Slashdot Mirror

← Back to Stories (view on slashdot.org)

Help Black Box Voting Examine ES&S Software

Posted by kdawson on from the ooh-fresh-code dept.

Gottesser writes, "Bev Harris of Black Box Voting has asked for the help of the Slashdot community. She would like people to take a look at ES&S's central tabulator software and start reporting on their impressions of it. This is a past release of the software but it is similar to the applications in production. Sorry, no source code." Read on for Bev's request and pointers to the code repositories. Update 23:38 GMT by SM Bev has confirmed that blackbox1.org is indeed owned by BlackBoxVoting making both a comment in the discussion and a post on the front page of blackboxvoting.org to help assuage reader fear/doubt.


From Bev:

"ES&S 'Unity' central tabulator software.

Software stash: three zip files --
http://www.blackbox1.org/ems.zip
http://www.blackbox1.org/un5.zip
http://www.blackbox1.org/Unity.zip

User Manuals for ES&S software can be found here:
http://www.bbvforum s.org/forums/messages/2197/2864.html

This is the ES&S central tabulator software, the ES&S counterpart to the Diebold GEMS central tabulator software. No source code, sorry, and no software for the precinct machines. This is reportedly one generation back, but from what I'm told has significant similarities to the new stuff. I would appreciate it if you can provide me with feedback on your impressions after looking at it. You may want to Slashdot it or whatever.

Best,

Bev Harris
Founder
Black Box Voting

13 of 197 comments (clear)

  1. Don't bother by jrivar59 · · Score: 4, Insightful

    I would argue that examining this software is counter productive, and not a good use of resources.

    The fact that it is closed and "secret" is offensive enough on its own to protest for change. If democratic election is not the most obvious case for open source (and open hardware), then nothing is.

    1. Re:Don't bother by daveschroeder · · Score: 5, Insightful

      Why aren't we simply fighting for a permanent voter-verified paper trail, instead of always saddling every e-voting initiative with demands that EVERYTHING, hardware and software, be open source?

      Don't get me wrong: I'm not saying it's not a good idea.

      What I'm saying is this: since, even if recounts must be requested every time, a permanent voter-verified paper trail (and a true comprehensive system with regular audits and comparisons between paper vote counts and tabulations) solves almost everything, why are we instead trying to essentially unseat established, commercial enterprise e-voting vendors?

      Wouldn't a more productive approach be to simply get a paper trail into place, since even an open source system is almost as worthless without one?

      Keep in mind, too, that an open source system still needs to go through complex certification processes and code freezing just like the commercial products do. Even though the commercial products aren't "open source", the certification process allows for the necessary level of inspections by election agencies and external entities. The problem was the certification procedures being routinely ignored or bypassed for convenience, something that can just as easily happen with an "open source" solution.

      The problem is that doing an electronic, anonymous, secret ballot that also exists in a system that attempts to enforce one-vote-per-person, combined with all the complexities and vagaries of local municipal and county systems is a lot harder than doing a vertically integrated system for one corporate customer (such as a bank).

      Keep in mind, too, that much of the legislation (such as the Help America Vote Act) that essentially mandated e-voting in the hopes of ensuring uniform access to modern voting equipment was done in response to complaints about unfairness and inconsistency with manual systems in the 2000 elections, and not just in Florida. The one critical error was not explicitly recognizing that an electronic secret ballot is a hard thing to do, even without corruption, fraud, and incompetence, and a paper trail wasn't specifically mandated. And no, that wasn't by design. It was an error of omission.

      Now, states, counties and municipalities have had to shell out hundreds of thousands, and sometimes millions, more dollars to add and retrofit certified paper trail functionality to existing systems (which, indeed, many are doing). But all e-voting vendors offer it. It just costs a lot of money.

      So instead of trying to push out enterprise vendors with multi-million dollar contracts (which is essentially what demanding "all open source" would do, since no commercial vendor is going to open up ALL of their software and hardware code and designs), why not just work to get a permanent voter-verified paper trail in place in as many places as possible as soon as possible, perhaps even mandating it via legislation, since that will be required no matter what system is implemented?

      What's more important: the egos of the people who have a vendetta against Diebold, Sequoia, and ES&S, or actually getting a mechanism into place as quickly as possible that guarantees votes will be accurately cast and counted (and at a minimum immediately shows if there is a problem? (And yes, I DO expect the burden of actually looking at the piece of paper to verify that it's correct to fall on the person who is voting.)

    2. Re:Don't bother by Chris+Burke · · Score: 4, Insightful

      From my first post, emphasis added: The problem with the current crop of voting machines is that they do not produce a paper ballot that is the actual counted ballot.

      I'm not talking about a paper summary, I'm talking about a paper ballot.

      That's the point. You can do whatever the hell you want inside the machine, perform whatever trickery you want, but if it prints a ballot with the choices I made on it, then that is all that matters and your trickery was for naught.

      Anticipating the next question of "why electronic voting at all then?", the answer is the same reason we moved to it in the first place: preventing poorly formatted ballots from causing invalid votes, and for accessibility reasons.

      --

      The enemies of Democracy are
  2. Re:I won't ask... by Anonymous Coward · · Score: 4, Interesting

    I wonder if the story is legitimate. The domain is "blackbox1.org"... but shouldn't it be "blackboxvoting.org"? Is this story a scam?

    I don't see any mention of this on the real blackboxvoting.org site, and blackbox1.org was just registered anonymously a month ago through "Domains by Proxy".

    Could this be an attempt to infect thousands of Slashdot users with a trojan? Seems odd to have these binary downloads from an unknown server, with no official attestation... even the user who submitted the story, Gottesser, was created recently and has no real info in the profile.

  3. So much for the center... by __aaclcg7560 · · Score: 5, Funny

    Is there a reason why my computer is leaning to left now that I'm running the software?

  4. slashdotting by Paladin144 · · Score: 5, Funny
    You may want to Slashdot it or whatever.

    Yes. Yes, we will.

    Now stand back and let us get to work. We live for this shit... To some people it's just a job, but not to us, man. It's a passion. When we saved those baby orcas by slashdotting all of S.P.E.C.T.R.E.'s servers it was like.... wow, man. I've never felt so free.

    I don't think of myself as a hero. I'm just doin' my job, ma'am.

    --
    Electric Monkey Pants
  5. Legit? Yes by kaan · · Score: 4, Informative

    I just got on blackboxvoting.org and called the primary phone number, and Bev Harris answered the phone.

    I spoke to her for about 5 minutes, explained that an article showed up on /. and there were questions about its authenticity. She said it was legit, they set up a new domain name so they don't hammer their primary server (they've gotten a ton of traffic lately). She said she could not disclose where she obtained the executable code, but that it was real software and she wanted feedback from the slashdot community.

    This is not a phishing scam, it's really from Bev, and she's trying to solicit help from the /. community to dig into this stuff.

    Oh, and yes, I'm posting this same comment in reply to all of the "is this real?" comments... Moderators: please do not mod me down without calling them yourself (go to blackboxvoting.org for phone number).

    Kaan

  6. story is legitimate, I just talked to Bev by phone by kaan · · Score: 4, Informative

    I just got on blackboxvoting.org and called the primary phone number, and Bev Harris answered the phone. This is legitimate. I talked to her for about 5 minutes, explained that an article showed up on /. and there were questions about its authenticity. She said it was legit, they set up a new domain name so they don't hammer their primary server (they've gotten a ton of traffic lately). She said she could not disclose where she obtained the executable code, but that it was real software and she wanted feedback from the slashdot community. This is really from Bev, and she's trying to solicit help from the /. community to dig into this stuff.

    Kaan

  7. Hi, I'm Bev Harris. There's nothing fishy here. by Bev+Harris+at+BlackB · · Score: 5, Informative
    Our domain, blackboxvoting.org (and the forums, on bbvforums.org, and the document archives, on bbvdocs.org) are on one server. These ES&S program files are on another server entirely because they are quite large and would slow down our blackboxvoting.org site.

    I won't say where they came from. I've checked them out to the extent possible, and they appear to be the real thing. In any situation like this you have to consider that the software might have changed significantly, or that someone could have left a honey pot out there, but I don't think this is a honey pot, not going to publish why on an Internet site. There is a good possibility that current versions have significant changes. Looking over these files should tell us a lot about how the ES&S programmers think, programming styles, etc. I haven't had time to look at the files at all, and I'm not a programmer. This program is designed to run on Windows, according to the user manuals, so I imagine you can just install it and start tinkering, as we did with the Diebold GEMS program. Some of the material refers to "Aero," which is definitely an older version that grew into the Unity program.

    No source code was provided (no source code was provided for the Diebold GEMS program, either, remember). The software is only for the election management system/central tally system, and we have so far been unable to get programs for the precinct-based individual voting machines, nor for the ES&S equivalent of the memory card, which they call the "PEB".

    Black Box Voting is receiving very credible reports of ES&S meltdowns in several states, though they always seem to have a temporary technician around to promise everyone their vote was not lost. Hard to explain, of course, since 18,000 votes are missing in action right now in Sarasota Florida, with about 300 votes separating the candidates for a U.S. House of Representatives race.

    We are getting reports of ES&S anomalies from BOTH political parties.

    If anyone has any questions, you can e-mail me at the e-mail address on the blackboxvoting.org Web site.

    Best,

    Bev Harris
    Founder
    Black Box Voting

    1. Re:Hi, I'm Bev Harris. There's nothing fishy here. by Anonymous Coward · · Score: 5, Insightful

      Hopefully you are Bev Harris, but you see that there's no way for us to know. I could create a Slashdot account claiming to be Elvis, and nobody could verify whether the King had truly returned.

      It would help significantly if there were a post either on the home page of blackboxvoting.org, or in the bbvforums.org forums under your name. This way there would be some credible record that this information did truly come from Bev Harris.

  8. Re:story is legitimate, I just talked to Bev by ph by DShard · · Score: 4, Funny

    I am torn... normally I trust anyone with a lower slashdot ID than myself. But I can't trust both of you.

  9. Re:story is legitimate, I just talked to Bev by ph by rob1980 · · Score: 5, Funny

    Great, so instead of /.'ing her website we're going to /. her phone instead. :)

  10. FYI: This is now reported on Black Box Voting by Bev+Harris+at+BlackB · · Score: 5, Informative

    Hopefully putting to rest any questions as to who is who. I posted this discussion at Slashdot as the lead story on blackboxvoting.org Cheers.