Judge throws out Ohio lawsuit over software on vote tabulation machines

Plaintiff produces no evidence to show software posed a threat to vote integrity, federal judge rules

A federal judge in Ohio today rejected claims by Ohio Green Party co-chairman Bob Fitrakis that software that was recently installed on vote tabulation machines in more than two-dozen counties in the state, posed a threat to the integrity of ballots cast in today's General Election.

In a 10-page ruling, federal judge Gregory Frost of the U.S. District Court for the Southern District of Ohio held that Fitrakis had produced no evidence to back his claims that the software was capable of altering election results and therefore needed to be immediately removed.

"[Fitrakis] has demonstrated zero likelihood of success based on the evidence presented to this Court," both in his motion for a temporary restraining order and at a hearing held this morning, Judge Frost wrote. "Fitrakis's alleged harm is purely speculative," Judge Frost wrote, in dismissing a lawsuit filed by Fitrakis on Monday.

"Fitrakis has not provided actual evidence that demonstrates how this harm is a realistic possibility, much less how it is actual and imminent. Having failed to show irreparable harm, Fitrakis cannot obtain the extraordinary injunctive relief he seeks."

In his complaint on Monday, Fitrakis had alleged that Ohio Secretary of State John Husted had violated state and federal laws when he installed software from Elections Systems & Software. (ES&S) on vote tabulation machines without first testing it or getting it certified. He had argued that installing such untested software in the weeks leading up to the elections presented an extraordinary risk. He had maintained that such untested software could potentially allow attackers to introduce a virus program or install a "back door" on vote tabulation systems to alter election results.

In its defense, Husted's office maintained that the ES&S' EXP software in question was designed purely to assist in the early reporting of voting results. All that ES&S' software was being used for was to reformat results that had already been counted and stored in pre-defined files.

The EXP software is not designed to, nor does it actually, count votes or have the ability to write over results already stored on county election systems, Husted's office had maintained. The newly installed software basically allows election results to be outputted to a thumb drive from where it can be immediately uploaded to the Secretary of State's system. The software is designed to cut down on the amount of information that precinct workers would have to key in by hand, the government had claimed.

Considering what it was designed to do, the software is not considered part of a certified voting system and therefore is exempt from testing and certification, Husted's office had claimed.

In agreeing with that assessment, Judge Frost noted that Fitrakis and his expert witnesses had merely speculated on the potential for the software to create harm without once showing how that might happen. He pointedly noted that neither Fitrakis nor his expert witness had actually tested the EXP software before making their claims.

"Instead of explaining to the Court how the system would be altered by the Secretary's use of the EXP software, Fitrakis instead argued that "[t]here is no objective proof that the new software will not adversely affect the existing software in an unforeseen way" and that "[t]here is no evidence that [unforeseen adverse software impact] will not happen here," Frost wrote.

The claim to injunctive relief is "based on a series of speculative assumptions about what the EXP software might do to the county vote tabulation computers and how someone might be able to use the EXP software to alter election results."

Ohio is a key swing state in the U.S. presidential election and could well determine the winner. Polls have shown President Obama with a narrow lead in the state over GOP challenger Mitt Romney.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is jvijayan@computerworld.com.

See more by Jaikumar Vijayan on Computerworld.com.

Read more about applications in Computerworld's Applications Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags Government ITapplicationssecurityapplication securityAccess control and authenticationsoftware

More about Topic

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts