Analysis of the Response to FFEC Public Records Request

By: John Washburn

On December 4, 2006 the Florida Fair Elections Coalition (FFEC) submitted a Public Records Request[1] to the Florida Bureau of Voting System Certification (FL BVSC). The complete text[2] of the Public Records Request was quite lengthy, but it is easy to summarize. The FFEC asked the bureau to provide the cryptographic hash values[3] of the software components that compose the five voting systems certified for used in Florida. The resulting request was for hash values to the 101 software components listed on the Bureau’s website[4].

Cryptographic hash values[5] can be used to compare one collection of installed software to another collection of installed software in order to compare the two installations. The use of hash values allow for very fine comparisons of software configurations[6] without exposing copyrighted, trade secreted or patented intellectual property to unintended disclosure. If the lists of hash values are different, then the software install on the two system is certainly and provable different.

Since, there have been audits of two voting systems in Florida within the last 12 months, Florida Fair Elections Coalition is certain the Bureau of Voting Systems Certification has access to this very technical information. The first step in an audit procedure is to determine and identify the system under audit. For voting systems, this verification of the system under audit is doubly important as only systems certified by the Bureau of Voting Systems Certification may be used in Florida elections. Having an enumeration of the cryptographic hash values of the various software components of the five systems certified in Florida is necessary in order to confirm that a system used in an election is the system certified by the FL BVSC.

The response from the Florida Bureau of Voting Systems Certification was a CD-ROM disk containing five directories containing a total of 12 text files. The text files are essentially a list of filenames and the SHA-1 hash value[7] for each of the named files. A compressed ZIP Archive of this CD-ROM disk is provided here[8].

Florida Fair Elections Coalition asked me to review their original request and the response by the Florida Bureau of Voting System Certification and to comment on which records were produced and which records, if any, were not produced. The complete and detailed analysis of each of 101 requested records and the response provide by the State of Florida is also quite lengthy, but also easily summarized. Of the 101 items requested, 3 (items 1, 92 and 93) were fulfilled by the State providing a hash value to a specific software component. The State responded to 18 other requests (requests 29-33, requests 81-87, and requests 96-101) with the response that no such record is maintained by the state as such information is in the public domain. The State has not responded to the remaining 80 requests.

The 3 items for which SHA-1 hash values[9] were provided were:

• The cryptographic hash value for Global Election Management System Software (GEMS), Release Level 1-18-19
• The cryptographic hash value of the AVC Edge firmware version 4.3.320 as used on an AVC EDGE I (15" DRE) w/ Seiko printer
• The cryptographic hash value of the AVC card activator firmware version 4.3.320 as used with the AVC card activator, version D

For the remaining 80 cryptographic hash values requested, what the State of Florida provided was not the hash value of the specified software component requested but the hash value of the compressed archive which (presumably) contains the software component. The diagram below can help to illustrate this difference.

What Florida Fair Elections Coalition requested were the cryptographic hash values of the software components expected to be found in green boxes of a certified system. What Florida Fair Elections Coalition received as a response from the State of Florida were, instead, the hash values of the items found in the yellow circles. This is non-responsive because there is the possibility the voting system was upgraded or patched after installation. The process to upgrade or patch the voting machine software is represented by blue circles.

What Florida Fair Elections Coalition requested was the contents of the purple box as found in a reference installation from the certified installation CD-ROM’s. This list of the expected hash values of the certified systems could then be compared, at a later time, to the hash values actually found on an election system under audit. If the hash values differ, then it is certain the system under audit is not a system certified by the state.

Florida's Public Records Act[10] defines 3 actions as responsive to a public records request:

• No such record exists,
• The record exists but is exempt from disclosure, or
• Here is the requested record.

The response from the Florida Bureau of Voting Systems Certification to the FFEC 101 Public Records Requests breaks down as follows:

• 3 of the requested SHA-1 hash values were provided,
• 18 of the requests are for records which do not exist, and
• 80 of the 101 records requested received no response from the state, which, instead, provided different records than those requested.
  

---

[1]http://www.flsenate.gov/statutes/index.cfm?App_mode=Display_Statute&URL=Ch0119/ch0119.htm

[2]http://www.washburnresearch.org/archive/FFEC-PPR-20061204/FFEC-OriginalPPR.pdf

[3]http://en.wikipedia.org/wiki/Cryptographic_hash_functions

[4]http://election.dos.state.fl.us/votemeth/systems/countysys.asp

[5]http://en.wikipedia.org/wiki/Cryptographic_hash_functions

[6]http://en.wikipedia.org/wiki/Software_Configuration_Management

[7]http://en.wikipedia.org/wiki/Sha-1

[8]http://www.washburnresearch.org/archive/FFEC-PPR-20061204/FL-BVSC-ResponseCDROM.zip

[9]http://en.wikipedia.org/wiki/Sha-1

[10]http://www.flsenate.gov/statutes/index.cfm?App_mode=Display_Statute&URL=Ch0119/ch0119.htm

PDF Version