Sequoia Vote Machine Can't Do Simple Arithmetic?

whoever57 writes "Ed Felten is showing a scan of the summary from a Sequoia voting machine used in New Jersey. According to the paper record, the vote tallies don't add up — the total number of Republican ballots does not match the number of votes cast in the Republican primary and the total number of Democratic ballots does not match the number of votes cast in the Democratic primary. Felten has a number of discussions about the problems facing evoting, up to and including a semi-threatening email from Sequoia itself." Update: 03/20 23:30 GMT by J : Later today, Felten added an update in which he analyzes Sequoia's explanation. He has questions, comments, and a demand.

Minor discrepancy...MAJOR problem.

[TripMaster Monkey]

As Felten made clear in the article, it's not the size of the discrepancy that's the issue, but the fact that it's there at all. You'd expect this sort of minor error from humans, but the machine turning out this discrepancy is a dead giveaway that something is fundamentally wrong with its inner workings. If we could examine said inner workings, we could determine the cause of this bizzare behavior, but actually knowing what is going on inside their machines is something Sequoia is bound and determined to prevent. One can't help but wonder why, given what we've just seen...

Lawyers

[Jaysyn]

Well, bring on the lawsuit from Sequoia I guess. Hopefully the ACLU & EFF will help Dr. Felten with his legal fees.

Hypocrisy

[lamarguy91]

FTA:

As you have likely read in the news media, certain New Jersey election officials have stated that they plan to send to you one or more Sequoia Advantage voting machines for analysis. I want to make you aware that if the County does so, it violates their established Sequoia licensing Agreement for use of the voting system. Sequoia has also retained counsel to stop any infringement of our intellectual properties, including any non-compliant analysis. We will also take appropriate steps to protect against any publication of Sequoia software, its behavior, reports regarding same or any other infringement of our intellectual property.

I love the double-standard here. The government wants to invade the privacy of it's citizens (discussed several times over on these very forums) and one of the typical responses is "Well, if you don't have anything to hide...".
But when an independant third party wants to verify that an important piece of hardware used in our political process can actually do the very simple math that it's required to do, the corporation who produces is has laws that it can throw in one's face to prevent verification of data. Shouldn't someone be pressing Sequoia with the "if you don't have anything to hide..." mantra?

Does anyone else here see the obvious double-standard that we've created for ourselves?

Software bug

[INeededALogin]

The readout on a screen seems like a simple data display problem. Perhaps the programmer did something stupid like:

print array.lastIndex.indexNum

instead of

print array.count

The real concern here is not that it has a bug. All software has bugs. The concern is over what kind of QA was performed to guarantee our votes. If such a simple and obvious test case was not performed, how on earth are we to feel good about this machine?

Re:Count from Zero

[TripMaster Monkey]

Both tallies are out by 1 count. Could it be the one is counting from zero and the other from one?


Actually, the Republican tally was heavy one vote, while the Democratic tally was light one vote. Thus, your proposed explanation doesn't wash.

On the bright side at least the error will vanish as the number of votes approaches infinity :)

That's assuming that the error is due to the cause you postulated, which cannot be the case.

Re:Hypocrisy

[tony1343]

If a company is really trying to not allow a state to verify that their voting machines work correctly, why would any state use such voting machines? This is ridiculous. Such a company should quickly go bankrupt. Must have some fantastic lobbying to get state legislatures to use machines which aren't going to count their votes correctly.

Enough Already!

[flajann]

Nix all the evoting crap and go back to paper ballots. We know that paper ballots work, and are a LOT harder to fudge to the level of throwing an election.

On the whole of it, I have a big problem with the "Winner takes all" system anyway, with the majority giving the power to a handful to beat up on us all. Not even getting into how the Republicans and the Democrats systemically shuts out all other parties.

But if we are going to have voting, at least make it fair. Give equal time to ALL parties, not just the D-R club, and use paper ballots under tight security. At least make "Democracy" less of a joke than it already is.

Re:Minor discrepancy...MAJOR problem.

[bunratty]

Even if the tally was exactly right, in general you cannot prove a program correct by using only black box testing. There are simply too many possible inputs to have time to test for all but the most trivial inputs. For all we know, there's a backdoor or unintentional security vulnerability that can be used to alter election outcomes. We need to be able to examine the machine's inner workings to have any hope of verifying those are not problems with the voting machine.

Re:Minor discrepancy...MAJOR problem.

[EvanED]

Perhaps the error was on Mr. Felton's side... what method did he use to count the votes?

He used the "look at the vote totals the machine printed" method.

Seriously, it has a picture of them. Did you RTFA and somehow didn't notice it, or do you like making uninformed comments? (Okay, that is a bit inflammatory. The first time I went to TFA, the pictures didn't load. But it still says in the text.)

Re:Maybe the votes were not placed?

[encoderer]

One counter started at Zero, the other at One? ...These kind of bugs are written all the time. ...Of course, this is why the software should be OSS. The more eyeballs, the more people running in debug mode just to play around and have fun, the more people slicing and dicing the source code, the better.

It's hard to believe this is even an issue. The problem is that the people making voting machines (like Diebold) come from Banking sectors, where privacy and private, proprietary systems are the modus operandi.

Seems to me a good way to fix this would be to get some high-profile Non-Profs and top-brand CS schools (I'm thinking MIT, Apache Foundation, Cal Tech, Carnegie Mellon, Case Western, etc) all working together to gather some grant money, build the hardware and software solutions, open everything up for scrutiny, and produce a working product.

We can wave our arms over what somebody SHOULD build, but if we had a compelling alternative ready to go, it'd be a lot easier to pressure governments to do the right thing.

Re:Minor discrepancy...MAJOR problem.

[StrawberryFrog]

I agree. Humans can be sound, but still off by one. calaculators are either correct or broken.

However, the size of the discrepancy is 1/60 or so. That's 1.6%, which is enough to change the outcome of some recent US elections [wikipedia.org]. So is it of a significant size? Yes, it is.

Re:Minor discrepancy...MAJOR problem.

[TripMaster Monkey]

RTFA. The discrepancy isn't between Felten and the voting machine...it's between the voting machine and itself. The machine generated results that were self-contradictory.

Re:Count from Zero

[cbart387]

Probably because the code is doing something involving a single off-by-one error, then subtracting that from the total votes cast.

If that's the case, that's amazingly poor coding. I can code better than that.

Do you mean sloppy testing? No one writes perfect code and a 'off-by-one' error is easy to write. However, that kind of mistake should have been caught in tests... of course we're assuming this is not a human error.

Corporate Death Penalty

[Dog-Cow]

How is intentionally preventing auditing of the basic method of democracy anything less than treason? The Board of Directors should be jailed forever for condoning this activity by the Company's lawers.

Re:Corporate Death Penalty

[monxrtr]

This is a perfect wedge to drive between open and closed source code. All closed source code in government election counting is *illegal*. It's no different then if say Howard Dean, Chairman of the Democratic Party, was allowed to take paper ballot boxes to his home and count them in private, in secret, and then release the totals with no supervision, or independent observers or verification.

Mark my words, this is the beginning of the end for closed source code in government elections. Here is the perfect opportunity for open source. It's the *only* legal possibility.

Re:Hypocrisy

[robertjw]

But when an independant third party wants to verify that an important piece of hardware used in our political process can actually do the very simple math that it's required to do, the corporation who produces is has laws that it can throw in one's face to prevent verification of data. Shouldn't someone be pressing Sequoia with the "if you don't have anything to hide..." mantra?

Yes and no. It appears that this is a contractual issue. The State of New Jersey signed licensing terms that does not allow an independent party to review the code. The state should not violate that contract.

Thing is, there is a limited market for voting machines in the US. There are only 50 states, it seems to me the states are in a pretty good position to negotiate the licensing terms. Why is it that New Jersey didn't specify in the terms that the code and hardware had to be reviewed by independent sources? This isn't an issue so much of "if you don't have anything to hide" as it is simple economics. Abide by my terms or I won't purchase your product. Instead NJ bought a pig in a poke and now they are stuck with these machines.

The idea that the machines workings have to be secret for security reasons is a complete fallacy. Sooner or later one of these voting machine companies is going to break ranks and allow independent security reviews - just so these problems go away.

Re:Bigger fish to fry

[Anonymous Coward]

Had your uncle tried to vote he would have needed to sign the voting register. Physical possession of a ballot does not mean they get to cast it.

Re:Bigger fish to fry

[LMacG]

And that's exactly the way it's worked in every locality I've ever voted in, provide full name and address, workers cross name off list, get ballot. I'm not buying the GP's story.

Re:Software bug

[gstoddart]

The readout on a screen seems like a simple data display problem. Perhaps the programmer did something stupid like:

What stupid thing the programmer may have done is irrelevant here.

This is supposed to be a secure machine for tallying votes. Either it is capable of counting, and providing a verifiable audit which matches the results it reports. Or, it's fundamentally broken and can't actually be used to count elections. I don't see how there is any middle ground.

There simply is no room for trying to account for what might be the underlying cause.

The real concern here is not that it has a bug. All software has bugs.

Software used for mission critical things (and I would argue an election counts) goes through much more rigorous certification.

This stuff hasn't, obviously. The fact that they keep threatening to sue people who point out that this thing has glaring mistakes in it means they probably know how badly written it is, and don't want to be accountable for it.

Cheers

Re:Enough Already!

[Yvanhoe]

While I agree with you, I just have to point out that it's not all that hard...after all, the recent presidential election in Mexico was stolen the old-fashioned way.

And we know this. In US, no one can know for sure.

Re:Maybe the votes were not placed?

[roystgnr]

We can conduct trillions of dollars of business electronically

If those trillions of dollars had to be transacted via "secret ballot", I'm pretty sure that hundreds of billions of them would have disappeared. Somehow it's a lot harder to write error-free code when you know that nobody's going to be able to do something as simple as checking their bank statements to catch your errors.

Re:Bigger fish to fry

[dogzilla]

I call bs on this. Every single election I've voted in (5 so far, in Maryland and Massachusetts) your name had to be on a list, and was marked off that list when you voted. There's simply no way someone who isn't registered to vote could have voted. While it's possible an illegal alien could be registered to vote, it would be a short matter of time before INS tracked them down that way. I think your uncle was having a double laugh - at both the incompetence and gullibility of Americans. You fell for it. I prefer to believe that than you're knowingly trying to shift focus form this very real issue to the phantom issue of illegal aliens (oooooo! scary!) usurping the rights of naturalized citizens.

Re:Minor discrepancy...MAJOR problem.

[Tom]

Totally correct.

For all we know, the machines could be programmed to work perfectly, except on election day when subroutine X is used (on that day only).

But, we also know that thanks to compiler trickery, even studying the source code isn't enough.