Slashdot Mirror

← Back to Stories (view on slashdot.org)

Maryland Plans Code Review for Voting Software

Posted by ryuzaki0 on from the refactoring dept.

asmithmd1 writes "We already knew Diebold software is insecure, now the Baltimore Sun is reporting that the Governor of Maryland has asked SAIC to review the software in Diebold voting machines. Diebold has graciously allowed SAIC access to their proprietary code. Why isn't this code open source by law?" In a related story, a trade show for closed-source electronic voting systems is doing their best to keep critics out. Update: 08/07 15:23 GMT by M : Diebold's website security is less than outstanding.

9 of 307 comments (clear)

  1. Diebold's own network isn't secure! by phillymjs · · Score: 4, Informative

    According to this story Wired is running today, Diebold got 0wn3d back in March. They were given a nearly 2GB archive of the stuff that was found by a person claiming to be the hacker who got in.

    If a company can't properly secure its own network, how can we possibly trust them to create a secure voting system?

    ~Philly

  2. Use paper ballot with immediate scanning by Phoenix-kun · · Score: 3, Informative

    I really like the system we are now using in Florida with some caveats. You're given a paper ballot with fill-in bubbles to mark your choices. You insert the paper ballot into a safe-like container that immediately scans and tallies the ballot. I've not seen any cases where there were mistakes, but I assume it would function like one of those vending machines that take paper money and reject the ballot if there was a problem. However, my one concern is that the questions and choices are stated and marked in clear text (of course). In the process of feeding your ballot into the machine, your choices are clearly visible to whoever is standing nearby. If they can deal with that privacy issue, I think it is the perfect solution.

    --
    Phoenix
  3. Re:Open Source != Secure by frodo+from+middle+ea · · Score: 2, Informative
    I believe that independent code reviews strengthen privately owned code

    In theory yes, in practice NO. I remember about 5 years ago, I was working for a company which was developing lot of C code on Tandem Mainframes for a stock exchange .

    Anyway the stock exchange asked an independent auditing company (the same one connected to enron ) to audit our code for Y2K and also security.

    To cut the long story short, the auditors were very smart in figuring out that the stock exchange's IT dept. was a joke and they had some insider contacts with another company doing Tandem mainfram developments.

    So instead of a fair audit, we almost lost our contract due to the manipulative tactics of the auditors and stupidity of the stock exchange IT dept, to the competing company which had some insider contacts with the auditing company.

    --
    for the last time people, I am "frodo from middle eaRTH", not "middle eaST".
  4. Re:I don't care about the code... by Obsequious · · Score: 4, Informative

    It's quite simple: because it adds cost.

    Just list the components: a printer; ink cartridges; paper. Note that the last two are consumables, and ink cartridges are even perishable, in a way. (If you let them sit around too long, they get dried out -- or at least non-laser cartridges do.)

    Envision, then, what it would take to run an election, remembering that these happen maybe once a year at best. You have, say, 10 machines per polling station. On the days leading to the election, each machine must be installed, powered up, and tested. Then, you have to connect the printer, test the printer, and change any cartridges that might have dried out in the meantime.

    During the election, you have to keep the printers fed with paper. The ink might run out on a system halfway through. The printer might jam. Because of this you have to keep spares on hand, from the ink to the paper to the print mechanisms themselves. You only get one shot at election day, after all.

    Meanwhile, of course, the polling workers have to be trained and prepared to deal with all this.

    In other words, it's a rather significant amount of cost and effort to add printing support to such a system. Even if you don't use standard printers but some other technology, you still have similar problems: e.g. a cash-register-style printer (which is all you'd need) might still jam, and needs to have its paper changed, etc.

    So, that's why the manufacturers (and probably even municipalities) are opposed to paper. I don't agree with them -- I believe there SHOULD be paper verification.

    I see their position, but it would be nice if they were thinking of something other than the almighty buck.

  5. That's my job by Inexile2002 · · Score: 5, Informative

    Seriously. One of the things I do for Comp Sec is change management and version management. There are VERY strict auditing standards that companies like this need to meet. In the US there is a SAS 70 auditing standard that companies need to meet in order to do things like this. Up here in Canada, we call it a Section 5900 but its the same basic idea.

    The way it works is, a company says that there are controls in place to assure people that something is or is not happening. If someone wants to test those controls, they'll call in a team of qualified IT auditors and we'll do a Section 5900.

    For the 5900, the people hiring us to do the job (could be the company in question, a regulatory board, a judge, a client etc) will draft a list of risks or controls. These controls are things they want to see in place.

    So, for a voting machine, the people requesting the 5900 would list controls similar to the following:
    -All changes to code are authorized and approved.
    -All changes are adequately tested, approved and testing is not carried out by the original developer.
    -No changes are introduced to the code after testing.
    -Changes are promoted and versioned by someone other than the original programmer.
    -Code that is installed into the production system is the same code that was tested and approved.

    ... and so on.

    Then the auditors will go in and verify that these controls exist, that the risks these controls are designed to cover off are adequately covered and that the controls are effective. If a company fails a SAS 70 or a 5900, they usually HAVE to fix the problems.

    Also, it usually isn't that hard to get your hands on a Section 5900 or SAS 70 report. Most companies will happy give them out unless they failed them or there are other NDA issues. As a voter, you probably have rights to these reports, and even if you don't, your elected representatives definitely do.

  6. Re:the problem is... by maxume · · Score: 5, Informative

    Of course, Ken Thompson has said some very interesting things about trusting code and compilers. The only way to really trust the code would be to hand code/compile/enter your own compiler in asm, and use this to bootstrap a more powerful compiler etc, until you were able to compile the code that you had reviewed and elected to trust. If you don't do it all yourself, you really can't be sure how trustworthy a binary is, your compiler might have done some dirty business behind your back.

    --
    Nerd rage is the funniest rage.
  7. Re:I know what I am doing next election by smack_attack · · Score: 2, Informative

    Have you ever voted absentee? There are two envelopes, one goes in the other... the inside envelope face is blank and has no information about you and holds your vote.

    --

    Hammer of Truth
  8. John hopkins researcher to speak at NSF by Danathar · · Score: 2, Informative

    For those of you who are in Northern VA. The Researcher at John Hopkins who looked at the Diebold systems is doing a presentation on his findings at the National Science Foundation, room 110 Aug 12th at 4pm.

    If you can't make it, I've drafted an intern to tape and encode it for download. It will be archived a day later at http://www.ngi-supernet.org/conferences.html

    If any of you are interested please tell me so I can post it as a bittorrent instead of burning down the web server.

    Just respond to the thread...thanks!

  9. Re:payment? by Inexile2002 · · Score: 2, Informative

    Whoever wants assurance that the systems are working. An interest group of voters could hire the auditors if they wanted to. I've worked for government, banks, insurers, shareholders, the companies themselves... anyone with a stake in the process.

    That doesn't mean that the company making the software would let them come in and audit - but these are a fairly big deal and it would be VERY strange if someone with an interest was willing to pay for an audit and the company in question was unwilling to let the audit go forward.

    But auditors qualified to do 70/5900s are not something there are tonnes of. The big 4 Accounting firms maintain them, and some smaller shops. But this is all tied into accounting and business management standards.

    And as much as people point to Enron/Anderson and say you can't trust the big four - its just not true. One falsified SAS 70 or Section 5900 report and a whole multi-billion dollar company with 10s of thousands of employees can unravel. There is checking, double checking and very rigid standards of audit evidence that are required for these things.

    Every piece of work I do gets checked by at least three other people.