Software used to count the votes in as many as 16 states has been found available on a publicly accessible Internet server. The files, which appear to reveal technical details about how votes are stored in machines made by Sequoia Voting Systems, have been accessible on the site for at least two years.
A computer programmer, who asked not to be named for fear of legal retaliation from Sequoia, says that he came upon the FTP server holding the files on Friday, when he visited the Web site of Jaguar Computer Systems, a computer consulting firm in Southern California that provides technical services to, among other customers, Riverside County. In the 2000 presidential election, Riverside became the first county in the nation to employ touch-screen machines in its precincts. Its machines are made by Sequoia.
Jaguar's site advertises its FTP server as a service to help clients who want to download files from the firm: "Our FTP site is ftp.jaguar.net," it says. "We support 'anonymous' logins and our '/PUB' directory is stuffed with many of the files that we use." When the activist logged in to this FTP site, he spotted a file called WinEDS200.zip -- a 44-megabyte file that turned out to be the installation program for software that tallies the votes in Sequoia's voting software.
When contacted for comment, Alfie Charles, a spokesman for Sequoia Voting Systems, was surprised to hear that the file was available on a public site. Later, Charles e-mailed Salon a statement denying responsibility for the security breach, but asserting that the availability of the code did not compromise the integrity of Sequoia's systems.
"Sequoia has not made this information publicly available or accessible and we are disturbed that it has been accessed in this inappropriate manner," reads the statement.
"A limited amount of proprietary code that is the property of Sequoia Voting Systems was posted on the ftp site of a consulting company hired by one of our customers ... While this breach of security is grossly negligent on the part of the county's contractor, the code that was retrieved is used to accumulate unofficial results on election night and does not compromise the integrity of the official electronic ballots themselves."
The statement then details several levels of security that ensure the voting software's integrity.
"While we are extremely disappointed that an important company asset has been made available to an unauthorized party, the existing policies and procedures for the conduct of elections ensure that there is no single point of failure and prevent the public exposure of that code from jeopardizing the integrity of any ballots or elections."
George Hoanzl, the vice president of marketing for Jaguar Computers, was similarly shocked by the situation. "A WinEDS file?" he asked. "It does not exist."
But when told that Salon had successfully downloaded the file, Hoanzl, too, said he'd look into the situation and then phone back. After about 10 minutes, he called back to say that he could not determine how the file ended up on his public FTP site, which allows anyone in the world to upload and download files to the server. It was at least 2 years old, he said, and he'd never been alerted to it before. But after being told about the file, Jaguar shut down public access to its FTP server.
It's unclear what, if any, vulnerabilities in the Sequoia system are posed by the public availability of the vote-counting software. Computer scientists who are familiar with voting-machine software declined to comment, explaining that they needed time to look over what was in the files.
The files install a full working version of the vote-counting system on a user's machine. Because the program does not include source code, the system's innards are not completely laid bare for public review -- which is what happened to Diebold when Bev Harris, an author who's investigated problems with touch-screen voting machines, discovered that company's code on a public FTP site earlier this year. In July, the source code she found was reviewed by scientists at Johns Hopkins and Rice universities, who found that security in Diebold's voting software fell "far below even the most minimal security standards applicable in other contexts."
But even without the source code, the Sequoia files will still provide some insight into the inner workings of the Sequoia system. The system is coded in Powerbuilder, a programming system used to quickly develop database applications; even though the Powerbuilder files have already been compiled into machine language, the code in these files that is used to send instructions to the voting database is still readable to humans. This database code -- written in the SQL language -- could possibly instruct critics of touch-screen systems (or, for that matter, anyone, even people without very noble intentions) on how to manipulate a Sequoia voting database.
The package also included many SQL files that seem to have been used to set up voting templates for several elections Sequoia has run. There's a file for Arapahoe County, Colo.; one for Burlington County, N.J.; another for Lake County, Ohio -- and about a dozen others. The files all seem to do the same thing -- create an empty database (one whose default password is set to "password") that the vote-counting software will fill up on Election Day.
The computer programmer who found the files suggested that if someone wanted to fake an election, the SQL templates could provide clues regarding the kind of database to set up. So, for example, if you want to set up a fake race for Your County, USA, all you might have to do is run these SQL commands to create a fake data set for Your County. But there's no evidence that any such thing has happened, so far.