E-Voting Company Reveals Their Source Code

Kodi writes "VoteHere has decided to release their source code so that other people will have confidence in it (MSNBC, press release.) It's definitely NOT open source (unlike OVC) but it's still a step in the right direction."

First Glance

[monstroyer]

1) Pain in the ass. Asks me to submit my Full Name, Organization, and email. Along with an Opt-Out in check mark for a newsletters and licence agrement.

2) You may not download this Software if you are located in any country (or are a national of a country) subject to a general U.S. or U.N. embargo or are deemed to be a terrorist country (i.e., Cuba,Iran, Iraq, Libya, North Korea, Sudan and Syria). Ouch! Why the patriotic license clause?

3) A quick glance at the source code seems to indicate that it's cygwin dependent C++. Not really the best platform to open your source code on since the windows world encourages closed development.

Also, who's to say that this is the source code that will be compiled on the voting terminals? What prevents any e-voting company to build binaries that have "secret conspiracy back doors" in them? Are voting polls expected to compile their own code? And if so, why chose windows when there is no built in compiler available by default on that platform?

Re:First Glance

[alecks]

Are you saying that You read the article, registered to download source code, browsed through it, and still managed to get FP?

Re:First Glance

[pete-classic]

2) You may not download this Software if you are located in any country (or are a national of a country) subject to a general U.S. or U.N. embargo or are deemed to be a terrorist country (i.e., Cuba,Iran, Iraq, Libya, North Korea, Sudan and Syria). Ouch! Why the patriotic license clause?

That is almost certainly because it contains strong encryption, which is considered munitions (!) under US export law.

We can debate that law (I think it is foolish), but it isn't VoteHere's fault.

-Peter

Re:First Glance

[meringuoid]

Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria

This is voting software, with which one would run an election in a democracy. Wouldn't we be happy if these countries downloaded and used it?

Then there would be no more phony rigged elections in these places - you can't possibly rig an e-voting machine, Diebold said so.

Re:First Glance

[interiot]

Paranoia can't be taken too far regarding voting, at least not conceptually. In practice, you can only spend so much time and effort on proving that votes haven't been tampered with, but if you combine electronic voting machines with the results of 50 years of research in computer security, then software should be able to do most of the grunt work, and it may be possible to have MUCH stronger proof that no tampering took place than is available with paper, without requiring very much reoccuring human time/effort.

Re:First Glance

[AntonyBartlett]

these are the same arguments for anything you don't compile yourself.

Ah-ha, trust the compiler do you? No amount of source-level verification or scrutiny will protect you from using untrusted code.

Re:First Glance

[4of12]

Also, who's to say that this is the source code that will be compiled on the voting terminals?

Precisely.

And how many voters or voting officials will be able to verify the digital signature of the binary that the voting machines run (which would potentially thwart trojan replacement of compiled code with different binaries)?

Or, to verify the voting machine hardware itself does not contain any backdoors?

Yes, that's right. The same number of informed caring intelligent voters and educated informed voting officials you saw participating in previous elections. (To be fair there are many intelligent caring voters and officials - it's just that intelligence and caring don't guarantee successful secure electronic voting measures.)

With all the potential avenues for compromise and the levels of expertise, scrutiny and trust required for proper implementation, there's good reason some of the best computer scientists in the country think electronic voting is not a good idea.

At least I'll credit this company for taking one step forward in a mile long journey. I just hope decision-makers get the hint about vulnerabilities and realize how far we have to go.

In Other News...

[ravenspear]

In a move to inspire confidence, Diebold agrees to have Microsoft review their code.

The company was quoted as saying, "Microsoft's highly qualified software testers will objectively review all source to determine any bugs. We are confident their analysis will put speculation about the reliability of our software to rest."

No

[hanssprudel]

VoteHere has revealed _some_ source code, which may or may not be what is used in their machines. Unless the machines are produced in a truly open fashion, the fact that they have made some code available for viewing means very little.

Re:No

[MoonBuggy]

There's a simple test - if we start seeing cowboyneal options on the next US election we know that the real source was released to, and hacked by, the /. community.

Re:No

[surprise_audit]

Unless the machines are produced in a truly open fashion...

And even then, how is any random voter (geek or not) going to be reassured that the proper, open software is what's actually running on the machine he's touching??

I'm sure we can all think up tricky ways to very the code - maybe provide a "verify code" button which prompts for a passphrase, then generates a hash using that and the software, providing a printout that the voter could verify against a secure web page, using the same passphrase. That would work unless you're paranoid enough to think that maybe there's a second eprom in there that's actually handling the machine, checksumming against the original, unused version...

No, I think it's pencil-and-paper time again. Can anyone think of a really pressing need to use some kind of electronic vote machine, other than the "we can declare the result instantly!" reason?? I venture to suggest that voter confidence in an honest election ought to outweigh any "instant win!".

Sadly, society in this country has been pushed more and more towards instant gratification for minimal investment. Instead of wielding a pencil to make a mark you now barely have to touch the display. Instead of waiting a day or two for the results, you can watch the numerous "results" shows on TV as they attempt to predict the winners.

Election reforms I'd propose: 1) Pencil and paper ballots; 2) Absolute blackout of media coverage, at least until the polls close *all* over the country. None of that instant win crap on the East Coast while West Coast, Alaska & Hawaii voters are still making up their minds...

Re:No

[pangian]

Can anyone think of a really pressing need to use some kind of electronic vote machine, other than the "we can declare the result instantly!"

Well I can think a few reasons why electronic voting machines would seem advantageos to the people who administer elections, and they have very little to do with speed of reporting (which isn't currently and issue):

1) Lower cost in the long run over printing paper ballots. This resonates particularly well with election managers who are forced to *reprint* a bunch of ballots because of a mistake or change in the race.

2)Electronic voting systems can be used to accommodate voters with special needs. Electronic voting machines can often display a ballot in several languages and large print and can be designed to provide Braille or audio through headphones. Currently, in many districts, the blind don't have an entirely secret vote. This is temping for election administrators as accessibility requirements expand.

3) Touchscreen e-voting systems often provide an opportunity for the voter to check and confirm his or her votes, and can reduce the need for election officials to divine the "intent of the voter" that occurs in some pencil and paper, optical or punch systems. This is attractive to managers since Florida.

I am also *very* skeptical of electronic voting, and would probably feel a lot more comfortable with pencil and paper voting (which is not immune from user error and manipulation, I'll remind you). However, too often skeptics rail on e-voting without an real understanding of the resons that election managers choose them.

It isn't just about the source...

[AtariDatacenter]

Exposing the source code for e-voting (and electronic voting systems) is good. But just as important are the methods and procedures that a company uses around the software. Without knowing how they handle data, what protections and precautions they take, what operational or administrative technical policies are in place, I don't think we can judge much about a system from the source code. But we can, of course, find flaws in the code itself.

Re:PR?

[xanie]

This is totally just a poly at PR.

I mean here's the thinking.

"Hey! We can appease the OS folks by making the code visable to them! And then the media, they'll be like 'Woah! No one would EVER release insecure code if they didn't think it was secure!'"

Yay... This is a joke.

It's not patriotic

[the_rev_matt]

It's called compliance with export law. Plenty of software companies have this restriction listed (for a long time you had to check the box to download Acrobat Reader until the export restriction were loosened slightly).

Summary of the source

[hng_rval]

If (Vote == Bush)
BushVotes++;
Else If (Vote == Gore)
If (Rand % 10 == 1)
BuchannenVotes++;
Else
GoreVotes++;

Re:Summary of the source

[Nynaeve]

A possible code snippet if the programmer forgets to put in break statements:

switch (vote)
{
case E_GORE: nGore++;
case E_BUSH: nBush++;
default:
}

Re:PR?

[onyxruby]

This doesn't have a damn thing to do with open source, don't fool yourself. This has to do with accountability and the public perception that e-voting machines don't have any. The license isn't open source because it doesn't need to be.

The code is reviewable, so it can be audited to avoid the kind of debacles diebold is facing. It's a marketing move, and a move that is in the public interest. Intead of complaining that it wasn't released in the license you like you should be grateful that it is available for review at all.

Open source is good, but that doesn't mean something is bad just because you can't do with it what you want.

Re:New system

[HiThere]

If you aren't sure, you aren't thinking things through.

You can't trust it. You *might* be able to trust a system of which it was a component. One program doesn't make a secure voting system, though it can make an insecure one.

Re:Obscured?

[medication]

I realize that it takes a bit more effort the RTFA, but in the pdf include in the source they make it very plain how to submit bugs:

Reporting an Issue
VoteHere appreciates your e(R)orts in helping us identify and resolve issues and
inaccuracies with our products, specifications and documentation. If you feel you
have identified an issue with the VHTi API or documentation set, please proceed
with the following steps for submitting the issue to the VoteHere support team:
1. Record the version number of the API or document you are referencing,
and if documentation-related note the page and /or section number.
2. Record and document the issue as clearly and in as much detail as possible.
3. Record your name, company name, and a telephone number where you can
be reached during normal business hours.
4. Contact VoteHere using one of the following methods:
Email: support@votehere.net
Fax: 1.425.450.2861
Phone: 1.888.457.6863

Like PGP

[Rick+Zeman]

This is just like what Phil Zimmerman, then NAI, and then PGP Corporation did with Pretty Good Privacy. They'd publish their source code for peer audit, but you definitely weren't allowed to do anything with besides audit the source and compare the resultant binaries. It was NOT open source.
I don't have any problems with that, or with the election software not being open source.

Re:Reading this story

[Carbonite]

I believe the statistic is that only 1 out of every 10 person (correct me if I am wrong) in America votes in the presidential election.

That's incorrect. In 2000, there were over 105,000,000 votes cast. This was 51.3% of the voting age population of 205,815,000 and 67.5% of the 156,421,311 registered voters.

Source: Federal Election Commission

Why not use an Escrow/Build agent?

[mjallison]

Revealing source code is good, but that doesn't gaurantee that the code you review is the same code actually running in the deployed machines.

Some people would like to see paper trails and code review as a backup security measure, but I have another option I could feel comfortable with. How about a neutral third party, mutually selected by the state/city/etc and machine supplier? This third party can act as the review agent for the code, even bringing in outside experts. Public review of the code could even be done if all parties agree that this is the best thing to do.

Finally (and here is where I think things get better), the escrow company actually builds the reviewed code, performs quality and acceptance tests. This code built by the third party is then released to the state for installation in their machines. The machine supplier never releases code directly to state/county/city/etc.

Many large corporations use similar schemes to manage mission critical code. The IP still belongs to the machine supplier, of course, but there is now a very public and verifiable step in the process to ensure trust in the system.

e-Voting in Brazil

We've been having e-voting in Brazil for ten years now, the machine's source code is not open, it's a small machine that saves the result on a disk and prints a confirmation with each vote.

In ten years we had three presidential elections, as well as elections for governors, mayors and senators, all of them with e-voting, citizens between 18 and 60 years MUST vote (between 16 and 18 and above 60 voting is optional).

In this ten years, with plenty of elections and huge ammounts of votes not ONCE the result of an election have been contested by any political parties (winning or losing, left or right), individuals or the media. Usually the official results are released in one or two days after the election.

So my question is: Why the big fuss about e-voting in the USA?

Don't be unfair!

[Syncerus]

Look, these guys are trying to do the right thing to inspire trust and confidence in the integrity of their software. What they are doing is entirely reasonable and proper. Just because they want to make real money from their code doesn't mean they are evil. Just because you think that everyone should release everything under the GPL, doesn't mean that they should be forced to accept your values. The release license is the choice of the author; never forget that.

The purpose behind this excercise is to promote trust in the integrity of the electronic voting process; not to release Open Source voting software.

You should commend these guys, not snarl at them.

AES, FAA, Certification Authorities

[Discoflamingo13]

I won't be satisfied until voting machines are subjected to the same safety criteria as automotive or aerospace software (e.g. FAA's DO178B). This means clear requirements, traceability from requirements to implementation, formal verification by third parties, and an audit trail. Infrastructure already exists for this purpose - the FAA could take this on with little difficulty.

I thought our government was a bureaucracy - why didn't they think of this first?

Some people just like to bitch.

[Saeed+al-Sahaf]

Boy, you just can't win at Slashdot. All the sputtering frothy yappers here demand a look at the code. They get a look at the code, but that's not good enough anymore.

I guess some people will bitch no matter what.

No it's not.

[lynx_user_abroad]

It's definitely NOT open source (unlike OVC) but it's still a step in the right direction."

No it's not a "step in the right direction" and you're not helping to fix things by claiming that it is.

Having a copy of some source code is not a "step in the right direction" if you can't understand it. Most people can't read source code.

Having a copy of some source code is not a "step in the right direction" if you can't have complete confidence it's implemented correctly. If it's at all complex, there's a good chance the are bugs in it. If the manufacturer ever admits they've fixed a bug in it, then they are admitting even their engineers who designed it didn't understand it enough to spot all the bugs. Will Joe Voter spend as much time reviewing the code? (If they never admit to a bug in it, then they are in denial.)

Having a copy of some source code is not a "step in the right direction" if you can't be sure the source you have is the same one used to compile the binary runninng on the machine you're casting your vote on.

Having a copy of some source code is not a "step in the right direction" if you can't be sure the compiler wasn't trojaned. Or the hardware itself.

Unless you have evidence of a ballot cast, the best you can claim is heresay testimony of a ballot cast. Are you willing to accept that as a basis of your next government?