Sequoia Voting Systems hacks self in foot-"Inadvertently Releases Code" Violates Law!!!

Sequoia Voting Systems hacks self in foot
by Mokurai

Tue Oct 20, 2009 at 03:20:17 PM PDT

Breaking news:

Sequoia Voting Systems has inadvertently released the SQL (Structured Query Language) code for its voting databases. The existence of such code appears to violate Federal voting law. Read the announcement after the jump, just as received on the Open Voting Consortium mailing list earlier today.

We're telling Slashdot, HuffPo (as soon as I can get over there) and others.

More to come, once we get a chance to dig in and see in full detail what Sequoia gave us.

Disclosure: I am a founding member of OVC.

Something really big: Sequoia source code, free to download and study, no NDAs.

Jim March
to Open

00:49 (14 hours ago)

Folks, you'll love this.

Sequoia blew it on a public records response. We (basically EDA) have election databases from Riverside County that Sequoia insisted on "redacting" first, for which we paid cold cash. They appear instead to have just vandalized the data as valid databases by stripping the MS-SQL header data off, assuming that would stop us cold.

They were wrong.

The Linux "strings" command was able to peel it apart. Nedit was able to digest 800meg text files. What was revealed was thousands of lines of MS-SQL source code that appears to control or at least influence the logical flow of the election, in violation of a bunch of clauses in the FEC voting system rulebook banning interpreted code, machine modified code and mandating hash checks of voting system code.

I've got it all organized for commentary and download in wiki form at:

http://studysequoia.wikispaces.com/

...........................

Thanks,

Jim March

more:
http://www.dailykos.com/storyonly/2009/10/20/795343/-Sequoia-Voting-Systems-hacks-self-in-foot

This should be quite interesting. :popcorn:

wishful thinking ...

wishful thinking indeed - still, i do want to know what sequoia has been up to - a google search will reveal many, many, many voting "irregularities" relating to them over the years. WHY are we not on open-source machines where we can see the code at the very least... bah

:shrug: It would appear anyway..

Love Nedit. When I run Linux, Nedit is my default editor.

:kick:

This is an important story.Please,everyone,keep it kicked and rec.Maybe we can get our democracy back now.

i rarely ask for kicks - but this subject is near and dear to my heart, kp

Or I would be all over it.
Any DUers that do-please take a good look at it please.

IF it gets any play at all, we will be assured by another private voting company that of course THEIR machines are safe and they should be granted Sequoia's market share.

Grateful to those of you who continue to work on election fraud.

I love it when the bad guys hack themselves in the foot.

I love it when the bad guys hack themselves in the foot.

http://www.itwire.com/content/view/28715/1141/1/0/

>>Before continuing, let me go on record as having pointed out failures in closed-source voting systems in the past. . . .

Consequently, I am an advocate of open source in electronic voting systems. Yet, at the same time, I have to be logical and realistic. . .

While I can respect the very good intentions of the EDS and Jim March there actually is no grounds for the criticism being levied against Sequoia.

The database file has not been vandalised, and the fact March couldn’t restore the database should have tipped him off from the start he didn’t actually have the technical literacy to analyse what had been supplied.<<

I wish I still had my original copy of the file (rob-georgia.zip) from back in 2000 showing how that election was fixed. I never was able to crack it and I'm sure it's got some juicy stuff in it.

Diebold still hasn't apologized for forcing angelfire to take down my website.

There's a really simple, straightforward, absolutely secure methodology for voting.

Paper ballots cast under the watchful eye(1) of scrutineers from accredited members of political Parties.

If you absolutely insist upon doing it electronically, there's another methodology. (not necessarily in sequence)

1. The software itself is developed in an open-source environment for all to see (eg. on sourceforge). It makes use of industry standard encryption (eg. AES). Once everybody agrees, there's a code lock and an MD5 key generated on the source code. A master copy is posted to a publically available site. The software includes a "dashboard" display confirming it's working correctly(2).

2. A hardware platform is agreed upon, likely intel. Sorry Sun, IBM, etc. - nice chipsets but we need to keep the cost down. Certain caveats are allowed, such as no on-board wireless or cameras (which pretty much eliminates most laptops). Mirrored hard drives are worth a thought. Don't forget a heavy-duty UPS with automatic shutdown capability (so the software can shut down gracefully).

3. A secure, open-source, non-proprietary operating system is agreed upon. Sorry Microsoft. Think OpenSolaris, OpenBSD, some linux variant.

4. A compiler is chosen, likely some version of gcc. The source code is provided at the public site.

5. A database platform is selected (if necessary). Likely MySQL assuming Sun/ORACLE can keep an arms-length away. The source code is provided at the public site.

6. File comparison utilities are agreed upon (eg. diff, cmp) and source code provided etc.

7. Scanning and printing hardware is selected (if necessary). Access is provided (either at a location or by purchase/rent) to developers. Source code for drivers is provided at the public site.

8. A methodology is determined for "hardening" the system by removing all extraneous applications, drivers, code libraries, utilities.

9. A disk-wipe methodology is agreed upon and developed. It will run from cd.

10. Early on election day (eg 4 a.m.), election officials and Party scrutineers gather in the secured voting area (a quorum must always be present) and follow a set procedure:

1. equipment is uncrated and inspected to confirm it matches the specifications
   
2. diagnostics is run on the equipment to confirm it is functioning correctly and to specifications
   
3. the operating system of choice is installed from media confirmed to be "official" (checksums etc.)
   
4. the operating system is "hardened" (first pass) to provide only the functionality required below
   
5. the source code for the compiler, file comparers, drivers, database and election software is placed on the machine and confirmed (checksums, diffs to the original, hand-inspection)
   
6. the compiler is compiled and confirmed to be functioning correctly
   
7. the file comparison utilities are compiled and confirmed to be functioning correctly
   
8. the encryption software, hardware drivers, database and election software are compiled and confirmed to match specifications (checksums, file sizes, diffs)
   
9. the system is hardened (second pass eg. disable compilers) to provide only functionality required below
   
10. the various software bits are installed, confirmed to be working both stand-alone and in conjunction with each other
    
11. the hardware is tested to confirm it works with the software and to specification
    
12. the system is hardened (third pass eg. disable installers) to provide only functionality below
    
13. the system is set to a state so that it is ready to be used but not actually active (eg. initialize the databases)
    
14. the system is set to active and voting occurs
    
15. the dashboard is checked during the day for problems
    
16. when voting is finished, final printouts occur
    
17. election results are produced and sent by secure method to central repository
    
18. final diagnostics are run to confirm that nothing changed (checksums, executable sizes)
    
19. paper scan ballots are collected and placed in sealed envelopes (see Canada's system for further details)
    
20. the hard drive(s) are removed from the computer and placed in secure storage along with the installation media and any other materials other than the computer itself
    

----------------footnotes-----------

1. Except for the actual marking of the ballot - that's done behind an inexpensive cardboard screen. When nobody's actually marking ballots, scrutineers or election officials may go back to check nobody's left campaign materials or grafitti.

2. Yes, this could be faked, but the evidence would show up later.

what a loss to society!

the logical flow of the election."

Maybe this will help us be sure that the 2010 elections' logical flow is not subjected to undue influence.