Sequoia Voting Systems Source Code Released

Mokurai sends a heads-up about Sequoia Voting Systems, which seems to have inadvertently released the SQL code for its voting databases. The existence of such code appears to violate Federal voting law: "Sequoia blew it on a public records response. ... They appear... to have just vandalized the data as valid databases by stripping the MS-SQL header data off, assuming that would stop us cold. They were wrong. The Linux 'strings' command was able to peel it apart. Nedit was able to digest 800-MB text files. What was revealed was thousands of lines of MS-SQL source code that appears to control or at least influence the logical flow of the election, in violation of a bunch of clauses in the FEC voting system rulebook banning interpreted code, machine modified code and mandating hash checks of voting system code." The code is all available for study or download, "the first time the innards of a US voting system can be downloaded and discussed publicly with no NDAs or court-ordered secrecy," notes Jim March of the Election Defense Alliance. Dig in and analyze.

Hyperbole much

[icebike]

"code that appears to control or at least influence the logical flow of the election"

Which means the uneducated inspecting strings saw things like:

BAL_ID null
-- 1 - show candidate on ballot (default)
-- 0 - remove candidate from the ballot
-- 2 - don't show candidate on the ballot, but reserve space for her on the layout

All of which is perfectly benign when voters are not eligible to vote for certain candidates for any number of reasons.

The more you read at the ultimate site more you realize the people digging thru this garbage know nothing about what they are reading, and not much about programming either.

Just because you know how to run grep or strings does not mean you can use the data it reveals.

Re:Hyperbole much

[amicusNYCL]

Nice one jackass, but I'm not a lawyer, I'm a programmer. It should be pretty goddamn clear to any novice that a stored procedure in MS SQL Server, which is what we're dealing with here, is most definitely interpreted code. The law clearly states that interpreted code is not allowed because of the obvious fact that it can easily be changed after the certification. They state that once the software is certified that there are no more compilers or linkers allowed in the onboard software and that the binaries should be able to have their checksum validated in the field to ensure it's the same software that was certified. Especially when the SQL code to create those same stored procedures ships with the product, as if the database itself is set up in the field.

Now, I'm not a lawyer, but that seems pretty goddamn clear to me that a stored procedure in SQL Server does not meet those criteria.

But, and I'm being honest here, I really want to hear your opinion on the matter, since mine doesn't matter, and is based on scary capital letters.

Re:This is cool and all, but...

[itwerx]

"that's an unabashedly self-modifying database" Not to mention that ID 15 -> 21 re-mapping in one of the excerpts. Why would an ID of any kind ever need to be remapped on the fly like that? Heck, I used to do a little SQL programming back in the day, I might just have to dig into it a bit myself! :)

Re:There's somebody wrong on the internet...

[CastrTroy]

I shouldn't be able to verify my own vote. If I can verify my vote, I can prove to myself after the fact how I voted, and therefore I can prove it to somebody else. That somebody else might try to coherce me into voting a specific way. I much prefer paper, pen, and hand counted. That way, I can verify the box is empty before everyone puts their vote in. Verify that my vote went into the box, and verify that the box was opened and that all votes in the box were counted correctly. I wouldn't be able to identify my ballot apart from the other ballots in the box, but that would be good, because nobody would be able to coherce me to vote a particular way. Just knowing that my vote was an a box, and that the box was counted correctly is enough for me to know that my vote was counted correctly.

Re:you're wrong.

[Anne+Honime]

Doesn't work like that, at least where I live. In my place, you can come in to check if the see-through box is empty and sealed before the voting begin. Then you have parties representatives that take turn to check the whole process during the day (and keep an eye on each others as well as looking after election judges), and finally, the public is much welcomed to come back (or even stay the whole day, if you prefer so) and help count the ballots at the end of the day. The result is then phoned at the town house, where all results for the town are tallied on a paperboard in front of the public. Through some administrative layers, it climbs up through counties and districts up to the national level. Nothing is ever done behind closed doors ; anybody has a right to attend every step physically, in person. In the end, it's a giant peer-reviewed open-source process that's happening under the very eyes of everybody. In the morning, through local newspapers, you can break down the full result down to every single voting place in the whole country.

Re:you're wrong.

[v1]

Good catch, that's the sort of thinking I was hoping to hear from.

OK then one more tweak. The receipt you print in the booth can either be your real or your dummy vote. You pick just before you leave. So if you are being coerced, you can pick the dummy receipt but if you want to watch over your vote you pick the real receipt to take home.

So in this case you don't get an A/B choice when you get home and punch in the URL. It immediately shows a vote, either the dummy or the real, whichever you elected to get the receipt for.

Are we bulletproof yet? That doesn't look like it adds any real complexity to what I'm trying to keep to a bare minimum.