Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bev Harris of Black Box Voting Releases Accenture's Voting Software

Posted by timothy on from the ignore-man-behind-curtain dept.

Gottesser writes with this excerpt from Bev Harris's Black Box Voting: "I have found and posted the actual voter list software used widely throughout the USA (TN, WI, PA, CO, KS...) for Accenture voter registration and voter histories. I located the files on a magnetic backup tape of the hard drive of a county elections IT employee, part of a 120-gig set of discovery files. The Accenture voter registration / voter history software is highly problematic, and has been reported switching voter parties in Colorado, and losing voter histories in Tennessee. Although it is now widely known that Accenture voter list software gets it wrong, just WHY the program misreports voter information so often has never been explained. I am hoping that by releasing this software to the public, it may shed light on what's really going on with our voter registration systems. I also posted a Tennessee file with work orders and release notes which shows the Accenture software has a history of tripling votes in certain ('random') voter histories, going back to 2004. Except it is not random: Other files I discovered prove it is with primarily suburban Republican precincts that votes are somehow being recorded twice and sometimes three times for certain voters in the voter history report, and this didn't just happen in 2004; it also happened in the 2008 presidential primary and in May and August 2010, and according to election commission notes in Shelby County, also in the 2012 presidential primary. Computer buffs, have at it. Much source code exists within the structure because it is built on MS Access. I do not read source code, though I can see some structural problems with the software (for example, it allows political party ID to be set differently from one precinct to another)."

4 of 245 comments (clear)

  1. On the dangers of voting machines by unwastaken · · Score: 5, Informative

    Submitted this related article to Slashdot a few months ago. Bev Harris looked into this as well.

    To sum up the above link: An interesting phenomenon has occurred in every state of this year's Republican primaries. Votes appear to be flipped away from other candidates in favor of Romney, with a 99% correlation to precinct size. Although votes are "canvassed" (checked) after each primary, the methods used are primarily designed to detect vote stuffing, rather than vote flipping.

    This phenomenon has recently been shown to be absent if you can get your hands on poll tapes from individual machines, rather than from voting tabulators (machines that count the totals from the various voting machines).

    Voting machines are just scary stuff. More so since poll tapes are not always made readily available. Thankfully, a bill was recently introduced that would require poll tapes from individual machines (not just tabulators) to be made available by the next day following an election.

  2. Re:In Maryland Republicans opposed e-voting by GodfatherofSoul · · Score: 5, Informative

    "Just rammed it through" def'n: any legislation that passes that you don't like.

    --
    I swear to God...I swear to God! That is NOT how you treat your human!
  3. Re:Accenture wrote it?(Mod Me Up,Good Info herein) by Anonymous Coward · · Score: 5, Informative

    They built a MS Access DB for the front-end and used SQL for the back-end, this is industry standard for small business clerical solutions and is dirt cheap to do.

    Microsoft has a nasty habit of removing functions out of DLL's to provide security, or changing their behavior so code breaks in ways nobody notices. Either you patch and you have a reliability problem, or you don't and get a security problem.

    It's very likely the town decided they wanted to that setup because it's easy to exploit.

    Where Accenture comes in as being a boatload of fail, is that they didn't build ANY database validation or security into their system. It's RIDICULOUSLY simple to set up several blob's for each site, set up security-per-blob by site logon, set up kiosks under guest accounts in AD that have access to just their blob, have the data aggregate into those blob's, then run a report to tally, and here's the fail part, AND ANOTHER REPORT TO CONFIRM OBVIOUS MISTAKE ON THE ROLLS A MONKEY COULD SPOT ARE NOT HAPPENING!

    Voters voting twice, the number of votes on a field being counted several times, data field error checking to ensure valid characters are in a class...the STANDARD stuff. And we aren't talking about egregious or eccentric databasing here, we're talking about plain old simple databasing; field 1 is a name, field 2 is an address, field 3 is a telephone number, field 4 is the representative they wanted to vote for and so on and so on.

    If Accenture wants to come clean, give us the design document the were handled to perform the contract, in fact, I'd FOIA that sucker in light of this offense.

    IMO Windows has too large of an attack surface to be used for this; you need something with a minimal attack surface that can be updated and set up as needed. You need either Windows Server Core, or Linux. Heck, even Mac OSX would be better suited than XP or 7.

  4. Re:This will be really interesting by Holmwood · · Score: 5, Informative

    I'm on the conservative/libertarian side of things most (but not all) days, but the quote is real, assuming you accept the NY Times as a source.

    http://www.nytimes.com/2003/11/09/business/machine-politics-in-the-digital-age.html?pagewanted=all&src=pm

    The context is important; O'Dell wrote this as a Bush fundraiser in a fundraising letter, not in his role as Diebold president. That said, reverse it, if he'd been a Kerry/Obama backer and done the same; Republicans would be rightly very suspicious.

    We've had issues with robocalls and funding irregularities in Canada, but not, as far as I am aware, any significant credible allegations of ballot or vote fraud.

    In the last couple of elections, where I live, we've used paper ballots (filled out with a pen) sometimes coupled with optical scan. (The disabled can have someone assist them.) This provides a surprisingly useful audit trail. (e.g. consider a box filled with ballot papers all marked for one candidate, all with a very unusual pen colour. Don't laugh, it's happened in places like Texas).

    Voters are enumerated, door-to-door by multi-party teams of volunteers. To vote you have to show photo id. Felons and prisoners are able to vote; we think it's unfair to deny politicians the vote. I strongly suspect the level of voter fraud and machine politics is substantially lower than the US; history generally seems to bear this out.

    The Canadian system is far from perfect, though I'm inclined to think, like the banking system up here, it's somewhat superior to the current US system.