Slashdot Mirror
Sequoia Voting Systems Source Code Released
Mokurai sends a heads-up about Sequoia Voting Systems, which seems to have inadvertently released the SQL code for its voting databases. The existence of such code appears to violate Federal voting law: "Sequoia blew it on a public records response. ... They appear... to have just vandalized the data as valid databases by stripping the MS-SQL header data off, assuming that would stop us cold. They were wrong. The Linux 'strings' command was able to peel it apart. Nedit was able to digest 800-MB text files. What was revealed was thousands of lines of MS-SQL source code that appears to control or at least influence the logical flow of the election, in violation of a bunch of clauses in the FEC voting system rulebook banning interpreted code, machine modified code and mandating hash checks of voting system code." The code is all available for study or download, "the first time the innards of a US voting system can be downloaded and discussed publicly with no NDAs or court-ordered secrecy," notes Jim March of the Election Defense Alliance. Dig in and analyze.
Now does stripping the illusion of voting away make us more or less free
I've fallen off your lawn, and I can't get up.
To be honest shouldn't -any- code used to tally votes be released in the public domain for any US citizen?
Taxation is legalized theft, no more, no less.
grep and find who should have won the election?
After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
"Well you may throw your rock and hide your hand
Workin' in the dark against your fellow man
But as sure as God made black and white
What's down in the dark will be brought to the light"
-Johnny Cash
Quote taken from the index of http://studysequoia.wikispaces.com/. Wishful thinking, but how apt.
I warned my previous company about "possible use of strings" for just such purpose. You might as well deprecate that puppy!
I really can't see why we can't have a government-commissioned open-source system developed and mandated for use for public voting functions.
I absolutely hate the thought of my vote being inputted in to a closed magical-mystery box.
WTF?
Appears to control or at least influence the logical flow of the election
What exactly does that mean?
Funny may not give karma, but +5 Informative never made anyone snort coffee out their nose.
What machines & models does Sequoia sell?
... to the point of vandalism is a petty crime for an already evil company, using SQL stored procedures to do the tally in a voting machine certainly reaches the 7th inner circle of hell.
"code that appears to control or at least influence the logical flow of the election"
Which means the uneducated inspecting strings saw things like:
BAL_ID null
-- 1 - show candidate on ballot (default)
-- 0 - remove candidate from the ballot
-- 2 - don't show candidate on the ballot, but reserve space for her on the layout
All of which is perfectly benign when voters are not eligible to vote for certain candidates for any number of reasons.
The more you read at the ultimate site more you realize the people digging thru this garbage know nothing about what they are reading, and not much about programming either.
Just because you know how to run grep or strings does not mean you can use the data it reveals.
Sig Battery depleted. Reverting to safe mode.
crypto primitives relies on a strong link between 2 ends. voting explicitly implies discarding the identity of the voter, hence the whole link thing breaks. If you maintain the link, you know who voted for whom : that's not a good idea at all to preserve democracy. If you discard the link, you have *no way on earth* to actually prove something hasn't been rigged somewhere.
If this code really is in violation of FCC regulations, shouldn't that invalidate all elections that the code was used in?
They may have violated the regulations, but it is still not clear that anything they did would have had any real impact. Best to wait and see what the analysis reveals.
It just seems so back-asswards that the source-code & logic that sifts through millions of lines of data to determine our president is kept secret. What is the secret? There should not be anything to hide, therefore it should all be available, otherwise the machines are completely hypocritical to democratic transparency.
If it is the companies intellectual property that concerns the government, well perhaps there should be a clause in the contract that states contractors must provide ALL source code if they win the bid. It would seem a system like that would bolster confidence in the system, and eliminate all the negative machine-fraud issues, while allowing multitudes of individuals to find any vulnerabilities or fallibilities in system, instead of a select few of individuals.
'We are trying to prove ourselves wrong as quickly as possible, because only in that way can we find progress.' RPF
And it's you!
There are voting protocols that simultaneously allow:
Verification of the voter by the voting authority
Prevention of double (multiple) voting
Anonymity for the voter to the voting authority
Verification of the voters own vote
Begin your research with David Chaum's blind signature.
Time to call on Article 3 if this really is an attempt to influence the vote?
I'll stick to voting with pencil, paper, and hand counted ballots. Of course, we in Canada have the advantage that binding referendums are unconstitutional (It's violation of parliamentary supremacy). Thus all we vote for is our representative. Of course this seems to be happening every 18 months, but with four political parties, this tends to happen. :)
Oh, and for those who are wondering, each ballot is hand counted, in triplicate, with scrutineers from each of the candidates on said ballot in attendance. It takes about 4 or 5 hours to count 10 000 000 ballots, and recounts rarely change the results by more than 1 or 2 votes per district.
...si hoc legere nimium eruditionis habes...
This sort of stuff would go down well there...
(evidence of possible vote tampering and all that jazz)
Laters Sol "Have you found the secrets of the universe? Asked Zebade "I'm sure I left them here somewhere"
* t violates the federal rulebook on voting systems on several levels: the rules require that code be hash-checked to prove authenticity in the field for obvious reasons. If the real working code is buried in with the data, no such hash-checks are possible.
Except that so far, I'm seeing table construction and table layouts. I guess that's technically code - as any SQL technically is - but a good case can be made to say that it's just the database structure. Which can, of course, be subjected to a hash check.
The federal rulebook is also clear that code can't be interpreted, apparently to avoid modification "in the field" (generally county or city election offices).
Well shit, in that case, they can't use SQL at all. Since a database is a fairly reasonable way to track the candidate data, display strings, etc... I'm pretty sure that this wasn't the intent of the law. (No, IANAL, just applying common sense).
I do think it's great and long overdue that this information is now available. But I also think they'll want to finish the analysis and get some people who understand what they're looking at, before they start making claims. There may be validity to them - but so far it's tenuous if there at all. (Full disclosure: I'd love to electronic voting either a) shut down or preferably b) administered in a 100% transparent fashion... so I'm not making this post in anybody's defense)
"if the source code for voting machines is made public"
/TinFoilHat
Iranians may have definative proof.
'We are trying to prove ourselves wrong as quickly as possible, because only in that way can we find progress.' RPF
All code is interpreted by something. That something might be hardware, microcode, firmware, a middle layer, or even a whole VM, but all code is interpreted.
Saying code is or is not interpreted is simply where you draw the line. Even "native" code on most processors these is really interpreted by the microcode or something similar.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
here in connecticut we simply check off our choice(s) on a paper ballot and insert them for machine scans which tally the votes electronically for rapid post election reporting. since the voter actually voted on paper, and since the paper record remains in the machine magazine until opened under multi-party supervision, it's at least as safe as regular ballots while satisfying legal requirements under the voting act. i miss the hulking and heavy curtain lever machines i grew with (and now own for posterity) but this seems like a good and workable compromise from secretary of state susan bysiewicz.
btw that site is serving the 150 meg zip files rapidly in spite of the /. effect. i got mine in just a few minutes. kudos for the serious hosting.
- js.
> Like what ?... Let me guess : no need to show someone that's not supposed to win, for instance ?
There are closed primaries where one cannot vote in the primary of the other party. E.G. Registered Democrats can't vote in closed Republican primaries and vice versa. Generally, registered independents can vote in one primary or the other, but not both, but state laws vary.
The file they have is simply a SQL Server backup.
It takes a few minutes to restore using SQL 2005 Express + SSMSE
Nothing has been destroyed or sabotaged.
but...
When the database is restored you get the tables with the data in. :)
All the stored procedures have been deleted. Or so Seqoia thought
As the use of strings on the backup file demonstrates, the text of the sp's are still there.
There are various database tools (Lumigent was one from memory) that allow looking back through the database log and, I expect, returning the database to a previous state.
Just when companies had got the hang of cleaning up after track changes they move on to SQL database backups :)
I've had a really bad feeling in my gut ever since that raid in that South American country turned up a computer with genuine, fake validated vote information for an election that had never taken place. We really need a transparent, verifiable means of keeping the system honest. Treating a voting machine like a black box, to the public, is a huge disservice. It also makes it harder to catch signs of tampering when nobody knows how the damn things work.
http://studysequoia.wikispaces.com/downloadlocations
Maybe it's a cultural thing, but I've never seen the necessity to complicate things any further than paper, pencil, double physical count. Cheap, no machines involved, fast. On a national election down here (about 15 million voters), voting booths close at 6pm and results are known nation wide right on time to open the 8pm evening news.
Except that Americans like to vote on everything.
Not just politicians, but sherifs, judges, district attorneys (i.e., head government prosecutors), etc. Add this to the fact that most elections (municipal, county, state, federal) tend to happen on one day, so that when you walk into the booth, you don't just have a piece of paper, but a small booklet to go through. Then add propositions (i.e., referendums) that many states have if enough people sign a petition. If you want to be an educated voter on all the possible choices you have to do some serious studying.
And then you have to count all of these 20+ separate run offs for the various levels of government.
Seems like the files don't really amount to much. They are SQL Server 2005 backups where the would-be interesting data (any code in the form of stored procedures and triggers) were removed.
http://studysequoia.wikispaces.com/message/view/home/15697868
http://studysequoia.wikispaces.com/message/view/Discussion+Related+To+The+Original+Data+File+And+What+Sequoia+Did+To+It./15697404
I know everyone here likes to armchair quarterback, but designing a proper voting system is Really Hard (tm). I attended a workshop put on by Ron Rivest about a year ago (details here), and had dinner with him afterward. I wish I had been taking notes because I don't remember all the details, but at least one salient point stuck with me.
One the one hand, you want a system that prevents voting coercion: "Vote for who I tell you or I'll break your legs." That's a strong reason why we give people privacy when they vote (the secret ballot). On the other hand, you want a system that prevents fraud by allowing a voter to make sure her vote was counted in the final tally. But here's the catch: you can't give the voter a receipt, or in fact anything that can be used (even theoretically) to recover a list of the candidates they voted for, because coercion now becomes "Give me the receipt/token/URL/whatever or I'll break your legs." Reconciling these two requirements is a Really Hard Problem, and there are smart people (like Dr. Rivest) who are working on it. In fact, he presented a few really innovative but embryonic solutions at the workshop, including a kind of hashing scheme that can even defeat on-site source code tampering.
Until these problems are solved, we won't be able to trust ANY voting system code, regardless whether it's open source or not. So while it's important that the Sequoia source code was released, please try to have some perspective.
This post expresses my opinion, not that of my employer. And yes, IAAL.
Hi Guys, it's a SQL Server 2008 backup. Nothing stripped out about it. It restores fine, i have it in my local instance of SS2008.
MOD ++
The stop voting and start governing.
How to restore the .bak file using Microsoft SQL Server Express 2008:
Step 1. Go download SQL Server Express 2008 (This is trivial, left up to the reader. You might have to go to a microsoft webpage) and install.
Step 2. Go download SQL Tools for SQL Server (Trivial) and install.
Step 3. Go download the .bak.zip file from the above wiki. Save it to 'C:\foofoo\'. Unzip the .bak file within it to 'C:\foofoo\'. You should now have: 'C:\foofoo\RIV_20081104_Canvass_Final_dbset_E.bak'
Step 4. Start up SQL Server Express
Step 5. Open SQL Management Studio and connect to your local SQLEXPRESS instance.
Step 6. Click on the top most node in (Should be your machine's name\SQLEXPRESS). Click "New Query".
Step 7. Run the following query:
RESTORE DATABASE RIV_20081104_E FROM disk='C:\foofoo\RIV_20081104_Canvass_Final_dbset_E.bak'
WITH MOVE 'RIV_20081104_Esys' TO 'C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\RIV_20081104_Esys.mdf',
MOVE 'RIV_20081104_Edat' TO 'C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\RIV_20081104_Edat.mdf',
MOVE 'RIV_20081104_Elog' TO 'C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\RIV_20081104_Elog.ldf',
REPLACE
go
Step 8. Wait.
Step 9. This should create a database called RIV_20081104_E.
Have fun.
How's this different to any hand-counted vote where I'm sure handfuls of votes that the counter didn't agree with "go missing" regularly, except in that we actually have documented evidence of what's done?
Humboldt County, California has an innovative program to put on the Internet scanned images of all the optical-scan ballots cast in the county. In the online archive, citizens found 197 ballots that were not included in the official results of the November election. Investigation revealed that the ballots disappeared from the official count due to a programming error in central tabulation software
http://www.freedom-to-tinker.com/blog/felten/election-transparency-project-finds-ballot-counting-bug
engineers are all basically high-functioning autistics who have no idea how normal people do stuff
Oddly enough the governor who decided to scrap touchscreen, Charlie Crist, was a republican,
who apparently wasnt fond of his Republican predecessor Jeb Bush.
Now Florida votes using optical scan ballots which we should have done in the first place.
I am by no means a programmer. I know just enough PERL to write a few scripts here and there. I don't understand why building a program that stores result of whether someone pressed option 1 or option 2 is so difficult. Couldn't this be done with less than 100 lines of code? It doesn't make sense to me.
CARTRIDGE_IMAGE is interesting. FILE_IMAGE? Are these microsoft .cab files?
EVENT_LOG is an application log. Enough info to retrace steps and regenerate the TALLY tables? If so, this is a first step validation (internal consistency).
What the heck does TALLY_OVER_VOTE represent?
TALLY_STATUS eludes to Cartridges again. Getting curious about CARTRIDGE_IMAGE.
I did not download the huge files... But from the website, it seems to be a SQL Server database (backup?)
I don't know how "strip the MS-SQL header data off", and I think any manual operation will corrupt a database. Personally, I would think they are dropped tables (as they said chunk 40 repeated something from 1-39). Then I can't see any evidence of wrong doing. It is likely that they directory copy the database from development, or had set it up several times.
Disclaimer: I don't live in USA.
If this code really is in violation of FCC regulations, shouldn't that invalidate all elections that the code was used in?
Courts are extremely reluctant to order new elections. Elections are very costly and time-consuming and forcing the elected candidate to stand for election again may bias voters against the candidate. Generally, a court is only going to order such a remedy if you (a) have proof of outright fraud that (b) resulted in a change to the results of the election. The mere possibility of affecting the election is not going to be good enough.
In light of that, minor violations of regulations by creating code that actually works but doesn't follow the regs is not going to overturn an election. As a remedy, that's like hitting a fly with a sledgehammer. It may, however, result in the company getting fined, certain employees getting jail time (if the statute provides), and/or in the machines being decertified for future elections.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
cook county need somewhere to hide the dead people voting code.
I've been able to strip out some of the Triggers, Stored Procedures, and Functions. Not sure why these didn't get restored.
There's a bunch of them in the .bak file. Long night incoming. X_x
See:
http://studysequoia.wikispaces.com/message/view/The+Main+Study+And+Reporting+Page/15702844
/* Description: Store text image of cartridge data. Among the different
files that are stored are Tally Summary, Turnout Summary, and
Operator Log Report. The files can be used to re-canvass cartridge
data without re-reading the cartridge, and to generate text based
reports of individual cartridge images.
*/
Oh, snap?
They were probably removed with DROP statement which will generally leave them in the database file until the space is reclaimed for storing something useful. This is probably why there's useless junk in the parses they took.
Ah, that makes sense. They dropped them but the database itself didn't reclaim those sections. That completely explains some of the corruption I'm seeing.
Tricksy hobbitses.
not immune certainly, but verifiable. we audit regularly, and randomly.
- js.
That's right, Focus on the Software. Forget the doping process.
could someone please tell me how I will vote in the next election? I'm getting excited to know if I'll vote my conscience this time or if I will cross over to the other side.
"A government is a body of people usually -- notably -- ungoverned." -Shepherd Book
And this looks like it's for the database in an election server. This doesn't look like code for a voting machine which a voter touches. This server reads the cartridges from the precincts, tallies the votes, and emits reports.
The closest thing I've found to interpreted code are some "exec (@sql)" invocations, util_GetNum which returns a value from arbitrary SQL, and some complex SQL which seems to generate the layout of the ballots.
Most of the stuff is database initialization. But why are database initialization commands stored in a database? Does MS SQL store the text of the commands which are used to create an entity, or might this stuff be a transaction log dating to the creation of the database? I don't think they create a database in a votes cartridge, as they use BCP to copy a text file from a cartridge.
I was into the subject BEFORE most Americans even knew there were computers being used (long story, but my state official just gave me blank looks when I raised concerns after the vendors showed the demo units.)
We don't have a security system that exists which allows for anonymous secure computer voting. NOBODY should be able to find out how YOU voted (including your ISP, browser, OS, government... totally anonymous.)
THE PROBLEM IS SECURITY NOT TECHNOLOGY.
I don't mean computer security. I mean public security in their vote, in the process, and the people in charge of running the process.
Its NOT a problem of counting, its a problem of TRUST.
Multiple attack vectors exist outside of technology which threaten the system-- it is not wise to add more points of attack without removing any (or arguably just a few) of the existing ones. Technology removes transparency to an elite group of experts; of which, only a subset is even allowed to look over the stuff (obviously an expert might tamper with it or steal IP so we can't let just anybody inspect it...) You add more problems than you solve even with a fantasy open source technology without bugs.
For a while, I still thought hashing/signing paper ballot sheets was a good idea but in reality, it means fake cards or bad computers or flawed OCR can take away legit votes. "Solves" ballot stuffing by adding more red-tape ripe for abuse! The best solution is simple CHEAP ballots that are accounted for at all steps. We know general population numbers by census already; low or high all the ballots are accounted for. Its not fool proof but it indicates large abuse and helps track it. Canada has an overall good setup for a primitive non-runoff system from what I've read.
Exit polls work so well that they get it right almost all the time unless it is really close. When exit polls fail you know something happened. Its more important to "look good" than to get it right (well that was the excuse in some places to kill exit polls.) Elections could be called by exit polls and the paper hand count would validate it. Re-votes should be much much easier to do; saves a ton of trouble when things look bad.
Stupid people shouldn't vote; but who decides? We could ban everybody who voted for Bush 04, which would work really well... but someday the winds could still change and you end up filtered out. (Yes, I gave away my bias against recent idiocy; it couldn't have been easier.) What happens when you are the enemy and get somehow market as too stupid? You have to let them all vote. There is a concept known as "the wisdom of the crowd" on which democracy depends upon and would work better if it were not for all the tampering that goes on with the crowd (and situations where mob behavior infects the crowd's sanity - a social virus.)
Election fraud is a treasonous crime and all the related half steps should reflect the severity of this. May not deter many; however, it should prevent them from doing it again if not encourage them to rat out their boss in a plea bargain.
Receipts only make people feel good. No way people are bringing back all those receipts for a recount... which is the only way to have a receipt mean anything. I can give you a receipt for anything you wish....pay me now, I'll send it later...
Eligible voters. big problem:
-Criminals can't vote, this is ridiculous. its abused like a poll tax (which we still have in some places - don't believe the legal word games!) You hate all criminals? Then you better vote!
-There is a ton done to stop fake votes that complicates that process. Registration is supposed to help but it causes more trouble than it does good. If everybody was required to vote BY LAW or get fined it does make the problem of multiple voting easier to deal with (the extra voters tend to cancel out and many only "show up".) Lazy non-voters help pay for the system. At least they contribute to the society somehow...
-Citizenship
-Migration between districts - this could be solved with intrusive la
Democracy Now! - uncensored, anti-establishment news
The rules say, "no dynamic code". I'm not a MS-SQL guy, but this article makes it pretty clear that one has to use the MS SQL "EXEC" statement to dynamically evaluate a stored procedure. In my brief look at the databases, I did find some EXEC statements, but not many.
Just finding an EXEC statement is probably not enough to establish a "smoking gun". If the only variable parts of the stored procedure are parameter value placeholders, then the EXEC may just be serving as a way to encapsulate parameters, which sounds like an attempt to prevent an injection attack. I guess you'd have to inspect the source code that defined the actual values passed into the procedure to be sure.
"We receive as friendly that which agrees with, we resist with dislike that which opposes us" - Faraday
There are many good reasons for open source voting system but this story by the Daily Kos is a beat up, and is based solely on the lack of technical ability by the person making the claims. I've actually downloaded the database, restored it successfully in SQL Server 2008 and examined it and there really is no basis to this story. That doesn't mean I support Sequoia, that doesn't mean I support closed voting systems, just merely in this particular instance the story is not based on fact. Here's how to restore it and what you'll find: http://www.itwire.com/content/view/28715/1141/
Databases don't need to have a single word of SQL code embedded in the database, if you're talking a real database. [As opposed to MS SQLServer, which I don't know anything about because it isn't considered a heavy-duty DB. If it needs embedded code it wasn't a suitable choice, was it?] Any serious database can host procedural code at any level of difficulty, but need not do so.
We wrote a system with 800 tables with no procedural code embedded into the DB at all, even though it makes a number of issues easier to deal with, just because we had better controls on the code base outside the DB.
If Sequoia embedded procedural code into their DB for any reason whatsoever, they violated professional standards and FEC rules. Their machines should be rounded up and treated like illegal slot machines after a raid - pounded into random junk with sledgehammers while the video cameras run. I hesitate to spell out the next step, involving the managers who mandated or allowed such coding style.
The company should be dissolved, along with all the others, and we should go back to using paper and #2 pencils, which are much harder to shimmy with.
You can't just cut it off before the word "except" and disregard a whole section just to make your point seem as clear cut as you'd like. There is also text afterword that give a justification. I don't really care for the exception - it just adds confusion. However I don't think any of our law makers are capable of writing anything without throwing in exceptions. Anyway, you were being deliberately misleading when you cut off the prohibition just short of the exception.
When they start to talk about the cost of all that hand counting some day.... Please ask them to estimate the cost to count your individual vote and compare this to the amount of money you personally pay in taxes. The argument that hand counting is expensive doesn't hold up.
Is it good programming practice to have the database server execute a BCP shell command to read data into the database?
to look for voters who picked their dummy vote (and thus can't confirm their real vote), and switches their real vote to favour a particular candidate of their choosing. Now we have a specific candidate getting all the votes from those who want to confirm to their bosses (or whoever) that they voted for Candidate X (or Proposition X) actually appearing to vote for that candidate according to the system. The system has to track which you picked doesn't it? It has to know which to display when you enter your hash code.
I like the system we have up here in Canada: vote on a paper slip, stick it in a box. It gets counted and the results are reported in. Its all invigilated by members from various parties to ensure its accuracy - and most important of all, attempting to game the system is extremely difficult because it requires a lot of willing participants scattered over multiple polling stations etc. And of course, you have paper ballots that are physical evidence and much harder to fake. Its not impossible to cheat of course, but it takes more effort. Relying on software to tally votes just means the cheater can focus solely on vulnerabilities in the software - and we are all well aware of just how vulnerable software can be here on /., whether its unintentionally or intentionally on the part of the vendor.
Might it be possible to assign each voter a randomized hash on a strip of sticky tape that gets stuck to each ballot before the user votes? Its not necessary to relate the assigned code to the name in any way, just to give the ability to confirm that the hash code is valid and was assigned to this election. Then when you go to scan the results you can feed the hash codes through a very simple scanner to confirm that the vote is a legal one? Of course, then we are back to software again. Forget it :P
"The first time I got drunk, I got married. The second time I bought a chimpanzee, after that I stayed sober" Arian Seid
All the eVoting misses the point in a big way. It really doesn't matter one little bit if the election system carries out a perfectly fair and perfectly secure election if the typical voter can't look at the process and understand personally that it IS secure and fair and WHY. People understand marks on paper and counting. They understand double checking and they understand both neutral observers and having observers from all parties invited. They understand locked boxes full of paper ballots with marks on them. They understand pull a lever and a punch makes a hole in cardstock, especially if they can watch it happen.
They do not understand SQL, secure hashes, code audits, or signed firmware. From what we've seen, it's not entirely clear how well Diebold (now Sequoia) understand those things! They don't even have all of the source code to the OS, so how can they certify anything? Try to explain it all and they can hardly be blamed if they think you're just blinding them with science. That's especially true when the vendors jealously guard the whole thing as top secret, even from election officials.
All that secrecy may well not mean they intend to rig the elections, but it surely does suggest that they wish to hide their non-compliance and shoddy work, which is bad enough. It also leads even the voters who CAN understand the eVoting system to question it's security and fairness. Democracy requires checks and balances, not just against nefarious intent, but also from simple error.
that this story in my RSS feed is followed by a Newsmax AdSense blurb asking: "Like Palin? Vote Here Now!".
On a much more sober note, do websites have no say into what is allowed to show in AdSense? Especially if it makes them appear as nothing more than money-grubbing hypocrites? Yes, yes, 'Adblock', etc. - that's missing the point - how about those on work computers with no permission to block such dreck?
I'm assuming the same folks who would provide a jury-rigged voting database would also provide the jury-rigged program to 'verify' the hash sums, right? Or just a shiny, happy button on a form for a clueless county poll worker to click and be rewarded with MsgBox("Everything's Okey-Dokey!").
Reminds me of the best way to make a theory in linguistics bullet proof: making it Turing complete. That creates obstacles in proving with pencil and paper that it can't work. Your proposal is deficient in vitamin T.
First, the swayzun can take the form of this: if it comes up A we pay you $200, if it comes up !A, you pay us $100. It's going to cost you $100 for sure if neither of your balls is tattooed with the letter A. I'm sure no one accosted at a casino would possibly take up this wager.
Second, the swayzun can take a more insidious form: better not vote for them darkies. As long as there are at least two melatonin deficient candidates on the ballet, you can cover your ass without ruffling the swayder's white bed sheet.