Slashdot Mirror
Help Black Box Voting Examine ES&S Software
From Bev:
"ES&S 'Unity' central tabulator software.
Software stash: three zip files --
http://www.blackbox1.org/ems.zip
http://www.blackbox1.org/un5.zip
http://www.blackbox1.org/Unity.zip
User Manuals for ES&S software can be found here:
http://www.bbvforum s.org/forums/messages/2197/2864.html
This is the ES&S central tabulator software, the ES&S counterpart to the Diebold
GEMS central tabulator software. No source code, sorry, and no software for the
precinct machines. This is reportedly one generation back, but from what I'm
told has significant similarities to the new stuff. I would appreciate it if
you can provide me with feedback on your impressions after looking at it. You
may want to Slashdot it or whatever.
Best,
Bev Harris
Founder
Black Box Voting
I would argue that examining this software is counter productive, and not a good use of resources.
The fact that it is closed and "secret" is offensive enough on its own to protest for change. If democratic election is not the most obvious case for open source (and open hardware), then nothing is.
Please say someone at Slashdot verified this post with the people at Blackbox voting, and didn't unwittingly just fall for someone's email or post to get the organization in trouble.
Um, before I download this software onto my computer, would Beth like to comment on (a) how she got it, and (b) to what extent it is legal for her to be housing it on her server?
I wonder if the story is legitimate. The domain is "blackbox1.org"... but shouldn't it be "blackboxvoting.org"? Is this story a scam?
I don't see any mention of this on the real blackboxvoting.org site, and blackbox1.org was just registered anonymously a month ago through "Domains by Proxy".
Could this be an attempt to infect thousands of Slashdot users with a trojan? Seems odd to have these binary downloads from an unknown server, with no official attestation... even the user who submitted the story, Gottesser, was created recently and has no real info in the profile.
Is there a reason why my computer is leaning to left now that I'm running the software?
Yes. Yes, we will.
Now stand back and let us get to work. We live for this shit... To some people it's just a job, but not to us, man. It's a passion. When we saved those baby orcas by slashdotting all of S.P.E.C.T.R.E.'s servers it was like.... wow, man. I've never felt so free.
I don't think of myself as a hero. I'm just doin' my job, ma'am.
Electric Monkey Pants
We should take a vote using GEMS to see if the Diebold software is good or not
Seriously though, I'm a little disapointed in the comments so far. First, this is not a political/partisan issue. Second, you don't need the source code to evaluate the operation of this software. Sure, it would be easier if we had it, but are you telling me that nobody here knows how to run a debugger or decompile some simple windows code ??? How many of you are drooling at the chance to take a whack at this stuff ? Go to it !@
For you people whining about no source code, how about you leave the real hacking to the real hackers and go back to your QA jobs
"Whoever would overthrow the liberty of a nation must begin by subduing the freeness of speech."--Benjamin Franklin
The important thing isn't the voting software, it's an effective voting procedure.
There is a known effective voting procedure using paper ballots, ballot boxes, and little old ladies (err... party representatives) to count them. This procedure has one important property: fraud attempts tend to get thwarted because the little old ladies will yell when something fishy happens. ANY VOTING SYSTEM WITHOUT THIS PROPERTY SHOULD NOT EVEN BE CONSIDERED.
It may be possible to design a voting procedure using computers that is similarly effective. Here's the important thing: it needs to retain the property that little old ladies observing the process can immediately tell if something fishy is going on. NO FULLY COMPUTERIZED SYSTEM CAN HAVE THAT PROPERTY.
Someone suggested the following system here on Slashdot:
At the central tallying location, for each race:
If any candidate, observer, or 50 signatures question the validity of the counting machine's results - a manual recount occurs for that precinct. Every time - no "but that would be effort" bullshit.
This system takes all the properties of the hand count system and preserves them while spending money to gain two properties: Ballot generating machines for the blind, and fast counting for people who think that matters. Ballot generating machines are an easy problem, and sorting / counting machines are pretty cheap. We might have to use heavy cardstock for the ballots to survive the sort/count process for every race - that's $50 I'm willing to spend.
-- The act of censorship is always worse than whatever is being censored. Always.
99% of /. is using Linux. Only 1% will be affected.
look! it's a bird, it's a plane, it's....a girl? yes, a girl browsing Slashdot on Linux
Very good point. I hope you get modded up.
The State of California now requires a paper audit trail. I asked a friend of mine who works as a poll worker volunteer about the system used in Orange County, California. She gave me a detailed and intelligent response with specific information on how it works now. I posted these under another article, but it didn't the attention that I thought her remarks merited. I am also interested in any responses to them.
The "OC" uses voting machines with a paper audit trail system developed by Hart-Intercivic.
Here is what my friend had to say:
Personally, I have no confidence in any system without the paper audit trail requirements, and none in Diebold in particular.
I just got on blackboxvoting.org and called the primary phone number, and Bev Harris answered the phone.
/. and there were questions about its authenticity. She said it was legit, they set up a new domain name so they don't hammer their primary server (they've gotten a ton of traffic lately). She said she could not disclose where she obtained the executable code, but that it was real software and she wanted feedback from the slashdot community.
/. community to dig into this stuff.
I spoke to her for about 5 minutes, explained that an article showed up on
This is not a phishing scam, it's really from Bev, and she's trying to solicit help from the
Oh, and yes, I'm posting this same comment in reply to all of the "is this real?" comments... Moderators: please do not mod me down without calling them yourself (go to blackboxvoting.org for phone number).
Kaan
I just got on blackboxvoting.org and called the primary phone number, and Bev Harris answered the phone. This is legitimate. I talked to her for about 5 minutes, explained that an article showed up on /. and there were questions about its authenticity. She said it was legit, they set up a new domain name so they don't hammer their primary server (they've gotten a ton of traffic lately). She said she could not disclose where she obtained the executable code, but that it was real software and she wanted feedback from the slashdot community. This is really from Bev, and she's trying to solicit help from the /. community to dig into this stuff.
Kaan
So you say. How do we know who you are?
;-)
(Nothing personal, just illustrating the chains of trust necessarily involved in any security.)
Thanks for checking. If you really did
-- Alastair
I won't say where they came from. I've checked them out to the extent possible, and they appear to be the real thing. In any situation like this you have to consider that the software might have changed significantly, or that someone could have left a honey pot out there, but I don't think this is a honey pot, not going to publish why on an Internet site. There is a good possibility that current versions have significant changes. Looking over these files should tell us a lot about how the ES&S programmers think, programming styles, etc. I haven't had time to look at the files at all, and I'm not a programmer. This program is designed to run on Windows, according to the user manuals, so I imagine you can just install it and start tinkering, as we did with the Diebold GEMS program. Some of the material refers to "Aero," which is definitely an older version that grew into the Unity program.
No source code was provided (no source code was provided for the Diebold GEMS program, either, remember). The software is only for the election management system/central tally system, and we have so far been unable to get programs for the precinct-based individual voting machines, nor for the ES&S equivalent of the memory card, which they call the "PEB".
Black Box Voting is receiving very credible reports of ES&S meltdowns in several states, though they always seem to have a temporary technician around to promise everyone their vote was not lost. Hard to explain, of course, since 18,000 votes are missing in action right now in Sarasota Florida, with about 300 votes separating the candidates for a U.S. House of Representatives race.
We are getting reports of ES&S anomalies from BOTH political parties.
If anyone has any questions, you can e-mail me at the e-mail address on the blackboxvoting.org Web site.
Best,
Bev Harris
Founder
Black Box Voting
The sad thing is, a call to support legitimate voting watchdog groups followed by a quote of Bev Harris acting like a creationist about her voting conspiracies is down modded to a troll immediately. 2 of the replies so far have been people mad because I left the "ic" out of DU's name as if I was besmirching the political party that site favors. This site is a decent enough news source but when its used as a tool for the kooks I get up in arms. Bev Harris' people are one step away from shadow government kooks and a quick read of their forums will show you that.
Never overestimate the end user. -jeramy b. smith
1) How is this software legal to distribute in the way that it is being done? Can she supply information about why it is legal, even i she won't say where it came from?
/. because there are going to be some tough questions, especially when the initial comments are, "this whole thing looks bogus".
/. now also guilty under the DMCA, and possibly other laws?
I asked Bev the same thing, she didn't want to say very much about it. So I'll add my own commentary: legality aside, if you piss off somebody big enough, they will find a way to shut you down, no matter what. Black Box Voting has had problems with this in the past (as explained in Hacking Democracy, where Bev originally found Diebold's Gems software on a public ftp server, her website was shut down, but not before many others had downloaded the contents).
2) Even if it is legal for us to download it and posses it, how can we usefully examine the software unless hack it it in such a way which will probably break the DMCA (or other laws)
Good question. The answer is, "you probably can't". The DMCA probably applies here, and probably says it's illegal for us to even discuss their proprietary software. I suggested to Bev that she try to participate in the discussion on
If she won't say where she got it from then I'm going to assume that it is illegal. Also if this is illegal then isn't
I can't disagree with you. Bev said she could not disclose anything about where it came from, because it would likely reveal who it came from, and she couldn't do that. I don't know what to tell you. The DMCA probably applies, and that's just something you'll have to decide on your own.
I would further suggest that you consider whether voting software for public elections should be so secret as to be hidden behind a generic law such as the DMCA. That's really the issue here - everything about electronic voting is a secret, and her organization is trying to expose that.
Kaan
I am torn... normally I trust anyone with a lower slashdot ID than myself. But I can't trust both of you.
Great, so instead of /.'ing her website we're going to /. her phone instead. :)
Hopefully putting to rest any questions as to who is who. I posted this discussion at Slashdot as the lead story on blackboxvoting.org Cheers.
BlackBoxVoting is essentially "Bev Harris", and it's an organization concerned about the implications of electronic voting.
s _blackbox.php
... After a little soul searching, Harris downloaded the Diebold software files. It took 44 hours, and they filled seven CDs. By July 2003, after months of informal review and discussion among her friends and allies, Harris decided to allow Scoop, an "unfiltered" news Web site in New Zealand (www.scoop.co.nz/mason), to make the files available to anyone who wanted them. It wasn't a decision she made lightly."
No point in getting into the goods and bads of electronic voting, because all we have here is somebody not associated with ES&S posting a copy of the ES&S software. Another slashdotter has posted at least three times in this discussion that this is all legit because he called and spoke with Bev Harris -- but Bev Harris is *not* from ES&S. Her validation does not make the software legal to obtain.
I found a very interesting little news article from two years ago: http://www.seattleweekly.com/news/0410/040310_new
"Harris started surfing the Web. On Jan. 23, 2003, she hit the mother lode. On an unprotected Web site, she found 40,000 files of Diebold Election Systems' source code--the guts of software to run touch-screen voting machines.
Given her past actions (and without getting into the ethical or moral value of her crusade) I highly doubt that she has the legal right to distribute the software that she's making available today.
The last time I looked, I seem to remember some folks working on decompilers that would produce higher-level languages (mostly C, that I recall), but have no idea if anybody ever got 'em working well.
It's been about five years since I touched one, but they work well enough. They do a fine job of identifying basic blocks, variables, and functions, and produce code that can be fed back into a compiler. The big problem is that it's still largely unreadable because it doesn't have any of the conceptual meaning conveyed by the original code -- i.e. descriptive function/variable names.
The enemies of Democracy are
You are correct... perhaps the only way to tell for sure would be to compile the software on-the-spot after performing diffs to check for authenticity. Plus the OS and compiler would have to be verified as not being tampered with.
People--- Maintaining the integrity of anonymous transactions just isn't compatible with the nature of complex computing systems. Even fully-identified transactions, as in banking, are precarious enough to warrant an industry of anti-malware (which sadly, often cannot create a secure environment).
Add to that the idiosyncracies and exploitability of what is essentially Personal Computing hardware consisting of billions of logic gates and almost infinately maleable storage media... all to record a few bits of information per transaction?
That is asking for trouble.
Even if polling authorities can somehow effectively and independantly verify the source code logic, there is no way to be sure about the hardware logic, as each IC is effectively its own "Black Box" that cannot be peered into.
Finally, a computerized ballot is an invisible ballot. The bits being displayed on the touchscreen are only a proxy for the bits being recorded, and the opportunities for de-linking the display information with the recorded info are myriad. The concept of a voting system where the voter never actually sees the ballot they are casting is bizarre and tragic.
For the above reasons, only physical ballots can ultimately be considered as real. Any such voting system that does not print a physical ballot is a fraud.
It would help significantly if there were a post either on the home page of blackboxvoting.org, or in the bbvforums.org forums under your name. This way there would be some credible record that this information did truly come from Bev Harris.
Ask and ye shall receive... there's an update on their primary website
http://www.blackboxvoting.org/
None of us can buy the secret voting system software that we are forced to use as the sole means of exercising our voice as owners of our own government. Citizens own the government, not the other way around.
When you own something, you have to have a way to convey your management decisions. As citizens, the way we invoke our management rights is through our vote, and the system that defines, authenticates, records and counts our vote is owned by someone else who says we not only can't look at the source code, we can't even install a working version of the compiled code to see anything at all about how it works.
That's what's different. This situation is more akin to the owner of Halflife being told he is not allowed to see how his own product works.
How about the machine counts the paper ballot you filled out and drops it in a bin?
Yeah, and in theory, it could also tell you if it couldn't read the ballot because it was badly formed. Okay, machines can already do that, though in some notable cases in Florida this capability was disabled (but people just assumed it was because those voters were idiots).
I do think an electronic ballot machine has some advantages. I like the part of e-voting where I can easily browse candidates, click buttons that show the full text of any propositions or measures being voted on, easily change a vote if I decide to change my vote, and so on. I like the idea of eliminating penciling errors by having the computer print it. I like the accessibility options e-voting can give.
In my ideal e-voting world, you'd have one machine that prints ballots on card stock in a human-and-machine readable format (with the same markings, not human-readable-text and a barcode). You'd take the ballot it prints out and put it in a different machine that could count the vote. In fact, because the format of the ballot would be a matter of public record, anyone could make a ballot counting machine and after passing some basic certification (that it doesn't mangle ballots for example) could bring it to the election to verify that their machine got the same count as everyone else's machine.
Of course something simple like you describe works. As long as there is the paper record which is considered authoritative, and the machine count only an initial estimate, then that's a voting system I support.
The enemies of Democracy are
You don't need the source code, don't even need a disassembler. I know that it would take me the better part of the next two months to get a grip on the assembly behind a windows app. Having the source code would be a different story.
The first thing you want to do is figure out, broadly, what it's supposed to do. Install the software. Get it running. Look over the buttons and menu options. Look over the manual. Next I'd start examining the likely inputs and outputs. What data gets fed into the software? What does it output? What does it store? How does it store it? It may be worthwhile to find an external way to read the datastore (e.g. opening an access database in access) or that may come later.
Now that you have an idea of how the software works, start examining how it handles inputs of different types. What are the expected inputs? Does it handle those properly? What are some unexpected inputs that are still input-able by the UI? What are some unexpected inputs that would not be possible or likely through the UI, i.e. a deliberately or intentionally corrupted input file or stream. Can you inject arbitrary values into the software where there should be none? Can you get the software to perform unexpected operations by manipulating the input? Attack the UI deliberately, perform operations in unexpected sequences, etc.
During this process I guarantee that you will make the application break somewhere, if you're creative enough. Now you want to take the unexpected behavior that you caused and find some way to exploit it. In this case, one must ask, is there some way to manipulate the vote count through exploitation of the defect in the code? Better yet, is there some way to accomplish this manipulation strictly through the UI that generated the input? Or at least, with minimal rights to the aggregated input data, in this case? Can you make the software change the count through manipulating the UI of the counting application?
Coders fall into routines and often repeat the same mistakes over and over. If you find one type of defect (e.g. SQL injection vulnerability), chances are you will find others like it. If they miss proper RI checking in one place, chances are they do so in others. You start to get a feel for how the program works and how it breaks. If you have written enough code of a similar nature, after a few hours or days of fooling around, you will probably have a very good idea of how the application is organized and even have an inkling of the code that went behind it without ever seeing a line of source or assembly.
It was software made for profit in a closed-source environment, so they did not disclose or fix all the bugs they found during test. That's the way of closed source, proprietary software. They presumably fixed larger crashes and glaring problems but left the smaller stuff alone in the interest of adding features and meeting deadlines. These smaller issues and poor design decisions will make up the weaknesses in the code that can ultimately be exploited for fun and profit.
What a bunch of fuck heads you are. You have to see the documentary Hacking Democracy. It was on the net last week. Bev is the main person, it's about how Deibold stole the elections. It's an amazing true documented thing. See the documentary first, then help if you can. Stop your attacks on someone that really needs help.