Sequoia Voting Machine Hacking, and Revealing My Votes
Sequoia Voting Machine Hacking
Some of you may have seen this story about hacking Sequoia voting machines.
My county uses those machines, a grand total of four of them in the Auditor's office. They have the yellow button.
However, the steps listed on that page are wrong, according to my county's director of elections (soon to be the County Auditor). I spoke to her today about another problem (more about that in a moment), and asked her about this.
The first problem with the hack is that -- at least, on our machines, in our county -- you have to enter a ballot code. There are hundreds of precincts in the county, and each can have a different ballot, and all of them are in the machine. You need to enter a correct code to get a ballot in the first place.
The summary at the BBV page left that part out. Under "Here is the sequence" there's a note under b., that reads "You may need to first enter or select a ballot code/style depending upon the election." Further, they left out part of c., which reads, "Using the keypad, enter or select the correct ballot code/style."
In our case, you can't just get a ballot code. They are not released to the public. This may not be an insurmountable problem, but it is a problem with the hack.
More importantly, it is nearly impossible to add a vote without it being discovered. They do a reconciliation process where they match up ballots to voters, to make sure the numbers add up. They know that only two people in my precinct used the voting machines, and if they see three, they know something is up.
Revealing My Votes
Which brings me to the reason why I went to talk to her in the first place: you can see who I voted for in the primary from the county's own web site, with just one additional piece of information available on another local web site.
Long story short, you know from this report on the county web site that I live in Henning precinct (as I am the PCO being voted for), and that only two voters in Henning voted not-absentee. And you know from an article in the local paper that I voted not-absentee, but rather, at the polling booth.
So you can now look at, for example, this page and find out that I voted for John Groen for Supreme Court Position 8, because there's only two people in Henning who voted ElectionDay, and both of them voted for Groen.
You can also see how I voted for U.S. Senate, U.S. Congress, State Rep. Pos. 1, State Rep. Pos. 2, Prosecuting Attorney, Supreme Court Pos. 2, Supreme Court Pos. 9, and Fire District Prop. 1.
This is, obviously, a pretty big problem. The Auditor's office told me two things, basically: that this problem is specific to their reports for primary elections, and that they have a call in to the vendor to try to get it fixed. Normally, I am told, the reports are set to block out who voted how, if there's under a certain number of votes, to prevent just this sort of identification. I am going to continue to follow up on this moving forward.
Some of you may have seen this story about hacking Sequoia voting machines.
My county uses those machines, a grand total of four of them in the Auditor's office. They have the yellow button.
However, the steps listed on that page are wrong, according to my county's director of elections (soon to be the County Auditor). I spoke to her today about another problem (more about that in a moment), and asked her about this.
The first problem with the hack is that -- at least, on our machines, in our county -- you have to enter a ballot code. There are hundreds of precincts in the county, and each can have a different ballot, and all of them are in the machine. You need to enter a correct code to get a ballot in the first place.
The summary at the BBV page left that part out. Under "Here is the sequence" there's a note under b., that reads "You may need to first enter or select a ballot code/style depending upon the election." Further, they left out part of c., which reads, "Using the keypad, enter or select the correct ballot code/style."
In our case, you can't just get a ballot code. They are not released to the public. This may not be an insurmountable problem, but it is a problem with the hack.
More importantly, it is nearly impossible to add a vote without it being discovered. They do a reconciliation process where they match up ballots to voters, to make sure the numbers add up. They know that only two people in my precinct used the voting machines, and if they see three, they know something is up.
Revealing My Votes
Which brings me to the reason why I went to talk to her in the first place: you can see who I voted for in the primary from the county's own web site, with just one additional piece of information available on another local web site.
Long story short, you know from this report on the county web site that I live in Henning precinct (as I am the PCO being voted for), and that only two voters in Henning voted not-absentee. And you know from an article in the local paper that I voted not-absentee, but rather, at the polling booth.
So you can now look at, for example, this page and find out that I voted for John Groen for Supreme Court Position 8, because there's only two people in Henning who voted ElectionDay, and both of them voted for Groen.
You can also see how I voted for U.S. Senate, U.S. Congress, State Rep. Pos. 1, State Rep. Pos. 2, Prosecuting Attorney, Supreme Court Pos. 2, Supreme Court Pos. 9, and Fire District Prop. 1.
This is, obviously, a pretty big problem. The Auditor's office told me two things, basically: that this problem is specific to their reports for primary elections, and that they have a call in to the vendor to try to get it fixed. Normally, I am told, the reports are set to block out who voted how, if there's under a certain number of votes, to prevent just this sort of identification. I am going to continue to follow up on this moving forward.
Leave a comment