Sequoia Voting Systems Source Code Released 406
Mokurai sends a heads-up about Sequoia Voting Systems, which seems to have inadvertently released the SQL code for its voting databases. The existence of such code appears to violate Federal voting law: "Sequoia blew it on a public records response. ... They appear... to have just vandalized the data as valid databases by stripping the MS-SQL header data off, assuming that would stop us cold. They were wrong. The Linux 'strings' command was able to peel it apart. Nedit was able to digest 800-MB text files. What was revealed was thousands of lines of MS-SQL source code that appears to control or at least influence the logical flow of the election, in violation of a bunch of clauses in the FEC voting system rulebook banning interpreted code, machine modified code and mandating hash checks of voting system code." The code is all available for study or download, "the first time the innards of a US voting system can be downloaded and discussed publicly with no NDAs or court-ordered secrecy," notes Jim March of the Election Defense Alliance. Dig in and analyze.
Was going to post a pseudo-witty comment but... (Score:3, Informative)
"Well you may throw your rock and hide your hand
Workin' in the dark against your fellow man
But as sure as God made black and white
What's down in the dark will be brought to the light"
-Johnny Cash
Quote taken from the index of http://studysequoia.wikispaces.com/ [wikispaces.com]. Wishful thinking, but how apt.
Re:What? (Score:4, Informative)
Appears to control or at least influence the logical flow of the election
What exactly does that mean?
Means they suspect that the code for the actually tallying and evaluating ballots is in SQL. It is suggested that this violates the law for being dynamic and interpreted.
Re:Who uses them? (Score:3, Informative)
http://lmgtfy.com/?q=sequoia+voting+machines [lmgtfy.com]
Another case of failed redaction! (Score:3, Informative)
The file they have is simply a SQL Server backup.
It takes a few minutes to restore using SQL 2005 Express + SSMSE
Nothing has been destroyed or sabotaged.
but...
When the database is restored you get the tables with the data in. :)
All the stored procedures have been deleted. Or so Seqoia thought
As the use of strings on the backup file demonstrates, the text of the sp's are still there.
There are various database tools (Lumigent was one from memory) that allow looking back through the database log and, I expect, returning the database to a previous state.
Just when companies had got the hang of cleaning up after track changes they move on to SQL database backups :)
too much voting? (Score:5, Informative)
Maybe it's a cultural thing, but I've never seen the necessity to complicate things any further than paper, pencil, double physical count. Cheap, no machines involved, fast. On a national election down here (about 15 million voters), voting booths close at 6pm and results are known nation wide right on time to open the 8pm evening news.
Except that Americans like to vote on everything.
Not just politicians, but sherifs, judges, district attorneys (i.e., head government prosecutors), etc. Add this to the fact that most elections (municipal, county, state, federal) tend to happen on one day [wikipedia.org], so that when you walk into the booth, you don't just have a piece of paper, but a small booklet to go through. Then add propositions (i.e., referendums) that many states have if enough people sign a petition. If you want to be an educated voter on all the possible choices you have to do some serious studying.
And then you have to count all of these 20+ separate run offs for the various levels of government.
How to restore the .bak file using Microsoft SQL.. (Score:3, Informative)
How to restore the .bak file using Microsoft SQL Server Express 2008:
Step 1. Go download SQL Server Express 2008 (This is trivial, left up to the reader. You might have to go to a microsoft webpage) and install.
Step 2. Go download SQL Tools for SQL Server (Trivial) and install.
Step 3. Go download the .bak.zip file from the above wiki. Save it to 'C:\foofoo\'. Unzip the .bak file within it to 'C:\foofoo\'. You should now have: 'C:\foofoo\RIV_20081104_Canvass_Final_dbset_E.bak'
Step 4. Start up SQL Server Express
Step 5. Open SQL Management Studio and connect to your local SQLEXPRESS instance.
Step 6. Click on the top most node in (Should be your machine's name\SQLEXPRESS). Click "New Query".
Step 7. Run the following query:
RESTORE DATABASE RIV_20081104_E FROM disk='C:\foofoo\RIV_20081104_Canvass_Final_dbset_E.bak'
WITH MOVE 'RIV_20081104_Esys' TO 'C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\RIV_20081104_Esys.mdf',
MOVE 'RIV_20081104_Edat' TO 'C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\RIV_20081104_Edat.mdf',
MOVE 'RIV_20081104_Elog' TO 'C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\RIV_20081104_Elog.ldf',
REPLACE
go
Step 8. Wait.
Step 9. This should create a database called RIV_20081104_E.
Have fun.
Re:Hyperbole much (Score:3, Informative)
Show me the section in federal law that cites wiki!
OK, I'll quote this [wikispaces.com] instead:
"4.2.2 Software Integrity
Self-modifying, dynamically loaded, or interpreted code is prohibited, except under the security provisions outlined in section 6.4.e [sic - see note below]. This prohibition is to ensure that the software tested and approved during the qualification process remains unchanged and retains its integrity. External modification of code during execution shall be prohibited. Where the development environment (programming language and development tools) includes the following features, the software shall provide controls to prevent accidental or deliberate attempts to replace executable code: ...
IANAL, but that seems pretty clear cut. Maybe not in regards to the SQL, but as far as to what they mean.
Re:Hyperbole much (Score:5, Informative)
First, I'm the guy that built that wiki page.
Second, "code that defines races" can be used to alter results. I have a lot of experience playing with Diebold databases because we've had access to those since 2003 when Diebold left an FTP site open. If you swap the candidate ID numbers between two candidates in the Diebold database (run in MS-Access), you'll flip the election. In a heartbeat.
It *appears* there's code present in this Sequoia database to do the same thing. Note the word "appears". The best way to find out, and the most MORAL way, was to put it up for public review.
Risking exposure of our technical warts, sure. Still worth it. Check the discussion areas at the wiki - we're learning a hell of a lot, very quickly.
But yes, it's true: I don't know MS-SQL, and nobody else at EDA does either. So we were faced with a choice: find a few people who did know it, pay 'em a bunch of donated money to write a formal report behind closed doors, or do a public review and exam even if that means exposing any mistakes we make, knowing they'll be caught pretty damn quick.
Which was better?
Re:Hyperbole much (Score:3, Informative)
Re:There's somebody wrong on the internet... (Score:2, Informative)
"CastrTroy! Get in here! You're going to fill out this absentee ballot just the way I tell you, and sign it. I'll mail it for you. If you don't, it's curtains for your grandmother!"
Or:
"CastrTroy! Get in here! You're going to carry this spy camera pen [davidsteele.com] into the voting booth so I can make sure you vote the way I want you to. If you don't, it's curtains for your grandmother!"
So the whole "verifiable ballots allow coercion!" argument doesn't hold water: you can be coerced today. The defense against coercing votes isn't technical, it's that you're going to be locked in a cage for a very long time if you do it. (And rightly so.)
But besides that, it's just factually wrong. It is possible to have a ballot that you can verify but that can't be used to show others how you voted, because it relies on a secret that you know but can't prove. See, for example, Chaum's Punchscan [wikipedia.org].
The story is not based on fact. (Score:3, Informative)
Re:There's somebody wrong on the internet... (Score:3, Informative)
Still wondering why ? A 6th grader with a good pair of eyes can understand and control a paper vote. The more people you gather to keep watch, the better, no training necessary. It would take you, with all your intelligence and experience, weeks of efforts to verify an e-system implementation, and you'd be one of a handful able to do so. And all it would take to rig the system would be to outsmart your small lot of scientists. Just *imagine* for a second the source code is mathematically correct and you verified it. How about the compiler ? Do you know if the system really runs on the bare metal or is it trapped in a VM ? Are you per chance a computer scientist as well as a cryptologist ? How many scientists would it take to screw that light bulb in the end ? How long would it take ?
Thanks, but I am neither a computer scientist, nor am I still wondering why. I figured out what you said a long time ago. Some computer scientists have also figured it out. That's why a lot of voting research these days is in the area of non-cryptographic voting schemes that still provide secret ballot end-to-end security. No such scheme is known today, but significant progress has been made, for example ThreeBallot [mit.edu] by Ron Rivest.
I, and many researchers, are well aware that no solution to the voting problem can ever involve a system, or a compiler, or source code, or any sort of bare metal hardware. The solution has to be non-cryptographic. Unfortunately, the politicians and legislators have not realized this yet (or they have, and are committing intentional sabotage), and most importantly, the general public has not realized this yet. The general public still thinks that voting machines are the way to go.