[Tfug] SQL database question

Jim March 1.jim.march at gmail.com
Sat Mar 15 03:13:47 MST 2008


Guys,

NOW I'm digging into election crap in Maricopa County.  They run Sequoia
voting system stuff, which in turn holds it's central database of votes in
MS-SQL.

I need to ask a tech question related to this, as I'm not an SQL guru of any
sort.

I filed a public records request for those data files.  The county turned me
down because Sequoia told them to - Sequoia wrote a letter saying that they
embedded "program code" within the database, which in turn is proprietary
trade secret of Sequoia.

Now, voting systems have to be Federally certified to be legal in AZ.  I
know a LOT about that process.  One of the rules in the Federal process, and
it's "cast in stone", is a ban on interpreted code.  The reason for the ban
is simple: election software that is shipped into the field is supposed to
match the hash-codes of the master set maintained by the Feds, and
verifiably the same as what the testing labs reviewed.  There's also a need
to make sure that voting system code, once shipped into the field, isn't
modifiable by crooked elections officials or anybody else.

So...if there's "program code" buried in the .SQL files, wouldn't it be
interpreted, or could it be compiled objects?  Would any such code, if it's
there, be modifiable fairly easily?  Does it even pass a basic sanity check
to have applications software embedded in an SQL database, or are they
likely just blowing smoke?

In the Diebold world, they did the same thing using MS's "object linking and
embedding" (OLE) to stuff crap into MS-Access .MDB files.  But it was all
hand-modifyable and hence in violation of the "no interpreted code" ban.

Thoughts?

Jim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tfug.org/pipermail/tfug_tfug.org/attachments/20080315/1ece3dce/attachment-0002.html>


More information about the tfug mailing list