Update: Lawsuit filed in Ohio over software updates to vote tabulation machines
Last-minute patches were untested and uncertified in violation of Ohio law, plaintiff claims
Computerworld - The co-chairman of the Ohio Green Party and editor of FreePress.org, Bob Fitrakis, on Monday filed a federal lawsuit over software that was allegedly installed on central vote tabulation machines in 39 Ohio counties without being tested or certified for use, as required by state law.
The lawsuit, filed in the U.S. District Court for the Southern District of Ohio, sought the court's immediate intervention in getting Ohio Secretary of State Jon Husted to remove the allegedly infringing software from the tabulation machines before Tuesday's general elections.
Ohio is a key swing state in the U.S. presidential election and could well determine the winner. Polls have shown President Obama with a narrow lead in the state over GOP challenger Mitt Romney.
The lawsuit comes days after FreePress.org published a report claiming that Husted had done an "end run" around Ohio law by installing the software on the vote tabulators in the weeks leading up to to the election. According to the report, the software was installed on machines that will be used to count ballots cast by more than 4 million registered voters, including those in major metropolitan areas such as Cleveland and Columbus.
FreePress claimed it obtained a copy of the contract for the software from a source at Husted's office. The contract calls for the tabulation machine's vendor to "enter custom codes and interfaces to the standard election reporting software," the publication claimed.
In an update posted Monday, Fitrakis said that FreePress has since learned that the software was apparently installed to help simplify the process by which counties report election results to the Secretary of State's system.
Memos circulated among senior staff at the Ohio Secretary of State's office "indicate that this software was never tested because of claims that it is not involved with the tabulation or communication of votes," Fitrakis noted. The software was unilaterally deemed "experimental" in nature by Husted's office and therefore was made exempt from Ohio's testing and certification requirements, he said.
Untested software updates on voting machines are illegal under Ohio law, but "last minute software patches may be deemed 'experimental' because that designation does not require certification and testing," Fitrakis wrote. "By unilaterally deeming this new software "experimental," Secretary of State Husted was able to have the software installed without any review, inspection or certification by anyone," he claimed.
The Ohio Secretary of State's office did not immediately respond to a request for comment.
Speaking with Computerworld, Fitrakis said he filed the lawsuit because Ohio statutes make it clear that all software loaded on election systems must be previously tested and certified. Though Husted's office has tried to make it appear that the software update was such a minor change that it did not require testing, state and federal laws provide no such exception, especially when the update involves so many systems.
"If the software is so benign, they should have given us the contract to inspect," Fitrakis said.
Fitrakis said the biggest concern with using untested software is that there is no way of knowing how susceptible it might be to hacking and tampering.
"Who know what's in the code ... and whether or not it creates an opportunity to alter election results. There's a reason you test and certify," he said.
Even if the software is not directly installed on voting machines, it is still troubling, according to election watcher Brad Friedman, who maintains a blog chronicling election issues. "Since the software is installed directly onto the central tabulator machines, where it can affect --- either accidentally, or by design --- the main results of an entire county's election," the software is worrisome, Friedman wrote in his blog Monday.
"Software residing on the central tabulation systems is, in fact, far more dangerous than software on the voting systems, since it can have direct access to the entire set of county election results," he wrote.
In comment's made to theGrio, a news Web site, a spokesman for Husted's office is quoted as saying the newly installed software allows election results to be outputted to a thumb drive from where it can be immediately uploaded to the Secretary of State's system. The software is designed to cut down on the amount of information that precinct workers would have to key in by hand, the spokesman said.
"It basically just creates a one-way flow of information -- and that is simply from their system, out," the spokesman is quoted as telling theGrio. "It is a pilot project that we're doing with about 25 counties or so. So it's not statewide, but it is a pilot project we're trying," the spokesman said in explaining why the software was labeled experimental.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
- NYC wants its old mechanical-lever voting machines back
- Twitter a big winner in 2012 presidential election
- E-voting machine swaps Obama vote for Romney; taken offline
- Ruling expected shortly in Ohio e-voting lawsuit
- Update: Lawsuit filed in Ohio over software updates to vote tabulation machines
- States rebut RNC complaints about e-voting systems
- Despite e-voting improvements, audits still needed for ballot integrity
- Obama, Romney cite Apple, tech issues in debate
- Twitter becomes new debate spin room
- IT offshoring: Romney vs. Obama
Read more about Government/Industries in Computerworld's Government/Industries Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Future Focus: What's Coming in Enterprise Mobility Management (EMM) Find out why Enterprise Mobility Management (EMM) solutions that are truly future-ready must be designed to enable Machine-to-Machine (M2M) capabilities and much more.
- The CIO's Guide to Enterprise Mobility Management (EMM) This guide will help those making an EMM platform decision make the best choice for their organization.
- Yankee Group: BlackBerry Results Refute Rumors of its Demise Yankee Group: BlackBerry® is stronger than the press makes it out to be.
- Your New EMM Platform: How to Streamline the Migration Smartphone migration can be resource-intensive and challenging. Find out how outsourcing the process can save significant time and money.
- Live Webcast Increasing the Value of Your Reports and Dashboards Learn how incorporating other analytical capabilities such as predictive modeling and visualization can increase the value of your reports and dashboards by providing...
- Testimonial: Cystic Fibrosis Trust Peter Hawkins, the Head of IT for Cystic Fibrosis Trust, discusses the role CommVault's Simpana software platform plays in improving the company's information...
- Increasing the Value of Your Reports and Dashboards Learn how incorporating other analytical capabilities such as predictive modeling and visualization can increase the value of your reports and dashboards by providing... All Management White Papers | Webcasts