Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Privacy

Should Voting Software Be Open Source? 116

Posted by Cliff from the what's-counting-your-votes dept.
jallen02 asks: "CNN has a quick little piece in their technology section about the electronic voting systems and their security. They ask, 'What about security?' with regards to the electronic voting systems. And then a researcher from AT&T labs is quoted in the article. Basically, saying the systems should be open sourced, and he quotes the party line for open source regarding security: more eyeballs means more flaws are found and fixed. The big question raised here is ripe for debate.. should electronic voting systems software be opened for the public to see?"
This discussion has been archived. No new comments can be posted.

Should Voting Software Be Open Source? More

Should Voting Software Be Open Source?

Comments Filter:
  • Simple question, simple answer:

    Of course!

  • i don't think so (Score:4, Interesting)

    by tps12 ( 105590 ) on Monday November 11, 2002 @02:26PM (#4643975) Homepage Journal
    It's a nice thought: it would make a good high-profile proof of concept that could give open source the credibility it needs to succeed in the doggy-dog software market.

    My only concern is that current open source methodologies may not be able to deliver the robustness and security required in a voting situation. Open source becomes strong through evolution, which necessarily means that the first users experience a lot of minor bugs that eventually get ironed out. Highly reliable bullet-proof systems need to be designed from the ground up.

    We don't depend on open source for controlling drawbridges or handling air traffic control systems, and we shouldn't put something as fragile as our democracy in the hands of open source, either. It is not acceptible for my vote to be lost because of a bad fsck.

    • Re:i don't think so (Score:4, Interesting)

      by icewalker ( 462991 ) on Monday November 11, 2002 @02:48PM (#4644160)
      I would like to disagree your above statement ... to a point.

      You make valid points with the air traffic control system, but you also failed to mention that this system is highly antiquated and is in serious need of an overhaul. Drawbridges (at least where I live) are still controlled by people.

      Open source provides something that a closed system doesn't, an open mind. No one person, or committee of people, can see the whole problem and come up with a solution. The more eyeballs looking at the code, the more bugs will be found. The more new ideas will be generated. Yes, there is a crawling period while the foundation is built. But you can also test the software on a smaller scale in a smaller community. The ramifications of failure will be smaller and the bugs can be worked out. And in a smaller community, you can have people back up the system with a hand count.

      And lastly. Let's assume that some company did develop a voting system that was used. Would you really want a single entity in such a power role. What if it were Microsoft, IBM, or heaven forbid Oracle or SUN? Could you trust the system? I mean really trust, more than 90% trust it? Probably not.

      Large companies have shown time and time again that they cannot be trusted with the power they wield. Learn from History and trust the people to do what is right. Having the code open to everyone to see if akin to the Freedom of Information Act. It's out vote, it's our duty, it should be our code!
      • And lastly. Let's assume that some company did develop a voting system that was used. Would you really want a single entity in such a power role. What if it were Microsoft, IBM, or heaven forbid Oracle or SUN? Could you trust the system? I mean really trust, more than 90% trust it? Probably not.

        *LOL* Who would you trust then, the CIA, FBI and NSA?

        Large companies have shown time and time again that they cannot be trusted with the power they wield.

        And large, faceless government bureaucracies are to be trusted, I suppose?

        Give me Microsoft over these any day!

    • Re:i don't think so (Score:5, Insightful)

      by isorox ( 205688 ) on Monday November 11, 2002 @02:48PM (#4644165) Homepage Journal
      It is not acceptible for my vote to be lost because of a bad fsck.

      This is a problem in any system. It's not acceptable for my vote to be lost because of a bad BSOD either.

      Just because the system should be open source doesnt mean it should be developed by people on sourceforge. Pay professional engineers to design the system, then build. Release each stage as open source along the way - best of both worlds.
    • We don't depend on open source for controlling drawbridges or handling air traffic control systems, and we shouldn't put something as fragile as our democracy in the hands of open source, either. It is not acceptible for my vote to be lost because of a bad fsck

      Closed source hasn't really delivered in these areas either (perhaps in drawbridges though those I am aware of in the UK are primarily manually controlled hydraulics). Our Air Traffic control in the UK was years behind schedule and multiples of original costs. It doesn't work well, is described as already taxed by the load to date and has suffered several serious outages and errors that resulted in near misses and other opportunities for passengers to become statistics.
      I'm not saying OSS would automatically be better but it would be unlikely to be too much worse - and it'd be easier to debug than the monster they have now.

      On the voting side I seem to remember an experiement with computer controlled voting booths in the states that may have resulted in the loss of many votes simply because the software was buggy and the operators did not know exactly how to save votes at the end...

      A bad fsck will get you in CS just as easily as OSS though you'll probably never know about it...
    • Peasants should'nt be voting in the first place.
    • doggy-dog software market

      Did you mean "dog eat dog"?

      While "doggy-dog" reminds me of a sexual position, "dog eat dog" is a cliche that illustrates competitiveness.

    • we shouldn't put something as fragile as our democracy in the hands of open source, either.

      We shouldn't be putting our democracy into the hands of software, period. Electronic voting systems are a bad idea. Check out the past [ncl.ac.uk] few [ncl.ac.uk] isues of the RISKS digest [ncl.ac.uk] for discussion.

    • Re:i don't think so (Score:3, Insightful)

      by ez76 ( 322080 )
      Open source becomes strong through evolution, which necessarily means that the first users experience a lot of minor bugs that eventually get ironed out. Highly reliable bullet-proof systems need to be designed from the ground up.
      I don't follow. Why does open source preclude the system being designed from the ground up? And what magic are closed source projects infused with, that they are born strong and without minor bugs?

  • ABSOLUTELY (Score:4, Insightful)

    by benjamindees ( 441808 ) on Monday November 11, 2002 @02:27PM (#4643989) Homepage
    People don't vote because they don't trust the system. If the system were more open, Democracy might actually mean something.

    • Re:ABSOLUTELY (Score:3, Insightful)

      by greenhide ( 597777 )
      Perhaps, but I think the trust has little to do with the underlying technology.

      People will mistrust the computers and the people operating the systems, not the licenses and code behind the voting system. While there might be a small number (never more than 100,000 people, say) who might distrust the system just because it isn't open source, most people mistrust it for less technological reasons. Their mistrust is just as valid, in my opinion.
    • Oh, bullshit.

      People don't vote because they don't trust the software running the electronic voting machine?

      Yeah, right. Time to come up with a better excuse for being too lazy to go to the nearest polling station every couple years.
    • It has absolutelty nothing to do with trusting the voting system. Be it paper or electronic we still have a pathetic turn out.

      Most people do not vote becuase they feel their voice is not represented by either of the two main parties. They also feel that only the two main parties can win.

      There is no technical solution to this problem, voter apathy. We do not live in a democracy we probably never will. We choose which members of the ruling class get to sit on the hill.

      I feel for America to progress we must change the voting system. An intermediate step might be to have none of the above on the ballot. The next step would be for none of the above to be the dafault, if you do not show your vote goes to none of the above. Where I would like to see the US system end up is with a lottery. Every election we put everybody into a hat and draw out our representitives. I think we would then have a politcal system that mirrors society with women and minorites taking seats in goverment. We would see a reduction in business and military interests and an increase in eduction and healthcare.

      Democracy, democracy everyone wants democracy and yet they fail to grasp that America is not democratic.
      • I feel for America to progress we must change the voting system. An intermediate step might be to have none of the above on the ballot. The next step would be for none of the above to be the dafault, if you do not show your vote goes to none of the above. Where I would like to see the US system end up is with a lottery.

        IIRC, the Thais have a system like this. If "none of the above" wins, the election has to be re-held with completely different candidates.

        We would see a reduction in business and military interests and an increase in eduction and healthcare.

        No, you would see the acts of government more accurately reflect the will of the people. Could be that the people prefer jobs and security, and to keep health and education out of the hands of the political system altogether. Or maybe not. Either way, you are making the same mistake as the politicians you distrust if you assume that the will of the people just so happens to coincide neatly with your own personal desires.
        • My personal desires have nothing to do with healthcare and education and everything to do with Nicole Kidman :-)

          Seriously, these two topics are the top of evey opinion poll but rarely mentioned outside of political ads. Personally, I want less goverment of the individual but I doubt many Americans do.

    • People don't vote because they don't trust the system. If the system were more open, Democracy might actually mean something.

      And if the government was open, and the media was free, and the people were educated, and the candidates were honest, and the Arms/Oil/Drug/etc Corporations didn't fund the campaigns, and... Oh it's okay, we got the voting software source code!

      Ali

    • Would open-sourcing really increase the confidence of people in the system? Open source or no, you still have to deal with the problem of dead people and non-citizens casting ballots. If you can't trust the humans running the polls, the technology doesn't matter. The election officials at my polling place this last time around were polite and professional, so I don't think there was any malevolent tampering with my vote.

      The other side of the question is, is open-sourcing necessary to trusted security in all situations? Granted, in programming, the answer is 'yes' more often than not. But voting isn't strictly about programming.

      My state switched to all-digital voting machines this election, and the voting machines all had the 'Die Hard' logo on them. Yup, the same company that produces security systems for banks and military bases. I wouldn't expect them to open-source the security for my local bank, though. As a matter of fact, I'd probably be pretty ticked off if they did. And, since they've got a solid reputation, I've got a pretty high level of confidence that there was no mishandling of my vote through accident of technology.

      I'll rant on about the dangers of true Democracy another time. ;-)
      • If you can't trust the humans running the polls, the technology doesn't matter. The election officials at my polling place this last time around were polite and professional, so I don't think there was any malevolent tampering with my vote.

        There you go. You said it yourself. Lets make sure that there are no people running the polls.
        For example. each person would only need a connection, via the Internet. People log in, using their social security number, and, perhaps a password/pin number that is mailed/sent to them from the government et al. They enter said code, and access the system, one vote per social security number.

        This type of system provides for:
        • Only citizens may vote, as only citizens have SSN's
        • Age can be verified by way of SSN, you must be 18 to vote.
        • Deceased people do not have a SSN that is valid, and thus cannot vote.
        • Voter registration is not necessary.
        All of this is kept track of by the government already. It just needs to be implemented. It seems easy enough, I feel, anyway.
        • Only citizens may vote, as only citizens have SSN's
          Correction: Only citizens and illegal aliens with stolen/forged SSNs. And dead people whose SSNs haven't yet been taken off the books.

          Deceased people do not have a SSN that is valid, and thus cannot vote.
          This might work if the Social Security administration could keep accurate records. But Newsday.com has reported that about 19,000 Americans a year are prematurely declared dead by the SSA. For me, this doesn't inspire much in the way of confidence.

          And then, there's still the problem of identity theft. All someone needs to do is steal my pin and SSN, and they've got my vote. The large majority of citizens that don't bother to register wouldn't be that much more likely to vote under this new system, and they'd be the last ones to notice that their vote had been 'hijacked'.

          Basically, I've got a few criteria for a good voting system:
          1) The more local, the better. If I recognize the volunteers at the polling station as people from my community that I know and trust, I'm not worried.
          2) Registration is a must. If you don't care enough about your civic duty to take five minutes registering over the phone, or filling out a form when you get a library card, you probably don't care enough to get educated about the issues. Better voter turnout is great and all, but more voters can't beat higher voters.
          3) I want the poll workers to verify my face against a photograph. No matter what you give me, PINs, public key encryption, passwords, and so on, there's still no way to verify that I am who I am that can beat seeing me face-to-face.

  • No, no, no, no, (Score:3, Insightful)

    by MattCohn.com ( 555899 ) on Monday November 11, 2002 @02:30PM (#4644020)
    no, no, no, no, no!

    Open source is GREAT for some applications, and it's totaly inapropreate for others. Yes, lots of flaws would be fixed... but lots of other flaws would be discovered by the WRONG people and exploited. I remember a story on slashdot a while ago further back in the Mircosoft trial where someone high up on the MS chain said that releasing the source of Windows would provide to be a threat to national security because of all the security flaws. While I'm sure these voting systems have much fewer if any bugs releasing the source would allow groups of hackers to work from their homes studying the code and checking for insecuritys. While at the moment, voting equipment is secured and hackers wouldn't be able to have long-term access to it let alone it's source code.

    • exactly (Score:1, Redundant)

      by tps12 ( 105590 )
      As programmers, we're all aware that perfect, bug-free software just doesn't exist in the real world. Given that the voting software will have bugs, isn't it better that they be secret for something as vital as this?
      • They're not secret from everyone. The people that design them know exactly how they work.

        You would have to have total trust that the organisation that produces the machines isn't putting deliberate bugs in. You don't even know who the designers are. How can you trust them?

        If it is open sourced, there will be people fixing the problems. A fair election is more than adequate reward for the work. As long as there are enough honest people fixing the bugs, nothing will be exploitable.

    • Yes, yes, yes, yes (Score:3, Interesting)

      by scotpurl ( 28825 )
      Somehow PGP and GPG are open source, and somehow no one call the security of these tools into question. The only reasons you don't want to offer the source is if 1) there are security holes, or 2) you have no intention of fixing the security holes.

      The problem here is that the system involves hardware -- which will likely not be open source because of patent constraints, and that it should allow the voter 1) to remain anonymous, 2) to provide a method for the voter to double-check their votes prior to submission, and 3) to provide a method for the voter to verify that their votes were cast and counted correctly in the final totals. All of this means that it can't be a purely electronic method. The voter must take away something with them.

      If something like this -- the combination of open source software and patent-free hardware could be assembled, at a reasonable, inexpensive price, it would be a wonderful gift to the democracies of the world.
    • And let us not forget that there has been tampering with voters, tally's and what-not, since the concept of democratic voting was first invented. The imfamous 1930's era mobsters come to mind first.

      Secure? Not likely. Nothing is 100% secure. Anyone who thinks otherwise is delusional! The key here is to empower the people to keep the system just. Keeping the people out of the loop and preventing them from seeing the code that allows them to vote is wrong. They will never trust the system then.

      As for MS's security woes. It's their own fault. They hopped on the Internet Bandwagon as an after thought when Win95 came out. And they have since built more and more holes in their swiss cheese OS. Only now do they consider Security. I bet the engineers at MS, when asked about security responded, "Security is not my job. It's the security group's responsibility to secure the code."

      Security is an issue and always will be. But the needs of the people are more important. Democracy must be maintained and if the people don't trust the system, then democracy has failed.

  • wrong question (Score:1, Flamebait)

    by novarese ( 24280 )
    The correct question is "do we really need software for voting?"

    It's a simple case of inappropriate use of technology.
    • And the answer is, "Why not?" It's a perfect case for technology, considering paper ballots don't exactly work reliably. (ie, chad and his gang, incomplete pencil markings, write-ins that are already listed, etc...)

      • And the answer is, "Why not?"

        Because it's too easy for people to fuck with.

        It's a perfect case for technology, considering paper ballots don't exactly work reliably.

        Well, the fact of the matter is that most paper ballots are already counted by computers. We're just arguing over the input method. But one thing that it seems ridiculous to not have is a paper trail. There needs to be a mechanism for a manual recount in case of computer error or claims of fraud.

        • ...ridiculous to not have is a paper trail. There needs to be a mechanism for a manual recount in case of computer error or claims of fraud.

          Well, we are all addressing the wrong issue then, aren't we? It's the manual recount of the paper trail that doesn't work reliably. A ballot with more than one chad punched out should be disqualified - there should be no interpretation of that ballot. I guess that is where our true problem lies.
          • The manual recount doesn't work too well with those stupid punch cards. Not only that, but they're difficult to check manually. A hole doesn't show up as clearly as a pencil mark. It has to be held up to the light rather than skimming across a whole row of them and totaling the number of marks for each candidate in turn.

            Chads are sometimes completed, sometimes not. The act of counting can dislodge them.

          • Way to turn an interesting discussion into partisan politics. I wasn't talking about the election of 2000, I was talking about the election of 2004.

            There are many ways to solve the problems of the election of 2000 while still leaving a paper trail. One method is to have a computer count the punch card ballot as it's cast. Have the person see what the computer is interpreting as his vote, so that he can change it before it's too late. Or even better, have the computer system simply create the paper trail. Let the person use the computer, and then they get a printed ticket which they can inspect and then place in the ballot box for use in the event of a manual recount.

      • Paper ballots work ok here in the UK. Of course, here we make make a cross in the voting slip (using good old fashioned pencil and paper) and put it in a sealed box. Voting closes, the sealed box is opened and the crosses counted. Two crosses on the paper, smiley faces, crosses that overlap boxes (just the 'tips' are allowed to) - are all invalid/spoiled papers.
        All voting slips have a unique id attached to them which is recorded against the voters name in a book. Voting closes, and these books are sealed elsewhere (away from voting). If a person claims that someone else voted for them etc etc, then their number can be looked up and the vote discounted (I can't remember this ever happening, but it's there in case of emergencies).

  • Some more questions (Score:3, Funny)

    by Henry V .009 ( 518000 ) on Monday November 11, 2002 @02:36PM (#4644065) Journal
    Other ask slashdot questions for your consideration:

    Is it true that Windows is buggy and insecure?
    DMCA--Not as good a law as we all thought?
    Copyright, is it just me or does it last way too long?
    Should I try out this new thing I found called "Linux"? They say it's free, but there's some catch, right?
    I just met this cute girl named Natalie Portman. She is really coming on to me. I think that she is after my body. Do I let her have her way with me?
  • Of course it should be open source. The upside is obvious, everyone knows how the voting system works and we are sure it is legitimate.
    The downside is also obvious, since we know how it works we can break the system. However, if the voting system is on a closed network how is anyone going to hack into it? I hear all these people talking about things like people hacking into the hoover damn. If the hoover damn isn't connected to the internet, then in order to hack it you have to break into the building. Then it's no longer a matter of computer security but a matter of physical security, and making sure nobody pulls an inside job. The voting system is the same way. Open source to verfiy it is legitimate and large federal men to prevent hackers from walking into the building where the database is kept.

    • The downside is also obvious, since we know how it works we can break the system.

      I don't understand that. I know how a punchcard reader works, but I can't break that system.

    • Well, if all you think of when you think of security is the Internet, then sure you're fine. But, let's say each of your votes is pushed into a vote stack or enqueued to a queue, then you press "Vote" and it registers them one by one. What happens if somehow you can overload the stack, for instance, and cause all sorts of problems? There can be problems like these. Sure, my example might be oversimplified, but things do happen that you don't think of.

  • Only the frst step (Score:3, Insightful)

    by Froze ( 398171 ) on Monday November 11, 2002 @02:37PM (#4644084)
    What is there to ensure that the manfucaturer actually installed the OS voting software, rather than a slightly tweaked version?

    You need open installation, open distribution, open setup, open guards, open data transmission/collection and open results. Otherwise there is no assurance.

    Only having many eyeballs on the system all the way from start to finish will give a level of security sought by this sort of endevour.

  • Isn't it required to be? (Score:3, Insightful)

    by jmd! ( 111669 ) <jmd.pobox@com> on Monday November 11, 2002 @02:39PM (#4644093) Homepage
    If the software is being created by counties with tax dollars, isn't it required to be not only "Open Source", but public domain as well?

    Why is voting so freaking hard? Why not have a federal project to develop a decent piece of software that all counties around the country could use if they wanted. Voting software isn't Hard. It's really not. Do it once, do it right, no more problems.
    • Because it's not created by counties with tax dollars. It's created by private industry with their money and then sold to the government. A big difference. As to why voting is so freaking hard, it's hard because every freaking jurisdiction has different voting laws and procedures. Count up all the states and counties in the US and figure out how long it would take just to research the voting laws in each one.
      • So the obvious solution here is to stop wasting my hard earned tax dollars on shoddy private industry software and have the counties write it themselves. Jurisdictions may have varying laws, but I can't beleive a solid framework couldn't be produces, and then tweaked for each county.

        I don't spend my own money supporting poor software companies. It doesn't seem fair the gov't takes a third of my income to support said companies anyway.
        • When did the premise become "shoddy private industry software"? I worked in the elections business for several years and found that the software quality was quite high and the people writing it to be honest and meticuluous with ethics above reproach. Do you know something that I don't?
          • > Do you know something that I don't?

            We know that we have no way to know if you are correct. When politics is involved it is always best to assume the worst. That's why we have poll watchers inspecting the voting process. Why shouldn't they be able to inspect the software?

    • Why not have a federal project to develop a decent piece of software that all counties around the country could use if they wanted.

      Because the republicans would complain about how it's a waste of federal money (and the libertarians would complain about how it's a violation of the 10th amendment). No, it's much better to waste taxpayer money over and over and over again on a private closed source solution than to hire those lazy government workers.

  • What kind of software can't be Open Source?
    • What kind of software can't be Open Source?

      It's not a question of "can't be", it's a question of "doesn't benefit from being".

      An open source approach has produced some great developments, but almost universally when:

      • it's a widely useful project (OS, office suite, common networking tools, etc.)
      • there is no alternative already available for an affordable price and with no major drawbacks
      • a community has developed, resulting in enough people contributing to get some serious work done (including developers, but also users, testers, etc.)
      • there have been talented project leaders and early developers to get the ball rolling and keep it rolling on a sensible path.

      If you meet these criteria, then OS may be the way forward. If not, maybe you need to look at why so many people still do things the old-fashioned way.

  • Possibly Concern (Score:2, Insightful)

    by greenhide ( 597777 )
    With the source code open, it's possible that someone might find a security flaw in the system. Now, in an ideal world that person might announce that flaw to the world, and a patch would be implemented immediately.

    But what if that person chose to exploit that flaw instead?

    Before voting systems code is moved to open source, there needs to be a discussion made of what efforts are taking place to prevent someone from tampering with the results through flaws in the code.
    • Flaws can also be found with closed source software. On the other side, with open source it is more likely that many people find the same bug, and with just one who publishes the flaw it's enough.

    • But what if that person chose to exploit that flaw instead?

      Then maybe we'll get it into our thick heads that this is a stupid solution.

    • With the source code closed, it's possible that one of the programmers might find a security flaw in the system. Now, in an ideal world that person might announce that flaw to the world, and a patch would be implemented immediately.

      But what if that person chose to exploit that flaw instead?

      If voting systems' code are closed source, there needs to be a discussion made of what efforts are taking place to prevent one of the coders from tampering with the results through flaws in the code.
  • First a little background. Election software is not trivial. Granted, you can usually do everything fixed point, but that's where the triviality ends. Each state and sometimes each county has different election laws and procedures. The companies supplying election hardware and software have literally spent decades creating the rules and templates for nearly every county in the country (and some for Canada as well). In many cases, they've found it easier to run old elections code under emulation rather than do a rewrite for new hardware. I'm not sure how you could legally require the elections companies to open source all this work and I don't know how it could be duplicated in any reasonable time frame. I submit that if you are interested in the accuracy of your elections, that you call the county clerk and ask to observe the required logic and accuracy tests of the ballot counting equipment before and after each election. It's an interesting process. Generally, the election officials welcome the visit and will be happy to discuss the politics and practicality of open source elections software.

    • I submit that if you are interested in the accuracy of your elections, that you call the county clerk and ask to observe the required logic and accuracy tests of the ballot counting equipment before and after each election.

      How does that prove that a backdoor hasn't been placed in the code for anyone who votes for a write-in candidate named "Joshua".

      • Simple. If you attended the logic and accuracy test and asked the election official this question, she would tell you that all write-in votes get kicked out and handcounted.

        • If you attended the logic and accuracy test and asked the election official this question, she would tell you that all write-in votes get kicked out and handcounted.

          That doesn't answer my question. How do I know that no side-effects occur, in addition to the write-in vote getting kicked out and handcounted? Because I trust the election official? I'm sorry, I'd rather trust individuals as little as possible. Sure, you ultimately need to trust them that the software installed is the same as is open to inspection, but that's much harder to screw around with, especially on a large scale basis.

        • Okay.. What if I design software that randomly redistributes 10 000 votes if I select several candidates in the correct binary fashion?
          • Ok, let's assume that we're talking about marked paper ballots that are scanned and tabulated by machine, because that's what I'm most familiar with. When the machine was developed, there was one group of engineers designing the hardware and writing the machine control and mark counting software. The programmer doesn't have a clue as to what mark goes with what candidate. If he wanted to cause trouble, he could alter the distribution of the marks, but he could not intellegently change the outcome of an election. His mischef would undoubtably be detected in testing before the unit would ship. The mark positions get related to the current ballot issues by a template that is customized for the particular election, taking into account ballot rotation, vote for 2, vote for 3, write-in and the like. The template is not executable code and can't deflect votes in a surreptitious way. It certainly can be defined wrong and there are many tests to catch such errors. So, can the election count be rigged? Only with a great deal of effort and the collusion of several people.
            • Okay, it's tricky, but I am talking about a conspiracy of people collaborating to rig the machine. Dodgy code is sneaked in somewhere along the lines. The code is checked by one or two people, also in on the conspiracy. It's a small company and the proprietry part of the code is fairly trivial, so there will not be many software engineers.

              Allow for 7 candidates. The cheat code is activated by voter A selecting candidates 2, 3, 5 and 6. Voter B selects candidates 1, 3, and a combination of others representing a binary value of the candidate he wants to win.

              Sure, it wouldn't be easy. You need to find a way to recruit several conspirators, including a candidate who has a reasonable chance of winning anyway, but that doesn't mean it can't be done.
    • I submit that if you are interested in the accuracy of your elections...

      [Contemplates the various swipes at the US Presidential election currently running through the minds of /.ers around the world]

      Nah, that's just too easy... ;-)

  • better idea (Score:5, Insightful)

    by zogger ( 617870 ) on Monday November 11, 2002 @02:44PM (#4644126) Homepage Journal
    --computerised voting is the last straw on any sort of honest voting. Once you have this in by law, that's it, kiss any sort of honesty goodbye. It's not needed. Punch out chads aren't needed. Paper ballots, fill in the circle, works just great. Ya, takes some time to count, but human eyeballs are plenty "open source". All this latest touch screen voting did was make it ridiculously easy to stuff the ballot box by *someone*, or to alter the results, or to lose them, or whatever. No "poll watcher" can count anything-you rely on what the machine tells you. And if the stuffing is occurring INSIDE the governmental command and control structure, well, you can see where that's headed. Votes were difficult in the past, granted, some fraud occurred, this new tech mandates the possibility oif universal fraud. Gee, wonder why the arkansas mafia/skull and bones axis of political crooks would both advocate this sort of voting?

    I got my "I voted" sticker right here from the latest election. It's a picture of the computer touch screen pointing at itself saying "I voted". Well, that's exactly what's happening, some computer is voting, you surely aren't.
    • The best of both worlds is machine-scanned paper ballots. The ballots can be machine counted on election night, stored for recounts, and handcounted when the machine count is in question. The technology has been around for years. Google "optech eagle" for an example

  • Issue (Score:3, Insightful)

    by President Chimp Toe ( 552720 ) on Monday November 11, 2002 @02:44PM (#4644130)
    An interesting issue with regards to Voting software versus your general peice of software is the time-of-use.

    Voting software will be used *once* and *suddenly* every five or so years.

    This has huge implications for bugs and security.

    No matter how much alpha/beta testing you do, some things just arent gonna be picked up untill the first election.

    And that could be a security flaw. So in the case of voting software, one of the standard arguments of the "security through obscurity camp" could be relevant: Any 0-day exploit that a black hat discovered wont be used untill the election is in progress. Therefore, it may be useful to hide the source code from black hats. With normal OSS, black hats do find bugs that others have missed. But fortunately this is often early in a product cycle and get fixed very quickly (a good reason for OSS). With an election system, these bugs just arent gonna be picked up quick enough - it will be too late already....

    Not too sure if this argument makes any sense, and I think somebody should really counter this please.....

    But it is an issue, a special aspect of such software.
    • The software must be open source, so that it can be reviewed by the interested parties. There is simply no other choice that ensures fair elections and does not lead to scapegoating.

      To protect against a black hat exploit, the voting system must issue a human- and computer-readable receipt. Then if there is any accusation or evidence of impropriety after the fact, the vote can be recounted.

      Also, voting software in the U.S. is used at least once every two years in every district, and in most districts it's used every year. And it doesn't need to (and shouldn't) change much. So even if you have a few elections with black hat exploits, as long as they are discovered and fixed, you do wind up with more reliable voting software over time.

      One more thing: making the software open source isn't enough. The hardware has to be open source too. It has to be verifiable, and it has to be available for verification. Otherwise, it can just say it's running your open source software, while in fact it's running a modified closed-source version, or has compromised drivers, or the like.

    • Re:Issue (Score:5, Insightful)

      by DeadSea ( 69598 ) on Monday November 11, 2002 @03:38PM (#4644587) Homepage Journal
      Any voting machine will not be networked, will have simple interface to voters that does not expose a command line or desktop, and has physical access controlled by poll workers.

      It is not likely that a black hat is going to be able to find a flaw that lets them vote more than once, view the votes of others, change the votes of others, or otherwise tamper with the eletction from the voting booth.

      The biggest security risk comes from the individuals and corporations that build the voting systems. It is much more plausible that a programmer will put a line of code in that looks like:
      if (date == 'Nov 2' && party == 'republicats') secretlyrecord vote(candidate);
      That one line of code will never be caught by QA testing or practice elections. It may or may not be caught by open source.

      What is more important than anything else, is providing an audit trail. A voting machine must cast the vote onto a medium that the person that voted can verify. One way of doing this would be to print the vote, and let the user verify that the printout says the correct thing. A certain number of machines should be checked (randomly) every election to ensure that the vote count the machine spits out matches a hand count of the paper ballots.

      New federal standards will require such safeguards. Unfortunatly, most electronic voting machines that are coming out today do not meet these standard and will need to be replaced in a few short years.

      Open source may be part of the answer to a good election, but it is not sufficient to ensure one.

  • In a government of and for and by the people it is only fair that the people may independently audit the tools used to enstil the power structure.

  • The code absolutely positively must be open to inspection by the public. Whether or not the code is actually open source is a different matter. I'd find it acceptable (though not preferable) to have a closed source software which is viewable by the public.

    Anyway, I find it incredible that this is even a question. Frankly I think it's a serious enough issue it should be mandated by the state constitution that any election be done in an open manner.

  • The problem with voting software isn't that its open source or closed source. The problem is that it exists at all.

    Voting should not be done through computers. If there is a problem with the system, we need to be able to count the votes by hand. That means a paper ballot with ink marks on it.

    But you say, we can count rows in a database by hand too. Sure you can, but when you have a problem with voting, the real problem isn't getting a recount. The real problem is convincing Joe Sixpack that the system still works and that the higher powers that be haven't mucked with the workings of democracy.

    The voting system must be transparent. As soon as it gets to the point where the mechanisms are not understandable to everyone, then we will have people who don't believe the system.

    Trust is not in any way, shape, or form a part of voting. Joe Sixpack should never have to trust that the vote was taken properly. Elections should be constructed in such a way that anyone is capable of understanding the mechanics of how they work.
    • I violently agree. I also believe that we should not encourage couch potatoes who don't care enough about the process to get out and vote (absentee ballots are available for those with genuine conflicts or hardships). Not to mention that any sort of net voting would facilitate the sale of votes, never mind undermining the secrecy of the ballot.
    • Voting should not be done through computers. If there is a problem with the system, we need to be able to count the votes by hand.

      Those two statements are not mutually exclusive. Voting by computers (in theory at least) is good. It's fast, accurate, and we can easily implement voting algorithms that are better (mathematically) than majority-winner-take-all.

      However, all voting computers should have printers attached, and the user should see the printed result and it should be turned in as a backup. Random polling places should be checked after every election to ensure the honesty of the system.

      In addition, the software must not be closed. It doesn't have to be open source, but it does need to go through a third party review, something many voting software companies disallow claiming "trade secrets" to protect their source. This is bad news.

  • maybe it should be implemented first (Score:5, Interesting)

    by jilles ( 20976 ) on Monday November 11, 2002 @02:58PM (#4644252) Homepage
    It's funny that this debate rages in a country that has seen severe problems with a severely outdated and erroneous voting infrastructure. Nobody has problems there with (proprietary) punch card machines but as soon as computers are involved everybody gets worried. Arguably it wasn't technology that failed during the last elections but the process after the election during which both parties spent several millions on campaigns trying to prove that they won rather than just recounting the votes (which was an option all along) or holding a state wide reelection (which even in third world countries is common practice in case of doubt).

    I'm sure there is room for an open source voting system next to the many excellent commercial products available (which outside the US are widely being used and which tested in practice). Let the market decide. Let the government focus on certification rather than specific products. Voting machines (electronic and mechanical) should meet certain standards with respect to reliability, ease of use, accessibility, acceptable margin of error etc. Any standard in this area is better than none (which currently seems to be the case).

    People trust their life to certified proprietary medical software, nasa launches billions worth of equipment using certified proprietary software, if you travel by car, you are using tons of certified proprietary embedded software. The keyword is certification. We trust this software because independent third parties have assessed that the software does what it advertises to do in a sufficiently reliable fashion.

    Certification is currently uncommon in commercial software engineering. Not in the last place because most so called software engineers are not even qualified to tie their shoelaces properly. Any idiot who has read VB for dummies can claim to be a software engineer.
  • America doesn't have to chose between "free" and "secure" - i'm now offering unlimited use of my own solid, secure, proven Vote-o-Matic Gold v2.1 (Local, State, & National editions) software (closed source) for FREE! This includes all tabulation, tallying, and certified final election results from my ultra-secure servers, available within seconds of the polls closing!

    In other news, i'm now accepting bids from candidates, parties, and PAC's for my exclusive get-out-the-vote campaign consulting services. Potential bidders should be aware that my campaign consulting clients won't need to finance convential political & media campaigns (due to under-50% historical voter turn-out & other factors) and bid accordingly!

  • Logically, yes (Score:5, Insightful)

    by MobyDisk ( 75490 ) on Monday November 11, 2002 @03:02PM (#4644288) Homepage

    I think this is the most clear-cut case of the need for open source. But the argument that open-source is bug-free is a fallacy. The reason voting software should be open source is for security. Giving a private company the ability to create voting software that is not reviewed by at least the government, and better yet, the people, would be a security risk. An earlier post says:

    ...current open source methodologies may not be able to deliver the robustness and security required in a voting situation.

    Open source has nothing to do with any "methodology." It just means you give out the dang code! Most commericial outfits use a specific development methodology. Something like: proposal-requirements-design-implementation-testin g. There is no reason you could not do retain this process while developing open-source.

    If we don't do this, nothingkeeps an outfit from producing code that says:

    if (date == "2004-Nov-05") { vote = "cowboyNeal"; }

    No amount of quality testing can uncover such bugs. Only peer-review can ensure public safety.

    • Re:Logically, yes (Score:3, Insightful)

      by mellon ( 7048 )
      The government is elected. They can't be the ones that check the software, because they have a conflict of interest. If the software is not open source, there is no way to maintain an appearance of fairness - anybody who doesn't like the outcome of the election can always say "it was rigged," and there's no way to disprove their assertion.

      Other than that one nit, I completely agree with you.

  • Why do we need software for this? (Score:5, Insightful)

    by spuke4000 ( 587845 ) on Monday November 11, 2002 @03:10PM (#4644357)
    The United States seems to have a strange infatuation with weird voting technology: levers, punch cards, touch screens, etc. And look at where it's gotten you (see: florida(twice), virginia, etc.)

    How about paper and pencil? During the last Canadian federal election 13 million votes were counted in 4 hours, by hand.

    If you have a system that works efficently, with little concerns of errors or security, do you really think *any* software is going to improve it????
    • "How about paper and pencil? During the last Canadian federal election 13 million votes were counted in 4 hours, by hand. " Correct me if I'm wrong, but I believe Toronto used US made ballot counting machines.
    • Not to be provocative, but just curious: how complex are typical Canadian ballots?

      Down here we vote for Senatrons some years, Congresscritters every other year, Presidents every four, and Mayors, City Councilmen, Aldermen, Wizards, PooBahs, and whatnot whenever the spirit moves us. I don't really know the Canadian setup, but if it's like the UK, then it would be one Federal offcial (MP) and locals. Do you elect an upper house?

      Plus, of course, I got to vote on 14 bond issues, half a dozen judges, and a couple of local charter amendments. I think we just enjoy voting....

  • Let's look at the big picture. OSS advocates talk about wanting to be able to examine software. One person above said people will trust a more open process. I think we forget that this is only a small part of the picture. 99% of all voters won't be able to make heads or tails of the source and 99% won't care one way or the other.

    We (or at least the /. crowd) have a tendancy to think we're better than everyone because we're so smart (but not smart enough to learn humility and to remember many of us are writing from democracies that supposedly view all people as equal -- and NOT that some are more equal than others). So the bigger picture includes the question of if Joe Voter will care if s/he is voding on an OSS system.

    All Joe/Jane Voter will care about is if the vote is registered correctly and that all the votes are counted ONE time (and only one time and not less than one time).

    That's the bigger picture we forget about. So how does OSS fit into that picture?

    Even in the big picture, OSS has an advantage. I think it would be necessary to not only use OSS, but to make the install and setup processes open to be viewed. While few voters will decide to watch it, the entire open process can be publicized in adverts as part of an overall voter education campaign. While Joe/Jane Voter won't care if the software is OSS, they will care if a number of people in the public eye (not government officials) appear on ads saying they've seen the process and can testify to it's openness and fairness. The gov't could even make a big deal about how everything is open for inspection. Part of this would be pointing out that if someone didn't trust the system, they could hire an expert of their choice to examine the code and hardward specs.

    So in the short run, OSS will only matter to nerds. In the long run, if OSS is part of an overall open system that is highly publicized in a voter education campaign, and it is made clear that those without the technical skills to analyze the system on their own can go down to the local Rent-A-Nerd temp agency, find simeone they feel they can trust, hire that person, and have them analyze the system. That will start to bring the openness and strength of the system home directly to Joe/Jane Voter.
    • OSS advocates talk about wanting to be able to examine software. One person above said people will trust a more open process. I think we forget that this is only a small part of the picture. 99% of all voters won't be able to make heads or tails of the source and 99% won't care one way or the other

      I think you've missed the point, if anyone can examine the source code, those people will most likely include professors of mathematics, or computer sciences, experts in cryptography and people who's coding skills I trust more than my own.

      So whether or not I am able to or choose to audit the code myself, I know that it has had many, many skilled eyes on it.

      It's also not limited to those people who have been "selected" to audit the source code by interested parties.

      I STRONGLY believe that if anything should be open sourced it should be voting software. The whole process should also be open to public scrutiny.

      • I think we're looking at the point from 2 different directions. You may trust someone's coding skills more than your own.

        But 99% of voters don't know what a coder is. And 99% don't care. It's too technical for them. While you or I may feel exactly as you state in your post, the point will be brought home to MANY more people if they realize that ANYONE can examine the programs and system and, if they don't have the background to understand it, they can easily find someone at will who can explain it to them -- they won't have to rely on only the "intelligensia" or other specific groups of people they may or may not trust.

        BTW, the fact that my post was modded to Troll, I think, only proves my original point -- that many tech people think they somehow have a special ranking above others. That's why I think using an open process is only part of the problem. Using a voter education campaign to bring the point home directly to Joe Voter is just as important. All people need to see and trust any voting system.
  • I think this would be a good idea and might help more than in just checking for cheaters.

    You wonder what more eyeballs would have done with this fiasco [asktog.com] analyzed by Bruce Tognazzini [asktog.com].
  • When ever you count such a large number of things, either by computer or by hand, there will also be the potential for error. Therefore, what really should be done is a good assessment of the error of the voting and counting systems (hand, machine, electronic, etc.). These statitical errors than should be used to determine whether someone actually wins or not. I don't know much about voting systems, do the manufacturers specific an error rate? (for example +/- 0.1 %)?
  • No doubt it should be OSS.

    However no one will be allowed to study the source, compile it just before voting, and use this binary to actually vote. So open or close, it doesn't matter.

    Who and what guarantees the publicly available source code will be precisely the same as the code from which the binary was built? For paranoid and conspiracy types there's no difference. The others don't care, or don't understand, or both.

  • One of the major things I hear in relation to voting machines is that they provide no accountability in respect to hand-counting ballots, and that they're nothing more than glorified printers.

    So why not make them go the who way and make them entirely glorified printers?

    I'm serious here. The whole idea of punchcard machines is that they should be a decvice to allow the voter to express their opinion. So why not have a system like this: voter digns in at desk, is given special ballot (paper card with mag strip on the back or somthing to make sure it's legit). Voter goes into booth, inserts ballot card (in any direction), picks candidate from list of names w/ pictures and party logos (like in S.African elections) . Voter presses "Vote!" and confirms. Machine prints out card with name of person voted for on it and simple machine-readable pattern. Voter looks at poster above machine that shows the name of each candidate and the code that corrosponds to them (so we need a relatively simple code) to make sure it's right, voter drops card in box on the way out.

    With that system, there's three level of checking. The result comes from the voting computer. If within a certain percent, automatic recount triggered and done by running actual ballots thru counting machines (here's where that machine-readable code come in handy). If another recount is demanded, then use the names printed on the cards.

    This seems fairly straightforward - what am I missing here?
    • "This seems fairly straightforward - what am I missing here?" Well, just off the top of my head, voter's secrecy. You can't just print the voter's name on his ballot and throw it in a box. One of the prime directives of elections is to prevent the possiblility of associating a ballot with a specific voter.
    • This seems fairly straightforward - what am I missing here?

      Verifiability and fraud prevention.

      The only one I'm going to "ding" you for is the verifiability, because it's the only one you should have been thinking of.

      Verifiability as in how do I know my vote was counted, and counted properly

      Here's the method:

      1. Obtain "Voter Registration Card". This is a card with a digitally signed serial number onin the mag stripe--signed with the "Registrar of Voters" public key.
      2. You take your card to the polling place, and demonstrate your eligibility to vote (card+other credentials if necessary)
      3. Then vote. When you've made your choices, you are presented with a confirmation screen.
      4. When you confirm your votes, you get 2 cards printed out, one being the official "ballot" that gets turned in, and the other being *your* record of your vote. These both have large random number printed on them, and a secure hash of the votes you make.
      5. The first card then goes into the box, the second card.
      6. As polls close, automated software posts the random numbers, and their matching hashes. If you suspect that something was wrong, you can then challenge the count. ANYONE who feels that their vote wasn't counted properly can challenge their vote--within a given time.
      7. Absentee ballots must be done in the same way, with the absentee voting at a designated spot rather than going through the mail.

      The idea is to have a voting system with the following characteristics:

      1. anonymity--you do not know who voted, or how they voted.
      2. Strong fraud resistance--make it hard for certain parties to vote the graves and lose ballot boxes, buy votes with cigerattes etc. (sorry, couldn't resist).
      3. Verifiablity--make it possible for each citizen to make sure their vote was counted.

      Anyone for setting up a project to design such a system?

      • Yes! Although I would have wanted to do away with the entire paper handling procedure this is what software voting should be.

        Most people seem to be stuck into doing software voting the same as paper voting. It would seem that a lot of examples have proven that this is often not a good choice. If you go software/electronic why not use that to give the voters options they have not had before?

        The way I though of it would be that every vote would be hashed so that afterwards I could (more or less) download all votes in my district and check if my vote was in that bundle. I could also verify the result /myself/.

        If you want to do software voting then go all the way. Not some half assed attempt at a "paperless voting".
  • If the software is any good, opening the source will not effect it's security.
  • Voting software needs to work and be secure. Whether or not it's closed source ot open source is not important.

    In principal, you could argue that the public has a right to see the code itself, but, in reality, the public wouldn't know what it was looking at. Just as the public has no choice but to trust "experts" about the closed voting code, the public would have to trust "experts" about open voting code.
  • EVACS [slashdot.org] was successfully trialled last year in the ACT, Australia elections for a limited number of polling booths. The source is available here [act.gov.au]. Phillip Green, the electoral commissioner, was discussing the developments for next time. There was one whinging politician who lost, but it was more accurate than previous hand-counting methods. Sour Grapes [yourguide.com.au]
  • Mark Beckstrand, a vice president at Sequoia Voting Systems said "We haven't lost or misplaced or ever been accused of not having 100 percent accuracy."

    I hereby accuse them of giving less than 100% voting accuracy.

  • Open souce is not the issue. It can be closed source, so long as everyone can verify that their vote was counted. The easiest way to do that is if you don't trust the results demand a hand recount.

    Consider this: open source polling software. I become an election judge, and as a computer savy person I am put in charge of making sure the software is loaded correctly. (Very likely since I have a CS degree, and many people are intimidated by computers). Now I take the open source software, load it, but with a modification: if (random(SOMEVALUE)/(SOMETHING_ELSE)) recordedVote = vote; else recordedVote = "My Canidate"; Simple for any programer, and open source makes it easier. And I just load the code to each booth, and then delete it. Sure it is open source, except that it isn't the same source you saw. (Note, the random above is so that the rebublicrates don't get suspicious when they get zero votes, and I would do some adjustment to make sure my canidate just barely wins)

    You should not leave the polling booth without a slip of paper which you verify has everyone you voted for. If there is any question about the machine's results a hand recount of all slips is easy.

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close