Help Black Box Voting Examine ES&S Software

Gottesser writes, "Bev Harris of Black Box Voting has asked for the help of the Slashdot community. She would like people to take a look at ES&S's central tabulator software and start reporting on their impressions of it. This is a past release of the software but it is similar to the applications in production. Sorry, no source code." Read on for Bev's request and pointers to the code repositories. Update 23:38 GMT by SM Bev has confirmed that blackbox1.org is indeed owned by BlackBoxVoting making both a comment in the discussion and a post on the front page of blackboxvoting.org to help assuage reader fear/doubt.

From Bev:

"ES&S 'Unity' central tabulator software.

Software stash: three zip files --
http://www.blackbox1.org/ems.zip
http://www.blackbox1.org/un5.zip
http://www.blackbox1.org/Unity.zip

User Manuals for ES&S software can be found here:
http://www.bbvforum s.org/forums/messages/2197/2864.html

This is the ES&S central tabulator software, the ES&S counterpart to the Diebold GEMS central tabulator software. No source code, sorry, and no software for the precinct machines. This is reportedly one generation back, but from what I'm told has significant similarities to the new stuff. I would appreciate it if you can provide me with feedback on your impressions after looking at it. You may want to Slashdot it or whatever.

Best,

Bev Harris
Founder
Black Box Voting

Don't bother

[jrivar59]

I would argue that examining this software is counter productive, and not a good use of resources.

The fact that it is closed and "secret" is offensive enough on its own to protest for change. If democratic election is not the most obvious case for open source (and open hardware), then nothing is.

Re:Don't bother

[Chris+Burke]

True, and I'll go further. Trying to examine the software for flaws makes it sound as though evident flaws in the software are the problem with the current crop of voting machines. They are not. The problem with the current crop of voting machines is that they do not produce a paper ballot that is the actual counted ballot.

Software is an illusion. You, as in a non-employee of an electronic voting firm, will never be able to prove that whatever software you audit and trust is actually running on the machine. You will never be able to guarantee that there isn't malicious code in the machine. You will never be able to prove it has no bugs. You will never be able to prove that it actually stored your vote in its internal memory exactly as you recorded it.

However, you can be sure that a printed ballot has correctly recorded your vote, because you can read it.

Give me a printed paper ballot, and I won't need to check the software for bugs. If it prints my ballot correctly, it's good enough. If it screws up, it's buggy. That easy.

Re:Don't bother

[SkunkPussy]

If you know the source code of the software (including build options etc), and the compiler/linker versions that have been used to build it, it will be possible to prove whether or not the binary code on the machine was generated from the source code in front of you.
To be more precise, you will be able to prove that the source code in front of you combined with those compiler/linker options generates the same binaries as exist on the machine. If your compilation does not generate the exact same binaries, then someone has some explaining to do.
This is the advantage of OSS voting code - it allows independent verification of the process without requiring a huge amount of trust to be invested in any stage of the process.

Re:Don't bother

[daveschroeder]

Why aren't we simply fighting for a permanent voter-verified paper trail, instead of always saddling every e-voting initiative with demands that EVERYTHING, hardware and software, be open source?

Don't get me wrong: I'm not saying it's not a good idea.

What I'm saying is this: since, even if recounts must be requested every time, a permanent voter-verified paper trail (and a true comprehensive system with regular audits and comparisons between paper vote counts and tabulations) solves almost everything, why are we instead trying to essentially unseat established, commercial enterprise e-voting vendors?

Wouldn't a more productive approach be to simply get a paper trail into place, since even an open source system is almost as worthless without one?

Keep in mind, too, that an open source system still needs to go through complex certification processes and code freezing just like the commercial products do. Even though the commercial products aren't "open source", the certification process allows for the necessary level of inspections by election agencies and external entities. The problem was the certification procedures being routinely ignored or bypassed for convenience, something that can just as easily happen with an "open source" solution.

The problem is that doing an electronic, anonymous, secret ballot that also exists in a system that attempts to enforce one-vote-per-person, combined with all the complexities and vagaries of local municipal and county systems is a lot harder than doing a vertically integrated system for one corporate customer (such as a bank).

Keep in mind, too, that much of the legislation (such as the Help America Vote Act) that essentially mandated e-voting in the hopes of ensuring uniform access to modern voting equipment was done in response to complaints about unfairness and inconsistency with manual systems in the 2000 elections, and not just in Florida. The one critical error was not explicitly recognizing that an electronic secret ballot is a hard thing to do, even without corruption, fraud, and incompetence, and a paper trail wasn't specifically mandated. And no, that wasn't by design. It was an error of omission.

Now, states, counties and municipalities have had to shell out hundreds of thousands, and sometimes millions, more dollars to add and retrofit certified paper trail functionality to existing systems (which, indeed, many are doing). But all e-voting vendors offer it. It just costs a lot of money.

So instead of trying to push out enterprise vendors with multi-million dollar contracts (which is essentially what demanding "all open source" would do, since no commercial vendor is going to open up ALL of their software and hardware code and designs), why not just work to get a permanent voter-verified paper trail in place in as many places as possible as soon as possible, perhaps even mandating it via legislation, since that will be required no matter what system is implemented?

What's more important: the egos of the people who have a vendetta against Diebold, Sequoia, and ES&S, or actually getting a mechanism into place as quickly as possible that guarantees votes will be accurately cast and counted (and at a minimum immediately shows if there is a problem? (And yes, I DO expect the burden of actually looking at the piece of paper to verify that it's correct to fall on the person who is voting.)

Re:Don't bother

[Chris+Burke]

From my first post, emphasis added: The problem with the current crop of voting machines is that they do not produce a paper ballot that is the actual counted ballot.

I'm not talking about a paper summary, I'm talking about a paper ballot.

That's the point. You can do whatever the hell you want inside the machine, perform whatever trickery you want, but if it prints a ballot with the choices I made on it, then that is all that matters and your trickery was for naught.

Anticipating the next question of "why electronic voting at all then?", the answer is the same reason we moved to it in the first place: preventing poorly formatted ballots from causing invalid votes, and for accessibility reasons.

Atter the analysis is done...

[Dave21212]

We should take a vote using GEMS to see if the Diebold software is good or not :) I'm predicting a landslide !

Seriously though, I'm a little disapointed in the comments so far. First, this is not a political/partisan issue. Second, you don't need the source code to evaluate the operation of this software. Sure, it would be easier if we had it, but are you telling me that nobody here knows how to run a debugger or decompile some simple windows code ??? How many of you are drooling at the chance to take a whack at this stuff ? Go to it !@

For you people whining about no source code, how about you leave the real hacking to the real hackers and go back to your QA jobs :) Besides, I think it will be interesting to see what people come up with *without even having the source* - it's more of a real world test that way.

The procedure is what matters.

[Chandon+Seldon]

The important thing isn't the voting software, it's an effective voting procedure.

There is a known effective voting procedure using paper ballots, ballot boxes, and little old ladies (err... party representatives) to count them. This procedure has one important property: fraud attempts tend to get thwarted because the little old ladies will yell when something fishy happens. ANY VOTING SYSTEM WITHOUT THIS PROPERTY SHOULD NOT EVEN BE CONSIDERED.

It may be possible to design a voting procedure using computers that is similarly effective. Here's the important thing: it needs to retain the property that little old ladies observing the process can immediately tell if something fishy is going on. NO FULLY COMPUTERIZED SYSTEM CAN HAVE THAT PROPERTY.

Someone suggested the following system here on Slashdot:

1. Paper ballots are marked, either with sharpies / pens or from touch-screen ballot generating machines.
2. They go into standard ballot boxes.
3. Those ballots are brought to a central tallying location using the standard ballot-box protection procedures.

At the central tallying location, for each race:

1. The ballots are put into a sorting machine that sorts based on the votes in that race.
2. Observers check the sorted piles to make sure that they are properly sorted.
3. The sorted piles are put into a counting machine - there's your counts. If the counts look wrong based on pile size to any observer, it's manual count time.

If any candidate, observer, or 50 signatures question the validity of the counting machine's results - a manual recount occurs for that precinct. Every time - no "but that would be effort" bullshit.

This system takes all the properties of the hand count system and preserves them while spending money to gain two properties: Ballot generating machines for the blind, and fast counting for people who think that matters. Ballot generating machines are an easy problem, and sorting / counting machines are pretty cheap. We might have to use heavy cardstock for the ballots to survive the sort/count process for every race - that's $50 I'm willing to spend.

Re:story is legitimate, I just talked to Bev by ph

[AJWM]

So you say. How do we know who you are?

(Nothing personal, just illustrating the chains of trust necessarily involved in any security.)

Thanks for checking. If you really did ;-)

Re:Hi, I'm Bev Harris. There's nothing fishy here.

Hopefully you are Bev Harris, but you see that there's no way for us to know. I could create a Slashdot account claiming to be Elvis, and nobody could verify whether the King had truly returned.

It would help significantly if there were a post either on the home page of blackboxvoting.org, or in the bbvforums.org forums under your name. This way there would be some credible record that this information did truly come from Bev Harris.

How was this obtained?

[slackmaster2000]

BlackBoxVoting is essentially "Bev Harris", and it's an organization concerned about the implications of electronic voting.

No point in getting into the goods and bads of electronic voting, because all we have here is somebody not associated with ES&S posting a copy of the ES&S software. Another slashdotter has posted at least three times in this discussion that this is all legit because he called and spoke with Bev Harris -- but Bev Harris is *not* from ES&S. Her validation does not make the software legal to obtain.

I found a very interesting little news article from two years ago: http://www.seattleweekly.com/news/0410/040310_news _blackbox.php

"Harris started surfing the Web. On Jan. 23, 2003, she hit the mother lode. On an unprotected Web site, she found 40,000 files of Diebold Election Systems' source code--the guts of software to run touch-screen voting machines. ... After a little soul searching, Harris downloaded the Diebold software files. It took 44 hours, and they filled seven CDs. By July 2003, after months of informal review and discussion among her friends and allies, Harris decided to allow Scoop, an "unfiltered" news Web site in New Zealand (www.scoop.co.nz/mason), to make the files available to anyone who wanted them. It wasn't a decision she made lightly."

Given her past actions (and without getting into the ethical or moral value of her crusade) I highly doubt that she has the legal right to distribute the software that she's making available today.

Here's one difference:

[Bev+Harris+at+BlackB]

Any of us can go out and buy Photoshop, Office, and HalfLife and get at least an operational overview of what they do and how they work.

None of us can buy the secret voting system software that we are forced to use as the sole means of exercising our voice as owners of our own government. Citizens own the government, not the other way around.

When you own something, you have to have a way to convey your management decisions. As citizens, the way we invoke our management rights is through our vote, and the system that defines, authenticates, records and counts our vote is owned by someone else who says we not only can't look at the source code, we can't even install a working version of the compiled code to see anything at all about how it works.

That's what's different. This situation is more akin to the owner of Halflife being told he is not allowed to see how his own product works.