Forgot your password?
typodupeerror
Government Software Politics

Bev Harris of Black Box Voting Releases Accenture's Voting Software 245

Posted by timothy
from the ignore-man-behind-curtain dept.
Gottesser writes with this excerpt from Bev Harris's Black Box Voting: "I have found and posted the actual voter list software used widely throughout the USA (TN, WI, PA, CO, KS...) for Accenture voter registration and voter histories. I located the files on a magnetic backup tape of the hard drive of a county elections IT employee, part of a 120-gig set of discovery files. The Accenture voter registration / voter history software is highly problematic, and has been reported switching voter parties in Colorado, and losing voter histories in Tennessee. Although it is now widely known that Accenture voter list software gets it wrong, just WHY the program misreports voter information so often has never been explained. I am hoping that by releasing this software to the public, it may shed light on what's really going on with our voter registration systems. I also posted a Tennessee file with work orders and release notes which shows the Accenture software has a history of tripling votes in certain ('random') voter histories, going back to 2004. Except it is not random: Other files I discovered prove it is with primarily suburban Republican precincts that votes are somehow being recorded twice and sometimes three times for certain voters in the voter history report, and this didn't just happen in 2004; it also happened in the 2008 presidential primary and in May and August 2010, and according to election commission notes in Shelby County, also in the 2012 presidential primary. Computer buffs, have at it. Much source code exists within the structure because it is built on MS Access. I do not read source code, though I can see some structural problems with the software (for example, it allows political party ID to be set differently from one precinct to another)."
This discussion has been archived. No new comments can be posted.

Bev Harris of Black Box Voting Releases Accenture's Voting Software

Comments Filter:
  • Good work (Score:5, Insightful)

    by Hatta (162192) on Thursday June 21, 2012 @01:02PM (#40400185) Journal

    Now how long until Harris is sued?

    • Re:Good work (Score:5, Interesting)

      by durrr (1316311) on Thursday June 21, 2012 @01:14PM (#40400405)

      You means commits suicide by shooting himself once in the heart and twice in the head?

      • Re: (Score:3, Funny)

        by Anonymous Coward

        They gave her a sex change too? Whoever THEM are, THEM are good!

      • by msauve (701917)
        ITYM "she." HTH!
      • Herself

      • You joke, but Memphis is in Shelby county, and something similar happened to the new sheriff in town. He cleaned up some crime, then when he was at a gas station, he commited suicide with a shotgun. (This was the late '80s, early 90's)
      • by CAIMLAS (41445)

        No, that's the other party affiliation that kills people. This party affiliation's enemies usually end up having their hypocricies exposed, and failing those, have something embarassing manufactured to be expossesd...

    • by crazyjj (2598719) *

      Well, at least the government can't frame her on a rape charge.

  • by cayenne8 (626475) on Thursday June 21, 2012 @01:03PM (#40400197) Homepage Journal

    ...because it is built on MS Access.

    Well, there's your problem right there....why didn't they use a (real) database?

    • by Anonymous Coward on Thursday June 21, 2012 @01:05PM (#40400229)

      ...because it is built on MS Access.

      Well, there's your problem right there....why didn't they use a (real) database?

      Like Microsoft Excel?

      • by i kan reed (749298) on Thursday June 21, 2012 @01:07PM (#40400275) Homepage Journal

        At my company we base all our data on powerpoint slides. That way managers are able to present the data to other managers with the ease of 2 hours of clicking "next slide". Truly you are behind the times.

      • Re: (Score:3, Interesting)

        by Anonymous Coward

        You may joke but this was actually suggested in one company I worked at, to replace FoxPro with Excel, after all it is just a table.

        I kid you not.

      • by msauve (701917)
        More like Whatsit."
      • Re: (Score:3, Funny)

        by AliasMarlowe (1042386)

        ...because it is built on MS Access.

        Well, there's your problem right there....why didn't they use a (real) database?

        Like Microsoft Excel?

        Are you sure it was Microsoft Access the database?
        Maybe they used the original Microsoft Access [msdn.com], the serial communication program that failed to compete with Procomm and Qmodem and suchlike back in the late 1980s to early 1990s. It would explain a lot...

        Intriguingly, references to the original Microsoft Access have vanished from Wikipedia and from almost everywhere on the web.

    • Next thing you know they'll say the code was written in javascript or visual basic...
    • by gman003 (1693318) on Thursday June 21, 2012 @01:11PM (#40400353)

      Because they couldn't figure out how to get MSSQL working, they couldn't afford Oracle, the very thought of "open source" scared the crap out of them (so no MySQL/PostgreSQL), and all the other proprietary databases are (apparently) even worse than Access.

    • An Access front-end with SQL Server acting as the back-end can work just fine for relatively simple applications, but the developer still has to know what he's doing. For a simple data entry and maintenance application, I can throw something together in just an hour or two. It's less effort to do simple stuff with Access, and less effort to do complicated stuff with, say, C#. So, right tool for the right job and all that.

      But storing data in the Access database, and having it accessed by multiple users is al

      • For a simple data entry and maintenance application, I can throw something together in just an hour or two

        Looks like that's all the effort they put into this shite software, too.

      • by Jawnn (445279)
        Access should not have been used here, at all. This is an application that should have a complex set of "business rules" designed and implemented in such a way that the "mistakes" listed would not have been possible. That immediately eliminates Microsoft Access as a suitable platform. Access is (was, anyway) a fine tool for certain well-defined tasks. Whoever decided/approved it's use in this role is either an idiot or an evil genius. I put that race at even money, but that's rather another argument.
      • by bandy (99800)

        For a simple data entry and maintenance application, I can throw something together in just an hour or two.

        So Access is like HyperCard.

    • by dkleinsc (563838)

      Because it would interfere with their antivirus software [xkcd.com], of course.

    • by erik umenhofer (782) on Thursday June 21, 2012 @01:30PM (#40400695) Homepage

      This sounds like the client had requirements. No consultant in the modern day would go in there and say this is the best solution. They must of been told they had Access already and this was all they could use.

      • by gumpish (682245)

        They must of been told

        What does it mean for a person to "of been" told something?

        • When you are being paid for work by a client, they dictate what the work is at the end of the day. They are paying you. You can give suggestions etc, but if they want Access or only know Access, you are going to use Access. You are being "told" this is the only option and you use it. This has happened on countless clients.

    • by Anonymous Coward on Thursday June 21, 2012 @02:03PM (#40401343)

      If this is the software I'm thinking it is, the first iteration of it was developed by a (very) small business in Arkansas in the early 1990's, and Accenture's involvement is at the end of a chain of acquisitions over the years. That company developed it for very small customers (individual counties in Arkansas). Access was chosen mostly because the owner of the company was hacking out the software himself and his choice of tools was always whatever Microsoft was promoting the hardest at the time. Regardless of the motivation, that probably was not too terrible a choice given the requirements, the nature of the data being managed, and the technology of the day. At the time Shelby County, TN became a customer (mid-90's) the data store would have been SQL Server, with Access being used for client-side data entry and reporting.

      So now you know. If it's the software I'm thinking it is. I can't imagine why it has been kept in that form for so long, though.

      • by pkinetics (549289)

        Same reason code always stays on the same platform:

        If it aint broke, don't fix it.

        Ambiguous, or poorly written code behaviors, not making sense to anyone else, poorly documented requirements, requires the genus who built it. And that person seldom wants to revisit / be reminded of WTF code. Heck, they seldom remember their code before.

        • Re: (Score:2, Insightful)

          by Anonymous Coward

          If it aint broke, don't fix it.

          An aphorism best applied to things that aren't broken.

  • There have been a whole lot of election shenanigans in this country and in Canada. And while I don't doubt both parties have done this sort of thing, and do this sort of thing, it seems to be the Republicans who've been the biggest culprits these past 10 years or so.

    Personally, I really like the anonymous electronic voting systems based on David Chaum's digital cash work. They look like they might be independently verifiable by third parties and anonymous at the same time [wikipedia.org].

    • Re: (Score:3, Insightful)

      by cpu6502 (1960974)

      >>>it seems to be the Republicans who've been the biggest culprits these past 10 years or so.

      In my state (see post below) it was the Democrats that rammed-through these machines. The Repubs/Libertarians were opposed to the e-voting due to ease-of-vote hijacking. So..... why do you think the Republicans are the biggest culprits when they were the ones opposed to the idea? Sources please.

      • by Mister Transistor (259842) on Thursday June 21, 2012 @01:50PM (#40401081) Journal

        How about the President of Diebold quoted as saying they were "committed to helping Ohio deliver its electoral votes to the president next year." (source: http://en.wikipedia.org/wiki/Premier_Election_Solutions [wikipedia.org]).

        If that isn't a obvious Freudian slip indicating their conflict of interest with the Republican party, I don't know what the fuck is. Yes, the Dems liked the idea of e-voting but this was before the Repubs perverted the realization. The Republican party objected, then quickly found a way to get their unregulated business-connected fucktard "partners" to trample all over the process and game the system in their favor. Yeah, letting businesses run wild and do whatever they want is a REALLY GOOD thing for this country. NOT.

      • It's because whenever I see an article about these problems cropping up, about 9 times out of 10 it's the Republicans who are favored. Now, it could be article bias, but I don't think so. There are many interesting links as well. Diebold's CEO promising to deliver votes to the Republicans is one. But there are others.

        Democrats make certain kinds of back room deals with certain businesses. The entertainment industry (for example) is a big one. But Republicans make certain kinds of back room deals with certain other kinds of businesses. The voting machine industry deals feels more Republican to me. Mostly local deals not directly involving the creation of new laws. Democrats tend towards larger scale things that are directly related to political issues.

  • by hsmith (818216) on Thursday June 21, 2012 @01:16PM (#40400431)
    Lord, I wouldn't worry about tinfoil conspiracies, it is straight up incompetence.

    Their consultants are terrible, and I mean that in the nicest way possible.
    • Re: (Score:3, Insightful)

      by Jerome H (990344)

      Could you shed some light to why Accenture is so terrible ? Slashdot's search didn't return any interesting links.

      • by Anonymous Coward on Thursday June 21, 2012 @01:47PM (#40401003)

        They built a MS Access DB for the front-end and used SQL for the back-end, this is industry standard for small business clerical solutions and is dirt cheap to do.

        Microsoft has a nasty habit of removing functions out of DLL's to provide security, or changing their behavior so code breaks in ways nobody notices. Either you patch and you have a reliability problem, or you don't and get a security problem.

        It's very likely the town decided they wanted to that setup because it's easy to exploit.

        Where Accenture comes in as being a boatload of fail, is that they didn't build ANY database validation or security into their system. It's RIDICULOUSLY simple to set up several blob's for each site, set up security-per-blob by site logon, set up kiosks under guest accounts in AD that have access to just their blob, have the data aggregate into those blob's, then run a report to tally, and here's the fail part, AND ANOTHER REPORT TO CONFIRM OBVIOUS MISTAKE ON THE ROLLS A MONKEY COULD SPOT ARE NOT HAPPENING!

        Voters voting twice, the number of votes on a field being counted several times, data field error checking to ensure valid characters are in a class...the STANDARD stuff. And we aren't talking about egregious or eccentric databasing here, we're talking about plain old simple databasing; field 1 is a name, field 2 is an address, field 3 is a telephone number, field 4 is the representative they wanted to vote for and so on and so on.

        If Accenture wants to come clean, give us the design document the were handled to perform the contract, in fact, I'd FOIA that sucker in light of this offense.

        IMO Windows has too large of an attack surface to be used for this; you need something with a minimal attack surface that can be updated and set up as needed. You need either Windows Server Core, or Linux. Heck, even Mac OSX would be better suited than XP or 7.

      • by dkleinsc (563838) on Thursday June 21, 2012 @02:55PM (#40402195) Homepage

        I only interviewed with them a long time ago, but here's what I saw that made me not want to work there, and should give you an idea of why they suck:
        1. The whole company is structured as "move up or move out". You have to get promoted at a particular pace, or you're fired. And yes, there are fewer promotions available than there are people on the team, so your coworkers are your competitors.
        2. There's a specific hierarchy and pay scale for techies which is kept separate and unequal from the hierarchy for everyone else. All techies are officially second class citizens, and there is no way for developers, no matter how much they contribute, to move anywhere beyond either a more senior developer position, or a front-line manager of developers.
        3. The pay was way lower than standard for somebody with my skill set and experience. You get what you pay for.

        Basically, they're the epitome of a corporate whale that provides very little real value while raking in tons of cash from big companies and government.

    • Re: (Score:3, Funny)

      by Anonymous Coward

      As a colleague of mine aptly put it: "We suck, but the others suck more" (I am one of those Accenture consultants, though not in the US)

    • by TubeSteak (669689)

      I have a friend who recently got a job at Accenture.
      When I heard, I sent him a text with just one word: Accidenture

      And since blackboxvoting seems to be /.ed
      Here's the coral cache link:
      http://www.bbvforums.org.nyud.net/forums/messages/7659/82111.html [nyud.net]
      You'll find a torrent of the files in the comments

    • Never ascribe to malice, that which can be explained by stupidity... Doubling, tripling; sounds to me like it could be explained by an untrained operator not receiving feedback that an operation has been completed, and so clicking again on the button which initiates the operation. Combine that extremely plausible scenario with software which doesn't bother to check before re-accumulating totals, and you have a likely explanation.
      • by scot4875 (542869)

        In the case of the integrity of the voting process, what you've described is criminal negligence on the part of the software authors.

        --Jeremy

      • by mangu (126918)

        The fact that they used MS-Access clearly indicates stupidity.

        Malice could also play a part here, of course, but I know of no instance where MS-Access is used that doesn't involve stupidity;

      • by Shavano (2541114)

        Never ascribe to malice, that which can be explained by stupidity... Doubling, tripling; sounds to me like it could be explained by an untrained operator not receiving feedback that an operation has been completed, and so clicking again on the button which initiates the operation. Combine that extremely plausible scenario with software which doesn't bother to check before re-accumulating totals, and you have a likely explanation.

        But that wouldn't correlate with location or party.

    • by Jawnn (445279)

      Lord, I wouldn't worry about tinfoil conspiracies, it is straight up incompetence. Their consultants are terrible, and I mean that in the nicest way possible.

      Given the stakes, I'd still be inclined to look at malfeasance. Indeed, if I really wanted to cover my tracks, I'd have "incompetents" build my system.

  • by Anonymous Coward on Thursday June 21, 2012 @01:18PM (#40400483)

    For one, the article is /.'d so I cant even read it..

    Second, if what she is alleging is correct then yes, it needs to be spread far and wide on the 'net (and off, too, backed up all over) because letting criminals get away with stealing elections is very wrong.

    Flame me, mod me down, whatever. But to stand by idly and let people that are evil win is wrong.

    • ... than the Slashdot effect. Putting up a direct link to ZIP file on a blog and then getting the article on Slashdot is certainly a good way to melt the servers. Hopefully someone will get a torrent up for it soon so the hundreds of folks trying to download it don't trash the server (and take several days doing it since it's a 300+MB file).
  • torrent link (Score:4, Informative)

    by Anonymous Coward on Thursday June 21, 2012 @01:21PM (#40400537)

    Hey if this is against TOS then by all means, remove it.

    http://www.bbvforums.org/forums/messages/7659/ESM_2_0_8_23_04_zip__Burnbit_-82116.unk

    hopefully that is a working link to the torrent. its 325meg or so in size.

  • List, not Voting SW (Score:4, Informative)

    by Anonymous Coward on Thursday June 21, 2012 @01:23PM (#40400565)

    This is SW to maintain voter registration, not collect votes. Just because it is broken and shows a voter voted multiple times in an election does not necessarily mean that the voter actually was able to cast multiple votes or that the (independent) voting method (paper or electronic) was flawed.

  • by cpu6502 (1960974) on Thursday June 21, 2012 @01:23PM (#40400567)

    They were also joined by the MD-LP, because they knew e-voting could be easily hijacked. They felt the existed paper ballots worked just fine. Of course the Democrats have a ~70% majority in the Legislature, so they just rammed it through anyway (as they do with virtually everything). The Repub and Libertarian concerns have been proved correct 12 years later.

  • This made me laugh (Score:4, Insightful)

    by Anonymous Coward on Thursday June 21, 2012 @01:26PM (#40400615)

    I know a bunch of county elections IT people in Colorado since I work in county IT (and nervously checked TFA hoping it wasn't one of our backups that got released). Let me tell you, if you think IT is stressful, add politics and see what happens. To anyone else about to start scrutinizing this Accenture crap: welcome to the party. We have to deal with horrible, over-costed, "best of the worst" third-party solutions on a daily basis because there simply aren't any alternatives.

    Let me tell you: if you were to start an open-source project for vote-counting you would have thousands of fed-up county contributors overnight.

    • Let me tell you: if you were to start an open-source project for vote-counting you would have thousands of fed-up county contributors overnight.

      What's stopping you guys then?

  • by Orne (144925) on Thursday June 21, 2012 @01:29PM (#40400673) Homepage

    ... that votes are somehow being recorded twice and sometimes three times for certain voters in the voter history report

    To me, this sounds like someone's join isn't all that unique. Let's say you have two voters, Joe Smith, at two different addresses, that both voted. If you join a registration list with a vote list, on first and last name and not address, you actually end up with 4 combinations instead of 2, for twice the votes. Other things to check are overlapping effective/terminate date ranges, and compound primary key fields. Rookie mistakes, but big consequences.

  • Torrent link (Score:5, Informative)

    by GuruBuckaroo (833982) on Thursday June 21, 2012 @01:35PM (#40400767) Homepage
    Earlier Anonymous torrent link was incorrect. Here's the one from the site: http://burnbit.com/torrent/204972/ESM_2_0_8_23_04_zip [burnbit.com]
  • Mirrors (Score:3, Informative)

    by rainwalker (174354) on Thursday June 21, 2012 @01:37PM (#40400803)

    Since BBV is in bad shape, here's links to some mirrors.

    In the original forum thread, a poster linked a torrent for the actual software: http://burnbit.com/torrent/204972/ESM_2_0_8_23_04_zip [burnbit.com]

    I don't see a torrent for the notes archive, so here's a magnet link. Sorry if it stops working:

    :magnet:?xt=urn:btih:B206C1A526B57667D64903622A02C3B01CB22793&dn=Accenture_Wrap_up.zip&tr=udp%3a//tracker.openbittorrent.com%3a80/announce

  • by unwastaken (1586569) on Thursday June 21, 2012 @01:39PM (#40400839)
    Submitted this related article to Slashdot a few months ago [slashdot.org]. Bev Harris looked into this as well.

    To sum up the above link: An interesting phenomenon has occurred in every state of this year's Republican primaries. Votes appear to be flipped away from other candidates in favor of Romney, with a 99% correlation to precinct size. Although votes are "canvassed" (checked) after each primary, the methods used are primarily designed to detect vote stuffing, rather than vote flipping.

    This phenomenon has recently been shown to be absent if you can get your hands on poll tapes from individual machines, rather than from voting tabulators (machines that count the totals from the various voting machines).

    Voting machines are just scary stuff. More so since poll tapes are not always made readily available. Thankfully, a bill was recently introduced that would require poll tapes from individual machines (not just tabulators) to be made available by the next day following an election.
  • by sl4shd0rk (755837) on Thursday June 21, 2012 @01:44PM (#40400917)

    Highly recommend watching "Hacking Democracy".
    http://www.youtube.com/watch?v=rVTXbARGXso [youtube.com]

  • What I see so far (Score:4, Interesting)

    by Anonymous Coward on Thursday June 21, 2012 @01:55PM (#40401191)

    It's basically a bunch of monstrous Access databases. Unfortunately, most (all?) of the VBA code is in databases that have been compiled to .mde files. There's no simple way that I know of to get usable source code back from those, which is unfortunate, since that's probably where most of the damning evidence would be found. However, you can view table definitions and data, form and report designs, queries, etc. Fun fact: you can bypass the initial login by just holding the left shift key as you open voter.mde.

    • It's basically a bunch of monstrous Access databases. Unfortunately, most (all?) of the VBA code is in databases that have been compiled to .mde files. There's no simple way that I know of to get usable source code back from those, which is unfortunate, since that's probably where most of the damning evidence would be found.

      There's at least one commercial service that for taking MDEs back to MDBs with VBA source, so it is certainly doable, if not simple.

  • by Gottesser (961355) on Thursday June 21, 2012 @03:00PM (#40402275)
    I posted the article from Bev's press release. I worked on election fraud in 2004 for six years in Ohio. I was *hoping* all that time that we would find Democrats rigging for democrats. I had a punnet square going in my head. By and large 2004 was rigged for Bush. However, in the 18 of 88 counties we looked at what we found in over 30,000 photos of 126,000 ballots, poll books and signature books is that yes, Democrats sometimes rig for Republicans and Republicans sometime rigged for Democrats in down ticket races. The thing is that in a lot of Boards of Elections (county level) the "bipartisan" means someone switches parties. Sometimes this is a even a family member (the easiest one to push around).

    The recommendation and rationale goes like this... The person I trust is not necessarily the person you would trust therefore we need transparency. No system can be secured against its administrators therefore we need transparency over security.

    We must be able to verify four things. 1) Who can vote 2) Who did vote 3) Chain of custody 4) Vote count

    Failing any of these points our elections are simply staged theater. Right now, we're failing ALL these points. No electronic system can be verifiable. Can't be done. Even under a paper system its difficult to put checks in place and to have mechanisms where a single voter or group of voter can raise a concern (even an honest mistake) and have it taken care of. A botched election is notoriously hard to clean up. Especially because recounts can and have been rigged. Litigating election issues is nearly impossible. The integrity of the election cycle must be maintained so no voter off the street and even most candidates can't get an issue in court with enough time to change the outcome of an election.

    Therefore. *Most* Long term Election Integrity activists have come to support this basic starting principal: "Voter Marked Hand Counted Paper Ballots, Counted at the polls, on election night, no matter how long it takes, in full public view before all those who want to witness the count and before the ballots are moved and chain of custody issues arise."

    Now. That handles points 3 and 4 but to be honest. 1 and 2 are tricky. They kinda require databases at this point because unlike the pool of poll workers this system don't scale well with the population. Bev's been finding voter histories have been erased in several counties in Tennessee. This is important because if a registered voter hasn't voted in a while then as part of house keeping (the person may have died or moved) they eventually get purged from the voter rolls. So someone(s) in Tennessee is erasing peoples' vote history so they get purged, show up at the polls and can't vote. There's already been some court rulings to handle this. The point is we need to remain vigilant and we need things transparent so we CAN be vigilant. We don't need computers to solve everything. We need the public to relearn how to do their civic duty and to do that civic duty.

Wernher von Braun settled for a V-2 when he coulda had a V-8.

Working...