Should Voting Software Be Open Source?

jallen02 asks: "CNN has a quick little piece in their technology section about the electronic voting systems and their security. They ask, 'What about security?' with regards to the electronic voting systems. And then a researcher from AT&T labs is quoted in the article. Basically, saying the systems should be open sourced, and he quotes the party line for open source regarding security: more eyeballs means more flaws are found and fixed. The big question raised here is ripe for debate.. should electronic voting systems software be opened for the public to see?"

ABSOLUTELY

[benjamindees]

People don't vote because they don't trust the system. If the system were more open, Democracy might actually mean something.

Re:ABSOLUTELY

[greenhide]

Perhaps, but I think the trust has little to do with the underlying technology.

People will mistrust the computers and the people operating the systems, not the licenses and code behind the voting system. While there might be a small number (never more than 100,000 people, say) who might distrust the system just because it isn't open source, most people mistrust it for less technological reasons. Their mistrust is just as valid, in my opinion.

No, no, no, no,

[MattCohn.com]

no, no, no, no, no!

Open source is GREAT for some applications, and it's totaly inapropreate for others. Yes, lots of flaws would be fixed... but lots of other flaws would be discovered by the WRONG people and exploited. I remember a story on slashdot a while ago further back in the Mircosoft trial where someone high up on the MS chain said that releasing the source of Windows would provide to be a threat to national security because of all the security flaws. While I'm sure these voting systems have much fewer if any bugs releasing the source would allow groups of hackers to work from their homes studying the code and checking for insecuritys. While at the moment, voting equipment is secured and hackers wouldn't be able to have long-term access to it let alone it's source code.

Only the frst step

[Froze]

What is there to ensure that the manfucaturer actually installed the OS voting software, rather than a slightly tweaked version?

You need open installation, open distribution, open setup, open guards, open data transmission/collection and open results. Otherwise there is no assurance.

Only having many eyeballs on the system all the way from start to finish will give a level of security sought by this sort of endevour.

Isn't it required to be?

[jmd!]

If the software is being created by counties with tax dollars, isn't it required to be not only "Open Source", but public domain as well?

Why is voting so freaking hard? Why not have a federal project to develop a decent piece of software that all counties around the country could use if they wanted. Voting software isn't Hard. It's really not. Do it once, do it right, no more problems.

Possibly Concern

[greenhide]

With the source code open, it's possible that someone might find a security flaw in the system. Now, in an ideal world that person might announce that flaw to the world, and a patch would be implemented immediately.

But what if that person chose to exploit that flaw instead?

Before voting systems code is moved to open source, there needs to be a discussion made of what efforts are taking place to prevent someone from tampering with the results through flaws in the code.

better idea

[zogger]

--computerised voting is the last straw on any sort of honest voting. Once you have this in by law, that's it, kiss any sort of honesty goodbye. It's not needed. Punch out chads aren't needed. Paper ballots, fill in the circle, works just great. Ya, takes some time to count, but human eyeballs are plenty "open source". All this latest touch screen voting did was make it ridiculously easy to stuff the ballot box by *someone*, or to alter the results, or to lose them, or whatever. No "poll watcher" can count anything-you rely on what the machine tells you. And if the stuffing is occurring INSIDE the governmental command and control structure, well, you can see where that's headed. Votes were difficult in the past, granted, some fraud occurred, this new tech mandates the possibility oif universal fraud. Gee, wonder why the arkansas mafia/skull and bones axis of political crooks would both advocate this sort of voting?

I got my "I voted" sticker right here from the latest election. It's a picture of the computer touch screen pointing at itself saying "I voted". Well, that's exactly what's happening, some computer is voting, you surely aren't.

Issue

[President+Chimp+Toe]

An interesting issue with regards to Voting software versus your general peice of software is the time-of-use.

Voting software will be used *once* and *suddenly* every five or so years.

This has huge implications for bugs and security.

No matter how much alpha/beta testing you do, some things just arent gonna be picked up untill the first election.

And that could be a security flaw. So in the case of voting software, one of the standard arguments of the "security through obscurity camp" could be relevant: Any 0-day exploit that a black hat discovered wont be used untill the election is in progress. Therefore, it may be useful to hide the source code from black hats. With normal OSS, black hats do find bugs that others have missed. But fortunately this is often early in a product cycle and get fixed very quickly (a good reason for OSS). With an election system, these bugs just arent gonna be picked up quick enough - it will be too late already....

Not too sure if this argument makes any sense, and I think somebody should really counter this please.....

But it is an issue, a special aspect of such software.

Re:Issue

[DeadSea]

Any voting machine will not be networked, will have simple interface to voters that does not expose a command line or desktop, and has physical access controlled by poll workers.

It is not likely that a black hat is going to be able to find a flaw that lets them vote more than once, view the votes of others, change the votes of others, or otherwise tamper with the eletction from the voting booth.

The biggest security risk comes from the individuals and corporations that build the voting systems. It is much more plausible that a programmer will put a line of code in that looks like:
if (date == 'Nov 2' && party == 'republicats') secretlyrecord vote(candidate);
That one line of code will never be caught by QA testing or practice elections. It may or may not be caught by open source.

What is more important than anything else, is providing an audit trail. A voting machine must cast the vote onto a medium that the person that voted can verify. One way of doing this would be to print the vote, and let the user verify that the printout says the correct thing. A certain number of machines should be checked (randomly) every election to ensure that the vote count the machine spits out matches a hand count of the paper ballots.

New federal standards will require such safeguards. Unfortunatly, most electronic voting machines that are coming out today do not meet these standard and will need to be replaced in a few short years.

Open source may be part of the answer to a good election, but it is not sufficient to ensure one.

Re:i don't think so

[isorox]

It is not acceptible for my vote to be lost because of a bad fsck.

This is a problem in any system. It's not acceptable for my vote to be lost because of a bad BSOD either.

Just because the system should be open source doesnt mean it should be developed by people on sourceforge. Pay professional engineers to design the system, then build. Release each stage as open source along the way - best of both worlds.

We shouldn't even be asking this question

[Uma+Thurman]

The problem with voting software isn't that its open source or closed source. The problem is that it exists at all.

Voting should not be done through computers. If there is a problem with the system, we need to be able to count the votes by hand. That means a paper ballot with ink marks on it.

But you say, we can count rows in a database by hand too. Sure you can, but when you have a problem with voting, the real problem isn't getting a recount. The real problem is convincing Joe Sixpack that the system still works and that the higher powers that be haven't mucked with the workings of democracy.

The voting system must be transparent. As soon as it gets to the point where the mechanisms are not understandable to everyone, then we will have people who don't believe the system.

Trust is not in any way, shape, or form a part of voting. Joe Sixpack should never have to trust that the vote was taken properly. Elections should be constructed in such a way that anyone is capable of understanding the mechanics of how they work.

Re:i don't think so

[WeaponOfChoice]

We don't depend on open source for controlling drawbridges or handling air traffic control systems, and we shouldn't put something as fragile as our democracy in the hands of open source, either. It is not acceptible for my vote to be lost because of a bad fsck

Closed source hasn't really delivered in these areas either (perhaps in drawbridges though those I am aware of in the UK are primarily manually controlled hydraulics). Our Air Traffic control in the UK was years behind schedule and multiples of original costs. It doesn't work well, is described as already taxed by the load to date and has suffered several serious outages and errors that resulted in near misses and other opportunities for passengers to become statistics.
I'm not saying OSS would automatically be better but it would be unlikely to be too much worse - and it'd be easier to debug than the monster they have now.

On the voting side I seem to remember an experiement with computer controlled voting booths in the states that may have resulted in the loss of many votes simply because the software was buggy and the operators did not know exactly how to save votes at the end...

A bad fsck will get you in CS just as easily as OSS though you'll probably never know about it...

Logically, yes

[MobyDisk]

I think this is the most clear-cut case of the need for open source. But the argument that open-source is bug-free is a fallacy. The reason voting software should be open source is for security. Giving a private company the ability to create voting software that is not reviewed by at least the government, and better yet, the people, would be a security risk. An earlier post says:

...current open source methodologies may not be able to deliver the robustness and security required in a voting situation.

Open source has nothing to do with any "methodology." It just means you give out the dang code! Most commericial outfits use a specific development methodology. Something like: proposal-requirements-design-implementation-testin g. There is no reason you could not do retain this process while developing open-source.

If we don't do this, nothingkeeps an outfit from producing code that says:

if (date == "2004-Nov-05") { vote = "cowboyNeal"; }

No amount of quality testing can uncover such bugs. Only peer-review can ensure public safety.

Re:Logically, yes

[mellon]

The government is elected. They can't be the ones that check the software, because they have a conflict of interest. If the software is not open source, there is no way to maintain an appearance of fairness - anybody who doesn't like the outcome of the election can always say "it was rigged," and there's no way to disprove their assertion.

Other than that one nit, I completely agree with you.

Re:No, no, no, no - UH YES

[icewalker]

And let us not forget that there has been tampering with voters, tally's and what-not, since the concept of democratic voting was first invented. The imfamous 1930's era mobsters come to mind first.

Secure? Not likely. Nothing is 100% secure. Anyone who thinks otherwise is delusional! The key here is to empower the people to keep the system just. Keeping the people out of the loop and preventing them from seeing the code that allows them to vote is wrong. They will never trust the system then.

As for MS's security woes. It's their own fault. They hopped on the Internet Bandwagon as an after thought when Win95 came out. And they have since built more and more holes in their swiss cheese OS. Only now do they consider Security. I bet the engineers at MS, when asked about security responded, "Security is not my job. It's the security group's responsibility to secure the code."

Security is an issue and always will be. But the needs of the people are more important. Democracy must be maintained and if the people don't trust the system, then democracy has failed.

Why do we need software for this?

[spuke4000]

The United States seems to have a strange infatuation with weird voting technology: levers, punch cards, touch screens, etc. And look at where it's gotten you (see: florida(twice), virginia, etc.)

How about paper and pencil? During the last Canadian federal election 13 million votes were counted in 4 hours, by hand.

If you have a system that works efficently, with little concerns of errors or security, do you really think *any* software is going to improve it????

Re:i don't think so

[ez76]

Open source becomes strong through evolution, which necessarily means that the first users experience a lot of minor bugs that eventually get ironed out. Highly reliable bullet-proof systems need to be designed from the ground up.

I don't follow. Why does open source preclude the system being designed from the ground up? And what magic are closed source projects infused with, that they are born strong and without minor bugs?