READER COMMENTS ON
"E-Voting Code to Receive 'First-Ever' Public Scrutiny Following Public Records Request"
(14 Responses so far...)
COMMENT #1 [Permalink]
said on 10/21/2009 @ 12:07 am PT...
COMMENT #2 [Permalink]
said on 10/21/2009 @ 12:31 am PT...
And... while geeks "grok" the code...
Nobody is looking into the hardware at the doping level. Massive fail.
COMMENT #3 [Permalink]
said on 10/21/2009 @ 2:35 am PT...
The voting systems themselves and the oversight process behind them at the federal and state levels is most definitely a fail.
But there's a lot to be learned here. A whole lot.
For example: say you vote a write-in in one race. Anybody checking the database internally can, according to a couple of people who've looked at this so far (full confirmation needed!), figure out exactly who or what else you voted for, in every race. So if you use your own name as a write-in for a downticket race, you can sell your vote.
I don't think that's allowed, folks. Certainly worth knowing, eh?
And there's much, much more.
With that said: it turns out I somehow screwed up the loading of the files on my machine, and so did at least one other person. Turns out the files were NOT vandalized by Sequoia and CAN be read as actual data in a database. That's apparently the biggest mistake I made so far.
The problem with doing a totally public analysis like this is that my own warts can appear. So be it...especially where voting systems are concerned, public exams are the moral way to go. And at least I put the word "apparently" or the like right next to "vandalize".
On the other hand, we do seem to be looking at an incompetent attempt to redact source code. Look at the data using Microsoft tools and yeah, it looks like they're gone. More or less by accident, the source code reveal I pulled off was a lot like "un-erasing" files. In other words, you give a "delete" command, the computer doesn't do so fully and the data can still be recovered.
That's a bigger "oops" on Sequoia's part than anything I've done .
COMMENT #4 [Permalink]
said on 10/21/2009 @ 11:51 am PT...
Want to bet that there aren't 5 Supreme Court
justices who will say that "the attempt
equals the deed" and then rule that you are
illegally in possession of proprietary data
via, let's say, a DMCA infringement?
Go ahead and bet... I need money for margarita mix, tequila, and salt & vinegar chips
COMMENT #5 [Permalink]
karen from illinois
said on 10/21/2009 @ 12:05 pm PT...
page 55 shows moreno valley (in the totals) with 0 registered voters but 1 ballot cast
page 53 shows same @52337 moreno valley/3
this is what i call an "impossible number",my working theory is an impossible number is a "tag" for an inaccurate command
COMMENT #6 [Permalink]
said on 10/21/2009 @ 12:28 pm PT...
I responded to a "proprietary software" comment on another site/different topic earlier. So I've had a little more time to think about it, other than my terse remark that went something like, "What are they hiding?" But there's more to it than that. Any other software engineers out there? (Jim, you are, yes?)
First, the code you're looking at here may not be the code running your election.
But more to the proprietary issue. Bottom line is even if you're working with really complex systems, it's much easier to start from the beginning and code your own stuff than it is to lift someone else's code. Speaking of warts and wrinkles! It's a lot easier to fix the one's you know than to find and repair the other guys'. So all the proprietary hype, is just that. Hype.
COMMENT #7 [Permalink]
said on 10/21/2009 @ 3:14 pm PT...
Tech journalist David M. Williams at iTWire.com
investigated the recently released Sequoia database
and concluded that it was not vandalized and does
not contain "election control" code. See his
Does he have a good case?
COMMENT #8 [Permalink]
said on 10/21/2009 @ 5:01 pm PT...
Roy, from what I see from David M Williams @ iTWire.com you mentioned.
(by the way this is why I won't even bother with this code, there's much better people at finding such problems than myself)
anyway, Dave said this
"Within table VOTER we find records of voters but with such non-identifying fields as VOTER_ID, SERIAL_NUMBER and PRECINCT_ID. I can tell you that VOTER_ID 885 has SERIAL_NUMBER 41970 and is in PRECINCT_ID 594 but that doesn’t tell me who the person is or who they voted for, or even if they voted at all."
And then goes on to kind of make it look like there's no problem here.
But there is a problem dave, you said it yourself.
"that doesn’t tell me who the person is or who they voted for, or even if they voted at all."
That my friend is a "broken chain of custody!" if it's as you put it. And dave, on the hardware side, your going to find all electronic vote tabulation devices have this same underlying problem. In the case of hardware you can't see the signal representing the vote. Or was dave physically present when the chips were doped? How does dave know no bad logic is inside each chip with it's pretty little part number stamped on top? Unless you destroy every chip under an electron microscope and reverse engineer the results you wouldn't know dave. Oh but the reality is all devices would then have to be destroyed for that to take place. Also notice finally dave, I specifically say, "electronic vote tabulation device" if it's used to count votes it doesn't matter what kind of ceramic, silicon, ttl, cmos, asic, whatever the hell they put in it. It's irrelevant the arrangement of chips. Not even the power supply is monitored for anomalies. It's because we can't. Which means poll watchers can't. No open source will help because of what it runs on which is invisible.
If I was a poll watcher the very first electronic vote tabulation device / machine I came across, I would have raised the issue and stuck to it on these points alone, until the machine was replaced with paper ballots which are physically watched by humans in an "unbroken chain of custody." Physically seeing paper ballots humans can do, seeing electronic signals humans can not do. The software and firmware doesn't matter in this light. I know OVC means well but they got to understand in the world of physics, code becomes irrelevant.
COMMENT #9 [Permalink]
said on 10/22/2009 @ 12:18 pm PT...
Your argument for not depending on vote-tabulating equipment is sound (though I don't agree we should be able to ascertain how any individual citizen voted).
However, that's not what Dave was disputing. He was disputing whether there was any computer code in the database as released to the EDA.
But the point is now moot. Sequoia has now officially admitted that the database contained computer code, though not code for voting-machines. Here's a quote from Sequoia's statement, as reported at http://www.kesq.com/Global/story.asp?S=11357302
There was no source code related to the voting machines - the code that actually counts votes - released or any front-end Election Management System code. Essentially only small portions of ballot layout, accumulation and reporting code were present in this database that Sequoia provided to Riverside County.
Does this leave Sequoia in the clear?
Not necessarily. Software of all types is subject to error. That includes the software that Sequoia mentions above. In particular, there have been reports of ballots laid out on a computer that were laid out incorrectly, and other reports of votes being accumulated incorrectly. Admittedly, operator error was the commonly reported cause of these problems. But can anyone claim that this type of software has always been without flaws, detected or as yet undetected?
So the code fragments in the EDA's possession may still be worthy of study, even if they don't control voting machines.
COMMENT #10 [Permalink]
said on 10/22/2009 @ 7:21 pm PT...
But there's more to it than that. Any other software engineers out there? (Jim, you are, yes?)
Not exactly. I'm more a sysadmin sort of geek and somewhat out of date unless we're talking about recent Linux desktop setups.
COMMENT #11 [Permalink]
said on 10/23/2009 @ 6:42 am PT...
Jim March, technically I have the data book collection of a "hardware engineer" while my asm skills are in fact rusty now. It still doesn't change the basic concepts of how a chip is manufactured and how signals effect the chip. While it just takes me forever (literally) to program such devices. It doesn't change the knowledge burned into my brain.
Roy Lipscomb said,
"I don't agree we should be able to ascertain how any individual citizen voted)."
I agree Roy. It's called transparency. Did I say we should show such data? My bad. I didn't mean to say that. I guess I really am burned out.
If you look really carefully at what "I have been saying for years now", the only one who SHOULD know is the voter. "Voter Validated"
But with the use of electronic signals through a plethora of unknown silicone logic the voter can NEVER know what his own vote was. Or if it even was counted. "Broken Chain of Custody"
With paper ballots, the voter can watch the "metal box" he dropped his ballot into.
So I think we are on the same page here. But since I been typing this so many times since 2004 I have become sloppy in explaining it.
I'm burned out frankly. Outlawing electronic vote tabulation devices should be a no brainer, but it continues because it's too technical for average folk to understand, and it's exploitable by those in the know.
COMMENT #12 [Permalink]
said on 10/23/2009 @ 3:47 pm PT...
No need to apologize. As it turns out, it was my bad. My disagreement was targeting the quote in comment 8, beginning "Within table VOTER..." I mistakenly attributed that quote to you, instead of its true author, Dave Williams. Sorry for the confusion!
COMMENT #13 [Permalink]
said on 10/25/2009 @ 12:02 am PT...
COMMENT #14 [Permalink]
said on 10/29/2009 @ 1:51 pm PT...
Remarkably useful information....