Sequoia e-vote audit scrapped (and OMG robots!)

Vote for IT Blogwatch: in which Sequoia Voting Systems squares off against election officials in Union County, NJ. Not to mention don't trust robots...

Elizabeth Montalbano reports:

A company whose e-voting machines have come under fire from election officials in New Jersey confirmed today that its Web site had been hacked. A section of Sequoia Voting Systems Inc.'s Web site was hacked overnight, and when the company realized what had happened, it took the site down ... Sequoia has come under scrutiny for discrepancies in the voting tallies generated by approximately 60 of the state's Sequoia Voting Systems AVC Advantage e-voting machines during last month's election ... The hack was noticed Thursday morning by Ed Felten ... a Princeton University computer science professor and a critic of e-voting systems, [who] had been asked by a group representing New Jersey county clerks to examine Sequoia machines used in a Feb. 5 New Jersey presidential primary election. more

But wait, there's more, from Ryan Paul:

New Jersey election officials have scrapped plans for an independent audit of Union County voting machines because the vendor, Sequoia Voting Systems, says that unauthorized third-party security reviews would violate the county's license agreement. Sequoia threatened the county with legal action when it learned that election officials were planning to send the machines to a respected Princeton University computer scientist for analysis ... Why is Sequoia so vigorously attempting to block a security review of its products? The company says that the machines have already been put through extensive independent review by federally-accredited voting test labs ... [But] one of those labs, which had been doing work for the government for years, lost its accreditation last year after flaws were found in its review process by the Election Assistance Commission. more

Mike Masnick makes more:

Shockingly enough, Sequoia's e-voting machines malfunctioned during the primary in a way that should scare you: it gave two different vote counts. You would think that's a pretty good reason for allowing a qualified, well-respected researcher like Felten to check out the machines. No such luck. Sequoia has tried to explain it away as a bug, but that doesn't explain why the machines shouldn't be tested by a third party. Sequoia's response to that question is disingenuous ... what the company doesn't explain is what it's so scared of in having Felten test its machine. If the company is confident in the machines, then where's the problem? ... This isn't some random technology here. This is the technology we're trusting with providing a free and fair election. Sequoia should be ashamed of pulling out legal threats and weak excuses. more

Ed Felten (for it is he) explains the problem:

It’s obvious ... there was some kind of engineering error on Sequoia’s part that caused the machines to misbehave. Sequoia has tried to paint the anomalies as poll worker error, but that’s not plausible ... No sane engineer would design a system to work that way ... Sequoia’s own explanation makes clear that they made an engineering error that caused the voting machine to behave incorrectly ... this doesn’t look like fraud, only error. A malicious attacker who had access to a machine would have had much more powerful, and much less detectable, options at his disposal ... The bottom line is clear. An investigation is needed — an independent investigation, done by someone not chosen by Sequoia, not paid by Sequoia, and not reporting to Sequoia. more

Sequoia's Michelle Shafer pretends to blog:

We have undertaken a comprehensive external review of our AVC Advantage voting equipment software used in New Jersey that includes review by an independent company - Kwaidan Consulting of Houston, Texas; an Election Assistance Commission (EAC) accredited Voting System Test Lab (VSTL) - Wyle Laboratories of Huntsville, Alabama and possibly another VSTL and an academic institution. We are confident that the review will show that Sequoia’s product bulletin issued recently to our Advantage customers does indeed explain how the reporting issue that occurred during the February 5th Primary Elections happened, and how it can be prevented. more

John Gideon quotes chapter and verse: [You're fired -Ed.]

The press release is full of inaccuracies and obfuscation ... No Sequoia voting system has been EAC certified ... Sequoia neglected to point out that they chose to have the EAC test their system to the old 2002 Voting System Standards ... The inclusion of this statement by Sequoia may, in fact, be a breach of ... Section 2.3.2. This violation, if confirmed by the EAC, can result in the suspension of Sequoia Voting Systems ... After reviewing CIBER’s work, the EAC denied their application ... Clearly all testing of Sequoia’s voting systems for NASED qualification is in question ... Sequoia is to be applauded for supporting the NSRL program but to mention it in a discussion of testing is disingenuous ... none of these reviews included the pushbutton voting system in question in New Jersey ... Sequoia also neglected to mention that the results of the California “Top To Bottom” review was that Sequoia’s touchscreen voting systems’ were decertified and the recertified with stringent conditions of use. In Colorado Sequoia’s touchscreen voting systems were denied recertification until further testing was conducted. more

Simon Barrett sums up:

This tactic by Sequoia is blowing up in their faces ... Sequoia must consider [this] a PR nightmare ... it does not take a PhD in math to see that there is something amiss. It will be interesting to see what response Sequoia have to this latest escalation. more

And finally...

• Andrew Thompson - We're In Business

Buffer overflow:

• Kees Leune: NYMISSA: Ethical Hacking
• Data Center Knowledge: Level 3 Acquires IBM's CDN Patents
• Chris Messina: Relationships are complicated
• Saul Hansell: ISP Tracking: The Mother of All Privacy Battles
• Techland: Intel brings low-cost laptops to the U.S.
• Good Morning Silicon Valley: I swear, your honor, I thought it was a site for Nabokov fans
• Marshall Kirkpatrick : Amazon's Newest Web Service: Shipping Center APIs
• Sarah Perez: Five Methodologies to Deal with Email Overload

Other Computerworld bloggers:

• Douglas Schweitzer: Putting brakes on targeted advertising - or not
• Angela Gunn: Barack Obama, privacy poster child?
• Angela Gunn: State snoops in Obama's passport
• Ken Mingis: Keep me out of Apple stores
• Robert L. Mitchell: Hannaford fraud linked to pin transactions
• Mike Elgan: Starbucks customers clamoring for more free Wi-Fi
• Scott McPherson: Why you should care about Indonesia
• Preston Gralla: My nightmare trying to upgrade to Vista SP1
• Patrick Thibodeau: Best Buy's Blu-ray bailout
• Eric Ogren: Lockdown Networks: NAC vendor fails health check
• Mark Hall: Detect WiFi interference sources
• David Ramel: Readers write, writers retort, and we all win
• Shark Tank: Guru logic
• Shark Bait: Why shut your computer down at night?

Richi Jennings is an independent analyst/adviser/consultant, specializing in blogging, email, and spam. A 20 year, cross-functional IT veteran, he is also an analyst at Ferris Research. You too can pretend to be Richi's friend on Facebook, or just use boring old email: blogwatch@richi.co.uk.

Previously in IT Blogwatch:

• FCC 700 MHz auction succeeds yet fails (and tBay)
• Vista SP1 is people-ready-ish (and squirrel-scale)
• More Microsoft antitrust angst: now Novell (and improv++)