crossposted:
http://www.democraticunderground.com/discuss/duboard.php?az=show_mesg&forum=389&topic_id=6819965&mesg_id=6819965Sequoia Voting Systems hacks self in foot
by Mokurai
Tue Oct 20, 2009 at 03:20:17 PM PDT
Breaking news:
Sequoia Voting Systems has inadvertently released the SQL (Structured Query Language) code for its voting databases. The existence of such code appears to violate Federal voting law. Read the announcement after the jump, just as received on the Open Voting Consortium mailing list earlier today.
We're telling Slashdot, HuffPo (as soon as I can get over there) and others.
More to come, once we get a chance to dig in and see in full detail what Sequoia gave us.
Disclosure: I am a founding member of OVC.
Something really big: Sequoia source code, free to download and study, no NDAs.
Jim March
to Open
00:49 (14 hours ago)
Folks, you'll love this.
Sequoia blew it on a public records response. We (basically EDA) have election databases from Riverside County that Sequoia insisted on "redacting" first, for which we paid cold cash. They appear instead to have just vandalized the data as valid databases by stripping the MS-SQL header data off, assuming that would stop us cold.
They were wrong.
The Linux "strings" command was able to peel it apart. Nedit was able to digest 800meg text files. What was revealed was thousands of lines of MS-SQL source code that appears to control or at least influence the logical flow of the election, in violation of a bunch of clauses in the FEC voting system rulebook banning interpreted code, machine modified code and mandating hash checks of voting system code.
I've got it all organized for commentary and download in wiki form at:
http://studysequoia.wikispaces.com/ This is the first time we can legally study a voting system's innards without NDAs or court-ordered secrecy.
Join the fun :). First goal is to prove that Sequoia did in fact vandalize the data files by stripping the MS-SQL headers - if so that will affect other public records inquiries against Sequoia.
Second goal: what does the code do, what are the security implications, is it as big a violation of the FEC rulebook as it appears?
Thanks,
Jim March
more:
http://www.dailykos.com/storyonly/2009/10/20/795343/-Sequoia-Voting-Systems-hacks-self-in-foot