i nsecurities and i naccuracies i iti d i i of the
play

I nsecurities and I naccuracies I iti d I i of the Sequoia AVC - PowerPoint PPT Presentation

Jun 27, 2023 •460 likes •716 views

I nsecurities and I naccuracies I iti d I i of the Sequoia AVC Advantage q g 9 .0 0 H DRE Voting Machine Gang Tan Gang Tan Lehigh University 28 th 2008 Oct 28 th , 2008 O Guest Lecture to Lehigh CSE Guest Lecture to Lehigh CSE 350/

  1. I nsecurities and I naccuracies I iti d I i of the Sequoia AVC Advantage q g 9 .0 0 H DRE Voting Machine Gang Tan Gang Tan Lehigh University 28 th 2008 Oct 28 th , 2008 O Guest Lecture to Lehigh CSE Guest Lecture to Lehigh CSE 350/ 450: Special Topics in Electronic Voting Systems * Joint work with Andrew Appel, Maia Ginsburg, Harri Hursti, Brian Kernighan, Christopher Richards

  2. Disclaimer Because I am not a lawyer and because Because I am not a lawyer, and because I am involved in the study in a limited scope info mation in these slides is scope, information in these slides is not completely authoritative. 2

  3. Summary � The background of the study � The study is for a lawsuit � The study is for a lawsuit � The study, from my perspective � Video demos � Q&A � Q&A � But feel free to ask questions at any time! time! 3

  4. Gusciora v. McGreevey � Lawsuit filed in Oct. 2004 � Voting computers violate NJ Constitution and Statutes and Statutes � Enjoin the use of DRE machines unless they are equipped with VVPB q pp � 20 out of 22 counties use machines without VVPB � The plaintiffs � The plaintiffs � Reed Gusciora; Stephanie Harris; Coalition for Peace Actions (CPA) ( ) � Expert witness: Andrew W. Appel � The defendants � NJ governor; NJ chief election official 4

  5. The Dismissal of the Lawsuit � The lawsuit was dismissed by the Superior Court of Mercer County NJ Superior Court of Mercer County, NJ � Jan 2005 � Th l i tiff � The plaintiffs appealed to the l d t th Appellate Division � NJ legislature amended NJ statute (July 2005) ( y ) � VVPB mandate: by Jan 1 st , 2008 5

  6. The Appeal � The Appellate Division heard the appeal in Aug 2005 � Jan 2006 � Jan 2006 � Asked the Superior Court to reopen the case � Supervise the state for the progress to meet the mandate mandate � 2007, the Court decided a trial is necessary � Dec 2007, NJ Attorney General petitioned the 1 t 2008 extension of deadline to Jun 1 st , 2008 t i f d dli t J � Granted by NJ Legislature (although with great concerns) � The new deadline is after the primary � May 2008, the State asked for another extension (Jan 1 st , 2009) ( , ) 6

  7. Troubles in the Presidential Primary at NJ 182+ 179= 361 1+ 13+ 40+ 3+ 4 = 61 Results report tape from Ward 3, District 2 of the p p , municipality of Hillside in Union County, 7 Presidential Primary election of February 5, 2008.

  8. Troubles in the Presidential Primary at NJ ? 362 ≠ 361 ? 60 ≠ 61 A tape inconsistent with itself!!! 8

  9. Troubles in the Presidential Primary at NJ � Some Union county clerk noticed the anomaly and contacted Ed Felten at y Princeton � Felten digged more and found 37 � Felten digged more and found 37 Sequoia Advantage machines in NJ had the same anomaly on the ad sa a o a y o primary day � The clerk planned to send anomaly � The clerk planned to send anomaly machines to Felten and Appel for analysis analysis 9

  10. Sequoia Fights Back … � Email from Sequoia to Felten and Appel � “… � … I want to make you aware that if the I want to make you aware that if the County does so, it violates their established Sequoia licensing Agreement for use of the voting system. … We will also take appropriate steps to protect against any publication of Sequoia software its publication of Sequoia software, its behavior, reports regarding same or any other infringement of our intellectual other infringement of our intellectual property .” � The officials backed off � The officials backed off 10

  11. The NJ Voting Study � However, the anomaly had some “positive” impact on the case � The plaintiffs requested to examine the h l ff d h machines for collecting evidence for the trial trial � Sequoia again claimed “trade secrets” � April 2008 the Court ruled that Plaintiffs � April 2008, the Court ruled that Plaintiffs and their experts would be entitled to examine Sequoia machines � There came the protective order � Its purpose is to protect the intellectual property of Sequoia while allowing experts property of Sequoia, while allowing experts to examine the machines 11

  12. The Battle over the Protective Order � Delayed the voting machine study for three months three months � The location � The headquarter of the New Jersey State h h d f h S Police � Freedom-of-speech issue � The initial protective order prohibited p p experts from ever discussing anything related to the study in public � Appel and Felten refused to sign 12

  13. The Format of The Study � Experts are given 30 days to examine the machines and write a report the machines and write a report � The report goes to the judge and the defendants defendants � The defendants can write a rebuttal by their own expert in 30 days � Then both the report and the rebuttal � Then both the report and the rebuttal are released to the public at the same time time 13

  14. The Study and the Report � A team of 6 computer scientists did the study during the last summer � Andrew Appel, Maia Ginsburg, Harri A d A l M i Gi b H i Hursti, Brian Kernighan, Christopher Richards, Gang Tan Richards, Gang Tan � The report delivered to the Judge and the defendants on Sept 2 nd , 2008 � Supposed to be released on Oct 2 nd , 2008 � On Sept 24 th , the judge orally s pp essed the elease suppressed the release � Motion was filed and after a hearing on Oct 17 th the report finally released Oct 17 th , the report finally released 14

  15. The Legal Significance of the g g Study � The first case where a voting-machine company is forced in court to hand over source code builder tools computers source code, builder tools, computers, ... � Previous two studies (CA OH) were � Previous two studies (CA, OH) were sponsored by state governments � Experts were paid millions for the studies p p � The NJ case � The state is the defendant � Experts worked pro bono (without any payment) � It established a precedent � It established a precedent 15

  16. The Public Report � A lengthy document (158 pages) � With sensitive sections redacted � With sensitive sections redacted � Summary of the report � Design flaws can cause votes not to be counted, or counted wrong, and by allowing pollworkers to commit fraud ll i ll k t it f d � The machine can be installed with fraudulent software given only 7 minutes f d l t ft i l 7 i t access to the machine � … 16

  17. Explaining the Anomaly in the p g y NJ Primary � For the Democratic primary: 6-Activate primary: 6 Activate � For the Republican p ima primary: 12-Activate 17

  18. 18 Explaining the Anomaly in the y NJ Primary g p

  19. What if 6-7-Activate? � The red light next to 6 is lit � The option switch table will be incremented by one for the Democrat � BUT , the Republican ballot is activated ti t d � A vote for some Republican will be Republican will be recorded 19

  20. What is Wrong with the g Machine? � Our study identified the exact locations of a programming bug locations of a programming bug � Explained in the redacted section, though though � Sequoia’s solution � A plastic operator cover panel to cover buttons 1-5, 7-10 20

  21. A Bunch of Other Interface Design Flaws � Allow pollworkers to commit fraud � An inactive machine appears to be active � An inactive machine appears to be active to voters � Pollworkers can deactivate a vote � Pollworkers can deactivate a vote without being noticed � Video demo � Video demo 21

  22. Vote Stealing Software � Need only seven minutes of access to a Sequoia machine to install vote- a Sequoia machine to install vote stealing software � Video demo � Video demo 22

  23. Many Many Other Issues … � The report � Details of the vote-stealing software � Details of the vote-stealing software � Audio kit virus � Manipulating result cartridges � M i l ti lt t id � Insufficient audit process � … � The report and the video is available p online � http: / / citp.princeton.edu/ voting/ advantage/ http: / / citp.princeton.edu/ voting/ advantage/ 23

  24. 24 Conclusion

  25. The End The End

Recommend

More recommend