OBSERVATIONS:
The Election Assistance Commission (EAC) has set up a process to perform a HASH validation on the files used to ensure they are the same files that were certified by the EAC. This EAC certification is mandatory for any election system used in Texas. If correctly performed, a HASH validation will in fact prove that a software file (or collection of files) has not changed from a baseline standard.
What is a HASH validation? A HASH is a mathematical function performed on a file (or collection of files) that produces a large number representing a “fingerprint” of that file. If any single bit (0 or 1) in the file is changed, the HASH will produce a different fingerprint and you will know the file has changed. The length of a HASH output can vary based on the standard used. One of the most common HASH functions, MD5, produces an output of 128 bits (or characters). An SHA-512 HASH function will produce 512 bits.
If I wanted to prove a digital picture was exactly like the original, I could take an MD5 HASH (fingerprint) of the original picture and publish both the picture and the HASH value. Anyone needing to prove the picture has not been altered could then perform and MD5 HASH for their copy of the picture. If the HASH values match, the picture has not been altered. If any part of the picture were to be changed (removing red-eye or adding something with photoshop), the HASH would be different. This would be true even if the only change was to alter the color of 1 pixel to a different color even if the human eye could not tell the difference.
A HASH function MUST be performed on the same file or collection of files to get the same output.
In Texas, many issues with the HASH validations have been documented over the years:
https://www.zetter-zeroday.com/votings-hash-problem-when-the-system/
First of all the Texas Secretary of State (SOS) has issued an election advisory on how to perform HASH validations for Texas counties (Election Advisory No. 2022-30). This advisory directs the county to use the vendor’s instructions to generate the HASH value. However, the vendor does not have to disclose or show what method is used to generate the HASH value.
We have observed several Logic and Accuracy Tests performed in Bexar County since 2020 and the HASH test as performed does NOT prove the software running on the computer is the same as certified by the EAC. The vendor provided instructions simply have the operator select a menu choice on the computer to generate and export a HASH value. There is NO indication of what algorithm is used or what files they perform a HASH on. A number is generated and copied to a USB drive and then the USB is taken to another computer and compared to the “Golden” number using another script provided by the vendor. None of the HASH values are printed or seen on the screen for an observer to validate. The vendor provided algorithm could simply be copying the HASH value to the USB and not actually running an algorithm.
Without a transparent HASH process, there is no way to verify the integrity of the software running on the election computers.
CONCERNS:
A version of software different from the EAC certified version could be running on the computers used in Bexar County and the public has no way of detecting this. Only an administrator on the computer could verify what software is running. The current validation method does not prove to an observer that the correct version is loaded and is the software being used. A transparent software validation method MUST be used during the Logic and Accuracy tests to prove what version of software is being loaded on the computers and multiple validations should be conducted during and after the election to ensure no changes have been made since the software was loaded.