Slashdot Mirror

← Back to Stories (view on slashdot.org)

E-Voting Company Reveals Their Source Code

Posted by ryuzaki0 on from the vote-of-confidence dept.

Kodi writes "VoteHere has decided to release their source code so that other people will have confidence in it (MSNBC, press release.) It's definitely NOT open source (unlike OVC) but it's still a step in the right direction."

13 of 279 comments (clear)

  1. First Glance by monstroyer · · Score: 5, Interesting

    1) Pain in the ass. Asks me to submit my Full Name, Organization, and email. Along with an Opt-Out in check mark for a newsletters and licence agrement.

    2) You may not download this Software if you are located in any country (or are a national of a country) subject to a general U.S. or U.N. embargo or are deemed to be a terrorist country (i.e., Cuba,Iran, Iraq, Libya, North Korea, Sudan and Syria). Ouch! Why the patriotic license clause?

    3) A quick glance at the source code seems to indicate that it's cygwin dependent C++. Not really the best platform to open your source code on since the windows world encourages closed development.

    Also, who's to say that this is the source code that will be compiled on the voting terminals? What prevents any e-voting company to build binaries that have "secret conspiracy back doors" in them? Are voting polls expected to compile their own code? And if so, why chose windows when there is no built in compiler available by default on that platform?

    1. Re:First Glance by alecks · · Score: 5, Funny

      Are you saying that You read the article, registered to download source code, browsed through it, and still managed to get FP?

      --
      The Digital Couture Collection
    2. Re:First Glance by pete-classic · · Score: 5, Interesting
      2) You may not download this Software if you are located in any country (or are a national of a country) subject to a general U.S. or U.N. embargo or are deemed to be a terrorist country (i.e., Cuba,Iran, Iraq, Libya, North Korea, Sudan and Syria). Ouch! Why the patriotic license clause?


      That is almost certainly because it contains strong encryption, which is considered munitions (!) under US export law.

      We can debate that law (I think it is foolish), but it isn't VoteHere's fault.

      -Peter
    3. Re:First Glance by meringuoid · · Score: 5, Funny
      Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria

      This is voting software, with which one would run an election in a democracy. Wouldn't we be happy if these countries downloaded and used it?

      Then there would be no more phony rigged elections in these places - you can't possibly rig an e-voting machine, Diebold said so.

      --
      Real Daleks don't climb stairs - they level the building.
    4. Re:First Glance by AntonyBartlett · · Score: 5, Insightful
      these are the same arguments for anything you don't compile yourself.

      Ah-ha, trust the compiler do you? No amount of source-level verification or scrutiny will protect you from using untrusted code.

  2. In Other News... by ravenspear · · Score: 5, Funny

    In a move to inspire confidence, Diebold agrees to have Microsoft review their code.

    The company was quoted as saying, "Microsoft's highly qualified software testers will objectively review all source to determine any bugs. We are confident their analysis will put speculation about the reliability of our software to rest."

  3. No by hanssprudel · · Score: 5, Insightful

    VoteHere has revealed _some_ source code, which may or may not be what is used in their machines. Unless the machines are produced in a truly open fashion, the fact that they have made some code available for viewing means very little.

    1. Re:No by MoonBuggy · · Score: 5, Funny

      There's a simple test - if we start seeing cowboyneal options on the next US election we know that the real source was released to, and hacked by, the /. community.

  4. Summary of the source by hng_rval · · Score: 5, Funny

    If (Vote == Bush)
    BushVotes++;
    Else If (Vote == Gore)
    If (Rand % 10 == 1)
    BuchannenVotes++;
    Else
    GoreVotes++;

    --
    Thank you Mario! But our princess is in another castle!
  5. Re:Obscured? by medication · · Score: 5, Informative

    I realize that it takes a bit more effort the RTFA, but in the pdf include in the source they make it very plain how to submit bugs:

    Reporting an Issue
    VoteHere appreciates your e(R)orts in helping us identify and resolve issues and
    inaccuracies with our products, specifications and documentation. If you feel you
    have identified an issue with the VHTi API or documentation set, please proceed
    with the following steps for submitting the issue to the VoteHere support team:
    1. Record the version number of the API or document you are referencing,
    and if documentation-related note the page and /or section number.
    2. Record and document the issue as clearly and in as much detail as possible.
    3. Record your name, company name, and a telephone number where you can
    be reached during normal business hours.
    4. Contact VoteHere using one of the following methods:
    Email: support@votehere.net
    Fax: 1.425.450.2861
    Phone: 1.888.457.6863

    --
    "If you're flammable and have legs, you are never blocking a fire exit." - Mitch Hedberg
  6. Like PGP by Rick+Zeman · · Score: 5, Insightful

    This is just like what Phil Zimmerman, then NAI, and then PGP Corporation did with Pretty Good Privacy. They'd publish their source code for peer audit, but you definitely weren't allowed to do anything with besides audit the source and compare the resultant binaries. It was NOT open source.
    I don't have any problems with that, or with the election software not being open source.

  7. Re:Reading this story by Carbonite · · Score: 5, Informative

    I believe the statistic is that only 1 out of every 10 person (correct me if I am wrong) in America votes in the presidential election.

    That's incorrect. In 2000, there were over 105,000,000 votes cast. This was 51.3% of the voting age population of 205,815,000 and 67.5% of the 156,421,311 registered voters.

    Source: Federal Election Commission

    --
    ich muß mehr Kuhglocke haben
  8. Why not use an Escrow/Build agent? by mjallison · · Score: 5, Interesting

    Revealing source code is good, but that doesn't gaurantee that the code you review is the same code actually running in the deployed machines.

    Some people would like to see paper trails and code review as a backup security measure, but I have another option I could feel comfortable with. How about a neutral third party, mutually selected by the state/city/etc and machine supplier? This third party can act as the review agent for the code, even bringing in outside experts. Public review of the code could even be done if all parties agree that this is the best thing to do.

    Finally (and here is where I think things get better), the escrow company actually builds the reviewed code, performs quality and acceptance tests. This code built by the third party is then released to the state for installation in their machines. The machine supplier never releases code directly to state/county/city/etc.

    Many large corporations use similar schemes to manage mission critical code. The IP still belongs to the machine supplier, of course, but there is now a very public and verifiable step in the process to ensure trust in the system.