Ohio Audit Reveals More Diebold Problems

armb writes with a link to a Wired Blog entry about irregularities found in Diebold databases from the state of Ohio. The election in question here is November 2006, and the corruption of the entries may raise doubts about accurate tabulations. "Vote totals in two separate databases that should have been identical had different totals. Although Diebold explained that this was part of the system design for separate vote tables to get updated at different times during the tabulation process, the team questioned the wisdom of a design that creates non-identical vote totals. Tables in the database contained elements that were missing date and time stamps that would indicate when information was entered. Entries that did have date/time stamps showed a January 1, 1970 date. The database is built from Microsoft's Jet database engine. The engine, according to Microsoft, is vulnerable to corruption when a lot of concurrent activity is happening with the database, such as what occurs on an election night when results are uploaded and various servers are interacting with the database simultaneously."

Jet

[truthsearch]

I programmed with the Jet DB "engine" years ago. I wouldn't even run a web site with it. The only thing I found it useful for was business applications, such as connecting an Excel spreadsheet to Access. But that was years and years ago. Why would anyone write such a large and critical system using Jet today, when even Microsoft tells you not to? The only answer is incompetence.

Re:Jet

[lawpoop]

Why would anyone write such a large and critical system using Jet today, when even Microsoft tells you not to? The only answer is incompetence. There is another answer.

If you wanted to make an insecure system that was easy to hack and manipulate, didn't have basic security features, data integrity, and no audit trail, and thus no record of how data was altered outside of specifications, you might use such a deprecated application.

JET??

[revlayle]

That is an old outdated desktop engine. Databases needs compressing and repairing all the freaking time - want to go multi-user? or over a network? forget it, it's have never performed well in that capacity in ANY version. Microsoft even advises not to use it anymore. They push desktop version of the SQL Server 2005 Engine (and now even have a version that just requires a couple DLLs in the application directory, however I do not know if that is available yet).

Jet Database Engine

[mypalmike]

Jet Database Engine, a.k.a. Microsoft Access.

Re:I don't know anything about databases

[codepunk]

Jet is damn lucky to scale to 10 much less your claimed 1000. I have never seen 1000 concurrent users in a jet database. Not that it matters, I cannot believe anyone would trust it to tabulate election results.

Don't ATMs access databases too?

[mdsolar]

I've had very few banking errors using ATMs and I'm quite sure that I am not the only user on the system when I do use them. Why would this company have any trouble with this kind of operation? Is it because there is no accounting so they don't bother to get it right?
--
Vote with your roof! http://mdsolar.blogspot.com/2007/01/slashdot-users -selling-solar.html

Re:Don't ATMs access databases too?

[Ken+Hall]

A number of years ago, I was responsible for handling software problem reports for a couple of vendors ATM machines. (We were a third-party service company.)

The things that went wrong with ATMs were both funny and scary. I have no reason to believe things have changed. The banks and manufacturers go to great lengths to satisfy customers without letting details of the problems get out, because this would undermine confidence in the devices.

With ATMs, if you're smart, you have a slip of paper to verify a transaction. If there's a dispute with the bank, the bank will usually honor the paper documentation, and the customer has no reason to make an issue of the problem.

With voting, there's no going back and fixing results after the fact. Often there's no piece of paper. And on top of that, the whole process is under fairly intense public and governmental scrutiny.

So I wouldn't say there are less problems with ATMs. You just don't hear about them.

Next up on "Government Contracts!"

[RyanFenton]

In the last episode, the capitol building collapsed - and now, the following letter appeared on the broken stairsteps to the Ohio capitol:

"We're sorry that the capitol building collapsed, but it ends up that we used Licoln Logs to build the dome, and it ends up that it collapses when the wind hits it from multiple directions at once.

We've gotten some complaints that we should have expected this, and were "total morons" for choosing such a design. We think this is a gross oversimplification, and more than a little unfair. We used multiple layers of high-quality chewing gum to secure the dome, which required countless hours of chewing, along with thousands of gallons of spittle. When you complain against such a massive effort, you insult the sore mouths of our hard working employees.

Sincerely,
Halliburton CEO
Bozo D. Clown"

Next episode: FEMA picks up the pieces.

Ryan Fenton

I smell fud

[ericlondaits]

I smell FUD here...

The engine, according to Microsoft, is vulnerable to corruption when a lot of concurrent activity is happening with the database, such as what occurs on an election night when results are uploaded and various servers are interacting with the database simultaneously."

Now, I'd never think about developing this on a Microsoft Jet DB, since it's been somewhat deprecated for the MS Desktop SQL Server (MSDE) and SQL Server 2005 Express, which are much better and lightweight enough for a current desktop.

Nonetheless... what MS probably stated is that basically access to a JET Db is not thread safe, which means that concurrent access will cause corruption with a probability directly proportional to the amount of activity. YET if you serialize access to a Jet Db (which is a necessary and basic requirement given that it's not thread safe) there shouldn't be a fear of corruption, unless the API is buggy. If each voting station has a Jet Db and they all get exported to a central (thread safe) db then there's no need for concurrent access to any of the individual Jet DBs, and there shouldn't be a big fear of data corruption (which, anyway, can be verified somewhat easily).

Re:I smell fud

[EvilTwinSkippy]

That's a bit like saying you can run a traffic light with a Lego Mindstorms on a massive intersection where 8 lanes of traffic intersects another 8 lanes, with both right and left turns allowed.

You just have to boost the 5v output using an op-amp, and secure the lead with a clamp or some electrical tape so it won't wiggle out.

Re:I smell fud

[sholden]

1. The data is corrupted (totals are different)
2. There's a known data corruption issue in the engine caused by concurrent activity

A reasonable conclusion is that the programmers were idiots and wrote an non-thread safe application with multiple threads. Another conclusion would be they intentionally attempted to fix the election. Incompetence before dishonest is the usual way to approach those things...

Re:Problem-free election?

[Dr.+Manhattan]

I await the next problem-free election. You know, the one where no one can even insinuate anything went wrong.

In point of fact, there is a difference between "requiring perfection" and "avoiding obvious incompetence". Just, y'know, for future reference.

Re:I don't know anything about databases

[EvilTwinSkippy]

I agree. With a plethora of free or easily liscensed SQL databases out there, and the fact that ODBC data sources are every bit as easy to connect as Jet, there is NO excuse. The only reason to drop something like Jet into a production system is to make it crippled by design.

2 databases?!?

[Artaxs]

Look, let's say I had hired an accountant. Then, let's say that I found out that he was keeping two separate databases of my finances. Let's also say that they had different totals in them, and he was only showing me one of them.

Not only would I fire his ass, but I'd make sure to press criminal charges of fraud. Why are these creeps from Diebold, Sequoia, ES&S, et. all not in prison yet?

Diebold makes ATMs; don't tell me that they can't get something as simple as a vote database right. Occam's Razor points to outright fraud, not to simple incompetence.

Isn't democracy mission critical?

[MosesJones]

Reading this made me think about my time doing safety critical systems (it fails, someone dies) and its really stunning to think that something like voting in a democracy isn't considered mission critical to the country.

There really is no excuse for voting to not be done on a comparative basis e.g. every vote to be checked via 3 different software lines (this isn't rocket science) and a voting system to then confirm that the vote is being applied correctly. This vote should then be written to two (at least) data sources to enable reconciliation at the end.

This is a freaking implementation of a check-box system where is the sodding complexity that means its expensive to be professional.

Voting in a democracy is mission critical, to not consider it that way is to say that voting doesn't matter.

Re:I don't know anything about databases

[quantum+bit]

Exchange still uses the Jet engine. Its limit is 1,900 concurrent connections.

Not quite. Exchange uses Jet Blue, as do AD and other things embedded in Windows (DHCP server, WINS, etc.). It was strictly for MS-only internal use until Windows 2000, when it was renamed Extensible Storage Engine and the API was made available.

Diebold is using Jet Red. Jet Red is what MS Access uses, as well as the "Microsoft Jet DB Engine" ODBC source that many crappy third-party VB apps use.

Despite sharing the same name (though Jet Blue was renamed, Exchange still refers to it as simply "Jet" in a few places), there's almost nothing in common between the two. Blue/ESE is a lot more fault-tolerant than Red, but concurrent access must be provided by a server application running on top of it -- multiple apps can't open the database file directly at once. That's probably a good thing, since Red/MS Access's cooperative concurrency scheme is what's responsible for most of the corruption issues people have with it.

Jet Blue/ESE is nowhere near the design of say, Oracle or PostgreSQL, or even MSSQL for that matter. It's about on the level of version 3 or 4 of MySQL (using MyISAM, not InnoDB), or perhaps SQLite.

Jet Red/MS Access is just plain garbage and should never be used. Shame on you, Diebold. Shame!

Re:I don't know anything about databases

[aichpvee]

And never attribute to incompetence what is clearly not. Diebold makes TONS of other electronic transaction machines (include, probably, your bank's ATM machines) and they don't have these kinds of problems. Perhaps they do it on purpose to give them a cover of incompetence. Perhaps it really is incompetence on the part of the guy they get to write this stuff since whoever is hiring him doesn't care if he's incompetent because they're going to fool with the results anyway and it will only add cover for them.

But CLEARLY this kind of stuff is not because Diebold isn't capable of doing it properly. It's because they explicitly don't want to do it properly.

If we're going to have electronic voting machines, and I don't think that we should (not even optical scan), they should be developed, owned, and maintained by the government. Period.