Australian Voting Software Goes Closed Source

Scott Ritchie ended up delivered an angry rebuttal to Friday's OSCON presentation on the credibility of election software: What's strange is that his rebuttal came in response to a talk he himself had just delivered. Ritchie doesn't have a split personality, and wasn't simply playing devil's advocate. He found himself, though, in the strange situation of having agreed (as a last minute stand-in) to deliver a presentation he hadn't yet had a chance to read, provided by Dr. Clive Boughton of Australian software developer Software Improvement. (Boughton is also a Computer Science lecturer at Australian National University.) Between agreeing to fill in and arriving at the conference, Ritchie found that Software Improvement was switching its eVACS voting software from a Free, open source software license (specifically, the GPL) to terms "even worse than that on MS's shared source," and decided to do something about it. (Read more below.)

From Diebold's last-minute installation of uncertified software updates on its touch-screen election machines in California (leading to decertification of the company's machines in several California counties) to ethically troublesome relationships between politicians and the companies whose machines count the votes that determine their employment, the possible benefits of electronic voting seem swamped at the moment by objections (from simply prudent to caustically cynical) to its security and integrity.

Within the world of electronic voting, though, eVACS (for "Electronic Voting and Counting System") has been a rare success story both for open source development methodology and for the benefits that electronic voting can offer. The first generation of eVACS (running on Debian Linux machines) was developed starting in March 2001 in response to a request for bids by the Australian Capitol Territory Electoral Commission (ACTEC), and it was done on a budget of only AUS$200,000.

(The Australian Capitol Territory includes Australia's capitol city, Canberra, as well as surrounding suburbs and Namadgi National Park.)

Besides a respectable list of features driven by ACTEC's initial requirements (like support for 12 voting languages, and audio support for blind voters), eVACS has an advantage not enjoyed by many electronic voting systems: it's been successfully, uneventfully used to gather votes in a national election. The election in which it played a part went smoothly, and the eVACS system itself functioned as hoped.

This year, though, ACTEC asked Software Improvement to update the code for future elections, and Software Improvement decided to go them one better -- or, in the eyes of open source enthusiasts, one worse. The notes Ritchie was provided to deliver announced a change to the process under which the code is released; specifically, a switch from an open source license to something the company calls "controlled open source."

According to Software Improvement, simply releasing election-machine code under a liberal license such as the GPL is undesirable for two reasons: it means a loss of the company's intellectual property, and unfettered access could lead to a compromise of the voting system, if a determined cracker could find and exploit flaws in the code. (Software Improvement has not supplied any examples to show that this has happened, however.)

The company's use of "open source" would find little support from organizations like the Free Software Foundation or the Open Source Initiative. Software Improvement's idea of software openness is rather limited. Claiming that open source development is insufficient, even inimical to creating trust in election systems, the company now says that portions of eVACS's codebase will be released only to approved analysts, and in encrypted form, to enable viewing only for auditing purposes, rather than code contribution. Repeated viewings would be reported to the company, and only a limited number of views would be permitted before the code would self-destruct.

After delivering the prepared presentation, Ritchie took a few minutes to react to the changes it announced.

"Six hours ago, while I was reading through this on the plane," said Ritchie, "I was infuriated to read what it actually says."

Ritchie, though, is a computer-literate political science student at the University of California - Davis, and behind the Open Vote Foundation. He said he's decided to resume the project represented on that site, started with the intent to fork and bring to the U.S. the first generation, GPL'd version of eVACS.

"A long time ago, I read the first news report about Diebold, wondered why we didn't have open source election software for our voting machines. Eventually, I found out that Australia had apparently beaten us to it. It seemed like a good thing; the eVACS system was developed and released as GPL code, it was checked and rechecked by computer science people and all kinds of election officials. I said, 'Why don't we bring this to the U.S.? It's GPL, let's do it.'"

So he started the nonprofit Open Vote Foundation to bring the software to the U.S., specifically to California. Ritchie went to the meeting at the California Attorney General's office which resulted in decertification of Diebold machines in that state's 2004 election process, and his involvement in the fight against Diebold's secret-source voting machines is what led him to the open source eVACS; now he finds that the restrictions on the formerly GPL software are "even worse that that on MS's shared source. To call that open source is a bit dishonest."

"As of 6 hours ago," he said, "I've decided to start that again. It's not that hard; I mean how hard is it to say 'add one to this vote'? ... I remembered my old plan, and thought 'Let's take the old Australian code, fork it, and work from that -- and that is still an option. This is the great thing about open source software. If the old lead developer goes insane, you can always fork it, right?"

Re:When is civil disobedience justified?

[jazmataz23]

Well, there's always just voting en masse via absentee ballot. I've already registered in NC, and they'll mail me my ballot in a couple weeks (fifty days from voting day, to be exact). Here's a clearinghouse of sorts with information for all fifty states. I've already posted as to my reasons for this here.

Make sure your vote counts: make them count it by hand!

jaz

Re:When is civil disobedience civil disobedience?

[jazmataz23]

There's a fine line between Civil Disobedience and Hooliganism. The major tenet of CD is nonviolence, that in a free society, social change can be created without resorting to violence of any kind.

It's really pretty practical actually; it's impossible to get somebody all riled up for social change, put a sledgehammer in their hands and tell them "Now, that's *ONLY* for the voting machines. No hitting!" Witness the French "Revolution": once you tell Jimmy Rebel "go forth and smash!" he rarely stops where you want him to.

jaz

Re:i don't understand this election software stuff

[Jerf]

$200,000 AUD is roughly $140,000 US, which is roughly 2 developer years for a reasonable wage of $50,000 a year + bennies.

If you think you can create a secure, national scale voting system that you'd trust your country's future to in two man-years, I invite you to try. The experience will be educational. You might also gain some insight into why programmers notoriously underestimate how long things will take.

Regardless of whether you create a system in that time frame that you think you can trust, I can guarentee you I won't trust it.

One hint: While you've heard of "Occam" (although you seriously misapply it here), politicians haven't. Take a good, long look at the next ballot sometime, and don't forget multiple languages and assorted other sundry details that will start sucking your time like you wouldn't believe.

You sound like you're still in school. It gets harder in the real world, you know. ++votes isn't gonna cut it...

Re:When is civil disobedience justified?

[drinkypoo]

civil disobedience
n.

Refusal to obey civil laws in an effort to induce change in governmental policy or legislation, characterized by the use of passive resistance or other nonviolent means.

Destroying voting machines is about as violent as standing on a boat and throwing bales of tea into a harbor.

Re:When is civil disobedience justified?

[Draknor]

A) No, we (Americans) live in a democratic republic, which means you vote for people to represent you in the government.

B) How do you know? Have you seen the Nov 2 ballot? I sort of doubt it. You know which 2 major party candidates will be on the presidential ballot, and that's probably about it.

People who don't at least vote (if not become more politically-involved) can whine all they want about the state of affairs (freedom of speech), but they should stop short of expecting anyone to actually listen to them, much less make the changes non-voters whine about.

There's more to voting than one presidential election every 4 years; voting in the local (city / county / state) elections every year will have much more immediate and obvious effects, because in these smaller elections your vote carries a lot more weight.

Open voting consortium & Voter verified receip

[dwheeler]

You might want to also check outThe Open Voting Consortium (OVC) is a non-profit organization dedicated to the development, maintenance, and delivery of open voting systems for use in public elections. OVC is developing a reference version of free voting software to run on very inexpensive PC hardware, which produces voter-verifiable paper ballots.

One real problem with eVACS is that, to my knowledge, it doesn't produce voter-verified receipts yet (please let me know if I'm wrong). Thankfully, the new OSS/FS site identifies this as one of the first things to be added. As noted by places such as the verified voting site, voter verified receipts are a critical need. In fact, I'd argue that only the counted paper ballots should actually count, and make sure that the vote-creating and vote-counting systems are separate (using some sort of standard representation on the paper, so that you can have different groups re-implement each side).

Re:His opening line?

[YOU+LIKEWISE+FAIL+IT]

Jesus Christ on an electric moped, it's not a Seinfeld quote, it's not a quote from some fictional movie, the line "The dingo's got my baby!" and the movie it was drawn from ( "A Cry in the Dark", iirc ) were based around a real case - that of Lindy Chamberlain.

This case was a total societal clusterfuck here in Australia. Half of the population believed in her story, and the other half thought she was full of it. Lindy ended up being found guilty of murder, and locked away for four years - after which her conviction was overturned ( and many people are still not convinced ).

To give you an idea of just how deeply this event has graved itself into the national psyche, I was four months old when it happened, and even I can tell you the name of the baby in question ( Azaria ). I guess the closest comparison Americans could make would be the kidnapping of the Lindbergh baby, although even that's not a real good fit.

It's not really that funny! Bleah!

Re:When is civil disobedience justified?

[Artifakt]

"If you are caught (unlikely)"

The Machine operator looks inside the machine after each voter, time allowing, to see if they have left any literature or stickers. You will get caught, with near 100% certanty. The proof will be that the sticker wasn't there before you entered, and its there after you left. That's grounds to ask you to wait until a police officer arrives, or to look up your name in the voter registration and report you if you flee. It is a felony in my state, and a felony under Federal law. You do NOT have a great position. If you start so much as raising your voice while accusing us of "bullying" or "threatening" you, you will be creating a situation that may intmidate other voters present, and the couts will be notified that you continued after being warned, and the election comission will seek multiple charges. If you raise a fist to denounce my 'bullies" you will be charged for intimidating an official as well. All the fun of behaving like a fool, WITH the nasty fear of serving 75 years before possibility of parole thing!
It is also definitely not civil disobedience. There is a line 100 feet in front of the building. Stand 101 feet out, right next to the marker, and you can hold up a big poster that asks "How do you know these machines are honest?", all you want. Pass out flyers too, but if you do, please tell people NOT to display them inside the polling place or leave them in the machines. If it's a hot day, I'll probably bring you and everyone else out there a lemonade apiece, but you'll have to stand there next to the rest of the spokesmen for and against various candidates and issues. Given that you have a right to do it that way, there's no need for doing it the wrong way.