Blogged by John Gideon, VotersUnite.Org
“The problems we found in the code were far more pervasive, and much more easily exploitable, than I had ever imagined they would be.” Matt Blaze 02 August
Today the California Source Code Review Reports were released by Secretary of State Bowen’s office. Reports were released on the Diebold, Sequoia, and Hart Intercivic voting systems.
The lead researcher for the Sequoia source code team was Matt Blaze. In his blog, Exhaustive Search, Blaze discusses the results of all of the inspections.
I was especially struck by the utter banality of most of the flaws. Exploitable vulnerabilities arose not so much from esoteric weaknesses that taxed our ingenuity, but rather from the garden-variety design and implementation blunders that plague any system not built with security as a central requirement. There was a pervasive lack of good security engineering across all three systems, and I’m at a loss to explain how any of them survived whatever process certified them as secure in the first place. Our hard work notwithstanding, unearthing exploitable deficiencies was surprisingly — and disturbingly — easy.
Blaze then concludes with what may be a hint of decisions to come:
This means that strengthening these systems will involve more than repairing a few programming errors. They need to be re-engineered from the ground up. No code review can ever hope to identify every bug, and so we can never be sure that the last one has been fixed. A high assurance of security requires robust designs where we don’t need to find every bug, where the security doesn’t depend on the quixotic goal of creating perfect software everywhere.
In the short term, election administrators will likely be looking for ways to salvage their equipment with beefed up physical security and procedural controls. That’s a natural response, but I wish I could be more optimistic about their chances for success. Without radical changes to the software and architecture, it’s not clear that a practical strategy that provides acceptable security even exists. There’s just not a lot to work with.
I don’t envy the officials who need to run elections next year.
With this crazy amount of exploits found and documented now, we could pretty much say with certainty, “we have lost the right to vote since the moment these electronic voting machines came into existence.”
Anyone with even a basic understanding of electronics and programming and physics could have told you.
So, who’s the fucking domestic terrorists behind the corruption that has totally infested our blessed government, the media and destroyed our constitution, bill of rights, Geneva Conventions, Habius Corpus, Wiretapping, PRivacy, Death of our kids by War, Billions of missing dollars, and on and on and on?
And what are we going to do about these domestic terrorists? Nothing? Censor? Slap on wrist?
These machines go, the corruption goes or were fucking done. It’s at the point where I can’t write my own senators anymore because I can not treat them with respect, because OATH OF OFFICE BREAKERS DO NOT DESERVE RESPECT, THEY DESERVE JAIL.
Phil #1
Speaking of secret codes, source, and terrorism, as you point out, how can we vote them out for doing this:
(HuffPo, emphasis added). But why does preznit blush need it when he has all that power anyway? Evidently the FISA court ruled it illegal:
(ibid, emphasis added). Ring them bells and call congress and tell them not to give our 4th Amendment to the bushies for trash.
The access to source code is like sunlight on germs. It is one reason S. 559 has some good points to it:
(S. 559, Nelson D-FLA). The republicans in the House committee strongly opposed open disclosure of source code. The EVM companies are owned by republicans and they don’t want people to see how mickey mouse they are treating the right to vote and have it count.
The voting machines in the House are failing at this moment. It could be a hack. It is on CSPAN now.
The FISA law, already weak, is in danger of being weakened further on demand of preznit blush.
Call 202) 224-3121 and they will switch you to any Senator or Representative. You can call all of them you want to.
Tell them to stand up for America and uphold the 4th Amendment requirement for a warrant before spying on any American under any condition.
“The voting machines in the House are failing at this moment. It could be a hack. It is on CSPAN now.”
I never thought of that! Good catch, Dredd! Who says the machines actually in the House and the Senate are accurate?
Has there ever been anything said here about that? We only talk about the public’s vote machines!
I think there needs to be a follow-up on Dredd’s comment!
What kind of voting machines do they have in the House? How come we never talk about that?
I have a question about this statement made by: Dredd said on 8/3/2007 @ 10:36 am PT
`(9) PROHIBITION OF USE OF UNDISCLOSED SOFTWARE IN VOTING SYSTEMS- No voting system used in an election for Federal office shall at any time contain or use any software not certified by the State for use in the election or any software undisclosed to the State in the certification process. The appropriate election official shall disclose, in electronic form, the source code, object code, and executable representation of the voting system software and firmware to the Commission, including ballot programming files, and the Commission shall make that source code, object code, executable representation, and ballot programming files available for inspection promptly upon request to any person.
I have proof that Sequoia has not disclosed all the software used in the creation of a DRE ballot from a Paper ballot.
Is the above statement part of HAVA? At this point in time, their is no law to hold the vendor accountable. Is this correct?
Thank you
Concerened citizen about the quality in every state that deals with Sequoia.
P.S. Hi Marvin!!! at SVS
Gerard,
That is federal legislation that has not come to the floor for a vote yet.
The ballot definition files probably should be included in the certification process but it hasn’t been in the past and I’m not sure how they would do that for every election.
Gerard #7
The section of S. 559 (the Senate compliment to HR 811 – congress is bi-cameral) that you ask about, if you look closely, says:
(See post #3). If that section stays in the final version of the three bills, then anyone would be able to view all of the source code, including the part that constructs and prints out the individual paper ballot.
As John pointed out, neither HR 811 nor S. 559 have come to a floor vote. There are two versions of HR 811, and one version of S. 559. And I should point out that the Senate committee has not moved S. 559 out of committee nor have the held hearings on it.