Slashdot Log In
Should Voting Software Be Open Source?
Posted by
Cliff
on Mon Nov 11, 2002 01:20 PM
from the what's-counting-your-votes dept.
from the what's-counting-your-votes dept.
jallen02 asks: "CNN has a quick little piece in their technology section about the electronic voting systems and their security. They ask, 'What about security?' with regards to the electronic voting systems. And then a researcher from AT&T labs is quoted in the article. Basically, saying the systems should be open sourced, and he quotes the party line for open source regarding security: more eyeballs means more flaws are found and fixed. The big question raised here is ripe for debate.. should electronic voting systems software be opened for the public to see?"
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
i don't think so (Score:4, Interesting)
My only concern is that current open source methodologies may not be able to deliver the robustness and security required in a voting situation. Open source becomes strong through evolution, which necessarily means that the first users experience a lot of minor bugs that eventually get ironed out. Highly reliable bullet-proof systems need to be designed from the ground up.
We don't depend on open source for controlling drawbridges or handling air traffic control systems, and we shouldn't put something as fragile as our democracy in the hands of open source, either. It is not acceptible for my vote to be lost because of a bad fsck.
Re:i don't think so (Score:4, Interesting)
You make valid points with the air traffic control system, but you also failed to mention that this system is highly antiquated and is in serious need of an overhaul. Drawbridges (at least where I live) are still controlled by people.
Open source provides something that a closed system doesn't, an open mind. No one person, or committee of people, can see the whole problem and come up with a solution. The more eyeballs looking at the code, the more bugs will be found. The more new ideas will be generated. Yes, there is a crawling period while the foundation is built. But you can also test the software on a smaller scale in a smaller community. The ramifications of failure will be smaller and the bugs can be worked out. And in a smaller community, you can have people back up the system with a hand count.
And lastly. Let's assume that some company did develop a voting system that was used. Would you really want a single entity in such a power role. What if it were Microsoft, IBM, or heaven forbid Oracle or SUN? Could you trust the system? I mean really trust, more than 90% trust it? Probably not.
Large companies have shown time and time again that they cannot be trusted with the power they wield. Learn from History and trust the people to do what is right. Having the code open to everyone to see if akin to the Freedom of Information Act. It's out vote, it's our duty, it should be our code!
Parent
Re:i don't think so (Score:2)
*LOL* Who would you trust then, the CIA, FBI and NSA?
Large companies have shown time and time again that they cannot be trusted with the power they wield.
And large, faceless government bureaucracies are to be trusted, I suppose?
Give me Microsoft over these any day!
Re:i don't think so (Score:5, Insightful)
This is a problem in any system. It's not acceptable for my vote to be lost because of a bad BSOD either.
Just because the system should be open source doesnt mean it should be developed by people on sourceforge. Pay professional engineers to design the system, then build. Release each stage as open source along the way - best of both worlds.
Parent
Re:i don't think so (Score:3, Insightful)
Closed source hasn't really delivered in these areas either (perhaps in drawbridges though those I am aware of in the UK are primarily manually controlled hydraulics). Our Air Traffic control in the UK was years behind schedule and multiples of original costs. It doesn't work well, is described as already taxed by the load to date and has suffered several serious outages and errors that resulted in near misses and other opportunities for passengers to become statistics.
I'm not saying OSS would automatically be better but it would be unlikely to be too much worse - and it'd be easier to debug than the monster they have now.
On the voting side I seem to remember an experiement with computer controlled voting booths in the states that may have resulted in the loss of many votes simply because the software was buggy and the operators did not know exactly how to save votes at the end...
A bad fsck will get you in CS just as easily as OSS though you'll probably never know about it...
Re:i don't think so (Score:3, Insightful)
ABSOLUTELY (Score:4, Insightful)
Re:ABSOLUTELY (Score:3, Insightful)
People will mistrust the computers and the people operating the systems, not the licenses and code behind the voting system. While there might be a small number (never more than 100,000 people, say) who might distrust the system just because it isn't open source, most people mistrust it for less technological reasons. Their mistrust is just as valid, in my opinion.
Re:ABSOLUTELY (Score:2)
Most people do not vote becuase they feel their voice is not represented by either of the two main parties. They also feel that only the two main parties can win.
There is no technical solution to this problem, voter apathy. We do not live in a democracy we probably never will. We choose which members of the ruling class get to sit on the hill.
I feel for America to progress we must change the voting system. An intermediate step might be to have none of the above on the ballot. The next step would be for none of the above to be the dafault, if you do not show your vote goes to none of the above. Where I would like to see the US system end up is with a lottery. Every election we put everybody into a hat and draw out our representitives. I think we would then have a politcal system that mirrors society with women and minorites taking seats in goverment. We would see a reduction in business and military interests and an increase in eduction and healthcare.
Democracy, democracy everyone wants democracy and yet they fail to grasp that America is not democratic.
Re:ABSOLUTELY (Score:2)
IIRC, the Thais have a system like this. If "none of the above" wins, the election has to be re-held with completely different candidates.
We would see a reduction in business and military interests and an increase in eduction and healthcare.
No, you would see the acts of government more accurately reflect the will of the people. Could be that the people prefer jobs and security, and to keep health and education out of the hands of the political system altogether. Or maybe not. Either way, you are making the same mistake as the politicians you distrust if you assume that the will of the people just so happens to coincide neatly with your own personal desires.
Re:ABSOLUTELY (Score:2)
Seriously, these two topics are the top of evey opinion poll but rarely mentioned outside of political ads. Personally, I want less goverment of the individual but I doubt many Americans do.
Who do you trust? (Score:2)
The other side of the question is, is open-sourcing necessary to trusted security in all situations? Granted, in programming, the answer is 'yes' more often than not. But voting isn't strictly about programming.
My state switched to all-digital voting machines this election, and the voting machines all had the 'Die Hard' logo on them. Yup, the same company that produces security systems for banks and military bases. I wouldn't expect them to open-source the security for my local bank, though. As a matter of fact, I'd probably be pretty ticked off if they did. And, since they've got a solid reputation, I've got a pretty high level of confidence that there was no mishandling of my vote through accident of technology.
I'll rant on about the dangers of true Democracy another time.
No, no, no, no, (Score:3, Insightful)
Open source is GREAT for some applications, and it's totaly inapropreate for others. Yes, lots of flaws would be fixed... but lots of other flaws would be discovered by the WRONG people and exploited. I remember a story on slashdot a while ago further back in the Mircosoft trial where someone high up on the MS chain said that releasing the source of Windows would provide to be a threat to national security because of all the security flaws. While I'm sure these voting systems have much fewer if any bugs releasing the source would allow groups of hackers to work from their homes studying the code and checking for insecuritys. While at the moment, voting equipment is secured and hackers wouldn't be able to have long-term access to it let alone it's source code.
Yes, yes, yes, yes (Score:3, Interesting)
The problem here is that the system involves hardware -- which will likely not be open source because of patent constraints, and that it should allow the voter 1) to remain anonymous, 2) to provide a method for the voter to double-check their votes prior to submission, and 3) to provide a method for the voter to verify that their votes were cast and counted correctly in the final totals. All of this means that it can't be a purely electronic method. The voter must take away something with them.
If something like this -- the combination of open source software and patent-free hardware could be assembled, at a reasonable, inexpensive price, it would be a wonderful gift to the democracies of the world.
Re:Yes, yes, yes, yes (Score:2)
You mean other than calling it pretty good privacy?
Re:No, no, no, no - UH YES (Score:3, Insightful)
Secure? Not likely. Nothing is 100% secure. Anyone who thinks otherwise is delusional! The key here is to empower the people to keep the system just. Keeping the people out of the loop and preventing them from seeing the code that allows them to vote is wrong. They will never trust the system then.
As for MS's security woes. It's their own fault. They hopped on the Internet Bandwagon as an after thought when Win95 came out. And they have since built more and more holes in their swiss cheese OS. Only now do they consider Security. I bet the engineers at MS, when asked about security responded, "Security is not my job. It's the security group's responsibility to secure the code."
Security is an issue and always will be. But the needs of the people are more important. Democracy must be maintained and if the people don't trust the system, then democracy has failed.
Some more questions (Score:3, Funny)
Is it true that Windows is buggy and insecure?
DMCA--Not as good a law as we all thought?
Copyright, is it just me or does it last way too long?
Should I try out this new thing I found called "Linux"? They say it's free, but there's some catch, right?
I just met this cute girl named Natalie Portman. She is really coming on to me. I think that she is after my body. Do I let her have her way with me?
Only the frst step (Score:3, Insightful)
You need open installation, open distribution, open setup, open guards, open data transmission/collection and open results. Otherwise there is no assurance.
Only having many eyeballs on the system all the way from start to finish will give a level of security sought by this sort of endevour.
Isn't it required to be? (Score:3, Insightful)
Why is voting so freaking hard? Why not have a federal project to develop a decent piece of software that all counties around the country could use if they wanted. Voting software isn't Hard. It's really not. Do it once, do it right, no more problems.
Re:Isn't it required to be? (Score:2)
Re:Isn't it required to be? (Score:2)
I don't spend my own money supporting poor software companies. It doesn't seem fair the gov't takes a third of my income to support said companies anyway.
Re:Isn't it required to be? (Score:2)
Re:Isn't it required to be? (Score:2)
Why not have a federal project to develop a decent piece of software that all counties around the country could use if they wanted.
Because the republicans would complain about how it's a waste of federal money (and the libertarians would complain about how it's a violation of the 10th amendment). No, it's much better to waste taxpayer money over and over and over again on a private closed source solution than to hire those lazy government workers.
Possibly Concern (Score:2, Insightful)
But what if that person chose to exploit that flaw instead?
Before voting systems code is moved to open source, there needs to be a discussion made of what efforts are taking place to prevent someone from tampering with the results through flaws in the code.
Re:Possibly Concern (Score:2)
But what if that person chose to exploit that flaw instead?
If voting systems' code are closed source, there needs to be a discussion made of what efforts are taking place to prevent one of the coders from tampering with the results through flaws in the code.
A better question is "can it be open-source?" (Score:2)
Re:A better question is "can it be open-source?" (Score:2)
I submit that if you are interested in the accuracy of your elections, that you call the county clerk and ask to observe the required logic and accuracy tests of the ballot counting equipment before and after each election.
How does that prove that a backdoor hasn't been placed in the code for anyone who votes for a write-in candidate named "Joshua".
Re:A better question is "can it be open-source?" (Score:2)
Re:A better question is "can it be open-source?" (Score:2)
better idea (Score:5, Insightful)
I got my "I voted" sticker right here from the latest election. It's a picture of the computer touch screen pointing at itself saying "I voted". Well, that's exactly what's happening, some computer is voting, you surely aren't.
Re:better idea (Score:2)
Issue (Score:3, Insightful)
Voting software will be used *once* and *suddenly* every five or so years.
This has huge implications for bugs and security.
No matter how much alpha/beta testing you do, some things just arent gonna be picked up untill the first election.
And that could be a security flaw. So in the case of voting software, one of the standard arguments of the "security through obscurity camp" could be relevant: Any 0-day exploit that a black hat discovered wont be used untill the election is in progress. Therefore, it may be useful to hide the source code from black hats. With normal OSS, black hats do find bugs that others have missed. But fortunately this is often early in a product cycle and get fixed very quickly (a good reason for OSS). With an election system, these bugs just arent gonna be picked up quick enough - it will be too late already....
Not too sure if this argument makes any sense, and I think somebody should really counter this please.....
But it is an issue, a special aspect of such software.
Re:Issue (Score:2)
To protect against a black hat exploit, the voting system must issue a human- and computer-readable receipt. Then if there is any accusation or evidence of impropriety after the fact, the vote can be recounted.
Also, voting software in the U.S. is used at least once every two years in every district, and in most districts it's used every year. And it doesn't need to (and shouldn't) change much. So even if you have a few elections with black hat exploits, as long as they are discovered and fixed, you do wind up with more reliable voting software over time.
One more thing: making the software open source isn't enough. The hardware has to be open source too. It has to be verifiable, and it has to be available for verification. Otherwise, it can just say it's running your open source software, while in fact it's running a modified closed-source version, or has compromised drivers, or the like.
Re:Issue (Score:5, Insightful)
It is not likely that a black hat is going to be able to find a flaw that lets them vote more than once, view the votes of others, change the votes of others, or otherwise tamper with the eletction from the voting booth.
The biggest security risk comes from the individuals and corporations that build the voting systems. It is much more plausible that a programmer will put a line of code in that looks like:
if (date == 'Nov 2' && party == 'republicats') secretlyrecord vote(candidate);
That one line of code will never be caught by QA testing or practice elections. It may or may not be caught by open source.
What is more important than anything else, is providing an audit trail. A voting machine must cast the vote onto a medium that the person that voted can verify. One way of doing this would be to print the vote, and let the user verify that the printout says the correct thing. A certain number of machines should be checked (randomly) every election to ensure that the vote count the machine spits out matches a hand count of the paper ballots.
New federal standards will require such safeguards. Unfortunatly, most electronic voting machines that are coming out today do not meet these standard and will need to be replaced in a few short years.
Open source may be part of the answer to a good election, but it is not sufficient to ensure one.
Parent
Yes (Score:2)
The code absolutely positively must be open to inspection by the public. Whether or not the code is actually open source is a different matter. I'd find it acceptable (though not preferable) to have a closed source software which is viewable by the public.
Anyway, I find it incredible that this is even a question. Frankly I think it's a serious enough issue it should be mandated by the state constitution that any election be done in an open manner.
We shouldn't even be asking this question (Score:2, Insightful)
Voting should not be done through computers. If there is a problem with the system, we need to be able to count the votes by hand. That means a paper ballot with ink marks on it.
But you say, we can count rows in a database by hand too. Sure you can, but when you have a problem with voting, the real problem isn't getting a recount. The real problem is convincing Joe Sixpack that the system still works and that the higher powers that be haven't mucked with the workings of democracy.
The voting system must be transparent. As soon as it gets to the point where the mechanisms are not understandable to everyone, then we will have people who don't believe the system.
Trust is not in any way, shape, or form a part of voting. Joe Sixpack should never have to trust that the vote was taken properly. Elections should be constructed in such a way that anyone is capable of understanding the mechanics of how they work.
Re:We shouldn't even be asking this question (Score:2)
Those two statements are not mutually exclusive. Voting by computers (in theory at least) is good. It's fast, accurate, and we can easily implement voting algorithms that are better (mathematically) than majority-winner-take-all.
However, all voting computers should have printers attached, and the user should see the printed result and it should be turned in as a backup. Random polling places should be checked after every election to ensure the honesty of the system.
In addition, the software must not be closed. It doesn't have to be open source, but it does need to go through a third party review, something many voting software companies disallow claiming "trade secrets" to protect their source. This is bad news.
maybe it should be implemented first (Score:5, Interesting)
I'm sure there is room for an open source voting system next to the many excellent commercial products available (which outside the US are widely being used and which tested in practice). Let the market decide. Let the government focus on certification rather than specific products. Voting machines (electronic and mechanical) should meet certain standards with respect to reliability, ease of use, accessibility, acceptable margin of error etc. Any standard in this area is better than none (which currently seems to be the case).
People trust their life to certified proprietary medical software, nasa launches billions worth of equipment using certified proprietary software, if you travel by car, you are using tons of certified proprietary embedded software. The keyword is certification. We trust this software because independent third parties have assessed that the software does what it advertises to do in a sufficiently reliable fashion.
Certification is currently uncommon in commercial software engineering. Not in the last place because most so called software engineers are not even qualified to tie their shoelaces properly. Any idiot who has read VB for dummies can claim to be a software engineer.
Logically, yes (Score:5, Insightful)
I think this is the most clear-cut case of the need for open source. But the argument that open-source is bug-free is a fallacy. The reason voting software should be open source is for security. Giving a private company the ability to create voting software that is not reviewed by at least the government, and better yet, the people, would be a security risk. An earlier post says:
Open source has nothing to do with any "methodology." It just means you give out the dang code! Most commericial outfits use a specific development methodology. Something like: proposal-requirements-design-implementation-testin g. There is no reason you could not do retain this process while developing open-source.
If we don't do this, nothingkeeps an outfit from producing code that says:
if (date == "2004-Nov-05") { vote = "cowboyNeal"; }No amount of quality testing can uncover such bugs. Only peer-review can ensure public safety.
Re:Logically, yes (Score:3, Insightful)
Other than that one nit, I completely agree with you.
Why do we need software for this? (Score:5, Insightful)
How about paper and pencil? During the last Canadian federal election 13 million votes were counted in 4 hours, by hand.
If you have a system that works efficently, with little concerns of errors or security, do you really think *any* software is going to improve it????
Re:Why do we need software for this? (Score:2)
usability too... (Score:2)
You wonder what more eyeballs would have done with this fiasco [asktog.com] analyzed by Bruce Tognazzini [asktog.com].
Will always be some error (Score:2)
Re:Will always be some error (Score:2)
Glorified Printer - Why Not? (Score:2)
So why not make them go the who way and make them entirely glorified printers?
I'm serious here. The whole idea of punchcard machines is that they should be a decvice to allow the voter to express their opinion. So why not have a system like this: voter digns in at desk, is given special ballot (paper card with mag strip on the back or somthing to make sure it's legit). Voter goes into booth, inserts ballot card (in any direction), picks candidate from list of names w/ pictures and party logos (like in S.African elections) . Voter presses "Vote!" and confirms. Machine prints out card with name of person voted for on it and simple machine-readable pattern. Voter looks at poster above machine that shows the name of each candidate and the code that corrosponds to them (so we need a relatively simple code) to make sure it's right, voter drops card in box on the way out.
With that system, there's three level of checking. The result comes from the voting computer. If within a certain percent, automatic recount triggered and done by running actual ballots thru counting machines (here's where that machine-readable code come in handy). If another recount is demanded, then use the names printed on the cards.
This seems fairly straightforward - what am I missing here?
Re:Glorified Printer - Why Not? (Score:2)
Re:The people are entitled. (Score:3, Funny)
Re:Security (Score:2)
The downside is also obvious, since we know how it works we can break the system.
I don't understand that. I know how a punchcard reader works, but I can't break that system.
Re:wrong question (Score:2)
And the answer is, "Why not?"
Because it's too easy for people to fuck with.
It's a perfect case for technology, considering paper ballots don't exactly work reliably.
Well, the fact of the matter is that most paper ballots are already counted by computers. We're just arguing over the input method. But one thing that it seems ridiculous to not have is a paper trail. There needs to be a mechanism for a manual recount in case of computer error or claims of fraud.