Forgot your password?
typodupeerror
Security

Help Black Box Voting Examine ES&S Software 197

Posted by kdawson
from the ooh-fresh-code dept.
Gottesser writes, "Bev Harris of Black Box Voting has asked for the help of the Slashdot community. She would like people to take a look at ES&S's central tabulator software and start reporting on their impressions of it. This is a past release of the software but it is similar to the applications in production. Sorry, no source code." Read on for Bev's request and pointers to the code repositories. Update 23:38 GMT by SM Bev has confirmed that blackbox1.org is indeed owned by BlackBoxVoting making both a comment in the discussion and a post on the front page of blackboxvoting.org to help assuage reader fear/doubt.


From Bev:

"ES&S 'Unity' central tabulator software.

Software stash: three zip files --
http://www.blackbox1.org/ems.zip
http://www.blackbox1.org/un5.zip
http://www.blackbox1.org/Unity.zip

User Manuals for ES&S software can be found here:
http://www.bbvforum s.org/forums/messages/2197/2864.html

This is the ES&S central tabulator software, the ES&S counterpart to the Diebold GEMS central tabulator software. No source code, sorry, and no software for the precinct machines. This is reportedly one generation back, but from what I'm told has significant similarities to the new stuff. I would appreciate it if you can provide me with feedback on your impressions after looking at it. You may want to Slashdot it or whatever.

Best,

Bev Harris
Founder
Black Box Voting

This discussion has been archived. No new comments can be posted.

Help Black Box Voting Examine ES&S Software

Comments Filter:
  • Don't bother (Score:4, Insightful)

    by jrivar59 (146428) on Monday November 13, 2006 @03:39PM (#16827366)
    I would argue that examining this software is counter productive, and not a good use of resources.

    The fact that it is closed and "secret" is offensive enough on its own to protest for change. If democratic election is not the most obvious case for open source (and open hardware), then nothing is.
    • Re: (Score:3, Insightful)

      by CastrTroy (595695)
      How does open source software help voting machines anyway. I mean, how do you prove that the code that's released and analyzed is actually the code loaded onto the thousands (or more) of voting machines around the country? There's too little transparency with computerized voting. I don't care how many people have verified the code is secure, because nobody will be verifying that the code on every voting machine is the code it's supposed to be. It's much easier to just use hand counted paper ballots.
      • Re:Don't bother (Score:4, Insightful)

        by SkunkPussy (85271) on Monday November 13, 2006 @03:56PM (#16827622) Journal
        If you know the source code of the software (including build options etc), and the compiler/linker versions that have been used to build it, it will be possible to prove whether or not the binary code on the machine was generated from the source code in front of you.
        To be more precise, you will be able to prove that the source code in front of you combined with those compiler/linker options generates the same binaries as exist on the machine. If your compilation does not generate the exact same binaries, then someone has some explaining to do.
        This is the advantage of OSS voting code - it allows independent verification of the process without requiring a huge amount of trust to be invested in any stage of the process.

        • by Smidge204 (605297)
          But would you be able to prove that the binary that is actually being used is the one made from the public source? You could even install the software yourself but that doesn't mean someone can't sneak in their own version and hide it.

          That's what the parent was saying - can you guarantee that the public source code is actually used at the time the votes are tallied? Verifying binaries is not enough.
          =Smidge=
        • Re: (Score:3, Insightful)

          by CastrTroy (595695)
          My sibling poster seems to have gotten the point. You can verify 1 executable, but you can't verify all the executables, on all the voting machines. This is a significant problem, because someone has physical access to those machines. Think about game consoles. We've all seen what happens when you put a mod chip in a unit that was once thought only to run specific signed software. The point is, is that you can get these voting machines to run any software you like, and there's nothing guaranteeing you
        • Re: (Score:3, Insightful)

          by Chris Burke (6130)
          If you know the source code of the software (including build options etc), and the compiler/linker versions that have been used to build it, it will be possible to prove whether or not the binary code on the machine was generated from the source code in front of you.

          No, you cannot prove it, because you cannot know that the software/hardware isn't lying to you. It's like a rootkit, designed to fool you into thinking everything is normal while simultaneously subverting the machine. It's only even conceivabl
          • by kevinadi (191992)
            lobbying for open source is counter-productive.


            Not to mention dangerous. You can't really prove that the source code is used to generate the executable, but they can argue that the source is perfectly fine and lie about the executable. More vote mangling can happen that's cannot be proven. It'll be disastrous.
            • by Chris Burke (6130)
              Yeah, good point, all the people asking for source shows that if they get source they'll think they're okay. Ugh. Let's kill this stupid idea.
      • Not only that... (Score:3, Insightful)

        by Burz (138833)
        You are correct... perhaps the only way to tell for sure would be to compile the software on-the-spot after performing diffs to check for authenticity. Plus the OS and compiler would have to be verified as not being tampered with.

        People--- Maintaining the integrity of anonymous transactions just isn't compatible with the nature of complex computing systems. Even fully-identified transactions, as in banking, are precarious enough to warrant an industry of anti-malware (which sadly, often cannot create a secu
        • by kbielefe (606566)

          For the above reasons, only physical ballots can ultimately be considered as real. Any such voting system that does not print a physical ballot is a fraud.

          It's the decision that matters, not the medium on which it is recorded. The counting is outside of the voter's control as soon as he leaves the polling place in any case.

          Computerized ballots could actually be more secure if implemented correctly. Unfortunately, the need to provide both anonymity and verifiability is a serious technical challenge. Her

    • Re:Don't bother (Score:4, Insightful)

      by Chris Burke (6130) on Monday November 13, 2006 @03:54PM (#16827574) Homepage
      True, and I'll go further. Trying to examine the software for flaws makes it sound as though evident flaws in the software are the problem with the current crop of voting machines. They are not. The problem with the current crop of voting machines is that they do not produce a paper ballot that is the actual counted ballot.

      Software is an illusion. You, as in a non-employee of an electronic voting firm, will never be able to prove that whatever software you audit and trust is actually running on the machine. You will never be able to guarantee that there isn't malicious code in the machine. You will never be able to prove it has no bugs. You will never be able to prove that it actually stored your vote in its internal memory exactly as you recorded it.

      However, you can be sure that a printed ballot has correctly recorded your vote, because you can read it.

      Give me a printed paper ballot, and I won't need to check the software for bugs. If it prints my ballot correctly, it's good enough. If it screws up, it's buggy. That easy.
      • by broller (74249)
        Give me a printed paper ballot, and I won't need to check the software for bugs. If it prints my ballot correctly, it's good enough. If it screws up, it's buggy. That easy.

        That's not exactly true. I could create a machine that prints a ballot that shows whatever voting choices you made, and internally it records whatever voting choices that I made. The "Hacking Democracy" documentary about Black Box Voting shows that it is already possible to change votes in the machine while printing a paper summary that
        • Re:Don't bother (Score:5, Insightful)

          by Chris Burke (6130) on Monday November 13, 2006 @04:51PM (#16828408) Homepage
          From my first post, emphasis added: The problem with the current crop of voting machines is that they do not produce a paper ballot that is the actual counted ballot.

          I'm not talking about a paper summary, I'm talking about a paper ballot.

          That's the point. You can do whatever the hell you want inside the machine, perform whatever trickery you want, but if it prints a ballot with the choices I made on it, then that is all that matters and your trickery was for naught.

          Anticipating the next question of "why electronic voting at all then?", the answer is the same reason we moved to it in the first place: preventing poorly formatted ballots from causing invalid votes, and for accessibility reasons.
          • How about the machine counts the paper ballot you filled out and drops it in a bin? That's what my precinct uses and most people puzzled over the sight of the one, single touch-screen machine, barely giving it notice, much less use.
            • Re:Crazy idea... (Score:4, Interesting)

              by Chris Burke (6130) on Monday November 13, 2006 @09:06PM (#16832206) Homepage
              How about the machine counts the paper ballot you filled out and drops it in a bin?

              Yeah, and in theory, it could also tell you if it couldn't read the ballot because it was badly formed. Okay, machines can already do that, though in some notable cases in Florida this capability was disabled (but people just assumed it was because those voters were idiots).

              I do think an electronic ballot machine has some advantages. I like the part of e-voting where I can easily browse candidates, click buttons that show the full text of any propositions or measures being voted on, easily change a vote if I decide to change my vote, and so on. I like the idea of eliminating penciling errors by having the computer print it. I like the accessibility options e-voting can give.

              In my ideal e-voting world, you'd have one machine that prints ballots on card stock in a human-and-machine readable format (with the same markings, not human-readable-text and a barcode). You'd take the ballot it prints out and put it in a different machine that could count the vote. In fact, because the format of the ballot would be a matter of public record, anyone could make a ballot counting machine and after passing some basic certification (that it doesn't mangle ballots for example) could bring it to the election to verify that their machine got the same count as everyone else's machine.

              Of course something simple like you describe works. As long as there is the paper record which is considered authoritative, and the machine count only an initial estimate, then that's a voting system I support.
        • GP said: The problem with the current crop of voting machines is that they do not produce a paper ballot that is the actual counted ballot.

          If they count the paper ballots, it doesn't matter what the machine is recording internally.

          I'd go so far as to say that it might be enough to just count some of the paper ballots, at random, to make sure they match what the electronic records say they should. If not, recount all of the paper and throw out the electronic records. And start indicting (and/or summar
    • by Aceticon (140883)

      I would argue that examining this software is counter productive, and not a good use of resources.

      The fact that it is closed and "secret" is offensive enough on its own to protest for change. If democratic election is not the most obvious case for open source (and open hardware), then nothing is.

      Agreed - this is very much a case of a social problem, not a technical problem.

      Either the source code should be open sourced or the source code should be checked by and independent, technical-savy third party.

      Throwi

    • Re:Don't bother (Score:5, Insightful)

      by daveschroeder (516195) * on Monday November 13, 2006 @03:58PM (#16827650)
      Why aren't we simply fighting for a permanent voter-verified paper trail, instead of always saddling every e-voting initiative with demands that EVERYTHING, hardware and software, be open source?

      Don't get me wrong: I'm not saying it's not a good idea.

      What I'm saying is this: since, even if recounts must be requested every time, a permanent voter-verified paper trail (and a true comprehensive system with regular audits and comparisons between paper vote counts and tabulations) solves almost everything, why are we instead trying to essentially unseat established, commercial enterprise e-voting vendors?

      Wouldn't a more productive approach be to simply get a paper trail into place, since even an open source system is almost as worthless without one?

      Keep in mind, too, that an open source system still needs to go through complex certification processes and code freezing just like the commercial products do. Even though the commercial products aren't "open source", the certification process allows for the necessary level of inspections by election agencies and external entities. The problem was the certification procedures being routinely ignored or bypassed for convenience, something that can just as easily happen with an "open source" solution.

      The problem is that doing an electronic, anonymous, secret ballot that also exists in a system that attempts to enforce one-vote-per-person, combined with all the complexities and vagaries of local municipal and county systems is a lot harder than doing a vertically integrated system for one corporate customer (such as a bank).

      Keep in mind, too, that much of the legislation (such as the Help America Vote Act) that essentially mandated e-voting in the hopes of ensuring uniform access to modern voting equipment was done in response to complaints about unfairness and inconsistency with manual systems in the 2000 elections, and not just in Florida. The one critical error was not explicitly recognizing that an electronic secret ballot is a hard thing to do, even without corruption, fraud, and incompetence, and a paper trail wasn't specifically mandated. And no, that wasn't by design. It was an error of omission.

      Now, states, counties and municipalities have had to shell out hundreds of thousands, and sometimes millions, more dollars to add and retrofit certified paper trail functionality to existing systems (which, indeed, many are doing). But all e-voting vendors offer it. It just costs a lot of money.

      So instead of trying to push out enterprise vendors with multi-million dollar contracts (which is essentially what demanding "all open source" would do, since no commercial vendor is going to open up ALL of their software and hardware code and designs), why not just work to get a permanent voter-verified paper trail in place in as many places as possible as soon as possible, perhaps even mandating it via legislation, since that will be required no matter what system is implemented?

      What's more important: the egos of the people who have a vendetta against Diebold, Sequoia, and ES&S, or actually getting a mechanism into place as quickly as possible that guarantees votes will be accurately cast and counted (and at a minimum immediately shows if there is a problem? (And yes, I DO expect the burden of actually looking at the piece of paper to verify that it's correct to fall on the person who is voting.)
      • Very good point. I hope you get modded up.

        The State of California now requires a paper audit trail. I asked a friend of mine who works as a poll worker volunteer about the system used in Orange County, California. She gave me a detailed and intelligent response with specific information on how it works now. I posted these under another article, but it didn't the attention that I thought her remarks merited. I am also interested in any responses to them.

        The "OC" uses voting machines with a paper aud

      • by lcde (575627)
        Contact your representative and support the Paper Ballot Act of 2006 [theorator.com].

        Requires the use of paper ballots for Presidential races.
        • Wow. Looking into that bill on Thomas, I found a ton of other bills titled something to the effect (like the one you reference above) of "To amend the Help America Vote Act to require voter-verified paper ballots and for other purposes", one of which, HR 939, was last seen when it was being referred to the subcommittee on Crime, Terrorism, and Homeland Security. I didn't read the full text of the legislation, but from the summary it had nothing to do with any of those 3 things. Was this a message from th
      • by Bent Mind (853241)
        Why aren't we simply fighting for a permanent voter-verified paper trail,
        I completely agree.

        So instead of trying to push out enterprise vendors with multi-million dollar contracts (which is essentially what demanding "all open source" would do, since no commercial vendor is going to open up ALL of their software and hardware code and designs),
        This part I don't understand. How would requiring open source software in such a small niche market push enterprise vendors out? Patent and copyright still protect
      • by bheading (467684)
        What I'm saying is this: since, even if recounts must be requested every time, a permanent voter-verified paper trail (and a true comprehensive system with regular audits and comparisons between paper vote counts and tabulations) solves almost everything, why are we instead trying to essentially unseat established, commercial enterprise e-voting vendors?

        You guys are totally missing the point.

        Why would anyone ask for a recount ? Two reasons :

        (a) the vote is really close and people feel there might have been
      • Why aren't we simply fighting for a permanent voter-verified paper trail, instead of always saddling every e-voting initiative with demands that EVERYTHING, hardware and software, be open source?

        Instead implies that the people seeking open solutions are not seeking voter verified trails. While I've met people concerned about voter-verified paper trails that are not concerned with open solutions, I've never met anyone who goes the other way, so I think you are misunderstanding the problem.

        We're seeking "reli

  • Is this the software that was programmed by ES&S for their machine or is this the code that was inserted onto the machines by the hired hackers of the evil, election stealing politicians, as demonstrated on HBO [google.com]? I've got to know these things...
  • How does one reliably examine software without the source code? Why would anyone bother spending time on this? What, we're supposed to look at an executable and say "yeah, looks like things can't be faked, hacked, or misinterpreted"?
    • by skids (119237)
      ...with a dissasembler.

      Yes, it's work what she's asking for.

    • How does one reliably examine software without the source code?

      You're right, you can't tell as much from an executable as you can from looking at source. But it's still possible to make observations about behavior, operation, ways to break it or alter election results, all without looking at the source. I'm sure if Bev (or anyone else) could get the source code for the voting software, she would do so. For now, this is all she's got.

      Why would anyone bother spending time on this?

      Because our public elections
    • How does one reliably examine software without the source code?

      I haven't looked at any of this sort of thing in awhile, but the easiest way used to be to disassemble it into assembly and read that. It's not /that/ obscure a skill. Folks in the security community use similar methods for analyzing worm/virus code pretty regularly.

      The last time I looked, I seem to remember some folks working on decompilers that would produce higher-level languages (mostly C, that I recall), but have no idea if anybody ever
      • Re: (Score:3, Interesting)

        by Chris Burke (6130)
        The last time I looked, I seem to remember some folks working on decompilers that would produce higher-level languages (mostly C, that I recall), but have no idea if anybody ever got 'em working well.

        It's been about five years since I touched one, but they work well enough. They do a fine job of identifying basic blocks, variables, and functions, and produce code that can be fed back into a compiler. The big problem is that it's still largely unreadable because it doesn't have any of the conceptual meanin
    • Re: (Score:3, Informative)

      by Unnngh! (731758)
      You don't need the source code, don't even need a disassembler. I know that it would take me the better part of the next two months to get a grip on the assembly behind a windows app. Having the source code would be a different story.

      The first thing you want to do is figure out, broadly, what it's supposed to do. Install the software. Get it running. Look over the buttons and menu options. Look over the manual. Next I'd start examining the likely inputs and outputs. What data gets fed into the so
  • Legality (Score:4, Interesting)

    by mattwarden (699984) on Monday November 13, 2006 @03:58PM (#16827644) Homepage
    Um, before I download this software onto my computer, would Beth like to comment on (a) how she got it, and (b) to what extent it is legal for her to be housing it on her server?
  • by creimer (824291) on Monday November 13, 2006 @04:04PM (#16827724) Homepage
    Is there a reason why my computer is leaning to left now that I'm running the software?
    • Is there a reason why my computer is leaning to left now that I'm running the software?

      Someone made a typo in the source code. It's supposed to be leaning to the right. Or maybe that was Diebold's software.
  • by Paladin144 (676391) on Monday November 13, 2006 @04:05PM (#16827736) Homepage
    You may want to Slashdot it or whatever.

    Yes. Yes, we will.

    Now stand back and let us get to work. We live for this shit... To some people it's just a job, but not to us, man. It's a passion. When we saved those baby orcas by slashdotting all of S.P.E.C.T.R.E.'s servers it was like.... wow, man. I've never felt so free.

    I don't think of myself as a hero. I'm just doin' my job, ma'am.

  • They note they don't have software for the precinct machines. The iVotronic software for the precinct machines would be a little harder to read for the general programmer, because it runs on a custom-built embedded device. But it is 386EX compilable, so it might be possible. It's certainly more hack-resistant from the outside due to the more proprietary nature of the system (greater obscurity). I don't believe the linux-based iVotronic was ever revived after the project was cancelled in June 2003.

    The s

  • by Dave21212 (256924) <dav@spamcop.net> on Monday November 13, 2006 @04:08PM (#16827784) Homepage Journal

    We should take a vote using GEMS to see if the Diebold software is good or not :) I'm predicting a landslide !

    Seriously though, I'm a little disapointed in the comments so far. First, this is not a political/partisan issue. Second, you don't need the source code to evaluate the operation of this software. Sure, it would be easier if we had it, but are you telling me that nobody here knows how to run a debugger or decompile some simple windows code ??? How many of you are drooling at the chance to take a whack at this stuff ? Go to it !@

    For you people whining about no source code, how about you leave the real hacking to the real hackers and go back to your QA jobs :) Besides, I think it will be interesting to see what people come up with *without even having the source* - it's more of a real world test that way.

    • by kevinadi (191992)
      Well, the version is the one before the current one. So even if this one works, there's no telling the current one will be the same. "Generally the same" doesn't mean it is. All it takes is one line of code to cheat an election, but the source will still be 99.9% similar.

      All in all, I say it's a waste of time AND a possible trap. Now blackbox can argue "it's been examined by the community". However, they can still cheat on the actual voting machine itself since what's available is only the tabulator.

      I'm pro
  • by Chandon Seldon (43083) on Monday November 13, 2006 @04:09PM (#16827808) Homepage

    The important thing isn't the voting software, it's an effective voting procedure.

    There is a known effective voting procedure using paper ballots, ballot boxes, and little old ladies (err... party representatives) to count them. This procedure has one important property: fraud attempts tend to get thwarted because the little old ladies will yell when something fishy happens. ANY VOTING SYSTEM WITHOUT THIS PROPERTY SHOULD NOT EVEN BE CONSIDERED.

    It may be possible to design a voting procedure using computers that is similarly effective. Here's the important thing: it needs to retain the property that little old ladies observing the process can immediately tell if something fishy is going on. NO FULLY COMPUTERIZED SYSTEM CAN HAVE THAT PROPERTY.

    Someone suggested the following system here on Slashdot:

    1. Paper ballots are marked, either with sharpies / pens or from touch-screen ballot generating machines.
    2. They go into standard ballot boxes.
    3. Those ballots are brought to a central tallying location using the standard ballot-box protection procedures.

    At the central tallying location, for each race:

    1. The ballots are put into a sorting machine that sorts based on the votes in that race.
    2. Observers check the sorted piles to make sure that they are properly sorted.
    3. The sorted piles are put into a counting machine - there's your counts. If the counts look wrong based on pile size to any observer, it's manual count time.

    If any candidate, observer, or 50 signatures question the validity of the counting machine's results - a manual recount occurs for that precinct. Every time - no "but that would be effort" bullshit.

    This system takes all the properties of the hand count system and preserves them while spending money to gain two properties: Ballot generating machines for the blind, and fast counting for people who think that matters. Ballot generating machines are an easy problem, and sorting / counting machines are pretty cheap. We might have to use heavy cardstock for the ballots to survive the sort/count process for every race - that's $50 I'm willing to spend.

    • Re: (Score:3, Interesting)

      by cdrguru (88047)
      Yes, and for centuries we haven't cared if the error margin of the little old ladies was 1% or even 2%. If one precinct's results got flipped around because of errors, it didn't matter because of the sheer number of precincts and their small size - usually much less than 100 people per precinct for most of the last 200+ years.

      Unfortunately, we are now caring a lot more about accuracy. The current manual processes can't handle the requirements for 100% accuracy or at least accuracy way beyond 0.9%. Could
      • First, speed of counting is not something that we can sacrifice trustworthiness (or accuracy) for. If the news reports a result, and the count comes back a week later with some other result... so be it. The politicians are going to have to stop sucking at PR and make proper public statements in the few hours after the election - the correct statement is either "Yea, the exit polls said I only got 20% of the votes, that sucks" or "This one's pretty close, I guess we'll have to wait for the official result to

    • You just said that a physical ballot must be printed in order for the machines to be trusted.

      So I agree with what you're saying, except the general sentiment that software doesn't matter. If it doesn't print a ballot that the voter examines and hands to a polling clerk, then its bogus.
      • My point is that if you're printing a ballot that the voter is going to inspect, and the voter can clearly see that the ballot is correct, then the software can do whatever it wants - print random ballots, print ballots that only mark Green Party candidates, who cares - the voter will see it and it will get fixed with no possibility of vote fraud as the result of the voting machine code.

        If the voting machine code matters, then the design has already failed. An arbitrary voter can easily verify a paper bal

  • Computers are just not designed to accept input, and increment and integer. Its crazy talk, more science fiction than reality.
  • Hopefully putting to rest any questions as to who is who. I posted this discussion at Slashdot as the lead story on blackboxvoting.org [blackboxvoting.org] Cheers.
  • by slackmaster2000 (820067) on Monday November 13, 2006 @05:31PM (#16829216)
    BlackBoxVoting is essentially "Bev Harris", and it's an organization concerned about the implications of electronic voting.

    No point in getting into the goods and bads of electronic voting, because all we have here is somebody not associated with ES&S posting a copy of the ES&S software. Another slashdotter has posted at least three times in this discussion that this is all legit because he called and spoke with Bev Harris -- but Bev Harris is *not* from ES&S. Her validation does not make the software legal to obtain.

    I found a very interesting little news article from two years ago: http://www.seattleweekly.com/news/0410/040310_news _blackbox.php [seattleweekly.com]

    "Harris started surfing the Web. On Jan. 23, 2003, she hit the mother lode. On an unprotected Web site, she found 40,000 files of Diebold Election Systems' source code--the guts of software to run touch-screen voting machines. ... After a little soul searching, Harris downloaded the Diebold software files. It took 44 hours, and they filled seven CDs. By July 2003, after months of informal review and discussion among her friends and allies, Harris decided to allow Scoop, an "unfiltered" news Web site in New Zealand (www.scoop.co.nz/mason), to make the files available to anyone who wanted them. It wasn't a decision she made lightly."

    Given her past actions (and without getting into the ethical or moral value of her crusade) I highly doubt that she has the legal right to distribute the software that she's making available today.
  • ES&S is the company contracted in Arkansas to provide electronic voting machines. Unfortunately it's a little too late for Randy Wooten [slashdot.org]
  • What is the point in evaluating voter machine software, source code or otherwise ?

    There is no way to prove that the software evaluated was actually the exact software deployed on the machine.

    Democratic electronic voting is an impossibility. You cannot do it.
    • Democratic electronic voting is an impossibility. You cannot do it.

      I'm not convinced that it is an impossibility. I am convinced that so far nobody has done it, but I am not willing to rule out that it is possible somebody could.

      I think it's important to look at it from several angles. One of them is procedure, which someone else has already mentioned. Even for good old-fashioned paper voting, a proper procedure is necessary to make sure someone doesn't stuff the ballot boxes or similar. The proce

Some people have a great ambition: to build something that will last, at least until they've finished building it.

Working...