Re: [OVC-discuss] Something really big: Sequoia source code, free to download and study, no NDAs.

From: Jim March <1.jim.march@gmail.com>
Date: Thu Oct 22 2009 - 05:58:34 CDT

We now have a bit of input from Sequoia:

http://www.kesq.com/Global/story.asp?S=11357302

---
"It has come to our attention that there are several blog postings
regarding the possession of Sequoia's source code by the "Election
Defense Alliance" and we would like to address those claims.
Sequoia routinely assists our customers in responding to requests for
information from the public regarding our source code and election
data. We often provide election databases that remove all Sequoia
copyrighted proprietary information leaving only data and log
information. However, in a recent instance in Riverside County,
California, we did remove the proprietary information but did not
thoroughly redact it, leaving text base remnants of various database
level code related to various operations including portions of stored
procedures and schema creation code.
There was no source code related to the voting machines - the code
that actually counts votes - released or any front-end Election
Management System code. Essentially only small portions of ballot
layout, accumulation and reporting code were present in this database
that Sequoia provided to Riverside County.
The version of our code discussed above is WinEDS v. 3.1.12, which is
not the most recent iteration of Sequoia's voting system source code.
WinEDS 3.1.12 was federally certified in January 2006 by the National
Association of State Election Directors (NASED), which was the federal
certification authority at that time. This code has been thoroughly
tested - including a line-by-line review of all source code including
the voting machine, database, and front-end code by NASED's
Independent Testing Authorities (ITAs) labs that were part of the
NASED certification process. Additionally, this code was tested and
reviewed during the California Secretary of State's
Top-To-Bottom-Review (TTBR) of the State's voting systems.
More recent iterations of Sequoia's source code starting with WinEDS
version 3.74 encrypts all of this code within the database which
prevents this type of situation.
Considering the thoroughness of the CA TTBR, it is unlikely that any
new revelations will be revealed by further analysis of this limited
code released.
Sequoia regrets this error as we work diligently to protect our
existing proprietary copyrighted material.
---
Make what you will of that.  To me, some of the key points are:
* Yeah, this is ours.
* We tried to redact it.  Oops.
* We've covered our asses better in the next version.
What they're leaving out is that "something" is being pumped into this
file pre-election by the "Bridge Tool" and "BPS" modules which are NOT
certified and were withheld from the top to bottom review team.  We
don't know if some or all of the code we're seeing comes from this
uncertified source.
They can try and hide behind the "TTBR" and federal-level
certification all they want, but the fact is they gamed that system.
Bigtime.
Jim
_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
By sending email to the OVC-discuss  list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at  http://gnosis.python-hosting.com/voting-project/
==================================================================
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
==================================================================
Received on Mon Nov 30 23:17:09 2009

This archive was generated by hypermail 2.1.8 : Mon Nov 30 2009 - 23:17:17 CST