Slashdot Mirror

← Back to Stories (view on slashdot.org)

Should Voting Software Be Open Source?

Posted by Cliff on from the what's-counting-your-votes dept.

jallen02 asks: "CNN has a quick little piece in their technology section about the electronic voting systems and their security. They ask, 'What about security?' with regards to the electronic voting systems. And then a researcher from AT&T labs is quoted in the article. Basically, saying the systems should be open sourced, and he quotes the party line for open source regarding security: more eyeballs means more flaws are found and fixed. The big question raised here is ripe for debate.. should electronic voting systems software be opened for the public to see?"

6 of 116 comments (clear)

  1. better idea by zogger · · Score: 5, Insightful

    --computerised voting is the last straw on any sort of honest voting. Once you have this in by law, that's it, kiss any sort of honesty goodbye. It's not needed. Punch out chads aren't needed. Paper ballots, fill in the circle, works just great. Ya, takes some time to count, but human eyeballs are plenty "open source". All this latest touch screen voting did was make it ridiculously easy to stuff the ballot box by *someone*, or to alter the results, or to lose them, or whatever. No "poll watcher" can count anything-you rely on what the machine tells you. And if the stuffing is occurring INSIDE the governmental command and control structure, well, you can see where that's headed. Votes were difficult in the past, granted, some fraud occurred, this new tech mandates the possibility oif universal fraud. Gee, wonder why the arkansas mafia/skull and bones axis of political crooks would both advocate this sort of voting?

    I got my "I voted" sticker right here from the latest election. It's a picture of the computer touch screen pointing at itself saying "I voted". Well, that's exactly what's happening, some computer is voting, you surely aren't.

  2. Re:i don't think so by isorox · · Score: 5, Insightful

    It is not acceptible for my vote to be lost because of a bad fsck.

    This is a problem in any system. It's not acceptable for my vote to be lost because of a bad BSOD either.

    Just because the system should be open source doesnt mean it should be developed by people on sourceforge. Pay professional engineers to design the system, then build. Release each stage as open source along the way - best of both worlds.

  3. maybe it should be implemented first by jilles · · Score: 5, Interesting

    It's funny that this debate rages in a country that has seen severe problems with a severely outdated and erroneous voting infrastructure. Nobody has problems there with (proprietary) punch card machines but as soon as computers are involved everybody gets worried. Arguably it wasn't technology that failed during the last elections but the process after the election during which both parties spent several millions on campaigns trying to prove that they won rather than just recounting the votes (which was an option all along) or holding a state wide reelection (which even in third world countries is common practice in case of doubt).

    I'm sure there is room for an open source voting system next to the many excellent commercial products available (which outside the US are widely being used and which tested in practice). Let the market decide. Let the government focus on certification rather than specific products. Voting machines (electronic and mechanical) should meet certain standards with respect to reliability, ease of use, accessibility, acceptable margin of error etc. Any standard in this area is better than none (which currently seems to be the case).

    People trust their life to certified proprietary medical software, nasa launches billions worth of equipment using certified proprietary software, if you travel by car, you are using tons of certified proprietary embedded software. The keyword is certification. We trust this software because independent third parties have assessed that the software does what it advertises to do in a sufficiently reliable fashion.

    Certification is currently uncommon in commercial software engineering. Not in the last place because most so called software engineers are not even qualified to tie their shoelaces properly. Any idiot who has read VB for dummies can claim to be a software engineer.

    --

    Jilles
  4. Logically, yes by MobyDisk · · Score: 5, Insightful

    I think this is the most clear-cut case of the need for open source. But the argument that open-source is bug-free is a fallacy. The reason voting software should be open source is for security. Giving a private company the ability to create voting software that is not reviewed by at least the government, and better yet, the people, would be a security risk. An earlier post says:

    ...current open source methodologies may not be able to deliver the robustness and security required in a voting situation.

    Open source has nothing to do with any "methodology." It just means you give out the dang code! Most commericial outfits use a specific development methodology. Something like: proposal-requirements-design-implementation-testin g. There is no reason you could not do retain this process while developing open-source.

    If we don't do this, nothingkeeps an outfit from producing code that says:

    if (date == "2004-Nov-05") { vote = "cowboyNeal"; }

    No amount of quality testing can uncover such bugs. Only peer-review can ensure public safety.

  5. Why do we need software for this? by spuke4000 · · Score: 5, Insightful

    The United States seems to have a strange infatuation with weird voting technology: levers, punch cards, touch screens, etc. And look at where it's gotten you (see: florida(twice), virginia, etc.)

    How about paper and pencil? During the last Canadian federal election 13 million votes were counted in 4 hours, by hand.

    If you have a system that works efficently, with little concerns of errors or security, do you really think *any* software is going to improve it????

    --
    This post cannot be rebroadcast without the express written constent of Major League Baseball.
  6. Re:Issue by DeadSea · · Score: 5, Insightful
    Any voting machine will not be networked, will have simple interface to voters that does not expose a command line or desktop, and has physical access controlled by poll workers.

    It is not likely that a black hat is going to be able to find a flaw that lets them vote more than once, view the votes of others, change the votes of others, or otherwise tamper with the eletction from the voting booth.

    The biggest security risk comes from the individuals and corporations that build the voting systems. It is much more plausible that a programmer will put a line of code in that looks like:
    if (date == 'Nov 2' && party == 'republicats') secretlyrecord vote(candidate);
    That one line of code will never be caught by QA testing or practice elections. It may or may not be caught by open source.

    What is more important than anything else, is providing an audit trail. A voting machine must cast the vote onto a medium that the person that voted can verify. One way of doing this would be to print the vote, and let the user verify that the printout says the correct thing. A certain number of machines should be checked (randomly) every election to ensure that the vote count the machine spits out matches a hand count of the paper ballots.

    New federal standards will require such safeguards. Unfortunatly, most electronic voting machines that are coming out today do not meet these standard and will need to be replaced in a few short years.

    Open source may be part of the answer to a good election, but it is not sufficient to ensure one.