Sequoia Voting Systems hacks self in foot
Tue Oct 20, 2009
Sequoia Voting Systems has inadvertently released the SQL (Structured Query Language) code for its voting databases. The existence of such code appears to violate Federal voting law. Read the announcement after the jump, just as received on the Open Voting Consortium mailing list earlier today.
The Linux “strings” command was able to peel it apart. Nedit was able to digest 800meg text files. What was revealed was thousands of lines of MS-SQL source code that appears to control or at least influence the logical flow of the election, in violation of a bunch of clauses in the FEC voting system rulebook banning interpreted code, machine modified code and mandating hash checks of voting system code.
I’ve got it all organized for commentary and download in wiki form at:
This is the first time we can legally study a voting system’s innards without NDAs or court-ordered secrecy.
Join the fun :). First goal is to prove that Sequoia did in fact vandalize the data files by stripping the MS-SQL headers – if so that will affect other public records inquiries against Sequoia.
Second goal: what does the code do, what are the security implications, is it as big a violation of the FEC rulebook as it appears?
Thanks, Jim March
From Study Sequoia:
UPDATE 10/20/09 5:45pm Pacific Time: It appears the files were NOT VANDALIZED and will open in MS-SQL Server 2005. It also appears they did redact “code” to some degree. I’m still not clear on why there are thousands of lines of source code still left in there. I’m working on scoring a copy of SQL Server 2005 ASAP so I can look for myself. Check the discussion areas to follow along in realtime.