Ohio’s election results will be suspect, thanks to an untested last-second voting machine patch — UPDATED, TABULATION MACHINES ARE APPARENTLY ISOLATED

Evidently, there are some fundamental errors made by the original reporter that change the timbre of this story altogether. This report has Joseph Lorenzo Hall of the Centre for Democracy and Technology in DC, asserting very strongly that the tabulation machines are “air-gapped” — the tabulation results from the original voting system are in actuality walked over manually (via a data export to, say, a thumb drive or flash card) to the tabulation machines. Apparently, no code run on those machines can access the primary system because they’re isolated. So what the code has write access to, then, is apparently the export of the database, not the originals in any way.

It still means that processes should be followed to ensure the integrity of the data, to ensure that the exported data matches the CSV conversion. But I suspect these folks are more “with it” than I’d originally thought.

See below the fold for my original story.

So there’s apparently a software patch being installed on voting machines, a patch which has been described in an affidavit filed in an injunction against the action as “unspeakably stupid, excessively complex and insanely risky”. It’s been rolled out to tabulation machines — not the voting machines themselves, but the vote-counting (or “aggregating”) boxes — in 39 counties in Ohio. And it’s being rolled out despite the patch being uncertified, “experimental”, and providing full read/write access to the database, even though the patch’s stated intention is merely providing human-readable reports on the election results during the tabulation phase.

Sound even the teensiest bit suspicious to you?

Salon reports:

According to Pam Smith, president of the nonpartisan watchdog group VerifiedVoting.org, her organization also sought explanations for the last-minute software changes from the secretary of state’s office.

She tells me that she was told that “the Secretary of State team installed the EXP tool” themselves in the counties that use the ES&S system. “It was not left to the counties to figure out the installation or the configuration.”

Moreover, she stressed, she was told the software “does not get installed on voting machines.”

But that makes little difference, since the software is installed directly onto the central tabulator machines, where it can affect — either accidentally, or by design — the main results of an entire county’s election. Software residing on the central tabulation systems is, in fact, far more dangerous than software on the voting systems, since it can have direct access to the entire set of county election results.

Note that this does not necessarily mean that Ohio will be stolen, or even that there’s anything untoward or shady going on here. This means only that there’s a huge potential attack vector being implemented without proper vetting on practically the eleventh hour. This same sort of action resulted in the Secretary of State decertifying Diebold voting machines in 2005.

Shady or not, though, this is at absolute minimum criminal negligence, especially with regard to something so important as a Presidential election.

Seriously people, what the fuck. You don’t install experimental code on a production machine on-the-fly for no good reason, especially not with something where data integrity is paramount, which is why everyone in the IT world has got their hackles raised here. The code could be entirely benign, but there’s no way to know in advance. This is beyond suspect to me. Either someone’s trying to pull a fast one, or dozens of people need to be forced to vacate their positions because as IT folks, they’re bloody hacks.

(See the top of this page for important updates!)


  1. marismae says

    Arrrrrrrrrggggghhh! That is all I’m capable of saying, without resorting to a screed that would be gibberish because of all the profanity it would be littered with.

    I’m in IL, which is presumably safe for Obama, but I still eyeballed the Diebold machine that my ballot went into with suspicion.

  2. says

    Unbelievable! I was just reading on the BBC that both sides are readying the lawyers… This should feed a few vultures for life!

    Apparently the patch is just for converting XML to CSV. Either that is the most insane reason for installing an uncertified patch into locked down hardware or there is more to it. You can import flat XML straight into Open Office FFS. I’m no great scripter but I could knock out a perl script to convert it into any format of CSV they want in an afternoon.

    I’m usually very sceptical about conspiracy theories as usually assuming incompetence is the best route. But this is epic incompetence!

  3. Aliasalpha says

    They’re hacks who are facilitating hacks!

    Fucks sake… Untested code on live machines at the last minute… They need to have their noses rubbed in a pile of 5.25″ floppies containing Microsoft Bob, the source code for daikatana and a rom of the atari 2600 version of ET.

  4. says

    The first and probably only question I’d ever ask the designers of this stinkpile is, “why does a report export need write access to the database?” That one single fact is damning enough.

  5. left0ver1under says

    The US insistence on immediate final totals after an election is truly mindboggling. The US has the longest period of time between election and inauguration of any democracy, and yet Americans are too impatient to count paper ballots. The US has more time than anyone, so why doesn’t it want to count paper ballots and get accurate totals?

    There are stable democracies the size of the US (e.g. Canada, Australia, Brazil, European Community), and with comparable populations (e.g. Japan, India, Brazil, the EC) that manage to count – and recount – hand marked paper ballots within three days of their elections. Some of them even have multi-stage elections, and they have no trouble getting accurate results from hand-marked ballots. The only conclusion that I can draw is that Americans don’t want, don’t care about, or are willing to live without accurate totals of election votes.

    There was a scene on the 1980s TV show, Max Headroom, where the “winner” of the election says to the CEO of Network 23, “Election results were negotiated weeks ago.” I have to wonder if fiction has turned into reality.

  6. Corvus illustris says

    “You don’t install experimental code on a production machine on-the-fly for no good reason.”
    ~(~p & q) = (p V ~q) = (q => p)
    where p = “there’s a good reason” and q = “it got installed”. Hm, somebody had a good reason for installing it. Wonder who, wonder what the reason was. I suspect we’ll find out when the vote counts start disagreeing with the exit poll results.

  7. Dunc says

    That’s completely insane. None of the systems I maintain are that critical, but the idea of installing a patch on a production system at this short notice would totally give me the heebie-jeebies. Hell, for the most important system I work on, we freeze out non-critical patches for an entire quarter, simply because we can’t afford to risk outages during the busy season. And that’s for patches that have been through several rounds of testing…

    Who are these fucking cowboys? Does their office have a hitching rail rather than a car park?

  8. Corvus illustris says

    Given the financial resources of the Ohio administration and the Republican party, high competence would be available. (These ain’t no cowboys.) Since a last-minute patch fo the sole purpose of changing data format–a patch with write access to the original data–represents a blunder that a competent person would never make, the highly competent person(s) must have had some other purpose in mind–the real reason for the patch. I hope the lawyers have the sense not only to get an injuction against installation of the patch but also immediately to get subpoenas for the patch itself, the computer(s) on which it was written, hard and flash drives, etc.–the fresh tracks. Some may not be covered.

  9. unbound says

    Legally, highly suspect.

    Reality, something rotten was absolutely installed that will almost certainly affect the counting.

    Hopefully the voting machines keep a local copy, or the voting machine results stored on their own memory that can be stored separately. I would still be concerned that if they use memory sticks that the memory sticks will get “accidentally” deleted with the new software so that a “recount” will be impossible.

    This is why I still vote on paper.

  10. Dunc says

    Just because they could theoretically afford to hire competent staff doesn’t mean they’ll actually spend the money, and even highly competent people make boneheaded mistakes with alarming regularity.

    Everything I’ve heard about US voting / vote tabulating machines leads me to suspect that they’ve been contracted out to the lowest bidder, and that they’ve been designed and built by people who are either incompetent, lazy, or (possibly) malevolent – and I’ve encountered a lot of lazy incompetents in my time. Hanlon’s Razor applies.

  11. Apparently Not Erin says

    Um…when has the US ever been concerned about the accuracy of their vote counts? I seem to remember some count scandals from the last few elections…never mind that they’ve chosen a method of counting known to be inaccurate (and have done so since the ’60s).

  12. Tracey says

    When you realize that Mitt Romney’s son, Tagg, owns those machines in Ohio, that tells you all you need to know about why the patches were installed.

  13. comfychair says

    The US has more time than anyone, so why doesn’t it want to count paper ballots and get accurate totals?

    The US has more time than anyone, so why doesn’t it want to count paper ballots and get accurate totals?

    why doesn’t it want accurate totals?

    Because we allow our elections to be run by the two political parties, and they are disconnected from the Big Picture of what politics is supposed to be about, and both parties* see the election as just another part of the game they are playing, the only object of which is to win. What happens after the election is largely inconsequential, and only matters as to how it affects the next election contest.

    *Yes, one party is worse (or better, depending on your viewpoint) about this than the other, but largely, their reason for existing is to win elections. Democrats want to win, God’s Own Party want to win at any cost.

  14. baal says

    I still want audit results with a compare of a manual tabulation with what patched tabulation machine puts out.

    I work in a company that produces software and people would get fired over this type of a late fix (necessary or not).

  15. Corvus illustris says

    Re baal @18:

    “I still want audit results with a compare of a manual tabulation with what patched tabulation machine puts out.”

    Let’s hope the feds make the Ohio secretary of state feel this way prior to certifying election results.

    “I work in a company that produces software and people would get fired over this type of a late fix (necessary or not).

    Fixes are for bugs. This has the hallmarks of a feature that they hoped would stay undocumented.

  16. says

    fastlane: it is real, but they apparently removed the machine shortly after that was reported. It’s apparently a common problem with touchscreen voting machines, but it’s a function of miscalibration. If the voter had touched the Jill Stein line, Obama would have been checked. It’s all shifted up.

  17. Apparently Not Erin says

    For the record, at 82% reporting Romney is leading Ohio by less than 20k votes but Obama has the electoral votes wrapped up.

  18. Apparently Not Erin says

    And now Obama’s leading the in popular vote. So I guess that means that Romney’s lawyers are the ones getting the extra work?

  19. F says

    Update: Electronic voting is still crap and highly suspect, newsflash about a last minute update (which is completely ridiculous) or not. I can’t believe any government is allowed to do business with these companies, they are so woefully or purposely inept. Ya gotta work at being this bad.

    It absolutely does not have to be this way, and certainly not at this point.


  1. […] math lies within.  Someone alert Richard Carrier.  10:09am – Nate Frein pointed me to Jason Thibeault’s post on the questionable Ohio voting machine patch.  It’s solid.So there’s apparently a software patch being installed on voting machines, a […]

Leave a Reply

Your email address will not be published. Required fields are marked *