Slashdot Mirror
Bev Harris of Black Box Voting Releases Accenture's Voting Software
Gottesser writes with this excerpt from Bev Harris's Black Box Voting: "I have found and posted the actual voter list software used widely throughout the USA (TN, WI, PA, CO, KS...) for Accenture voter registration and voter histories. I located the files on a magnetic backup tape of the hard drive of a county elections IT employee, part of a 120-gig set of discovery files. The Accenture voter registration / voter history software is highly problematic, and has been reported switching voter parties in Colorado, and losing voter histories in Tennessee. Although it is now widely known that Accenture voter list software gets it wrong, just WHY the program misreports voter information so often has never been explained. I am hoping that by releasing this software to the public, it may shed light on what's really going on with our voter registration systems. I also posted a Tennessee file with work orders and release notes which shows the Accenture software has a history of tripling votes in certain ('random') voter histories, going back to 2004. Except it is not random: Other files I discovered prove it is with primarily suburban Republican precincts that votes are somehow being recorded twice and sometimes three times for certain voters in the voter history report, and this didn't just happen in 2004; it also happened in the 2008 presidential primary and in May and August 2010, and according to election commission notes in Shelby County, also in the 2012 presidential primary. Computer buffs, have at it. Much source code exists within the structure because it is built on MS Access. I do not read source code, though I can see some structural problems with the software (for example, it allows political party ID to be set differently from one precinct to another)."
Now how long until Harris is sued?
Give me Classic Slashdot or give me death!
DMCA takedown request in 3...2...1...
It's for society's good, of course!
Well, there's your problem right there....why didn't they use a (real) database?
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
Well, there's your problem right there....why didn't they use a (real) database?
Like Microsoft Excel?
Don't forget Enron...
There have been a whole lot of election shenanigans in this country and in Canada. And while I don't doubt both parties have done this sort of thing, and do this sort of thing, it seems to be the Republicans who've been the biggest culprits these past 10 years or so.
Personally, I really like the anonymous electronic voting systems based on David Chaum's digital cash work. They look like they might be independently verifiable by third parties and anonymous at the same time.
Need a Python, C++, Unix, Linux develop
Lord, I wouldn't worry about tinfoil conspiracies, it is straight up incompetence.
Their consultants are terrible, and I mean that in the nicest way possible.
For one, the article is /.'d so I cant even read it..
Second, if what she is alleging is correct then yes, it needs to be spread far and wide on the 'net (and off, too, backed up all over) because letting criminals get away with stealing elections is very wrong.
Flame me, mod me down, whatever. But to stand by idly and let people that are evil win is wrong.
Hey if this is against TOS then by all means, remove it.
http://www.bbvforums.org/forums/messages/7659/ESM_2_0_8_23_04_zip__Burnbit_-82116.unk
hopefully that is a working link to the torrent. its 325meg or so in size.
This is SW to maintain voter registration, not collect votes. Just because it is broken and shows a voter voted multiple times in an election does not necessarily mean that the voter actually was able to cast multiple votes or that the (independent) voting method (paper or electronic) was flawed.
They were also joined by the MD-LP, because they knew e-voting could be easily hijacked. They felt the existed paper ballots worked just fine. Of course the Democrats have a ~70% majority in the Legislature, so they just rammed it through anyway (as they do with virtually everything). The Repub and Libertarian concerns have been proved correct 12 years later.
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
... than the Slashdot effect. Putting up a direct link to ZIP file on a blog and then getting the article on Slashdot is certainly a good way to melt the servers. Hopefully someone will get a torrent up for it soon so the hundreds of folks trying to download it don't trash the server (and take several days doing it since it's a 300+MB file).
I know a bunch of county elections IT people in Colorado since I work in county IT (and nervously checked TFA hoping it wasn't one of our backups that got released). Let me tell you, if you think IT is stressful, add politics and see what happens. To anyone else about to start scrutinizing this Accenture crap: welcome to the party. We have to deal with horrible, over-costed, "best of the worst" third-party solutions on a daily basis because there simply aren't any alternatives.
Let me tell you: if you were to start an open-source project for vote-counting you would have thousands of fed-up county contributors overnight.
I had a friend working for Anderson Consulting when Enron went down. They had nothing to do with Enron.
Except for ending slavery, the Nazis, communism, & securing American independence, war has never solved anything.
... that votes are somehow being recorded twice and sometimes three times for certain voters in the voter history report
To me, this sounds like someone's join isn't all that unique. Let's say you have two voters, Joe Smith, at two different addresses, that both voted. If you join a registration list with a vote list, on first and last name and not address, you actually end up with 4 combinations instead of 2, for twice the votes. Other things to check are overlapping effective/terminate date ranges, and compound primary key fields. Rookie mistakes, but big consequences.
Earlier Anonymous torrent link was incorrect. Here's the one from the site: http://burnbit.com/torrent/204972/ESM_2_0_8_23_04_zip
Poor means hoping the toothache goes away.
Since BBV is in bad shape, here's links to some mirrors.
In the original forum thread, a poster linked a torrent for the actual software: http://burnbit.com/torrent/204972/ESM_2_0_8_23_04_zip
I don't see a torrent for the notes archive, so here's a magnet link. Sorry if it stops working:
Submitted this related article to Slashdot a few months ago. Bev Harris looked into this as well.
To sum up the above link: An interesting phenomenon has occurred in every state of this year's Republican primaries. Votes appear to be flipped away from other candidates in favor of Romney, with a 99% correlation to precinct size. Although votes are "canvassed" (checked) after each primary, the methods used are primarily designed to detect vote stuffing, rather than vote flipping.
This phenomenon has recently been shown to be absent if you can get your hands on poll tapes from individual machines, rather than from voting tabulators (machines that count the totals from the various voting machines).
Voting machines are just scary stuff. More so since poll tapes are not always made readily available. Thankfully, a bill was recently introduced that would require poll tapes from individual machines (not just tabulators) to be made available by the next day following an election.
Firstly, it's spelled "Andersen" and not "Anderson", and secondly Andersen Consulting split from AA back in 1989 and they weren't on speaking terms (even though they were techncially run by the same umbrella company) for most of this time.
AC
H1B people need job security too! If a few extra votes go toward the party that pushes hard for H1B expansion, who is going to notice?
Highly recommend watching "Hacking Democracy".
http://www.youtube.com/watch?v=rVTXbARGXso
Join the Slashcott! Feb 10 thru Feb 17!
Except it was Arthur Anderson who was in bed with Enron. The AC guys told AA to fuck of long before that happened.
They built a MS Access DB for the front-end and used SQL for the back-end, this is industry standard for small business clerical solutions and is dirt cheap to do.
Microsoft has a nasty habit of removing functions out of DLL's to provide security, or changing their behavior so code breaks in ways nobody notices. Either you patch and you have a reliability problem, or you don't and get a security problem.
It's very likely the town decided they wanted to that setup because it's easy to exploit.
Where Accenture comes in as being a boatload of fail, is that they didn't build ANY database validation or security into their system. It's RIDICULOUSLY simple to set up several blob's for each site, set up security-per-blob by site logon, set up kiosks under guest accounts in AD that have access to just their blob, have the data aggregate into those blob's, then run a report to tally, and here's the fail part, AND ANOTHER REPORT TO CONFIRM OBVIOUS MISTAKE ON THE ROLLS A MONKEY COULD SPOT ARE NOT HAPPENING!
Voters voting twice, the number of votes on a field being counted several times, data field error checking to ensure valid characters are in a class...the STANDARD stuff. And we aren't talking about egregious or eccentric databasing here, we're talking about plain old simple databasing; field 1 is a name, field 2 is an address, field 3 is a telephone number, field 4 is the representative they wanted to vote for and so on and so on.
If Accenture wants to come clean, give us the design document the were handled to perform the contract, in fact, I'd FOIA that sucker in light of this offense.
IMO Windows has too large of an attack surface to be used for this; you need something with a minimal attack surface that can be updated and set up as needed. You need either Windows Server Core, or Linux. Heck, even Mac OSX would be better suited than XP or 7.
It's basically a bunch of monstrous Access databases. Unfortunately, most (all?) of the VBA code is in databases that have been compiled to .mde files. There's no simple way that I know of to get usable source code back from those, which is unfortunate, since that's probably where most of the damning evidence would be found. However, you can view table definitions and data, form and report designs, queries, etc. Fun fact: you can bypass the initial login by just holding the left shift key as you open voter.mde.
I don't particularly care what some partisan hack
Careful, you sound like one of those partisan hacks yourself, what with your shooting the messenger and all.
--Jeremy
Jesus was a liberal
This will rip the lid off the selling of our democracy down the river over the last 12 years.
Ms. Harris should probably look into getting some police protection.
Google cache has the forum thread:
http://webcache.googleusercontent.com/search?client=ubuntu&channel=fs&q=cache%3Ahttp%3A%2F%2Fwww.bbvforums.org%2Fforums%2Fmessages%2F7659%2F82111.html&ie=utf-8&oe=utf-8&gl=uk
Not a bad list, but if you are going for credibility you should really remove any link to CNN.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
whenever I see an article about these problems cropping up, about 9 times out of 10 it's the Republicans who are favored
Couldn't have anything to do with 90% of journalists being Democrat, now could it?
NAAHHHHH.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
The fact that we primarily see doubling / tripling in Republican-leaning counties
The "fact" is that that she only LOOKED there.
And the other FACT is that she is a non-technical person who probably screwed up her joins (look for another response that mentions that possibility).
You and she are both believing only what you want to without solid proof. And that is a FACT.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
WTF?? Why don't you just SAY what state you're from, or failing that, provide a link to the "below" post? You ask for "sources please", but you are pretty slim on citations yourself.
This being /., someone will find a way. If only for bragging rights, so be it.
Your post sadly will not reach five years ago, where that would have been true.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Careful, you sound like one of those partisan hacks yourself, what with your shooting the messenger and all.
He's complaining about ALL partisans, not just this one.
Your own shot is far off the mark.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Careful, you sound like one of those partisan hacks yourself, what with your shooting the messenger and all.
Because pointing out and decrying partisanship is itself partisan, or something.../sarcasm
The recommendation and rationale goes like this... The person I trust is not necessarily the person you would trust therefore we need transparency. No system can be secured against its administrators therefore we need transparency over security.
We must be able to verify four things. 1) Who can vote 2) Who did vote 3) Chain of custody 4) Vote count
Failing any of these points our elections are simply staged theater. Right now, we're failing ALL these points. No electronic system can be verifiable. Can't be done. Even under a paper system its difficult to put checks in place and to have mechanisms where a single voter or group of voter can raise a concern (even an honest mistake) and have it taken care of. A botched election is notoriously hard to clean up. Especially because recounts can and have been rigged. Litigating election issues is nearly impossible. The integrity of the election cycle must be maintained so no voter off the street and even most candidates can't get an issue in court with enough time to change the outcome of an election.
Therefore. *Most* Long term Election Integrity activists have come to support this basic starting principal: "Voter Marked Hand Counted Paper Ballots, Counted at the polls, on election night, no matter how long it takes, in full public view before all those who want to witness the count and before the ballots are moved and chain of custody issues arise."
Now. That handles points 3 and 4 but to be honest. 1 and 2 are tricky. They kinda require databases at this point because unlike the pool of poll workers this system don't scale well with the population. Bev's been finding voter histories have been erased in several counties in Tennessee. This is important because if a registered voter hasn't voted in a while then as part of house keeping (the person may have died or moved) they eventually get purged from the voter rolls. So someone(s) in Tennessee is erasing peoples' vote history so they get purged, show up at the polls and can't vote. There's already been some court rulings to handle this. The point is we need to remain vigilant and we need things transparent so we CAN be vigilant. We don't need computers to solve everything. We need the public to relearn how to do their civic duty and to do that civic duty.
I should go fling poop in their offices
Well, at least the government can't frame her on a rape charge.
She will be charged with molestation and pretending to use a condom while not doing so. She won't become a rapist, but a 95% rapist.
Any large database of personal information is going to contain numerous errors and inconsistencies. If you imagine an ideal election where the outcome is perfectly based on every legally eligible voter's intent, then current voting systems achieve about 1/10 of 1% accuracy. That is, any election result that is closer than 1 out of 1000 is correct perhaps half the time. Recounts are largely meaningless. The good news is that about half of all voters will be happy no matter what the result is. What computer people fail to appreciate is that the tried and true methods of fixing elections still work today namely "stuffing" ballot boxes, that is providing votes for people who do not vote themselves and the opposite, losing votes. Paper systems are, of of course, particularly susceptible to this type of manipulation. A more insidious method would be to have more than usual incorrect addresses for voters of a particular party or area thus reducing opposition turnout. Note that election results are normally geographically quite predictable. No amount of computer code diddling will detect a fraud of this nature, you would presumably need to look at post office records. While many coders may enjoy the masterbatorial pleasure of criticizing others, truly detecting election fraud requires actual hard work, always in short supply.
Much source code exists within the structure because it is built on MS Access.
MS Access is an absolutely horrible choice for any kind of production software, much less something as important as voting. Even MS tries their best to steer people away from it and toward MS SQL Server instead. What on earth were these programmers thinking?
Some one better get it up on Tor and the Pirate Bay ASAP.
you read carefully.
This is not e-voting software. No votes were counted and applied to the results of elections.
This is voter registration and list software that keeps track of voter registrations tallies voter histories.
The voter _histories_ have miscounts.
...because it is built on MS Access.
I can't believe I just read that.
They used a toy database that's meant for prototyping and small systems requirements.
Only a complete and utter moron would deploy a multi-user system using Access.
I do not fail; I succeed at finding out what does not work.
Hey BEV if you read this - for those of us who understand how dangerous bit torrent can be, how about an alternate method of getting at the files?
the most idiot people i have ever worked with were from Andersen Consulting
I don't think I've ever had to work with a crappier data base/table program. It makes reading and writing to a random access text file rational. Who ever said yes to m$ Access should be looking at hard jail time.
Indeed. You've been using an eggcorn. By far one of the most common ones in use, but every bit as nonsensical as the others found in this sampling:
===============
Allow me to play doubles advocate here for a moment. For all intensive purposes I think you are wrong.
In an age where false morals are a diamond dozen, true virtues are a blessing in the skies. We often put our false morality on a petal stool like a bunch of pre-Madonnas, but you all seem to be taking something very valuable for granite. So I ask of you to mustard up all the strength you can because it is a doggy dog world out there. Although there is some merit to what you are saying it seems like you have a huge ship on your shoulder. In your argument you seem to throw everything in but the kids Nsync, and even though you are having a feel day with this I am here to bring you back into reality. I have a sick sense when it comes to these types of things. It is almost spooky, because I cannot turn a blonde eye to these glaring flaws in your rhetoric. I have zero taller ants when it comes to people spouting out hate in the name of moral righteousness. You just need to remember what comes around is all around, and when supply and command fails you will be the first to go.
===============
My intent isn't to insult, just to encourage people to think about any phrase that doesn't actually make sense.
I certainly understand the origin of the phenomenon, but clearly it makes no sense to "must of" or "should of" done something. This is the same thing as "for all intensive purposes"... it's an eggcorn. Someone hears a spoken phrase enough times to understand its meaning via context, but never actually caught the exact words.
The reason this gets my attention is because it means the person is saying something that they know doesn't actually MAKE SENSE, they think it's some bizarre idiom or something. No one should say things that are nonsense unless it's performance art. (Or they're politicians.)
I ran a quick strings and grep on all the files, hoping to get some juicy comments from source code, but I didn't get much:
*sigh* We had punch card voting running at 1,000 votes counted per minute posting data to a MySQL database using Borland Builder front ends.
I'm kinda glad I don't run elections anymore, the technology just keeps regressing.
The idea that the British government (I am British btw) could orchestrate any sort of cyber attack is a joke. Have you seen the reports on any NHS project recently? Have you ever seen James Bond at a computer? No. I rest my case.
A machine like this is the perfect place for a small OS that weighs in at a few hundred MB at the most. It is also a legitimate place for UEFI encryption, encrypt and sign the bootloader, and have all the executable content on the machine signed and unsigned stuff wouldn't run. In this case a voting machine is not a general purpose computer and doesn't need a full OS that can run anything. WhyTF does it need windows, WhyTF does it need virus scanning. A much simpler system of checking the TPM and the signatures on the filesystem, then having a bloody fit of one of them fails to pass is much more secure and a whole lot easier to verify.
The only problem with doing that, it would require some work and a few smart people. What they have now sounds like some cobbled together shit done as cheaply as possible, marked up as much as possible to extract as much revenue from the state as possible.