Slashdot Mirror
Should Voting Software Be Open Source?
jallen02 asks: "CNN has a quick little piece in their technology section about the electronic voting systems and their security. They ask, 'What about security?' with regards to the electronic voting systems. And then a researcher from AT&T labs is quoted in the article. Basically, saying the systems should be open sourced, and he quotes the party line for open source regarding security: more eyeballs means more flaws are found and fixed. The big question raised here is ripe for debate.. should electronic voting systems software be opened for the public to see?"
Simple question, simple answer:
Of course!
My other account has a 3-digit UID.
It's a nice thought: it would make a good high-profile proof of concept that could give open source the credibility it needs to succeed in the doggy-dog software market.
My only concern is that current open source methodologies may not be able to deliver the robustness and security required in a voting situation. Open source becomes strong through evolution, which necessarily means that the first users experience a lot of minor bugs that eventually get ironed out. Highly reliable bullet-proof systems need to be designed from the ground up.
We don't depend on open source for controlling drawbridges or handling air traffic control systems, and we shouldn't put something as fragile as our democracy in the hands of open source, either. It is not acceptible for my vote to be lost because of a bad fsck.
Karma: Good (despite my invention of the Karma: sig)
But if there are no flaws then how are they going to fix the elections so "President" Bush can win next time?
People don't vote because they don't trust the system. If the system were more open, Democracy might actually mean something.
"I assumed blithely that there were no elves out there in the darkness"
no, no, no, no, no!
Open source is GREAT for some applications, and it's totaly inapropreate for others. Yes, lots of flaws would be fixed... but lots of other flaws would be discovered by the WRONG people and exploited. I remember a story on slashdot a while ago further back in the Mircosoft trial where someone high up on the MS chain said that releasing the source of Windows would provide to be a threat to national security because of all the security flaws. While I'm sure these voting systems have much fewer if any bugs releasing the source would allow groups of hackers to work from their homes studying the code and checking for insecuritys. While at the moment, voting equipment is secured and hackers wouldn't be able to have long-term access to it let alone it's source code.
The correct question is "do we really need software for voting?"
It's a simple case of inappropriate use of technology.
Free Java games for your phone: Tontie, Sokoban
Other ask slashdot questions for your consideration:
Is it true that Windows is buggy and insecure?
DMCA--Not as good a law as we all thought?
Copyright, is it just me or does it last way too long?
Should I try out this new thing I found called "Linux"? They say it's free, but there's some catch, right?
I just met this cute girl named Natalie Portman. She is really coming on to me. I think that she is after my body. Do I let her have her way with me?
As programmers, we're all aware that perfect, bug-free software just doesn't exist in the real world. Given that the voting software will have bugs, isn't it better that they be secret for something as vital as this?
Karma: Good (despite my invention of the Karma: sig)
Of course it should be open source. The upside is obvious, everyone knows how the voting system works and we are sure it is legitimate.
The downside is also obvious, since we know how it works we can break the system. However, if the voting system is on a closed network how is anyone going to hack into it? I hear all these people talking about things like people hacking into the hoover damn. If the hoover damn isn't connected to the internet, then in order to hack it you have to break into the building. Then it's no longer a matter of computer security but a matter of physical security, and making sure nobody pulls an inside job. The voting system is the same way. Open source to verfiy it is legitimate and large federal men to prevent hackers from walking into the building where the database is kept.
The GeekNights podcast is going strong. Listen!
What is there to ensure that the manfucaturer actually installed the OS voting software, rather than a slightly tweaked version?
You need open installation, open distribution, open setup, open guards, open data transmission/collection and open results. Otherwise there is no assurance.
Only having many eyeballs on the system all the way from start to finish will give a level of security sought by this sort of endevour.
-- The morphemes of your disquisition are ascertainable, but they have eschewed an ambit of transpicuous exposition.
If the software is being created by counties with tax dollars, isn't it required to be not only "Open Source", but public domain as well?
Why is voting so freaking hard? Why not have a federal project to develop a decent piece of software that all counties around the country could use if they wanted. Voting software isn't Hard. It's really not. Do it once, do it right, no more problems.
What kind of software can't be Open Source?
I'm from Argentina: Tango, Asado, Mate, Gaucho, Maradona, YPF
With the source code open, it's possible that someone might find a security flaw in the system. Now, in an ideal world that person might announce that flaw to the world, and a patch would be implemented immediately.
But what if that person chose to exploit that flaw instead?
Before voting systems code is moved to open source, there needs to be a discussion made of what efforts are taking place to prevent someone from tampering with the results through flaws in the code.
Karma: Chevy Kavalierma.
Somehow PGP and GPG are open source, and somehow no one call the security of these tools into question. The only reasons you don't want to offer the source is if 1) there are security holes, or 2) you have no intention of fixing the security holes.
The problem here is that the system involves hardware -- which will likely not be open source because of patent constraints, and that it should allow the voter 1) to remain anonymous, 2) to provide a method for the voter to double-check their votes prior to submission, and 3) to provide a method for the voter to verify that their votes were cast and counted correctly in the final totals. All of this means that it can't be a purely electronic method. The voter must take away something with them.
If something like this -- the combination of open source software and patent-free hardware could be assembled, at a reasonable, inexpensive price, it would be a wonderful gift to the democracies of the world.
First a little background. Election software is not trivial. Granted, you can usually do everything fixed point, but that's where the triviality ends. Each state and sometimes each county has different election laws and procedures. The companies supplying election hardware and software have literally spent decades creating the rules and templates for nearly every county in the country (and some for Canada as well). In many cases, they've found it easier to run old elections code under emulation rather than do a rewrite for new hardware. I'm not sure how you could legally require the elections companies to open source all this work and I don't know how it could be duplicated in any reasonable time frame. I submit that if you are interested in the accuracy of your elections, that you call the county clerk and ask to observe the required logic and accuracy tests of the ballot counting equipment before and after each election. It's an interesting process. Generally, the election officials welcome the visit and will be happy to discuss the politics and practicality of open source elections software.
"Eve of Destruction", it's not just for old hippies anymore...
--computerised voting is the last straw on any sort of honest voting. Once you have this in by law, that's it, kiss any sort of honesty goodbye. It's not needed. Punch out chads aren't needed. Paper ballots, fill in the circle, works just great. Ya, takes some time to count, but human eyeballs are plenty "open source". All this latest touch screen voting did was make it ridiculously easy to stuff the ballot box by *someone*, or to alter the results, or to lose them, or whatever. No "poll watcher" can count anything-you rely on what the machine tells you. And if the stuffing is occurring INSIDE the governmental command and control structure, well, you can see where that's headed. Votes were difficult in the past, granted, some fraud occurred, this new tech mandates the possibility oif universal fraud. Gee, wonder why the arkansas mafia/skull and bones axis of political crooks would both advocate this sort of voting?
I got my "I voted" sticker right here from the latest election. It's a picture of the computer touch screen pointing at itself saying "I voted". Well, that's exactly what's happening, some computer is voting, you surely aren't.
An interesting issue with regards to Voting software versus your general peice of software is the time-of-use.
Voting software will be used *once* and *suddenly* every five or so years.
This has huge implications for bugs and security.
No matter how much alpha/beta testing you do, some things just arent gonna be picked up untill the first election.
And that could be a security flaw. So in the case of voting software, one of the standard arguments of the "security through obscurity camp" could be relevant: Any 0-day exploit that a black hat discovered wont be used untill the election is in progress. Therefore, it may be useful to hide the source code from black hats. With normal OSS, black hats do find bugs that others have missed. But fortunately this is often early in a product cycle and get fixed very quickly (a good reason for OSS). With an election system, these bugs just arent gonna be picked up quick enough - it will be too late already....
Not too sure if this argument makes any sense, and I think somebody should really counter this please.....
But it is an issue, a special aspect of such software.
In a government of and for and by the people it is only fair that the people may independently audit the tools used to enstil the power structure.
The code absolutely positively must be open to inspection by the public. Whether or not the code is actually open source is a different matter. I'd find it acceptable (though not preferable) to have a closed source software which is viewable by the public.
Anyway, I find it incredible that this is even a question. Frankly I think it's a serious enough issue it should be mandated by the state constitution that any election be done in an open manner.
YES.
Wait two minutes for the last post...
The problem with voting software isn't that its open source or closed source. The problem is that it exists at all.
Voting should not be done through computers. If there is a problem with the system, we need to be able to count the votes by hand. That means a paper ballot with ink marks on it.
But you say, we can count rows in a database by hand too. Sure you can, but when you have a problem with voting, the real problem isn't getting a recount. The real problem is convincing Joe Sixpack that the system still works and that the higher powers that be haven't mucked with the workings of democracy.
The voting system must be transparent. As soon as it gets to the point where the mechanisms are not understandable to everyone, then we will have people who don't believe the system.
Trust is not in any way, shape, or form a part of voting. Joe Sixpack should never have to trust that the vote was taken properly. Elections should be constructed in such a way that anyone is capable of understanding the mechanics of how they work.
This is America, damnit. Speak Spanish!
In a true democracy, the government shouldn't have anything to hide from the people.
It's funny that this debate rages in a country that has seen severe problems with a severely outdated and erroneous voting infrastructure. Nobody has problems there with (proprietary) punch card machines but as soon as computers are involved everybody gets worried. Arguably it wasn't technology that failed during the last elections but the process after the election during which both parties spent several millions on campaigns trying to prove that they won rather than just recounting the votes (which was an option all along) or holding a state wide reelection (which even in third world countries is common practice in case of doubt).
I'm sure there is room for an open source voting system next to the many excellent commercial products available (which outside the US are widely being used and which tested in practice). Let the market decide. Let the government focus on certification rather than specific products. Voting machines (electronic and mechanical) should meet certain standards with respect to reliability, ease of use, accessibility, acceptable margin of error etc. Any standard in this area is better than none (which currently seems to be the case).
People trust their life to certified proprietary medical software, nasa launches billions worth of equipment using certified proprietary software, if you travel by car, you are using tons of certified proprietary embedded software. The keyword is certification. We trust this software because independent third parties have assessed that the software does what it advertises to do in a sufficiently reliable fashion.
Certification is currently uncommon in commercial software engineering. Not in the last place because most so called software engineers are not even qualified to tie their shoelaces properly. Any idiot who has read VB for dummies can claim to be a software engineer.
Jilles
America doesn't have to chose between "free" and "secure" - i'm now offering unlimited use of my own solid, secure, proven Vote-o-Matic Gold v2.1 (Local, State, & National editions) software (closed source) for FREE! This includes all tabulation, tallying, and certified final election results from my ultra-secure servers, available within seconds of the polls closing!
In other news, i'm now accepting bids from candidates, parties, and PAC's for my exclusive get-out-the-vote campaign consulting services. Potential bidders should be aware that my campaign consulting clients won't need to finance convential political & media campaigns (due to under-50% historical voter turn-out & other factors) and bid accordingly!
It's easy to make up & spread cool- and credible-sounding stuff. Finding & checking hard facts is hard work.
I think this is the most clear-cut case of the need for open source. But the argument that open-source is bug-free is a fallacy. The reason voting software should be open source is for security. Giving a private company the ability to create voting software that is not reviewed by at least the government, and better yet, the people, would be a security risk. An earlier post says:
Open source has nothing to do with any "methodology." It just means you give out the dang code! Most commericial outfits use a specific development methodology. Something like: proposal-requirements-design-implementation-testin g. There is no reason you could not do retain this process while developing open-source.
If we don't do this, nothingkeeps an outfit from producing code that says:
if (date == "2004-Nov-05") { vote = "cowboyNeal"; }No amount of quality testing can uncover such bugs. Only peer-review can ensure public safety.
And let us not forget that there has been tampering with voters, tally's and what-not, since the concept of democratic voting was first invented. The imfamous 1930's era mobsters come to mind first.
Secure? Not likely. Nothing is 100% secure. Anyone who thinks otherwise is delusional! The key here is to empower the people to keep the system just. Keeping the people out of the loop and preventing them from seeing the code that allows them to vote is wrong. They will never trust the system then.
As for MS's security woes. It's their own fault. They hopped on the Internet Bandwagon as an after thought when Win95 came out. And they have since built more and more holes in their swiss cheese OS. Only now do they consider Security. I bet the engineers at MS, when asked about security responded, "Security is not my job. It's the security group's responsibility to secure the code."
Security is an issue and always will be. But the needs of the people are more important. Democracy must be maintained and if the people don't trust the system, then democracy has failed.
The truth is usually just an excuse for lack of imagination.
Peasants should'nt be voting in the first place.
"Those who cast the votes decide nothing; those who count the votes decide everything." - Josef Stalin
The United States seems to have a strange infatuation with weird voting technology: levers, punch cards, touch screens, etc. And look at where it's gotten you (see: florida(twice), virginia, etc.)
How about paper and pencil? During the last Canadian federal election 13 million votes were counted in 4 hours, by hand.
If you have a system that works efficently, with little concerns of errors or security, do you really think *any* software is going to improve it????
This post cannot be rebroadcast without the express written constent of Major League Baseball.
Let's look at the big picture. OSS advocates talk about wanting to be able to examine software. One person above said people will trust a more open process. I think we forget that this is only a small part of the picture. 99% of all voters won't be able to make heads or tails of the source and 99% won't care one way or the other.
/. crowd) have a tendancy to think we're better than everyone because we're so smart (but not smart enough to learn humility and to remember many of us are writing from democracies that supposedly view all people as equal -- and NOT that some are more equal than others). So the bigger picture includes the question of if Joe Voter will care if s/he is voding on an OSS system.
We (or at least the
All Joe/Jane Voter will care about is if the vote is registered correctly and that all the votes are counted ONE time (and only one time and not less than one time).
That's the bigger picture we forget about. So how does OSS fit into that picture?
Even in the big picture, OSS has an advantage. I think it would be necessary to not only use OSS, but to make the install and setup processes open to be viewed. While few voters will decide to watch it, the entire open process can be publicized in adverts as part of an overall voter education campaign. While Joe/Jane Voter won't care if the software is OSS, they will care if a number of people in the public eye (not government officials) appear on ads saying they've seen the process and can testify to it's openness and fairness. The gov't could even make a big deal about how everything is open for inspection. Part of this would be pointing out that if someone didn't trust the system, they could hire an expert of their choice to examine the code and hardward specs.
So in the short run, OSS will only matter to nerds. In the long run, if OSS is part of an overall open system that is highly publicized in a voter education campaign, and it is made clear that those without the technical skills to analyze the system on their own can go down to the local Rent-A-Nerd temp agency, find simeone they feel they can trust, hire that person, and have them analyze the system. That will start to bring the openness and strength of the system home directly to Joe/Jane Voter.
Did you mean "dog eat dog"?
While "doggy-dog" reminds me of a sexual position, "dog eat dog" is a cliche that illustrates competitiveness.
I think this would be a good idea and might help more than in just checking for cheaters.
You wonder what more eyeballs would have done with this fiasco analyzed by Bruce Tognazzini.
When ever you count such a large number of things, either by computer or by hand, there will also be the potential for error. Therefore, what really should be done is a good assessment of the error of the voting and counting systems (hand, machine, electronic, etc.). These statitical errors than should be used to determine whether someone actually wins or not. I don't know much about voting systems, do the manufacturers specific an error rate? (for example +/- 0.1 %)?
Electoral processes have to be transparent. Peopl should be able to see that there are no funny backdoors in the code.
They need to see that:
make_vote(total_vote) {
return total_vote++;
}
No doubt it should be OSS.
However no one will be allowed to study the source, compile it just before voting, and use this binary to actually vote. So open or close, it doesn't matter.
Who and what guarantees the publicly available source code will be precisely the same as the code from which the binary was built? For paranoid and conspiracy types there's no difference. The others don't care, or don't understand, or both.
Life is the slowest way to death.
Would open-sourcing really increase the confidence of people in the system? Open source or no, you still have to deal with the problem of dead people and non-citizens casting ballots. If you can't trust the humans running the polls, the technology doesn't matter. The election officials at my polling place this last time around were polite and professional, so I don't think there was any malevolent tampering with my vote.
;-)
The other side of the question is, is open-sourcing necessary to trusted security in all situations? Granted, in programming, the answer is 'yes' more often than not. But voting isn't strictly about programming.
My state switched to all-digital voting machines this election, and the voting machines all had the 'Die Hard' logo on them. Yup, the same company that produces security systems for banks and military bases. I wouldn't expect them to open-source the security for my local bank, though. As a matter of fact, I'd probably be pretty ticked off if they did. And, since they've got a solid reputation, I've got a pretty high level of confidence that there was no mishandling of my vote through accident of technology.
I'll rant on about the dangers of true Democracy another time.
Good judgment comes from experience.
Experience comes from bad judgment.
During the last Canadian federal election 13 million votes were counted in 4 hours, by hand.
Bullshit. Canada doesn't have elections. They have a Queen. Or are they part of the U.S.? I can't remember. In any case, they definitely don't have elections. I'd remember that.
One of the major things I hear in relation to voting machines is that they provide no accountability in respect to hand-counting ballots, and that they're nothing more than glorified printers.
So why not make them go the who way and make them entirely glorified printers?
I'm serious here. The whole idea of punchcard machines is that they should be a decvice to allow the voter to express their opinion. So why not have a system like this: voter digns in at desk, is given special ballot (paper card with mag strip on the back or somthing to make sure it's legit). Voter goes into booth, inserts ballot card (in any direction), picks candidate from list of names w/ pictures and party logos (like in S.African elections) . Voter presses "Vote!" and confirms. Machine prints out card with name of person voted for on it and simple machine-readable pattern. Voter looks at poster above machine that shows the name of each candidate and the code that corrosponds to them (so we need a relatively simple code) to make sure it's right, voter drops card in box on the way out.
With that system, there's three level of checking. The result comes from the voting computer. If within a certain percent, automatic recount triggered and done by running actual ballots thru counting machines (here's where that machine-readable code come in handy). If another recount is demanded, then use the names printed on the cards.
This seems fairly straightforward - what am I missing here?
Cue The Sun...
If the software is any good, opening the source will not effect it's security.
It's Christmas everyday with BitTorrent.
Voting software needs to work and be secure. Whether or not it's closed source ot open source is not important.
In principal, you could argue that the public has a right to see the code itself, but, in reality, the public wouldn't know what it was looking at. Just as the public has no choice but to trust "experts" about the closed voting code, the public would have to trust "experts" about open voting code.
-- Slashdot: When Public Access TV Says "No"
EVACS was successfully trialled last year in the ACT, Australia elections for a limited number of polling booths. The source is available here. Phillip Green, the electoral commissioner, was discussing the developments for next time. There was one whinging politician who lost, but it was more accurate than previous hand-counting methods. Sour Grapes
Slashdot: Where nerds gather to pool their ignorance
Mark Beckstrand, a vice president at Sequoia Voting Systems said "We haven't lost or misplaced or ever been accused of not having 100 percent accuracy."
I hereby accuse them of giving less than 100% voting accuracy.
Open souce is not the issue. It can be closed source, so long as everyone can verify that their vote was counted. The easiest way to do that is if you don't trust the results demand a hand recount.
Consider this: open source polling software. I become an election judge, and as a computer savy person I am put in charge of making sure the software is loaded correctly. (Very likely since I have a CS degree, and many people are intimidated by computers). Now I take the open source software, load it, but with a modification: if (random(SOMEVALUE)/(SOMETHING_ELSE)) recordedVote = vote; else recordedVote = "My Canidate"; Simple for any programer, and open source makes it easier. And I just load the code to each booth, and then delete it. Sure it is open source, except that it isn't the same source you saw. (Note, the random above is so that the rebublicrates don't get suspicious when they get zero votes, and I would do some adjustment to make sure my canidate just barely wins)
You should not leave the polling booth without a slip of paper which you verify has everyone you voted for. If there is any question about the machine's results a hand recount of all slips is easy.
It's not a question of "can't be", it's a question of "doesn't benefit from being".
An open source approach has produced some great developments, but almost universally when:
If you meet these criteria, then OS may be the way forward. If not, maybe you need to look at why so many people still do things the old-fashioned way.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.