Update: Lawsuit filed in Ohio over software updates to vote tabulation machines
Last-minute patches were untested and uncertified in violation of Ohio law, plaintiff claims
Computerworld - The co-chairman of the Ohio Green Party and editor of FreePress.org, Bob Fitrakis, on Monday filed a federal lawsuit over software that was allegedly installed on central vote tabulation machines in 39 Ohio counties without being tested or certified for use, as required by state law.
The lawsuit, filed in the U.S. District Court for the Southern District of Ohio, sought the court's immediate intervention in getting Ohio Secretary of State Jon Husted to remove the allegedly infringing software from the tabulation machines before Tuesday's general elections.
Ohio is a key swing state in the U.S. presidential election and could well determine the winner. Polls have shown President Obama with a narrow lead in the state over GOP challenger Mitt Romney.
The lawsuit comes days after FreePress.org published a report claiming that Husted had done an "end run" around Ohio law by installing the software on the vote tabulators in the weeks leading up to to the election. According to the report, the software was installed on machines that will be used to count ballots cast by more than 4 million registered voters, including those in major metropolitan areas such as Cleveland and Columbus.
FreePress claimed it obtained a copy of the contract for the software from a source at Husted's office. The contract calls for the tabulation machine's vendor to "enter custom codes and interfaces to the standard election reporting software," the publication claimed.
In an update posted Monday, Fitrakis said that FreePress has since learned that the software was apparently installed to help simplify the process by which counties report election results to the Secretary of State's system.
Memos circulated among senior staff at the Ohio Secretary of State's office "indicate that this software was never tested because of claims that it is not involved with the tabulation or communication of votes," Fitrakis noted. The software was unilaterally deemed "experimental" in nature by Husted's office and therefore was made exempt from Ohio's testing and certification requirements, he said.
Untested software updates on voting machines are illegal under Ohio law, but "last minute software patches may be deemed 'experimental' because that designation does not require certification and testing," Fitrakis wrote. "By unilaterally deeming this new software "experimental," Secretary of State Husted was able to have the software installed without any review, inspection or certification by anyone," he claimed.
The Ohio Secretary of State's office did not immediately respond to a request for comment.
Speaking with Computerworld, Fitrakis said he filed the lawsuit because Ohio statutes make it clear that all software loaded on election systems must be previously tested and certified. Though Husted's office has tried to make it appear that the software update was such a minor change that it did not require testing, state and federal laws provide no such exception, especially when the update involves so many systems.
"If the software is so benign, they should have given us the contract to inspect," Fitrakis said.
Fitrakis said the biggest concern with using untested software is that there is no way of knowing how susceptible it might be to hacking and tampering.
"Who know what's in the code ... and whether or not it creates an opportunity to alter election results. There's a reason you test and certify," he said.
Even if the software is not directly installed on voting machines, it is still troubling, according to election watcher Brad Friedman, who maintains a blog chronicling election issues. "Since the software is installed directly onto the central tabulator machines, where it can affect --- either accidentally, or by design --- the main results of an entire county's election," the software is worrisome, Friedman wrote in his blog Monday.
"Software residing on the central tabulation systems is, in fact, far more dangerous than software on the voting systems, since it can have direct access to the entire set of county election results," he wrote.
In comment's made to theGrio, a news Web site, a spokesman for Husted's office is quoted as saying the newly installed software allows election results to be outputted to a thumb drive from where it can be immediately uploaded to the Secretary of State's system. The software is designed to cut down on the amount of information that precinct workers would have to key in by hand, the spokesman said.
"It basically just creates a one-way flow of information -- and that is simply from their system, out," the spokesman is quoted as telling theGrio. "It is a pilot project that we're doing with about 25 counties or so. So it's not statewide, but it is a pilot project we're trying," the spokesman said in explaining why the software was labeled experimental.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
- NYC wants its old mechanical-lever voting machines back
- Twitter a big winner in 2012 presidential election
- E-voting machine swaps Obama vote for Romney; taken offline
- Ruling expected shortly in Ohio e-voting lawsuit
- Update: Lawsuit filed in Ohio over software updates to vote tabulation machines
- States rebut RNC complaints about e-voting systems
- Despite e-voting improvements, audits still needed for ballot integrity
- Obama, Romney cite Apple, tech issues in debate
- Twitter becomes new debate spin room
- IT offshoring: Romney vs. Obama
Read more about Government/Industries in Computerworld's Government/Industries Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts