Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
United States Software

Maryland Plans Code Review for Voting Software 307

asmithmd1 writes "We already knew Diebold software is insecure, now the Baltimore Sun is reporting that the Governor of Maryland has asked SAIC to review the software in Diebold voting machines. Diebold has graciously allowed SAIC access to their proprietary code. Why isn't this code open source by law?" In a related story, a trade show for closed-source electronic voting systems is doing their best to keep critics out. Update: 08/07 15:23 GMT by M : Diebold's website security is less than outstanding.
This discussion has been archived. No new comments can be posted.

Maryland Plans Code Review for Voting Software

Comments Filter:
  • the problem is... (Score:5, Insightful)

    by borgdows ( 599861 ) on Thursday August 07, 2003 @10:14AM (#6635104)
    even if the code is opensource, how can you be sure the voting machine executable has been compiled from the genuine source code ?
    • I guess that certain procedures would have to be followed and an independant overseer would have to be appointed, albeit by one of the cantidates on the ballot.

      At some point we would have to collectively trust the bastards, the same way we trust automovite manufacturers and inkjet printer manufacturers to look out for our best interests.

      We're doomed!
    • DRM. Basically, the system should verify itself via a DRM mechanism. In light of this treatment of mercuri, I suspect that even if DRM does come to light, it will not be used on voting systems.
      • The same people we don't trust to write code would be implementing the DRM measures, and there's even less chance of the DRM being open and auditable.
    • even if the code is opensource, how can you be sure the voting machine executable has been compiled from the genuine source code ?

      Compile it yourself! Every voter would compile the code Gentoo-style when they entered the booth.
      I knew Gentoo was the answer for everything!
      • Re:the problem is... (Score:5, Informative)

        by maxume ( 22995 ) on Thursday August 07, 2003 @11:02AM (#6635604)
        Of course, Ken Thompson [acm.org] has said some very interesting things about trusting code and compilers. The only way to really trust the code would be to hand code/compile/enter your own compiler in asm, and use this to bootstrap a more powerful compiler etc, until you were able to compile the code that you had reviewed and elected to trust. If you don't do it all yourself, you really can't be sure how trustworthy a binary is, your compiler might have done some dirty business behind your back.
        • by jandrese ( 485 ) *
          Heck, how can you trust their closed proprietary hardware at that point? You never know if they took and modified their Pentium in there to recognise when you're bootstrapping a compiler and modifing your routines.

          The simple fact is that you have to trust someone (or some group of people) along this chain, which is very difficult because the incentive to cheat in elections is huge. You can reduce the danger with a solid system of checks and balances, but there's always the possiblity of the very deter
    • by cybermace5 ( 446439 ) <g.ryan@macetech.com> on Thursday August 07, 2003 @10:24AM (#6635223) Homepage Journal
      Heh, guess we could teach all voters to type "./configure; make; make clean"
    • That's my job (Score:5, Informative)

      by Inexile2002 ( 540368 ) on Thursday August 07, 2003 @10:38AM (#6635363) Homepage Journal
      Seriously. One of the things I do for Comp Sec is change management and version management. There are VERY strict auditing standards that companies like this need to meet. In the US there is a SAS 70 auditing standard that companies need to meet in order to do things like this. Up here in Canada, we call it a Section 5900 but its the same basic idea.

      The way it works is, a company says that there are controls in place to assure people that something is or is not happening. If someone wants to test those controls, they'll call in a team of qualified IT auditors and we'll do a Section 5900.

      For the 5900, the people hiring us to do the job (could be the company in question, a regulatory board, a judge, a client etc) will draft a list of risks or controls. These controls are things they want to see in place.

      So, for a voting machine, the people requesting the 5900 would list controls similar to the following:
      -All changes to code are authorized and approved.
      -All changes are adequately tested, approved and testing is not carried out by the original developer.
      -No changes are introduced to the code after testing.
      -Changes are promoted and versioned by someone other than the original programmer.
      -Code that is installed into the production system is the same code that was tested and approved.

      ... and so on.

      Then the auditors will go in and verify that these controls exist, that the risks these controls are designed to cover off are adequately covered and that the controls are effective. If a company fails a SAS 70 or a 5900, they usually HAVE to fix the problems.

      Also, it usually isn't that hard to get your hands on a Section 5900 or SAS 70 report. Most companies will happy give them out unless they failed them or there are other NDA issues. As a voter, you probably have rights to these reports, and even if you don't, your elected representatives definitely do.
    • by ajs318 ( 655362 ) <sd_resp2NO@SPAMearthshod.co.uk> on Thursday August 07, 2003 @11:25AM (#6635810)
      I agree with the original person. I can't state it loud enough that THE INTEGRITY OF ELECTION RESULTS IS A FAR GREATER CONCERN THAN ANY CORPORATION'S RIGHT TO SECRECY! The mechanism by which our leaders are chosen must be absolutely open to public scrutiny and any government that does not believe this so, deserves to be overthrown.
      even if the code is opensource, how can you be sure the voting machine executable has been compiled from the genuine source code ?
      I've looked at this one before and it is a problem, because the C compiler may be rigged so that when you try to compile it from source, then it modifies itself subtly so as to insert various backdoors; in other words, the code you get from the compiler does not match up against the source you compiled. Then, it does not matter how "clean" any of the source code is; because the compiler might modify the code during compilation. Even if you run the original, clean compiler source through it, chances are that the compiler could spot this and mung it, giving you a "dirty" compiler.

      Throughout the following, I'm assuming you - or someone you trust - can spot malicious C code just by looking at it, and can write assembler code you know is safe. You don't have to be able to look at someone else's C-generated assembler and know whether it's safe.

      You first need to write a simple C interpreter in assembler. Note, it only has to interpret; it doesn't have to compile. As long as the assembler instructions it generates do the same thing as the C source code you feed it - even if much more slowly than a compiled version - then it is good enough for the time being. It can even waste as much memory as you can spare. The most important thing is that you know the temporary interpreter is safe. Then you take the source code for the compiler you want to compile - you know this is safe, but the pre-compiled binary might not be safe - and run it through the interpreter. Now the output from the interpreted compiler is actually a compiled compiler, and it's safe. You haven't run the "dirty" compiler binary, which might have modified the compiler.

      Now you have a compiler which you know for certain isn't going to produce binaries which don't do what the source said. And that's the first step to trustworthy computing. Maybe get someone we all trust to sign the code by encrypting it with their secret key {so when you decrypt with their public key you recover the original; recall that P(S(x)) = S(P(x)) = x}. Problem is, you can't trust anyone with election results, because the stakes are so high.


      On the other hand, why bother with voting machines at all? In this country, we count votes by hand. It may not be high-tech, but it works and it's harder to subvert. Hand-counting of small batches of papers {which are kept, in case of dispute, until the next election is out of the way} is not significantly slower than machine counting. Anyway, what's a few hours here or there when a term of office can last for four or five years? To throw an election, you would need to bribe several people, not all of whom are politicians. The ballot paper {taken at random from a book of identical ones and by a different person than the one who sees your voter ID - the only communication between them is a slight nod} is the only record of the vote, and the voter has already had the opportunity to verify it before depositing it.

      For how often elections are held, it probably is less work to keep on doing all this stuff by hand than it is to put the safeguards in place that would make machine voting trustworthy.
    • by Jeremi ( 14640 ) on Thursday August 07, 2003 @11:32AM (#6635867) Homepage
      Who cares about the code? If the machines generated a voter-verified paper trail, you could check the results for accuracy. Since they don't, you can never be sure that the results were correct, no matter how carefully the source was scrutinized.
  • because (Score:4, Insightful)

    by bigpat ( 158134 ) on Thursday August 07, 2003 @10:15AM (#6635106)
    "Why isn't this code open source by law?"

    because we haven't made it so yet. Remember Government by the people...
    • Re:because (Score:5, Interesting)

      by garcia ( 6573 ) * on Thursday August 07, 2003 @10:18AM (#6635146)
      but how many of "us" will realize the necessity of that? People are SO used to MS as being the only thing out there for computers and not knowing that there is such a thing as "open source" and that "trade secrets" aren't the most important thing when it comes to security.

      Who's to say that just because we see the source code that they actually use that code when they compile it?

      Who's to say that there isn't some hardware interface to mess with the votes?

      The list goes on.

      Basically what it comes down to is that the ignorance of the general public (and the fact that only a minority even care enough to vote as it is) is what is going to lead to the downfall of our voting systems.
      • Re:because (Score:3, Insightful)

        but how many of "us" will realize the necessity of that? People are SO used to MS as being the only thing out there for computers and not knowing that there is such a thing as "open source" and that "trade secrets" aren't the most important thing when it comes to security.

        People once thought that women and minorities were inferior, slavery was ok, and only landholders should have a say in anything, and you can pay off your sins by giving to the Church. We have gotten past those issues, we can get past th

        • sure, but look how long it took for legislation to "fix" these problems, and look at the current situations...

          Only NOW are women finally being treated some-what fairly in the professional world. Minorities are being treated a little better but there is still too much left over hatred (it only happened 40 years ago), etc.

          We need electronic voting NOW and we need open source NOW. We can't afford to wait 50 or 60 years.
          • Re:because (Score:3, Interesting)

            We need electronic voting NOW and we need open source NOW. We can't afford to wait 50 or 60 years.

            Hold the phone.

            Why NOW? We have managed to survive as a people for 250 years before the invention of the computer, and as a civilization for 10 millenia.

            Computers and Open Source are not a fix, an improvement, or a reform in unto themselves. They are a means. You can implement some pretty crappy things in Open Source, or some earth-shatteringly well engineered things. The Open Source, while it helps, does

      • Re:because (Score:3, Interesting)

        by Stubtify ( 610318 )
        Well this past week on NPR's Talk of the Nation they had a Professor from MIT I believe who discussed the problems with these voting machines. He mentioned that they had "stumbled" upon the source for one of these machines and that they found many disturbing problems.

        What struck me as interesting was that there was a long discussion of why these should be open sourced, the callers, the moderator, and the professor all seemed to be on the same page. This is NPR, however that makes me feel a little better
    • because we haven't made it so yet. Remember Government by the people...

      And have we made a good case for why it should be open source? Remember, around here it's taken as gospel that Open Source is a "Good Thing," this isn't the case elsewhere. I'm not necessarily taking a contrary position, but it's a question that needs to be answered clearly.

      Obviously security is the main concern here - but one could make a case that this isn't like windows, which hackers can play around with all the time at home. Fo

      • Re:And why? (Score:3, Insightful)

        by bigpat ( 158134 )
        "On the contrary, if the source were opened, one might not be able to trust that there would be more white hat hackers than black hats for such a high-profile application"

        Hacking is of little concern here. Since we aren't talking about Internet voting, so the only opportunity to hack would be while you are in the voting booth, with nothing but the interface that is given to you. So assume there is a touch screen or something with a limited number of options.

        Making this software open source so that we ca
      • Re:And why? (Score:3, Insightful)

        by ajs318 ( 655362 )
        How dare you presume to tell me that I am not allowed to supervise the process by which my elected representative will speak in my name?

        Get your head out of your arsehole. It's because of idiots like you that your country's in the mess it's in.
  • by chrisgeleven ( 514645 ) on Thursday August 07, 2003 @10:16AM (#6635122) Homepage
    Voting via absentee ballot. At least there is a greater chance of my vote not being screwed up or changed.

    Anyone who thinks these voting computers are going to be flawless and secure by Nov. 2004 is greatly mistaken.
    • Sadly, even paper is easily manipulated. Chicago land area (historically) is a great example of this.
    • "I know what I am doing next election... Voting via absentee ballot. At least there is a greater chance of my vote not being screwed up or changed."

      You could also force your wife, tenants and neighbours to vote by post too, that way you can check how they vote rather than letting them into those pesky secret ballots.

      Useful things, postal and home electronic votes. Wonder if anyone's realised how they let-down the system yet?
      • Have you ever voted absentee? There are two envelopes, one goes in the other... the inside envelope face is blank and has no information about you and holds your vote.
    • Voting via absentee ballot. At least there is a greater chance of my vote not being screwed up or changed.

      You're not living in Florida, by chance....?

    • Absentee electronic voting.

      "H.R. 1377, the Military Overseas Voter Empowerment Act of 2001 [navy-reserve.org] introduced by Representatives Mac Thornberry, Duke Cunningham, Sam Johnson and Helen Tauscher would be a major step in improving the process. This legislative initiative provides for the Secretary of Defense to expand an electronic voting pilot program to test the system in the 2002 general election for the implementation of the ultimate solution - Electronic Voting."
  • by JohnGrahamCumming ( 684871 ) * <slashdot@ j g c . o rg> on Thursday August 07, 2003 @10:16AM (#6635124) Homepage Journal
    Why isn't this open source by law?

    Well because the US is a capitalist country and because currently most people seem to believe that the best way to make money in software is by keeping the code proprietary and because US government favors money-making corporations.

    I agree that if it were open source it would be far more likely the security problems would be discovered quickly.

    So how about creating an open source alternative... anyone ready to register an OpenVote system on SourceForge?

    John.

    • US government favors money-making corporations

      It doesn't have to be this way, of course, even in the US. The US Government regularly pays contractors to write software which does not belong to the contractor when the work is done. The final product is, I believe, in the public domain. However, this does drive up the cost since the US is essentially paying to write a new product and cannot share the burden by selling it to anyone else.

      how about creating an open source alternative

      Of course, such a p

  • by daoine ( 123140 ) * <moruadh1013&yahoo,com> on Thursday August 07, 2003 @10:17AM (#6635139)
    I'm a big fan of the open source movement, but I'm not sure that voting software *needs* to be open source, because there is value in securing the source code itself.

    Security through Obscurity is not Inherently Evil.

    Of course, if the only security a system has is based on the fact that nobody can see the code, I'd say that system is hosed. I highly doubt voting software would fall into this category. It's unfortunate that obscuring code has taken on the negative connotation of "hiding bugs." That's not always the case. Keeping the inner workings of a system secret is a valid security measure, and used in conjunction with other means it can create a well-secured system.

    I think the process they are taking is a step in the right direction. I believe that independent code reviews strengthen privately owned code. I think it's a mistake to deny access to those who have the ability to challenge the system. But I'm not sure open sourcing the code will make it any more secure.

    • I believe that independent code reviews strengthen privately owned code

      In theory yes, in practice NO. I remember about 5 years ago, I was working for a company which was developing lot of C code on Tandem Mainframes for a stock exchange .

      Anyway the stock exchange asked an independent auditing company (the same one connected to enron ) to audit our code for Y2K and also security.

      To cut the long story short, the auditors were very smart in figuring out that the stock exchange's IT dept. was a joke and th

    • by WindBourne ( 631190 ) on Thursday August 07, 2003 @10:31AM (#6635294) Journal
      Security through Obscurity is not Inherently Evil.
      In this case, it is.
      With normal elections, the abilty to tamper with the results are minimal. The reason is that the votes do not end up in one place. In addition, you have several different parties counting at all times (typically Dems and Republicans). With this approach, it offers a single point of entry. It is possible for the votes to be rigged here either directly or indirectly. Somebody could offer 10 to 100 million dollars to the coder or even CEO within the company (keep in mind that some elections are spending a great deal more money to win them these days; apparently it pays off). Or since it may have a unknown opening, only the bad guys would know. Only the problem is that the bad guys would be a party member.
      BTW, the orginal bribe may be to simply forget about an opening, rather than the introduction of one. Then the party would simply introduce something to manipulate it nationaly. At that point, they would manipulate close elections. Totally undectable.
    • by gilroy ( 155262 ) on Thursday August 07, 2003 @10:46AM (#6635438) Homepage Journal
      Blockquoth the poster:

      Security through Obscurity is not Inherently Evil.

      When it comes to voting software, yes, it is. The people have the right to know that their software is as secure, bug-free, and outcome-neutral as possible. Like laws, the code to count ballots should be accessible to any interested citizen -- and there should be absolutely heinous penalties for anyone who uses a binary compiled from anything other than the open code.
    • If you can change a secret cheaply and do so regularly, it makes sense to keep it a secret. PGP session keys are a wonderful example.

      If you can't change a secret then the secret is a weakness. If your software is burned into ROM embedded in epoxy in thousands of voting machines then you have no good way to recover from a leak of the source code. In that case, might as well publish it and get the benefits of distributed auditing.

      Then there's whether you can detect a compromise. If the Polish resistance ste
    • But the question is, can you keep it secret? It seems to me that history tells us no. There will always be some sort of security breach somewhere, somehow. Some group of h4x0rs will make it a target be it foreign or domestic. You just can't rely on secrets as part of your security, even if it's a minimal part. So just take that out of the equation and open-source it and REALLY make it secure. In a way it's an incentive to keep it secure because anyone that wants to see it, can.
    • Security through Obscurity is not Inherently Evil.
      BTW, security through obscurity is how the soviet union and China do things. They are in hopes that it will never get out. Much of what the USA does (or did) is actually in the open. All through the cold war it worked well and it still works well today.
    • by WNight ( 23683 )
      If you've ever worked in an office, with a boss who is being pressured to release a product, you know why something needs outside audits if it's supposed to be secure.

      If this is a regular project, up for bid, it's going to be as absolutely horrid as they can get away with. You know, trillion bit encryption, rotating one-time pads, etc, etc. All the snake-oil you can shake a stick at.

      Open source doesn't guarantee security, but I wouldn't trust corporate-produced security unless it's open source.

      The voting
    • [...]

      I'm not sure that voting software *needs* to be open source, because there is value in securing the source code itself.

      You're missing the point. The point is democracy.

      The biggest reason for making the source open for voting software isn't security. The biggest reason is accountability. With a paper-based system, anybody (the losing candidate in a close race?) can audit the results by looking at the materials, seeing where the marks or punches or whatever are and counting. The components of the vo

  • by JayBlalock ( 635935 ) on Thursday August 07, 2003 @10:17AM (#6635141)
    But for the love of god and all that is holy, WHY are they fighting so hard against paper records? It makes no sense. (unless you are conspiracy-minded) Seriously. I just can't come up with any decent reason that Diebold et al would be so strongly against hooking a printer up to the system to produce a physical record. Much less why our elected officials would buy into such an idea.
    • Hey, the designers of the Queen Mary thought the ship would be so stable on the seas they didn't install handrails in the corridors.

      The ship gained a reputation for being very unstable and rocky. It almost capsized once. (Ironic since the Queen Mary was the ship used for the exterior shots on The Posieden Adventure.)

    • by Obsequious ( 28966 ) on Thursday August 07, 2003 @10:35AM (#6635329) Homepage
      It's quite simple: because it adds cost.

      Just list the components: a printer; ink cartridges; paper. Note that the last two are consumables, and ink cartridges are even perishable, in a way. (If you let them sit around too long, they get dried out -- or at least non-laser cartridges do.)

      Envision, then, what it would take to run an election, remembering that these happen maybe once a year at best. You have, say, 10 machines per polling station. On the days leading to the election, each machine must be installed, powered up, and tested. Then, you have to connect the printer, test the printer, and change any cartridges that might have dried out in the meantime.

      During the election, you have to keep the printers fed with paper. The ink might run out on a system halfway through. The printer might jam. Because of this you have to keep spares on hand, from the ink to the paper to the print mechanisms themselves. You only get one shot at election day, after all.

      Meanwhile, of course, the polling workers have to be trained and prepared to deal with all this.

      In other words, it's a rather significant amount of cost and effort to add printing support to such a system. Even if you don't use standard printers but some other technology, you still have similar problems: e.g. a cash-register-style printer (which is all you'd need) might still jam, and needs to have its paper changed, etc.

      So, that's why the manufacturers (and probably even municipalities) are opposed to paper. I don't agree with them -- I believe there SHOULD be paper verification.

      I see their position, but it would be nice if they were thinking of something other than the almighty buck.
      • That's possibly it, but given how much of a discount our government can get buying things in bulk, I have a hard time believing the cost of paper and ink would be THAT much of a deterrent.
        • Well, I don't think it's so much that, as it is the fact that (in the case of ink at least) you can't store it forever. Anyway, the governments aren't too concerned about the ink and paper or equipment costs, I think, as much as they are concerned about training the workers.

          I mean, around here the poll workers are usually retirees, housewives, and so on -- interested people with time on their hands. Training these people to work with a new polling machine is bad enough, but you're basically doubling or tr
      • I personally like the idea of individual polling stations printing locally, and folks like Xerox could easily provide production laser printers which can handle the workload. There's also no technical reason that the votes couldn't be printed remotely via ssh tunnel. Output them to something like those super-fast super-reliable DocuPrint lasers.

        Making paper copies of things really isn't a big problem.

    • But for the love of god and all that is holy, WHY are they fighting so hard against paper records?

      [Cynicism ON] Maybe you don't understand. You see, in the political parties' view the problem with Florida in 2000 wasn't the lack of integrity in the voting system, it was that they had too hard a time tampering with the results. In an all-electronic, non-reviewable voting system, nobody in the voting public can see whether the votes were tampered with. I anticipate more "surprising" election results in the

    • But remember, you have to insure that the paper trail *can't* be used by a voter to prove who they voted for - that would allow verifiable vote-buying, which would be bad...

      Hardcopy logs seem a no-brainer, though.
    • It doesn't automatically eliminate fraud, but at very least, I should be given a receipt of my transaction (vote), and a printer ought to be making an archival copy at the same time for recounts.

      Imagine if your bank instituted a no-paper-record policy.
    • But for the love of god and all that is holy, WHY are they fighting so hard against paper records? It makes no sense.

      Unfortunately paper records are nearly worthless.

      Great, I've got a receipt that says I've voted for Bob Nifty. How do I know that the machine actually counted that? Or worse, what if a bug (or evilness) in the code caused 1 in 1,000 ballots to be handled wrong. I'll look at the receipt and it says "Bob Nifty", but I actually voted for "John Keen". With odds of 1 in 1,000, it's likely

  • by Gefiltefish11 ( 611646 ) on Thursday August 07, 2003 @10:17AM (#6635142)

    Not only should the code for voting machines be made open to any interested member of the public, the whole voting process should be opened to the public.

    Provided that it does not infringe on the privacy of individual voters, it seems reasonable and much more secure to allow any interested party to view the voting process in real time and at any level, provided, of course, that the process were set to read only ;)
  • by TWX ( 665546 ) on Thursday August 07, 2003 @10:18AM (#6635144)
    you need to build it. They're not interested in building it open source apparently. Remember, Diebold makes ATM machines and other commercial products, and they have stiff competition. By the design of their business plan their software won't be open.

    So, if you want to see an open source implementation of voting software, something that you can argue is perfect and be able to show the world such, you need to make it. Diebold and their competitors won't.

    If you can build the software to make a secure voting system, someone else can design the hardware once the software is ready. That seems to be what people are missing here. Design the system right and the hardware will be built to work. Design the hardware first, and the system will be dependent on whatever wacky design is chosen.
    • Are there open standards for voting machines and transmission protocols you can adhere to?
      If not, it's pretty complicated for an open source alternative to be successful.
      It's B2G (business-to-government) or how it's called nowaydays. They sell the government a "solution" and if it's closed source, it will be so from the top to the bottom.
    • It should point out that the rules of accounting by which ATMs operate is open source. Every bank follows a set of published standard accounting practices.

      Banks are regularly audited by both industry AND government. They also rely on the government to enforce laws, and track down those who rob banks.

      There is no "pure capitalism". It has to be coupled with a baseline of social services and law enforcement to operate.


    • So, if you want to see an open source implementation of voting software, something that you can argue is perfect and be able to show the world such, you need to make it. Diebold and their competitors won't.


      Nor should we sit around and DEMAND that Diebold be required to share their work with the world. I agree with the parent, if you want it, write it.

  • BSOD (Score:5, Funny)

    by Anonymous Coward on Thursday August 07, 2003 @10:18AM (#6635149)
    your vote has caused a fatal exception in kernel32.dll - try picking another option
  • by packethead ( 322873 ) on Thursday August 07, 2003 @10:19AM (#6635159)
    Independant hopefull Kevin Mitnick was elected President of the 2004 elections.

  • by ihummel ( 154369 ) <ihummel AT gmail DOT com> on Thursday August 07, 2003 @10:19AM (#6635162)
    Before, it was whoever had the best campaign and the most money that won. Will elections in the 21st century be determined by whoever has the best crackers?
  • by xphase ( 56482 ) on Thursday August 07, 2003 @10:20AM (#6635166)
    "Why isn't this code open source by law?"

    This wouldn't fix the problem of faulty(by design) hardware, lack of audit trails, and no trust in the delivery method.

    Sure with open source we can see the code, but that doesn't help if it is compiled by a compiler that you can't see the code for, run on microchips that you can't see the code for, and administered by people you can't trust.

    The ``but it should be open source'' comment that gets thrown around in every single story about electronic voting does not take into account everything that happens to the code _AFTER_ we would be able to see it.

    Anyway,
    here is a link to a page on Electronic Voting:
    Dr. Mercuri's Page on Electronic Voting [notablesoftware.com]

    --xPhase
    • No one is saying that open source is the only solution, just a step in the solution. The "solution" as a whole (hardware to software or vice versa) must be created openly for all to scrutinize and help provide a solution for...

      After all isn't this in order to form a more perfect union??? ...or perhaps technology(capitalism) and democracy don't actually mix.
  • Paper vs paperless (Score:5, Insightful)

    by Ioldanach ( 88584 ) on Thursday August 07, 2003 @10:20AM (#6635167)

    It is still possible to have a valid election, even with a closed source voting system. The key is to have the voting machine spit out a piece of paper where the voter can see the votes written down and then confirm them. It doesn't even have to be a paper the voter handles, it could be behind glass so the voter merely can see that what they voted for is on the paper. Then, in the case of a contested election, the checks can be made against paper as well as the bits. In a case where the ballots don't match, paper overrules the bits.

    Granted, I think an open source system is the only sensible way to go, and the people writing them should be protected by copyright and patents, not secrecy. After all, if they're all required to be open, its going to be awfully hard to hide the source code you stole.

    • by EvilTwinSkippy ( 112490 ) <yoda@nOSpAM.etoyoc.com> on Thursday August 07, 2003 @10:48AM (#6635449) Homepage Journal
      The actual registration of votes is not the problem.

      The problem is in counting the votes. You have to track the chain of custody from the voting booth to the final number. Every step of the way should require a certification from an election official. The certification states that the official saw the numbers, they made sense. If something is completely screwy the official is obiligated by law to declare shenanigans.

      As such, you could stage an election with paper and pencil, stones, or broken clay pots. The computers should only be used to make the counting faster. They cannot be trusted in any other regard.

  • by phillymjs ( 234426 ) <slashdot.stango@org> on Thursday August 07, 2003 @10:20AM (#6635175) Homepage Journal
    According to this story [wired.com] Wired is running today, Diebold got 0wn3d back in March. They were given a nearly 2GB archive of the stuff that was found by a person claiming to be the hacker who got in.

    If a company can't properly secure its own network, how can we possibly trust them to create a secure voting system?

    ~Philly
  • by stratjakt ( 596332 ) on Thursday August 07, 2003 @10:22AM (#6635193) Journal
    Why should it be?

    Why dont I get to follow my paper ballot, meet the person who counts it, give them a math test to make sure they can do the arithmetic required, and wont "carry the two" and fuck everything up?

    Open source software wont fix anything.
    • because we know that there are checks and balances with REAL people who are REAL determined that their party win (Republicans, Democrats, etc are all counting these votes individually).

      We have gotten complacent with computers and their abilities.

      If this crap isn't open source we are just going to believe whatever it spews without and checks?

      No thanks.
    • You do. In Australia at least, scrutineers are allowed at every step of the process. While I suspect the counters would be a bit pissed if you stopped them in the middle of the count to give them a maths test, there is nothing stopping the scrutineers from repeating the calculation and comparing answers.

      Mind you, I don't know how the scrutineers are selected. At minimum, each party can provide scrutineers, but I'm not sure whether the general public can. The system works well enough in Australia that

  • Fraud by Design (Score:2, Insightful)

    by CaptainZapp ( 182233 ) *
    it makes sense that an organization like IACREOT, that supports paperless computerized voting systems, which are secret by their very design, would not want computer experts who disagree with that position at their meetings." (emphasis mine)

    And that's exactly what's dead wrong about voting machines in general and Diebolds AccuVote [avirubin.com] in specific.

    It's about as plausible like those industry strength, propriatery, uncrackable encryption devices with a secret, secret algorithm (which is certified by the associ

  • To see the real origin of voting software see http://science.slashdot.org/article.pl?sid=03/05/1 1/0015240&mode=thread&tid=133&tid=186
  • by pogle ( 71293 )
    Yay, lets pour more money down a black hole of voting software that's really not needed at the moment, and leave Maryland's state universities wallowing in underfundedness so they have to continue to raise tuition 2-3 times a year, reducing services to non-existance, and laying off dozens of staff memebers.

    Sorry for being slightly offtopic, but it feels good to rant about this. Mid-semester tuition raises because the governor would rather have a fancy voting machine than fund the education of the future.
    • "The review ordered by Ehrlich will not cost the state additional money, Fawell said."

      And before someone chimes in with this little quote from the bottom of the article, I saw it, and my initial rant was an 'in general' rant on the whole voting machine issue, not just about this study.
  • by 4of12 ( 97621 ) on Thursday August 07, 2003 @10:28AM (#6635266) Homepage Journal

    Why isn't this code open source by law?

    The source code doesn't strictly have to be under a free or open source license.

    However it is vital that every single voter should have the right to examine the software and the hardware of the election process.

    Without that right, there's nothing to prevent elections turning into the kinds of events that Robert Mugabe has been staging in Zimbabwe.

  • by Phoenix-kun ( 458418 ) * on Thursday August 07, 2003 @10:29AM (#6635269) Homepage
    I really like the system we are now using in Florida with some caveats. You're given a paper ballot with fill-in bubbles to mark your choices. You insert the paper ballot into a safe-like container that immediately scans and tallies the ballot. I've not seen any cases where there were mistakes, but I assume it would function like one of those vending machines that take paper money and reject the ballot if there was a problem. However, my one concern is that the questions and choices are stated and marked in clear text (of course). In the process of feeding your ballot into the machine, your choices are clearly visible to whoever is standing nearby. If they can deal with that privacy issue, I think it is the perfect solution.
    • Yes, but there is the whole transmission line from the scanner to the counter that can be observed. And then some secret service people asking you some not-so-nice questions afterwards, if you wrote "wrong"...

      I don't want to show my vote to a machine, either. That is as bad as showing it to a human.

      Until someone has an idea how one can safely suppress the personal information at the man-machine interface and only give the machine statistical information (Like if you throw the vote into a box with a hundre
  • Yes electronic voting seems like a good idea but will it allow people to vote online from homes securly proving there ID? That might be the only way to reverse the trend of lower voter turnout

    Rus
  • by Lord_Slepnir ( 585350 ) on Thursday August 07, 2003 @10:36AM (#6635341) Journal
    They're showing off the source code for a voting system, so you know that some people will find security holes in them (and not tell anyone). Here's what I predict the presidental election will yeild:

    GW Bush: -234,524 votes
    Troll4x0r: 538 votes
    Howard Dean: 864,234,234 votes
    Natalie Portman: 784,245 votes

  • The next time someone breaks ito a Diebold server, they should not tell anyone, but instead should see if they can ensure that "Cowboy Neal" wins the next few big elections. Inserting the CN code shouldn't be a problem for someone who can get into their info in the first place.
  • Why isn't this code open source by law?

    Because there's no public mandate to make it open source? Or was that a rhetorical question? Besides, there's always the argument that security is less likely to be compromised if the only bodies that verify the code are folks like SAIC.
  • It happened: Link Here [papillonsartpalace.com] I posted this in another voting related story, but it couldn't be more relevant here.
  • by jcsehak ( 559709 ) on Thursday August 07, 2003 @10:43AM (#6635415) Homepage
    Okay I just checked sourceforge, and I saw one open source voting project, with no activity. Why aren't we doing something to change this? Why aren't we writing our own voting software? We can test it out in small groups, eventually use it in communities, counties, states, and finally in national elections. The country is tending toward electronic voting; IT NEEDS TO BE OPEN SOURCE.

    A poster said earlier that the only reliable method of tallying votes is counting them by hand. That may be true, but look what happened last election. Wouldn't you feel safer if you could go through all the code line-by-line, and know for yourself it was secure, rather than have to trust some truck driver to not get lost with the ballots?

    One huge benefit of electronic voting: we could be a true democracy. Want to decide if we should go to war? Lets all vote for it. Lower taxes? Get your vote in, Sept. 19th. Everyone voted for no taxes, and things got fucked up? We'll schedule another vote Oct. 19th to vote again, and unfuck them. Think about it: technology today is about to allow us to do something that has never before been even attempted on a large scale - rule by the people. The president could be a figurehead! Congress could exist for the purpose of suggesting laws for the American people to decide, rather than making them!

    So who's the fucker who registered truedemocracy.org? Why don't you give it up so someone can put it to good use? I'm no programmer, but I'd be more than happy to give up some of my time to coordinate a project like this. Anyone who's interested, feel free to get in touch with me. Oh wait, I forgot - this is Slashdot - a lot of complaining about how things are, but no balls to fix them.
  • SAIC = Military (Score:3, Interesting)

    by arichar4 ( 117610 ) on Thursday August 07, 2003 @10:48AM (#6635451)
    The state of Maryland just asked SAIC to issue a report on Diebold touch-screen voting machines.

    My prediction: They will issue a report that puts a seal of approval on these voting machines. It will be almost impossible to debunk their report.

    This is just to shut people up. SAIC = Military.

    So far, we have the Pentagon involved with Accenture/election.com
    General Dynamics,
    Diversified Dynamics,
    Northrop Grumman

    All getting involved in voting systems -- as are the Saudis and the Pentagon. Why?

    Take a gander at the companies run by SAIC and below this, their board of directors

    At SAIC we have over 35 companies, subsidiaries and equity partners. A partial listing is provided below.
    http://www.saic.com/about/companies/
    AMSE C LLC
    Specialists in full ship systems support: command and control systems, combat systems, communications, information warfare, main propulsion systems, hull & deck systems, auxiliary systems.

    Bechtel SAIC Company, LLC
    A joint venture between SAIC and Bechtel, Bechtel SAIC Company, LLC provides research, engineering and nuclear science capabilities to meet the unique challenge of science and engineering for the Yucca Mountain Project.

    Data Systems & Solutions
    A joint venture between Rolls-Royce and SAIC, DS&S incorporates Rolls-Royce engineering/controls expertise with SAIC's systems integration and information technology skills.

    Hicks & Associates (H&AI)
    Defense industry consulting.

    Saudi SAI
    Installation and maintenance of computer systems, telecommunications systems, and other data analysis systems in Saudi Arabia.

    Members of the board:

    D.P. Andrews
    Corporate Executive Vice President, Federal Business, SAIC

    W.A. Downing
    General, US Army (Ret.)

    B.R. Inman
    Admiral, USN (Ret.)

    H.M.J. Kraemer, Jr.
    Chairman and CEO,Baxter International, Inc.

    M.E. Trout
    Executive Vice President, Cytyc Corporation (?? someone want to look this up?)

    J.A. Welch
    General,USAF, (Ret.)

    A.T. Young
    Executive Vice President, Lockheed Martin Corp. (Ret.)

  • Googling Marianne Rickenbach turned up the following info:

    Photo and email address [cifnet.com]
    (Near the bottom, and oh yea, turn up your beer goggles to "FULL")

    MRICKENB@montcopa.org [mailto]

    Have fun...

  • by tf23 ( 27474 ) <tf23&lottadot,com> on Thursday August 07, 2003 @10:54AM (#6635509) Homepage Journal
    It's not open source because a private company devoted it's resources to create it, and owns the copyright on it. (I'm assuming now)... It obviously needs to recoupe that investment, so it keeps it's code to it's own.

    Simple enough. I really don't know why you'd question why it's not open source.
  • by Art Pollard ( 632734 ) on Thursday August 07, 2003 @10:56AM (#6635532)

    I have to admit from the onset that I am no fan of open source. This is for a variety of reasons. (It is probably sacrilege to state that here.)

    Voting machine software is however a case where I firmly believe that open source is not only important but necessary. The ability to vote either among a certain group or among the populace as a whole goes to the heart of our democratic republic. If votes are not tallied properly, not only may mistakes be made but there is the very real possibility that the country through forged votes may be manipulated by those who have nefarious purposes in their heart.

    The cryptographic community a long time ago discovered the best way to ensure the security of a cryptographic algorithm is to provide the algorithm to their colleagues. The rest of the cryptographic community then responds by trying to break the algorithm or in the least trying to discover the weaknesses. Because of this review process, the algorithms are then adjusted until they are highly secure. On the other hand, when cryptographic algorithms are kept secret, the review process is skipped and it is not uncommon for unsecure algorithms to make it on the market. When this happens it can cost lives and money.

    The same can be said in the case of voting machines. If the source code is not released, security problems will likely go unnoticed until discovered by accident by someone who may or may not have the public's best interest at heart. In fact, the likely hood of it being discovered by someone who wants to manipulate the system will actually go up as they are more likely to be able to obtain the source through deception or to take the time to decompile the voting machine binaries. With the large number of voting machines that could be used around the country -- or in storage between use -- it would not be hard for someone to obtain at least the binaries for the voting machine software. And this goes to the heart of the matter which is this: Someone who wants to manipulate the system will be able to obtain the source either by bribery, theft or through decompiling the software's object code. Thus in a closed source environment, the only people who would not have the source and be able to easily discover the problems would be the good guys.

  • The ultimate goal... (Score:3, Interesting)

    by KC7GR ( 473279 ) on Thursday August 07, 2003 @11:06AM (#6635633) Homepage Journal
    ...May be to throw up such discouraging obstacles that people will simply stop voting.

    Call me paranoid if you want, but it strikes me as odd that the US government is even allowing voting machine software to be closed-source. SAIC has been a virtual lap-dog for all kinds of well-shrouded government and DoD contracts for decades, most of which are heavily classified (I know this because a friend of mine used to work for them).

    And Diebold is now allowing SAIC to "review" its code? Given SAIC's heavy federal connections, does this not strike anyone else as a Fox-Guarding-the-Henhouse scenario?

    Don't even get me started on the possibility of back doors in voting software that would allow special interests who shelled out enough $$ to easily rig an election.

    Like I said, I hope this is just my paranoid side jumping at shadows. Unfortunately, I have little proof one way or the other.

  • by autechre ( 121980 ) on Thursday August 07, 2003 @11:20AM (#6635771) Homepage
    Two interesting points, one which was brought up in the article and one which wasn't:

    I'm a resident of Maryland, and employed by a state university. The previous administration made a mess of our finances (which were excellent up until then), and now the state is suffering budget cuts, particularly in higher education. This has resulted in hiring freezes, elimination of positions, and layoffs.

    I've been voting in elections here for almost 8 years now, and I don't seem to recall us having problems like Florida's. Baltimore uses a system where you mark a paper with a special pen, and the paper is fed to a machine. It looks like a standard multiple-choice test, not confusing at all. Why is it absolutely necessary for us to be the first state to buy these shiny new toys when our financial situation is so dire? This will just bring more pressure to legalize gambling (although we already have a state lottery and Keno, so I don't see why people upset about real casinos aren't protesting those).

    Second, remember that Maryland is a UCITA state. Under UCITA, isn't software required to be fit for the purpose for which it is designed? There's also something in there WRT implied warranties concerning data. It will be interesting to see whether this plays a part.

  • by hey! ( 33014 ) on Thursday August 07, 2003 @11:51AM (#6636028) Homepage Journal
    if only everyone who thought about security reminded themselves of the basic and fundamental fact every time they looked at a system like this:

    Prevention alone can never be an adequate security measure.

    This is a very simple principle that any person should be able to understand, if they only have the moral courage to accept it. This would greatly clarify situations like this one, because people would be asking the right questions.

    I'm not saying that prevention is not useful, just that a wise assumption has to be that any preventive measures we take and and probably will be. These systems are not crackable because their preventive measures were bad although they may have been bad. They are crackable because any system is crackable. What I am afraid of is that an evaluation of these machines only will look at how robust the protective measures they provide are. While it is a good idea to get an independent review of these measures, it is a bad idea to put much credence in them. The fact is that even the brightest and most professional person in the world is not going to be able to anticipate all the ideas in the world.

    Security has to consist of a number of independent goals, including:
    • Prevention
    • Detection
    • Response
    • Damage mitigation

    We need to ask what any system provides in each of these areas in order to asses security.

    For example, if I put Grandma's diamond ring in a a safe deposit box in the bank, the thick vault walls and doors do provide prevention. However without alarms (detection) and police (response), those walls wouldn't stand much of a chance to a determined attacker. Detection and response capabilities are in themselves the single most powerful preventive measure -- much more so than the vault design itself.

    On top of that, if I am wise, I take out an insurance policy on the trinket (damage mitigation).

    Looked at this way, how would we evaluate a voting system?
    1. Is there any way to manipulate the results the system reports?
    2. Is there any ironclad way to detect such a manipulation?
    3. Is there any way to trace the manipulation back to the malefactor?
    4. Is it possible to mitigate or undo the damage of manipulation?

    Looked at this way, the manual paper ballot would be an almost miraculously robust system if it were a piece of software. It is capable of accurate counting the voter's intent, while completely anonymizing the voters choices. Prevention is accomplished by physical control of access to the ballot box, and by chain of custody of the ballots to the counting place. The greatest opportunity for manipulation comes up in tallying the results.

    However it is possible to detect and mitigate such manipulation by recounts. Of course we want to avoid situations where recounting is necessary, but the recounting process itself is not to blame. Electronic methods of vote recording eliminate recounting at the expense of making it impossible to establish independently whether fraud took place.

Do you suffer painful hallucination? -- Don Juan, cited by Carlos Casteneda

Working...