballot designing software. It can't be started up properly without patching the binary, though, because it checks for the presence of a specific printer driver. At least under Wine in Linux anyway -- I don't have a copy of Windows to test it on.

To fix the problem, open opt.exe in a hex editor and nop out 30 bytes starting at offset 0x30527. Save the file and rerun opt.exe. You can now play around with ballot software!

Interestingly, some of the data files contain locality information. OPTBATCH.DAT has references to several locations in Pennsylvania, but the software itself is licensed to Tarrant County, Texas. The string "Tarrant County" is part of the actual binary opt.exe, leading me to believe that the applications are built specifically for each municipality.

Mercifully...

[C10H14N2]

In the Texas documents contained in ess2-44336.pdf, there's plenty of condemnation of all the potential issues that are generally raised, which is somewhat reassuring. Sure, one could rip apart all the datafiles and executables looking for weaknesses and outright backdoors, but if there is an indelible physical audit trail, as repeatedly demanded in Texas, there should be absolutely no need to bother looking inside the "black box" as it either matches or it doesn't and if it doesn't, paper trumps bits.

Rather than tear apart systems to determine if they're rigged, we should simply assume that every damned one of them IS rigged and insist on a physical process that can detect it and recover. That's a hell of a lot easier to do than a constant code-review, open-source or not.

Frankly, I'd be MORE comfortable if all the datafiles were in unencrypted plain-text that any moron off the street could modify because that would mean the rest of the process couldn't trust those numbers alone and no one in their right mind with an IQ larger than their shoe size would think otherwise.

Re:Mercifully...

[Bev+Harris+at+BlackB]

I'm hoping you can provide an example -- anywhere -- where you have had an opportunity to compare the paper against the machine. Of course, they did that in Cleveland, the only place in history I think that has ever actually compared the DRE "voter verifiable paper audit trail" with what the machines said. That cost Cleveland about $350,000.

It didn't match.

I am currently up to my ears in "auditing." First, you can't get the records. Those records you are allowed to look at, you can't do so in a timely manner, generally until after all recount and contest periods have expired. And those records you get to look at generally have information on them that doesn't reconcile. When it doesn't reconcile, you don't get meaningful answers. And there are no consequences for public officials who run mismatched elections, except in the rarest of cases, such as what's happening in Sarasota right now -- but that took citizens groups from 3 counties and a team of lawyers. Sarasota citizens take back their elections

In every election, we are seeing more votes than voters, zero reports that aren't zero, machines that don't match their paper results reports, lost votes, but mostly, we aren't allowed to see. A little-known secret is that even in locations where they have "random x% manual audits" the random is "selected" (you heard me) and the audits frequently don't match. When they don't, there is no expansion of the audit, and indeed, there is not even a disclosure to the public that it didn't match.

If you are persistent enough to find out when the "random" audit will take place, you MIGHT be able to watch, and if you are allowed to watch, you MIGHT be able to actually see anything. It is common for them to put you too far away to view the ballots, just as it is common on Election Night for them to turn the computer screens away from the observer area so that observers get to watch the back of the monitor, not the front.

Theories of how elections should work run into a bumpy ride when you watch first-hand how elections are actually run.

But let's suppose we solve those problems.

With computerized voting, it takes a small wheelbarrow and about 60 days free time to engage in stupefyingly tedious but precise work to audit just one jurisdiction. You've got to check the (Diebold) computerized voter registration system with the (Diebold) electronic pollbook and then look at the (Diebold) voting machine results tapes and then compare them with the (Diebold) central tabulator report. But all those things can be rigged, as we showed in the HBO film "Hacking Democracy." What remains is counting all the paper votes. Not a sample. All of them.

But counting the "VVPAT" is almost a comedy. It's printed on 8-pt type on a roll made of thermal paper that is about 3 inches wide and a few hundred feet long. If you thought staring at chads was bad, you'll croak when you see this. But that's not all.

The chain of custody for the paper trail, which you MIGHT get to see after weeks have passed, is another of life's little mysteries. But let's assume the chain of custody is acceptable. In San Diego, they charge a dollar a vote to look at the ballots. To look at just 11 precincts (out of over 500) citizens were hit with an unitemized bill for over $8000. At least they could look -- in Marin County, the race was dictated by the absentee ballots, and citizens were told that it is not possible to sort the absentees for just their candidate, so they'd have the choice of paying for looking at ALL of them or paying an even bigger fee to have them sorted.

But that's in the more voter-friendly locations. In Nebraska, a losing candidate for senate tried to purchase a hand recount. "There is no provision in the law" he was told, and I have that letter from the Nebraska Secretary of State, "for you to count the ballots by hand." They must go through the machine again.

Again, why are we doing this?

A bill has been intr

Re:Mercifully...

[C10H14N2]

Oh no, don't misunderstand me. The absolute most terrifying portion of your documentary was the shoddy execution of the manual process. That absolutely put the fear of God in me, not least because it was nearly impossible to distinguish between malice and incompetence and a properly functioning system should be able to detect both, distinguish between the two and correct for either. Our current system can detect both, but it can't make the distinction, doesn't reliably correct for it, and most frighteningly, doesn't even enforce the need to care.

I manage critical applications (of the 'people can die if the system breaks down' variety) and the key is the the "high-tech" bits are just PART of the system--and the most untrusted part of them to boot. When I saw this application, my first thought was "Good lord, this is FAR too vertical for the intended purpose." Trusting the same thing to collect, record, count, aggregate and report the same numbers? Crazy. In a proper system, each step of that process should be independently capable of validating the next, interchangeable with another component of arbitrary source, whether it is a collection of people, machines or combination of the above. If they cannot agree, the process should start again from the beginning until they DO. That last bit is the most glaringly obvious problem in our system. When we have total disagreement, all it takes is a Secretary of State to sign off that we officially don't care. In what I do, it would be akin to patient coming in and saying they have asthma, the doctor writing a scrip for Albuterol, the computer registering Preparation-H, the pharmacist dispensing Aspirin and the nurse administering Heroin, then everyone agreeing that the patient got the Albuterol and no one having the means to prove otherwise...then replacing the computer and saying everything's all better now, pity the patient is dead.

I'm glad to see you're going in the direction of correcting the system, not just the unnecessarily fancy blinkenlights.

It is truly inspiring, admirable work you are doing.

Re:Dont Help BBV

[CrazyDuke]

As a former republican, let me inform you. It is because they believe democrats and anyone they percieve to be associated are the antithesis of democracy. This often has to do with a self perception that they represent democratic values, and therefore anyone that opposes them does not. Therefore, they label them as a democrat rather than as democratic as a means of linguistically seperating the two ideas. The "Democrat Underground" slip could be freudian slip if they are being sneaky or an intentional mocking of what they believe to be a lie, it depends on the context. FYI, this is a generalization regarding party (or faction) loyalists of that particular party.

Keep in mind, former republicans will occasionally make this slip as well occasionally, especially if they are reluctant to support democrats. (I do. Sometimes it's intensional, like when I suspect authoritarian tendancies.)

I'll occasionally still use the term when talking to republicans, as calling them "democratic" to a republican is a big red flag that one is not on their team. This shuts down the debate, as most hardcore party (any party) supporters will insist on dictating rather than debating (or even just chatting about current events) when they percieve you as an opponent.

Re:Dont Help BBV

[CrazyDuke]

Ad hominem attack leads more ad hominem attacks leads to more ad hominem attacks. News at 11.

Re:Don't bother -- excellent point for paper audit

[MoriaOrc]

Be sure to thank your friend for me. I live in Orange County and I voted in the last election. The paper ballot part of the machine was new this year, though the machines were otherwise the same ones we've had since my first election in 2004 (I think that's the first year we had them, though), and I wasn't sure what had prompted the change to paper this year (certainly glad for it though).

It's also good to hear that they are actually counting with the paper ballots (rather then the machine count) getting the highest authority. I had pessimistically assumed they were mostly for recount purposes.

The only potential problem with the system you described, and it's something I didn't see you mention, is that it seemed like the counted part of the ballot was in bar code form, while the rest was probably for hand recount purposes. Just a quick look at what a ballot looked like through the window*:

Prop 1A: [Yes/No]
Prop 1B: [Yes/No]
...
[Page break in here somewhere - there were lots of props and confirmations for judges]
...
State Senator: [Whomever]
Governor: [Whomever]
...
[Another page break after all the ballot items - At this point you can accept or reject the ballot]
Accepted!
[Bar code]
[Maybe some "Thanks for voting!" thing]

The fact that they have a bar code makes me wonder about the process for counting the paper ballots (the VPATS? not to good with alphabet soup). It seems likely that they will be counted by a machine that uses the bar code, rather then by hand looking at the yes/no or name markers. If so, is the counting machine made by the same company? Because the fact that I can no more verify that my vote was accurately recorded in the bar code then I could that the machine wasn't miscounting in the previous two elections is slightly worrisome. Seems like some sort of scantron-like ballot where the machine just fills in the box for you and both you and a machine can read it would be better

Thanks again for the info.

ES&S Problems

Some close-proximity insight for those evaluating ES&S. I'm an Omaha resident and have knowledge of ES&S's application development and information security environment.

1. Senior management does not see information security as ES&S's responsibility. The developers are under very tight schedules and are not given much in terms of time and resources to focus on the "apply security after dev is done" model ES&S uses. I discounted this a bit since nearly every programmer complains about not having enough time and resources, but believe there is some merit in the case of ES&S.

2. The codebase was never designed from a security perspective and is old legacy code that has been dragged along into newer OS platforms.

3. ES&S senior management believes that information security is the responsibility of their technology providers. For instance, they attribute OS and networking flaws to Microsoft and indicate they are not responsible for these issues as they're "only users." Unfortunately, in the shop I work in, we're aware Microsoft disagrees and expects us to harden our apps, OS, network and general environment.

4. ES&S security staff are not very well qualified. Internal audits are not performed unless a client requires it, and unfortunately, most governmental clients only know to ask for a SAS-70 (which is usually done by an accountant and says nothing material about information security). Internal security processes are seriously lacking.

5. Constructive criticism is not well tolerated within ES&S's business environment. Production schedules are tough and resource challenges are pushing people to the edge. Shortcuts with the promise of "coming back later to tighten up all these holes" is common practice.

I should note that many of the people that work there are well intentioned and are trying to do their best, but until clients expose these flaws and know how to demand better security (vs. the useless SAS-70), senior management won't realize it needs to allocate these resources. Presently, security is perceived as an unnecessary overhead cost that is the responsibility of others, not ES&S.

slashdotters or trolls?

[whitroth]

I skimmed through the first dozen or two posts "at or above my level of interest", and frankly, I'm appalled. After all the years of screaming and yelling about DCMA, the RIAA, and firmware copy protection, to see this "it's not legal", and "we'll find out about Bev".

Perhaps all these folks are new to slashdot, and have ignored everything that's been out there for years about rigged voting black box machines, including reports from Ari Rubin to Clint Curtis in Brevard co, FL.

PERHAPS THOSE OF YOU BEING OFFENDED BY THIS POST WHO LIVE IN THE US SHOULD LEAVE, AND MOVE TO AN OPEN DICTATORSHIP, SO YOU DON'T HAVE TO VOTE.

          mark

Re:Cool! Free Software

The diffrence is that it is a integral part of the nation's "democratic" proccess, and we, the public, paid for the software.
My paper ballot was counted solely on an ESS machine that my county bought. Thus, I am a purchasor and user of the software.
I don't remember seeing a EULA that said I couldn't distribute it.

Re:Dont Help BBV

[spun]

Why do you hate Bev Harris so much? Do you work for ES&S? Are you a Republican and you don't like her politics? Are you working for the Tom Flocco anti Bev Harris disinfo campaign? You see, she pissed some people off and they started a serious campaign of slander and disnformation against her. And here you are, every time that she or blackboxvoting.org are mentioned, chiming in about how crazy she is...

Frankly, you come off sounding like far more of a kook than she does. That quote does not make her sound like a creationist, it makes the other side sound like creationists. She's saying that someone falsified a report in order to make their position look better. If I saw a "scientist" doing that, I'd call them on it, too.

In any case, the level of venom in your tone is astounding. To an impartial observer, it appears as if you are out for revenge. Again I ask: why do you hate Bev so much? There are plenty of kookier kooks in the world, why focus so much frothing rage against her?

Re:story is legitimate, I just talked to Bev by ph

[Jeremiah+Cornelius]

Framebrate?

I must have been flaming myself!

Verification

[azrider]

If you are as obsessive about the news as I am, you might have seen the following (paraphrased) There is one race in which a candidate did not receive even one vote Presumably, he (or his wife) thought he should win

• or had to much time/money on their hands

Election Office Report for Linux Hax0r

Election Office Report
for
Linux Hax0r
November 22,2006 10:15PM

Term: Vote fo Sequence:
HaX0r District Type: 000100239
Term:4 Vote fo1 Sequence: 1
Master Bater District Type: 000200239
Term:4 Vote fo1 Sequence: 51