Bev Harris of Black Box Voting Releases Accenture's Voting Software 245
Gottesser writes with this excerpt from Bev Harris's Black Box Voting: "I have found and posted the actual voter list software used widely throughout the USA (TN, WI, PA, CO, KS...) for Accenture voter registration and voter histories. I located the files on a magnetic backup tape of the hard drive of a county elections IT employee, part of a 120-gig set of discovery files. The Accenture voter registration / voter history software is highly problematic, and has been reported switching voter parties in Colorado, and losing voter histories in Tennessee. Although it is now widely known that Accenture voter list software gets it wrong, just WHY the program misreports voter information so often has never been explained. I am hoping that by releasing this software to the public, it may shed light on what's really going on with our voter registration systems. I also posted a Tennessee file with work orders and release notes which shows the Accenture software has a history of tripling votes in certain ('random') voter histories, going back to 2004. Except it is not random: Other files I discovered prove it is with primarily suburban Republican precincts that votes are somehow being recorded twice and sometimes three times for certain voters in the voter history report, and this didn't just happen in 2004; it also happened in the 2008 presidential primary and in May and August 2010, and according to election commission notes in Shelby County, also in the 2012 presidential primary. Computer buffs, have at it. Much source code exists within the structure because it is built on MS Access. I do not read source code, though I can see some structural problems with the software (for example, it allows political party ID to be set differently from one precinct to another)."
torrent link (Score:4, Informative)
Hey if this is against TOS then by all means, remove it.
http://www.bbvforums.org/forums/messages/7659/ESM_2_0_8_23_04_zip__Burnbit_-82116.unk
hopefully that is a working link to the torrent. its 325meg or so in size.
List, not Voting SW (Score:4, Informative)
This is SW to maintain voter registration, not collect votes. Just because it is broken and shows a voter voted multiple times in an election does not necessarily mean that the voter actually was able to cast multiple votes or that the (independent) voting method (paper or electronic) was flawed.
In Maryland Republicans opposed e-voting (Score:4, Informative)
They were also joined by the MD-LP, because they knew e-voting could be easily hijacked. They felt the existed paper ballots worked just fine. Of course the Democrats have a ~70% majority in the Legislature, so they just rammed it through anyway (as they do with virtually everything). The Repub and Libertarian concerns have been proved correct 12 years later.
Join the dark side, we have cookies (Score:5, Informative)
... that votes are somehow being recorded twice and sometimes three times for certain voters in the voter history report
To me, this sounds like someone's join isn't all that unique. Let's say you have two voters, Joe Smith, at two different addresses, that both voted. If you join a registration list with a vote list, on first and last name and not address, you actually end up with 4 combinations instead of 2, for twice the votes. Other things to check are overlapping effective/terminate date ranges, and compound primary key fields. Rookie mistakes, but big consequences.
Torrent link (Score:5, Informative)
Mirrors (Score:3, Informative)
Since BBV is in bad shape, here's links to some mirrors.
In the original forum thread, a poster linked a torrent for the actual software: http://burnbit.com/torrent/204972/ESM_2_0_8_23_04_zip [burnbit.com]
I don't see a torrent for the notes archive, so here's a magnet link. Sorry if it stops working:
On the dangers of voting machines (Score:5, Informative)
To sum up the above link: An interesting phenomenon has occurred in every state of this year's Republican primaries. Votes appear to be flipped away from other candidates in favor of Romney, with a 99% correlation to precinct size. Although votes are "canvassed" (checked) after each primary, the methods used are primarily designed to detect vote stuffing, rather than vote flipping.
This phenomenon has recently been shown to be absent if you can get your hands on poll tapes from individual machines, rather than from voting tabulators (machines that count the totals from the various voting machines).
Voting machines are just scary stuff. More so since poll tapes are not always made readily available. Thankfully, a bill was recently introduced that would require poll tapes from individual machines (not just tabulators) to be made available by the next day following an election.
Re:In Maryland Republicans opposed e-voting (Score:5, Informative)
"Just rammed it through" def'n: any legislation that passes that you don't like.
If you're wondering who Bev Harris is (Score:5, Informative)
Highly recommend watching "Hacking Democracy".
http://www.youtube.com/watch?v=rVTXbARGXso [youtube.com]
Re:Accenture wrote it?(Mod Me Up,Good Info herein) (Score:5, Informative)
They built a MS Access DB for the front-end and used SQL for the back-end, this is industry standard for small business clerical solutions and is dirt cheap to do.
Microsoft has a nasty habit of removing functions out of DLL's to provide security, or changing their behavior so code breaks in ways nobody notices. Either you patch and you have a reliability problem, or you don't and get a security problem.
It's very likely the town decided they wanted to that setup because it's easy to exploit.
Where Accenture comes in as being a boatload of fail, is that they didn't build ANY database validation or security into their system. It's RIDICULOUSLY simple to set up several blob's for each site, set up security-per-blob by site logon, set up kiosks under guest accounts in AD that have access to just their blob, have the data aggregate into those blob's, then run a report to tally, and here's the fail part, AND ANOTHER REPORT TO CONFIRM OBVIOUS MISTAKE ON THE ROLLS A MONKEY COULD SPOT ARE NOT HAPPENING!
Voters voting twice, the number of votes on a field being counted several times, data field error checking to ensure valid characters are in a class...the STANDARD stuff. And we aren't talking about egregious or eccentric databasing here, we're talking about plain old simple databasing; field 1 is a name, field 2 is an address, field 3 is a telephone number, field 4 is the representative they wanted to vote for and so on and so on.
If Accenture wants to come clean, give us the design document the were handled to perform the contract, in fact, I'd FOIA that sucker in light of this offense.
IMO Windows has too large of an attack surface to be used for this; you need something with a minimal attack surface that can be updated and set up as needed. You need either Windows Server Core, or Linux. Heck, even Mac OSX would be better suited than XP or 7.
Re:If for no other reason... (Score:2, Informative)
A guy in the comments on that page posted this torrent link:
http://burnbit.com/torrent/204972/ESM_2_0_8_23_04_zip [burnbit.com]
Re:"because it is built on MS Access." (Score:4, Informative)
If this is the software I'm thinking it is, the first iteration of it was developed by a (very) small business in Arkansas in the early 1990's, and Accenture's involvement is at the end of a chain of acquisitions over the years. That company developed it for very small customers (individual counties in Arkansas). Access was chosen mostly because the owner of the company was hacking out the software himself and his choice of tools was always whatever Microsoft was promoting the hardest at the time. Regardless of the motivation, that probably was not too terrible a choice given the requirements, the nature of the data being managed, and the technology of the day. At the time Shelby County, TN became a customer (mid-90's) the data store would have been SQL Server, with Access being used for client-side data entry and reporting.
So now you know. If it's the software I'm thinking it is. I can't imagine why it has been kept in that form for so long, though.
Re:This will be really interesting (Score:5, Informative)
You're welcome. What the fuck is REPUTABLE? Someone who you have personally dealt with? Someone everyone can trust? No such person exists universally, nice Straw Man.
But anyway, here are a bunch of more reports of this with SOURCES, if you don't think the Wikipedia article is correct. As far as them being REPUTABLE, that's open to opinion. Any random asshole YOU quote from won't be REPUTABLE to me. So there.
http://www.commondreams.org/headlines03/0828-08.htm [commondreams.org]
http://www.motherjones.com/politics/2004/03/diebolds-political-machine [motherjones.com]
http://money.cnn.com/2004/08/30/technology/election_diebold/ [cnn.com]
http://www.sourcewatch.org/index.php?title=Diebold_Election_Systems [sourcewatch.org]
Your ears must hurt from having your fingers "rammed" in them so hard. You're welcome.
Re:This will be really interesting (Score:5, Informative)
I'm on the conservative/libertarian side of things most (but not all) days, but the quote is real, assuming you accept the NY Times as a source.
http://www.nytimes.com/2003/11/09/business/machine-politics-in-the-digital-age.html?pagewanted=all&src=pm [nytimes.com]
The context is important; O'Dell wrote this as a Bush fundraiser in a fundraising letter, not in his role as Diebold president. That said, reverse it, if he'd been a Kerry/Obama backer and done the same; Republicans would be rightly very suspicious.
We've had issues with robocalls and funding irregularities in Canada, but not, as far as I am aware, any significant credible allegations of ballot or vote fraud.
In the last couple of elections, where I live, we've used paper ballots (filled out with a pen) sometimes coupled with optical scan. (The disabled can have someone assist them.) This provides a surprisingly useful audit trail. (e.g. consider a box filled with ballot papers all marked for one candidate, all with a very unusual pen colour. Don't laugh, it's happened in places like Texas).
Voters are enumerated, door-to-door by multi-party teams of volunteers. To vote you have to show photo id. Felons and prisoners are able to vote; we think it's unfair to deny politicians the vote. I strongly suspect the level of voter fraud and machine politics is substantially lower than the US; history generally seems to bear this out.
The Canadian system is far from perfect, though I'm inclined to think, like the banking system up here, it's somewhat superior to the current US system.
Re:Accenture wrote it? (Score:5, Informative)
I only interviewed with them a long time ago, but here's what I saw that made me not want to work there, and should give you an idea of why they suck:
1. The whole company is structured as "move up or move out". You have to get promoted at a particular pace, or you're fired. And yes, there are fewer promotions available than there are people on the team, so your coworkers are your competitors.
2. There's a specific hierarchy and pay scale for techies which is kept separate and unequal from the hierarchy for everyone else. All techies are officially second class citizens, and there is no way for developers, no matter how much they contribute, to move anywhere beyond either a more senior developer position, or a front-line manager of developers.
3. The pay was way lower than standard for somebody with my skill set and experience. You get what you pay for.
Basically, they're the epitome of a corporate whale that provides very little real value while raking in tons of cash from big companies and government.
Re:Accenture wrote it? (Score:2, Informative)
Yeah, when I interviewed with them (also quite a while ago), the hiring manager told me, "We can train anyone to program in 3 weeks. We're not looking for highly skilled programmers." At that point I knew that all of their code must be crap and really didn't want to contribute to it. When I later learned that their business model involved overcharging the businesses of whomever the CEO was playing golf with and not caring what the results were, I was glad I didn't even bother calling them back when they wanted a second interview.
Eggcorn (Score:5, Informative)
Indeed. You've been using an eggcorn [wikipedia.org]. By far one of the most common ones in use, but every bit as nonsensical as the others found in this sampling:
===============
Allow me to play doubles advocate here for a moment. For all intensive purposes I think you are wrong.
In an age where false morals are a diamond dozen, true virtues are a blessing in the skies. We often put our false morality on a petal stool like a bunch of pre-Madonnas, but you all seem to be taking something very valuable for granite. So I ask of you to mustard up all the strength you can because it is a doggy dog world out there. Although there is some merit to what you are saying it seems like you have a huge ship on your shoulder. In your argument you seem to throw everything in but the kids Nsync, and even though you are having a feel day with this I am here to bring you back into reality. I have a sick sense when it comes to these types of things. It is almost spooky, because I cannot turn a blonde eye to these glaring flaws in your rhetoric. I have zero taller ants when it comes to people spouting out hate in the name of moral righteousness. You just need to remember what comes around is all around, and when supply and command fails you will be the first to go.
===============
My intent isn't to insult, just to encourage people to think about any phrase that doesn't actually make sense.
Re:Pearls of Wisdom from 6+ years in the field. (Score:2, Informative)
The solution to 1) and 2) is compulsory voting. Hard to play silly buggers with who votes when everyone has to. Want to see how to run elections, look at Australia. Hand counted, hand marked compulsory voting with the whole process overseen and managed by an independent, non-partisan body.