Slashdot Mirror
E-Voting Company Reveals Their Source Code
Kodi writes "VoteHere has decided to release their source code so that other people will have confidence in it (MSNBC, press release.) It's definitely NOT open source (unlike OVC) but it's still a step in the right direction."
1) Pain in the ass. Asks me to submit my Full Name, Organization, and email. Along with an Opt-Out in check mark for a newsletters and licence agrement.
2) You may not download this Software if you are located in any country (or are a national of a country) subject to a general U.S. or U.N. embargo or are deemed to be a terrorist country (i.e., Cuba,Iran, Iraq, Libya, North Korea, Sudan and Syria). Ouch! Why the patriotic license clause?
3) A quick glance at the source code seems to indicate that it's cygwin dependent C++. Not really the best platform to open your source code on since the windows world encourages closed development.
Also, who's to say that this is the source code that will be compiled on the voting terminals? What prevents any e-voting company to build binaries that have "secret conspiracy back doors" in them? Are voting polls expected to compile their own code? And if so, why chose windows when there is no built in compiler available by default on that platform?
Something is really wrong with this move by Votehere. Nowhere on their site is a place to access the revision history of the code, or upload changes, or even contact them about bugs in the code for credit or what-have-you.
Obscured security relies on obscurity; therefore we have a previously obscured source code that is now revealed (as is) and the creator expects the public to be pleased? The key element of Open Source is the insight from a million minds into security, feasibility and programming efficiency; not the wide-open access to the creation of a few minds, who may have conflicts with the management of the company, conflict of design methodology, or flagrant criminal intent (hey you've heard of a silent strike, well programmers do this more than anyone because they are mistreated by management with little recourse at times; read: Microsoft). I think if they are going to release the code, they should at least have a framework for accepting revisions, and base credit upon these revisions from the Open Source community -- bare minimum. This current method is only a public form of espionage without any hopes of maintaining security through accessible revision tree access to the public. Somone might be fired for this? I mean if it were *my* firm, I'd be looking for someone to execute over such a breech, without the necessary systemic functions available for interpretation of risk and absolute recovery system diagnostics, et cetera.
Time to stop this hypocrisy of criticizing closed e-voting, while implementing it here.
In a move to inspire confidence, Diebold agrees to have Microsoft review their code.
The company was quoted as saying, "Microsoft's highly qualified software testers will objectively review all source to determine any bugs. We are confident their analysis will put speculation about the reliability of our software to rest."
VoteHere has revealed _some_ source code, which may or may not be what is used in their machines. Unless the machines are produced in a truly open fashion, the fact that they have made some code available for viewing means very little.
Exposing the source code for e-voting (and electronic voting systems) is good. But just as important are the methods and procedures that a company uses around the software. Without knowing how they handle data, what protections and precautions they take, what operational or administrative technical policies are in place, I don't think we can judge much about a system from the source code. But we can, of course, find flaws in the code itself.
This is totally just a poly at PR.
I mean here's the thinking.
"Hey! We can appease the OS folks by making the code visable to them! And then the media, they'll be like 'Woah! No one would EVER release insecure code if they didn't think it was secure!'"
Yay... This is a joke.
Fundamentalism stops a thinking mind.
It's called compliance with export law. Plenty of software companies have this restriction listed (for a long time you had to check the box to download Acrobat Reader until the export restriction were loosened slightly).
this is getting old and so are you
blog
If (Vote == Bush)
BushVotes++;
Else If (Vote == Gore)
If (Rand % 10 == 1)
BuchannenVotes++;
Else
GoreVotes++;
Thank you Mario! But our princess is in another castle!
How to explain that every Congressional race in Maryland, for example, won by the same margin, of 818,181 votes? Funny how those numerals translated to HA HA HA in alpha characters..... www.countthevotecolorado.org
i hope this software will help prevent such things...(if it not cause it...)
This doesn't have a damn thing to do with open source, don't fool yourself. This has to do with accountability and the public perception that e-voting machines don't have any. The license isn't open source because it doesn't need to be.
The code is reviewable, so it can be audited to avoid the kind of debacles diebold is facing. It's a marketing move, and a move that is in the public interest. Intead of complaining that it wasn't released in the license you like you should be grateful that it is available for review at all.
Open source is good, but that doesn't mean something is bad just because you can't do with it what you want.
If you aren't sure, you aren't thinking things through.
You can't trust it. You *might* be able to trust a system of which it was a component. One program doesn't make a secure voting system, though it can make an insecure one.
I think we've pushed this "anyone can grow up to be president" thing too far.
Where's my voter-verifiable paper printout?
"Righteous speed demon and trust fund party darling of justice"
If people are so convinced that this code must be insecure, find a bug... Break the thing and tell the company, if they don't fix it, tell the press.
I think this is an enormous step in the right direction, it allow a much greater degree of public oversite for e-voting. I am actaully satisfied with this, I would love a more open process, but I think this is good enough...
"I'll have a Guinness, no wait, make that a Coors Light" -Grad student I work with, who shall remain anonymous...
This is just like what Phil Zimmerman, then NAI, and then PGP Corporation did with Pretty Good Privacy. They'd publish their source code for peer audit, but you definitely weren't allowed to do anything with besides audit the source and compare the resultant binaries. It was NOT open source.
I don't have any problems with that, or with the election software not being open source.
I believe the statistic is that only 1 out of every 10 person (correct me if I am wrong) in America votes in the presidential election.
That's incorrect. In 2000, there were over 105,000,000 votes cast. This was 51.3% of the voting age population of 205,815,000 and 67.5% of the 156,421,311 registered voters.
Source: Federal Election Commission
ich muß mehr Kuhglocke haben
Usually a little more than 50% of registered voters votes in a presidential election. I'm not sure how that compares to the overall population, but its worth noting [reletively] recent Moter Voter laws have made it easier for people who are on the fringes about voting to get registered. This is a good thing, but something that needs to be kept in mind when people bemoan decreasing turnout rates
WRT internet voting, while it has been piloted in a few situations (most recently in the Michigan primaries), Internet voting is an extremely BAD idea.
First there is the protential for technical malfeasence: denial-of-service, spoofing, viruses that record keystrokes, etc. As report in the DOD's SERVE internet voting system mentioned previously states articulately:
"These vulnerabilities are fundamental in the architecture of the Internet and of the PC hardware and software that is ubiquitous today. They cannot all be eliminated for the foreseeable future without some unforeseen radical breakthrough. It is quite possible that they will not be eliminated without a wholesale redesign and replacement of much of the hardware and software security systems that are part of, or connected to, today's Internet."
Second there is the potential for procedural malfeasence: employers, pastors and friends who "help" people to vote on the internet, internet voting salons sponsored by candidates that make it easy for you get a free t-shirt (or a pint of your favorite beer) with your vote, etc.
Revealing source code is good, but that doesn't gaurantee that the code you review is the same code actually running in the deployed machines.
Some people would like to see paper trails and code review as a backup security measure, but I have another option I could feel comfortable with. How about a neutral third party, mutually selected by the state/city/etc and machine supplier? This third party can act as the review agent for the code, even bringing in outside experts. Public review of the code could even be done if all parties agree that this is the best thing to do.
Finally (and here is where I think things get better), the escrow company actually builds the reviewed code, performs quality and acceptance tests. This code built by the third party is then released to the state for installation in their machines. The machine supplier never releases code directly to state/county/city/etc.
Many large corporations use similar schemes to manage mission critical code. The IP still belongs to the machine supplier, of course, but there is now a very public and verifiable step in the process to ensure trust in the system.
I bet 80% of the people that do actually vote would be wondering just what button to push on their WebTV or AOL account to compile the source.
I thought it was 11 out of 10 in Florida?
Car analogies break down.
VoteHere a company that makes software to implement a particular voting crytographic scheme is the second outfit to release their source (the first was OVC).
t m
http://www.votehere.com/news/archive04/040604.h
Until I know more details I wont pass judgement other than to say this underscores the point that making source code open does not diminish the rights of the company to its ownership and copyright of the code. It does allow bugs to be found and fixed. And expert independent testimony to its safety may result and thereby build public confidence. Thus this is all good.
I dont know what exactly was released. My understanding in the past was that VoteHere was not actually a voting machine maker but a seller of a patented system for validating encrypted votes. Sequoia Systems had in the past discussed the possibility of letting buyers purchase this for use on their machines, though I have not heard of any machines actually deployed with this.
More specifically, the VOTE HERE system still requires the machines to be error free. Recounts are not possible in the event of an error. The votehere system only eliminates certain kinds of fraud but not all and does nothing about errors, the discovery of errors, and recounting after errors. Additionally since machines using this system will for practical purposes look the same as machines with tampered software: how do know what is going on inside as a voter?
I have read the VoteHere White papers on the mathematics of their algorithm. Two things are apparent 1) It's so complex--and I am trained in advanced mathematics--it's not perfectly clear that all the loop holes are plugged 2) Even if it works as claimed to the voter its still a magic black box that offers no visual evidence of the vote. Thus on both counts voting confidence is not available.
Look at their logo--its a bunch of math symbols. To most folks that is more of a put-off than a confidence builder. Clearly they think they have a technical solution but dont appreciate the sociology issues.
It appears to mainly move where fraud and erros can occur from the polling place to the programming place and to the people who hold the encryption keys. Its not clear what happens if the keys are accidentally leaked.
Still clearly votehere sees it in their interest to get the issue of open source on the table and that is a great sign. kudos for them even if it is partly a bussiness decision.
Some drink at the fountain of knowledge. Others just gargle.
Much more interesting than the source is the following document:
u f. pdf ...describing a neat method of establishing a voter-verifiable ballot data that makes it quite difficult for single terminals to "cheat".
http://www.votehere.com/vhti/documentation/egsh
We've been having e-voting in Brazil for ten years now, the machine's source code is not open, it's a small machine that saves the result on a disk and prints a confirmation with each vote.
In ten years we had three presidential elections, as well as elections for governors, mayors and senators, all of them with e-voting, citizens between 18 and 60 years MUST vote (between 16 and 18 and above 60 voting is optional).
In this ten years, with plenty of elections and huge ammounts of votes not ONCE the result of an election have been contested by any political parties (winning or losing, left or right), individuals or the media. Usually the official results are released in one or two days after the election.
So my question is: Why the big fuss about e-voting in the USA?
Look, these guys are trying to do the right thing to inspire trust and confidence in the integrity of their software. What they are doing is entirely reasonable and proper. Just because they want to make real money from their code doesn't mean they are evil. Just because you think that everyone should release everything under the GPL, doesn't mean that they should be forced to accept your values. The release license is the choice of the author; never forget that.
The purpose behind this excercise is to promote trust in the integrity of the electronic voting process; not to release Open Source voting software.
You should commend these guys, not snarl at them.
"Man is nothing without the works of man" -- Helvetius
I won't be satisfied until voting machines are subjected to the same safety criteria as automotive or aerospace software (e.g. FAA's DO178B). This means clear requirements, traceability from requirements to implementation, formal verification by third parties, and an audit trail. Infrastructure already exists for this purpose - the FAA could take this on with little difficulty.
I thought our government was a bureaucracy - why didn't they think of this first?
This is not a free software project! They didn't release the code to get the benifits of the open source development methodology, or to give back to the community. They released it so that the source could be audited by anyone who cared to do so, and the framework they provided is sufficent for this. Transparency has long been deemed important in the security world and has it's own benifits that still exist even without a distributed development method.
I don't understand what your concern is, because I don't see how setting up a public CVS would improve the quality of the software. People who are interested in audititing this code do not need direct access to CVS and the lack of it will not deter them from doing so. The only way that CVS could help is if developers joined the project for fun or to scratch an itch, and happen to find bugs in the process, but I don't see any reason that this would be the case. Auditing is meticulous work. It is not the type of thing that joe-schmoe open source programmer does for fun. It is the kind of thing that security experts do, and if they are the only ones that are attracted to this code then there is nothing wrong with that.
I guess some people will bitch no matter what.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
They needs to be a standard way to refer to different licenses.
Most lay people would assume that open source means you could look at it. But in tech circles that is not the case. It has to be more than that.
And does the tech definition of open source include BSD, GPL, public domain, etc licenses?
Or is it just refering to GPL?
Or does it depend on who you ask.
That's just insane.
Look, it's pretty simple. If you don't trust the precompiled binaries they have on the machines, then why on earth would you trust the compiler they provide? I'm not talking about not trusting gcc... it would be fairly trivial to produce a hacked gcc that compiles the code in question differently (or simply compiles an embedded version of the code). And you'd have no way of knowing.
Heck, hack the diff tool for that matter. Either reject any schmuck who actually tries to pull this, or replace their source with yours while diffing. How thick is that tinfoil beanie anyway?
Oh, and don't think that a mechanical system is any better either. After all, some machine has to read those ballots and you could just compromise it!
Sure, I guess you could go to hand counting. That'll only take a few weeks to verify the results. No matter... I'm sure the rest of the world will understand that we're just too damned incompetent to use modern balloting techniques. I'm sure it won't have any impact on domestic markets either... nope... just because we don't think our products are good enough to use doesn't mean you shouldn't buy them!
"Lookie folks, you can download our source code, unlike those other evil opaque ne'erdowells."
What's to keep them from closing the source once everyone hops on the bandwagon? If there's no promise to keep it open in perpetuity, its worthless.
No it's not a "step in the right direction" and you're not helping to fix things by claiming that it is.
Having a copy of some source code is not a "step in the right direction" if you can't understand it. Most people can't read source code.
Having a copy of some source code is not a "step in the right direction" if you can't have complete confidence it's implemented correctly. If it's at all complex, there's a good chance the are bugs in it. If the manufacturer ever admits they've fixed a bug in it, then they are admitting even their engineers who designed it didn't understand it enough to spot all the bugs. Will Joe Voter spend as much time reviewing the code? (If they never admit to a bug in it, then they are in denial.)
Having a copy of some source code is not a "step in the right direction" if you can't be sure the source you have is the same one used to compile the binary runninng on the machine you're casting your vote on.
Having a copy of some source code is not a "step in the right direction" if you can't be sure the compiler wasn't trojaned. Or the hardware itself.
Unless you have evidence of a ballot cast, the best you can claim is heresay testimony of a ballot cast. Are you willing to accept that as a basis of your next government?
The thing about things we don't know is we often don't know we don't know them.
you are assuming each voter cast just one vote.
cpeterso
Somehow, the Republic managed to survive for a couple hundred years with paper ballots, waiting longer than "a couple weeks" for the results in the days before electronic communciations. What was the problem, again?
Sean
Well, by definition, software can only do what it was designed to do, right? If those functions are different from the stated intent of the developer, then tough beans.
Computers are wonderfully deterministic beasts. We shouldn't pretend that they aren't and blame our glitches on computers. If Ralph Nader is "accidentally" elected, it's not a machine/software problem. Somebody, a person or a group of people, screwed up.
I'm not saying that a law court would agree, but if a voting machine can be made to sing "Turkey in the Straw" every time you hit the Libertarian button, then that's exactly what the it was "designed" to do.
(Wow, a two bit thought in three paragraphs, time for more bran.)
Why do I have this? I don't smoke.
void ProcessVote(string person) {
int votes = 0;
if (person == "Bush) votes += 2;
else { votes++; }
CountVote(vote,votes);
}
It is no longer uncommon to be uncommon.
"You can look for 60 days, but if you touch, we own anything you modify. Oh, and we can can your license at any time and for any reason, and you also agree that we can and should gag you if you say anything that might be detrimental to our business."
We'll, that certainly inclines me to view their source in a charitable light.
If you were blocking sigs, you wouldn't have to read this.