Slashdot Mirror
Seeking The Source For Ireland's E-Voting System
WeeBull writes "Michael Cunningham from p45.net tried to request 'the source code of the electronic voting system first used in Ireland's May 2002 general election, plus any supporting technical documentation supplied to the Department of Environment and Local Government including the functional specifications' under Ireland's Freedom of Information legislation. The result wasn't what he expected ..."
The result wasn't what he expected
You mean he got everything he asked for, overnight, with no questions asked?
While it can't be proven all one would need to do is ask for the compile options, compile it with the same compiler and then compare the compiled version to the one they have from the election (assuming that they do have a copy, which they possibly do not considering that it appears they merely use the machines from this election software firm.) I believe that like encryption election code is one area where full public disclosure is absolutly necessary to assure that they system is operating as expected. The fact that the election commision in Ireland handed the auditing over to a private company is sure lunacy.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
You mean a company or government actually bought a piece of software without the source code!
What kind of world are we living in?
Karma: SELECT `karma` FROM `users` WHERE `userid`=138474;
Apparently there were several audits performed and I believe the source was available under NDA to the govt. Next time they will be entitled to distribute the source if they so desire.
this was the govt's response to a series of questions in the Dail
Security and integrity have been paramount in the design, testing and implementation of the electronic voting and counting system. Original tender submissions were assessed and the successful solution selected on the basis of, inter alia, functionality and product quality including hardware and software security and application of the count rules as in the case of a paper ballot. Detailed functional specifications, likewise, made extensive reference to security aspects of the system. The testing programme has been thorough and involved independent examination of the voting machine and voting machine software by a number of recognised international test institutes and private companies. The voting machine hardware and software has been tested by PTB, the National Institute for Science and Technology in Germany. Separate reports have been prepared by two test institutes in the Netherlands: TNO subjected the voting machine to a range of environmental tests and KEMA Quality BV tested the machine for compliance with international safety standards. An Irish company, PMI Software Ltd. carried out an architectural and code review of the system software. My Department also engaged the Electoral Reform Society in the UK, which has extensive experience of STV election counts, to test the software against its database of over 300 elections. The count software was, in addition, tested for functionality and accuracy both by my Department and a number of Dáil returning officers. Finally, in relation to vote counting, the system can produce, after the votes are mixed, vote tables to enable progress of the count to be monitored and also to trace a vote at any stage of the count. If necessary, following a High Court order in an election petition case, the system can also produce a ballot paper, with preferences, to allow a manual count to be carried out. At the general election and referendum pilots in 2002, the software was used under license from the supplier and at present, the source code is not available to the public. The software is currently being modified for use at the European and local elections in June 2004 and when this work has been completed and tested, I will give careful consideration to the making of the source code available. The Zerflow report, which was the subject of recent media reporting, was commissioned by my Department as an addition to the principal reports to which I have referred. The company was requested to carry out a security assessment of the procedures to be applied in the use of voting machines in polling stations to ensure that procedures proposed by the Department were adequate. The issues raised by the Zerflow report, which dealt mainly with possible threats to the external physical features of the voting machine, were assessed by my Department and by Nedap/Powervote - the machine manufacturers. The assessment by both was that the main scenario identified was implausible and that the likelihood of its occurrence without detection was extremely remote. I should emphasise that the version of the voting machine used in this country has more security features than the versions used in the Netherlands and Germany where the issues raised by Zerflow have not been identified in any risk assessments. In addition, the integrity of the Irish voting process is protected on polling day by a set of protocols operated by polling staff and the Gardai under the supervision of the returning officer. My Department will continue to keep these arrangements under review and will update advice provided to returning officers, as necessary, including advice in relation to the presence of audio, video or
Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
What truth?
There is no dupe
I've just found this document - which appears to be the minutes of an Irish government selection commmittee debating the merits (amongst other things, search for neda) of this system.
Interesting quote: "The integrity of the electoral process will be assured for both the electorate and candidates"
Not all of the electorate it would seem.
Further on in the document
[emphasis mine]
"(2) No equipment may be approved for the purposes of subsection (1) unless a full technical description of the said equipment (including all source code and information regarding independent testing and verification relating thereto) has been laid before both Houses of the Oireachtas and a resolution approving a draft of the order approving the said equipment has been passed by each such House.".
Intesting hey?
Thats just one of the committee's opinion - and it looks like they got slapped down - but if I was Irish, I'd be finding out who this Mr Gilmore was & voting for him.
all sourcecode of the three systems used is available for download and public review on the site of the federal government.
o kunnl/broncodes/Cdoku7nnl.htm
http://www.verkiezingen.fgov.be/Nouveau/NieuwNl/D
(clik on one of the three software systems and then on 'Hier')
In 1991 nobody except private company had the code.
In 1999 official expert asked for the state to own the code and suggest publishing it.
In 2000 they published partial code and documentation with most important security part removed.
In May 2003 they published full code (but no doc) of new system (AES added).
Feel free to download analyse and report problem to us
We have no way to check if that code was really in use. Because they use the same floppy disk to boot the system and to save the result, we have no way to make sure what was on the floppy at the begining of the election day. This is explained here but only in french.
But having the code is not enough... actually Richard Stallman had something to say about Free Software not being enough.
Now if you are Belgian and unhappy about the status of our election system, you can join or contact PourEVA.
I personally believe that if we want to reduce the repetitive task of counting the ballot, we could use optical scanning (and make test manual recount). But we should never put a computer between our vote and the expression of our vote. Paper and Pen rules.
Don't let the computer/expert control the election. Information for Belgium in french: http://www.poureva.be/
I suppose more details of the electoral system are in order...
:-)
For General Elections (to the Dail - main parliment) Ireland has a multiseat-Proportional Representaion election system - meaning there are more than one seats available in each constituency.
Firstly each voter can vote in order of preference for every candidate - For example say there are 10 candidates for three seats (my case last election) You can vote in order of 1 to 10.
PR works by counting first how many ballots are cast, dividing by some ammount (IIRC Number of seats + 1). This is set as the "quota". Then counting takes place. Once a candiate reaches the quota they are deemed elected. Then the amount of votes over the quota is distributed to the other candates, going on the next choice of the voters concerned.
If no one reaches the quota, the person(s) with the least votes accrued currently are eliminated, and their votes are distributed to the remaining candidates.
This is a complicated system and electronic counting would be an advantage - sometimes it can take up to a week to recount a constituncy, last time there were three recounts in one case, with the final seat going to the candidate with three more votes than the other!
Electronic voting was used last time in three places, with the results out the night of the election, rather than a day or two later. This lead to some problems when a sitting TD (equiv MP) lost her seat, and was told rather cruely, normally you get the results of each count so you are prepared for the result, long in advance of the declaration.
In my opinion, ideally Electronic voting is the way to go. However I don't trust the machines or the companies who make them, regardless of the published nature of the code. It would be very difficult to catch fraud taking place, and personally I like the current method (pen and paper). It is very satisifing putting a 10 beside the candidate who you hate
tom.