Slashdot Mirror
Sequoia Voting Systems Source Code Released
Mokurai sends a heads-up about Sequoia Voting Systems, which seems to have inadvertently released the SQL code for its voting databases. The existence of such code appears to violate Federal voting law: "Sequoia blew it on a public records response. ... They appear... to have just vandalized the data as valid databases by stripping the MS-SQL header data off, assuming that would stop us cold. They were wrong. The Linux 'strings' command was able to peel it apart. Nedit was able to digest 800-MB text files. What was revealed was thousands of lines of MS-SQL source code that appears to control or at least influence the logical flow of the election, in violation of a bunch of clauses in the FEC voting system rulebook banning interpreted code, machine modified code and mandating hash checks of voting system code." The code is all available for study or download, "the first time the innards of a US voting system can be downloaded and discussed publicly with no NDAs or court-ordered secrecy," notes Jim March of the Election Defense Alliance. Dig in and analyze.
To be honest shouldn't -any- code used to tally votes be released in the public domain for any US citizen?
Taxation is legalized theft, no more, no less.
I really can't see why we can't have a government-commissioned open-source system developed and mandated for use for public voting functions.
I absolutely hate the thought of my vote being inputted in to a closed magical-mystery box.
To make light of this does not do justice. This is potentially huge news.
A Good Troll is better than a Bad Human.
Anyone with half a brain realized converting from dumb paper ballots to "smart" electronic machines that could manipulate the votes was a Bad Idea (tm). Unfortunately that disqualifies most of our state politicians.
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
votes[candidate]++;
http://michaelsmith.id.au
As my Software Engineering instructor said...
Someone was thinking that voting was primarily a counting problem and had the idea that computers were excellent at counting, so computers would be excellent at registering votes.
Of course, voting is minimally about counting, and from what we've seen even these clowns couldn't do that right.
How about this?
You select your candidate / party / referendum option on screen.
The computer prints out a ballot paper and records your vote.
You put the ballot paper in the ballot box.
The returning officer selects a sample of ballot boxes at random and checks them to the computer.
They may have violated the regulations, but it is still not clear that anything they did would have had any real impact. Best to wait and see what the analysis reveals.
Maybe it's a cultural thing, but I've never seen the necessity to complicate things any further than paper, pencil, double physical count. Cheap, no machines involved, fast. On a national election down here (about 15 million voters), voting booths close at 6pm and results are known nation wide right on time to open the 8pm evening news.
You could have kept reading, you know.
The FEC standards say "prohibited". They do not say "Any self-modifying, dynamically loaded or interpreted code is only okay if someone who is a really good programmer says it is" or "Interpreted code is okey dokey as long as it isn't called all that often". If the database itself contains application code which modifies the database, then that's a problem. It doesn't matter what kind of code it is or how benign you think it is, it should not be there at all.
If you would like to share your educated opinion where it matters, feel free to comment in the wiki. That's what it's there for.
* t violates the federal rulebook on voting systems on several levels: the rules require that code be hash-checked to prove authenticity in the field for obvious reasons. If the real working code is buried in with the data, no such hash-checks are possible.
Except that so far, I'm seeing table construction and table layouts. I guess that's technically code - as any SQL technically is - but a good case can be made to say that it's just the database structure. Which can, of course, be subjected to a hash check.
The federal rulebook is also clear that code can't be interpreted, apparently to avoid modification "in the field" (generally county or city election offices).
Well shit, in that case, they can't use SQL at all. Since a database is a fairly reasonable way to track the candidate data, display strings, etc... I'm pretty sure that this wasn't the intent of the law. (No, IANAL, just applying common sense).
I do think it's great and long overdue that this information is now available. But I also think they'll want to finish the analysis and get some people who understand what they're looking at, before they start making claims. There may be validity to them - but so far it's tenuous if there at all. (Full disclosure: I'd love to electronic voting either a) shut down or preferably b) administered in a 100% transparent fashion... so I'm not making this post in anybody's defense)
It doesnt matter if its changeable on the fly or not. The law is No interpreted code. Guess what they found? Interpreted code. Ergo, the law has been broken. How much more simply can this be put, that you would get it?
You are required to give your hash code to your boss. HE looks up your vote and picks A or B. 50-50 chance he picks the fake one and you live. 50-50 chance he picks the real one and you lose your job.
It doesn't hurt to be nice.
I don't think the American public would really be all that upset if the election results didn't come in until the next morning. I suspect it's actually the news media that wants the results ASAP, in order to get everyone watching the election day evening news so that they can charge more for ad space.
From the site:
UPDATE 10/20/09 5:45pm Pacific Time: It appears the files were NOT VANDALIZED and will open in MS-SQL Server 2005. It also appears they did redact "code" to some degree. I'm still not clear on why there are thousands of lines of source code still left in there. I'm working on scoring a copy of SQL Server 2005 ASAP so I can look for myself. Check the discussion areas to follow along in realtime.
Interesting.
The reason voting irregularities mean diddly squat in a presidential election is due to the fact that Joe Citizen's votes don't matter directly.
Thanks to the electoral college, any voting irregularities are overruled by the imprimatur elector fiat.
Except that Americans like to vote on everything.
And?
If it's important enough to vote on, it's important enough to count properly.
If you're a zombie and you know it, bite your friend!
As a matter of due diligence, I will look up your "David Chaum's blind signature" (I may have already). I'm certain it will have a fatal flaw, as has every system I've examined thus far. It doesn't matter how many people jump up and down in support of their ideologies or how vigorously. Nobody has shown me a secret ballot, end-to-end verifiable voting system. I do not believe one exists. (I would like to be proven wrong, but I don't think anybody can.)
Disclaimer: I am a cryptographer, and I have done research on topics related to electronic voting in the past.
As a matter of simply stating a fact, regardless of your due diligence, the fact is that blind signatures and their application to electronic voting is a subject which is about 15 years old by now. If you didn't already know about this concept, then you are clearly not an expert in electronic voting or even in any related field of cryptology. Cryptographic electronic voting is a highly technical subject involving many different areas and subfields of cryptology, some of them heavily number theoretic and mathematical. You are probably not technically knowledgeable enough to pass judgment on such heavily technical subjects in which you are uninformed (or worse, prejudiced against, as evidenced by your choice use of words such as "ideologies").
Even if I'm wrong about you, and you are technically knowledgeable enough to correctly evaluate cryptographic voting systems, it doesn't matter. For every one of you, there are thousands of other voters who are not technically knowledgeable, but who think that they are.
The problem with voting systems is not mathematical. It is not cryptographic. From the point of view of cryptography, secret ballot, end-to-end verifiable voting systems do exist, and have been known for decades. Either a mix net or the Benaloh cryptosystem together with threshold secret sharing delegation of trust is all that is required. The problem with cryptographic end-to-end voting systems is that for every one cryptographer in the world, there are thousands of uninformed members of the general public who don't understand the math, and who think that the scheme is either untrustworthy or that they have found a flaw. For this reason, even if there is a secret ballot, end-to-end verifiable voting system (which there is), it will never be accepted by the general public. As a research scientist, I have had far too much experience in dealing with such obstacles. The public does not trust scientists, even when the scientists clearly know more than they do.
Have you ever seen voter turn-out numbers? Americans don't like to vote at all.
+0 Meh