Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
United States

Journal pudge's Journal: Sequoia Voting Machine Hacking, and Revealing My Votes 9

Journal by pudge

Sequoia Voting Machine Hacking

Some of you may have seen this story about hacking Sequoia voting machines.

My county uses those machines, a grand total of four of them in the Auditor's office. They have the yellow button.

However, the steps listed on that page are wrong, according to my county's director of elections (soon to be the County Auditor). I spoke to her today about another problem (more about that in a moment), and asked her about this.

The first problem with the hack is that -- at least, on our machines, in our county -- you have to enter a ballot code. There are hundreds of precincts in the county, and each can have a different ballot, and all of them are in the machine. You need to enter a correct code to get a ballot in the first place.

The summary at the BBV page left that part out. Under "Here is the sequence" there's a note under b., that reads "You may need to first enter or select a ballot code/style depending upon the election." Further, they left out part of c., which reads, "Using the keypad, enter or select the correct ballot code/style."

In our case, you can't just get a ballot code. They are not released to the public. This may not be an insurmountable problem, but it is a problem with the hack.

More importantly, it is nearly impossible to add a vote without it being discovered. They do a reconciliation process where they match up ballots to voters, to make sure the numbers add up. They know that only two people in my precinct used the voting machines, and if they see three, they know something is up.

Revealing My Votes

Which brings me to the reason why I went to talk to her in the first place: you can see who I voted for in the primary from the county's own web site, with just one additional piece of information available on another local web site.

Long story short, you know from this report on the county web site that I live in Henning precinct (as I am the PCO being voted for), and that only two voters in Henning voted not-absentee. And you know from an article in the local paper that I voted not-absentee, but rather, at the polling booth.

So you can now look at, for example, this page and find out that I voted for John Groen for Supreme Court Position 8, because there's only two people in Henning who voted ElectionDay, and both of them voted for Groen.

You can also see how I voted for U.S. Senate, U.S. Congress, State Rep. Pos. 1, State Rep. Pos. 2, Prosecuting Attorney, Supreme Court Pos. 2, Supreme Court Pos. 9, and Fire District Prop. 1.

This is, obviously, a pretty big problem. The Auditor's office told me two things, basically: that this problem is specific to their reports for primary elections, and that they have a call in to the vendor to try to get it fixed. Normally, I am told, the reports are set to block out who voted how, if there's under a certain number of votes, to prevent just this sort of identification. I am going to continue to follow up on this moving forward.

This discussion was created by pudge (3605) for no Foes, but now has been archived. No new comments can be posted.

Sequoia Voting Machine Hacking, and Revealing My Votes More

Sequoia Voting Machine Hacking, and Revealing My Votes

Comments Filter:
  • From my limited, uninformed understanding of how voting machines have worked in the past and how they continue to work, votes haven't been private for quite a long time. Here in my Franklin County, Ohio, they have (for the last 10 years) assigned me a ballot number and written that ballot number down next to my name on the register. That ballot number is then used to activate the machine. Now, I'm not sure if my ballot number has been linked with my votes in any sort of database or not IN THE PAST. But

    • Re: (Score:1)

      by Zeriel ( 670422 )
      I think the problem is that many people who want after-the-fact verification of electronic voting either don't think it through or trust the government not to read the database.

      I mean, I can think of ways you could have a database matching voters to votes that could be voter-verifiable, but not readable by the owner of the database, but it'd be insanely computationally intensive and prone to data leakage at a lot of points (think about having a public/private keypair for every voter, and decrypting that vot

    • Re: (Score:2)

      by pudge ( 3605 ) *
      From my limited, uninformed understanding of how voting machines have worked in the past and how they continue to work, votes haven't been private for quite a long time. Here in my Franklin County, Ohio, they have (for the last 10 years) assigned me a ballot number and written that ballot number down next to my name on the register. That ballot number is then used to activate the machine.

      Are you sure it is a ballot number? In my case, it is a ballot *code*, which just tells the machine WHICH ballot to g
      • Are you sure it is a ballot number? In my case, it is a ballot *code*, which just tells the machine WHICH ballot to give me, and cannot identify me personally to the particular ballot being cast.

        I suppose it could be, but then why write the number down next to my name in the registration? Everyone in that book has the same voting choices (November elections), so they could just mark the entire book with that number and speed up the lines.

        Now, I'm not sure if my ballot number has been linked with my

        • Re: (Score:2)

          by pudge ( 3605 ) *
          I suppose it could be, but then why write the number down next to my name in the registration? Everyone in that book has the same voting choices (November elections), so they could just mark the entire book with that number and speed up the lines.

          We don't all have the same choices here, in November. Several precincts could share a single voting location, and each precinct could have a different ballot code.

          I hope you're not insinuating that I *don't* think they're retarded....

          No. :-)
  • I was looking at that Supreme Court Race- man, it was close! 9 votes in 55,600! Just one county, not the whole race, I take it.

    But I did not see where you were identified as a voter in Hennish Precinct.

    Did you notice who else voted to make it 2?

    • Re: (Score:2)

      by pudge ( 3605 ) *
      I was looking at that Supreme Court Race- man, it was close! 9 votes in 55,600! Just one county, not the whole race, I take it.

      Yeah, just this county. Statewide, Groen lost by several percentage points. I forget the number.

      But I did not see where you were identified as a voter in Hennish Precinct.

      Henning. In the first link [snohomish.wa.us], I am the one actually running for Republican PCO for the Henning precinct. That means I am a voter in the Henning precinct. :-) And the article shows that I voted "ElectionDay," so
      • Excuse me for being slow, but

        "In the first link [snohomish.wa.us], I am the one actually running for Republican PCO for the Henning precinct." Link: http://www.co.snohomish.wa.us/auditor/Elections/09 06sov/1314.htm [snohomish.wa.us]

        what is a PCO, and where at snohomish.wa.us does the name Nandor appear? The link is to the Supreme Court results. Is that the link you meant?

        • Re: (Score:2)

          by pudge ( 3605 ) *
          Oops, wrong link. Right link. [snohomish.wa.us] Doesn't really matter though: what precinct someone is in is also public record, obviously (and you can even find out on the county web site, if I know the address ... which is also public record).

          As to what a PCO is, I've mentioned it a lot before (which is why I didn't explain it here). Here's the most recent link [slashdot.org]. You can also use search [slashdot.org], where apparently every mention of the word "pco" in a journal is by me.

Slashdot Top Deals

Kiss your keyboard goodbye!

Close