Slashdot Mirror
Australian Voting Software Goes Closed Source
From Diebold's last-minute installation of uncertified software updates on its touch-screen election machines in California (leading to decertification of the company's machines in several California counties) to ethically troublesome relationships between politicians and the companies whose machines count the votes that determine their employment, the possible benefits of electronic voting seem swamped at the moment by objections (from simply prudent to caustically cynical) to its security and integrity.
Within the world of electronic voting, though, eVACS (for "Electronic Voting and Counting System") has been a rare success story both for open source development methodology and for the benefits that electronic voting can offer. The first generation of eVACS (running on Debian Linux machines) was developed starting in March 2001 in response to a request for bids by the Australian Capitol Territory Electoral Commission (ACTEC), and it was done on a budget of only AUS$200,000.
(The Australian Capitol Territory includes Australia's capitol city, Canberra, as well as surrounding suburbs and Namadgi National Park.)
Besides a respectable list of features driven by ACTEC's initial requirements (like support for 12 voting languages, and audio support for blind voters), eVACS has an advantage not enjoyed by many electronic voting systems: it's been successfully, uneventfully used to gather votes in a national election. The election in which it played a part went smoothly, and the eVACS system itself functioned as hoped.
This year, though, ACTEC asked Software Improvement to update the code for future elections, and Software Improvement decided to go them one better -- or, in the eyes of open source enthusiasts, one worse. The notes Ritchie was provided to deliver announced a change to the process under which the code is released; specifically, a switch from an open source license to something the company calls "controlled open source."
According to Software Improvement, simply releasing election-machine code under a liberal license such as the GPL is undesirable for two reasons: it means a loss of the company's intellectual property, and unfettered access could lead to a compromise of the voting system, if a determined cracker could find and exploit flaws in the code. (Software Improvement has not supplied any examples to show that this has happened, however.)
The company's use of "open source" would find little support from organizations like the Free Software Foundation or the Open Source Initiative. Software Improvement's idea of software openness is rather limited. Claiming that open source development is insufficient, even inimical to creating trust in election systems, the company now says that portions of eVACS's codebase will be released only to approved analysts, and in encrypted form, to enable viewing only for auditing purposes, rather than code contribution. Repeated viewings would be reported to the company, and only a limited number of views would be permitted before the code would self-destruct.
After delivering the prepared presentation, Ritchie took a few minutes to react to the changes it announced.
"Six hours ago, while I was reading through this on the plane," said Ritchie, "I was infuriated to read what it actually says."
Ritchie, though, is a computer-literate political science student at the University of California - Davis, and behind the Open Vote Foundation. He said he's decided to resume the project represented on that site, started with the intent to fork and bring to the U.S. the first generation, GPL'd version of eVACS.
"A long time ago, I read the first news report about Diebold, wondered why we didn't have open source election software for our voting machines. Eventually, I found out that Australia had apparently beaten us to it. It seemed like a good thing; the eVACS system was developed and released as GPL code, it was checked and rechecked by computer science people and all kinds of election officials. I said, 'Why don't we bring this to the U.S.? It's GPL, let's do it.'"
So he started the nonprofit Open Vote Foundation to bring the software to the U.S., specifically to California. Ritchie went to the meeting at the California Attorney General's office which resulted in decertification of Diebold machines in that state's 2004 election process, and his involvement in the fight against Diebold's secret-source voting machines is what led him to the open source eVACS; now he finds that the restrictions on the formerly GPL software are "even worse that that on MS's shared source. To call that open source is a bit dishonest."
"As of 6 hours ago," he said, "I've decided to start that again. It's not that hard; I mean how hard is it to say 'add one to this vote'? ... I remembered my old plan, and thought 'Let's take the old Australian code, fork it, and work from that -- and that is still an option. This is the great thing about open source software. If the old lead developer goes insane, you can always fork it, right?"
I have been wondering lately if phsyically damaging these machines is not justified in a system that is supposed to cherish democracy to such a high degree. Civil disobedience is justified in some cases, and I believe that the use of unverifiable electronic voting machines with known vulnerabilities is just such a case.
Remember, Americans: Bring your voter registration card, and a sledgehammer for Diebold. They are stealing our freedom to vote, the very democracy over which so much blood has been spilled, and the corrupted political process is encouraging it via awarded contracts and almost silent acquiescence.
This crosses political affiliations and affects all Americans. I strongly believe that this must be stopped it by all means necessary or we will lose the ability to collectively affect the policies of our country, no matter how small your individual voice might be. This is zealous, without a doubt, but not all zealotry is bad. "Extremism in the defense of liberty is no vice." And some things are too important to wait upon the justice system to work, even when it does. Sometimes men must take justice into their own hands.
Live free or die.
As Diebold has proven, having a private firm develop voting machine code can be detrimental to a democratic society.
More eyes checking on the code will find these problems faster than the machinations of a private corporation. Factor in corporate bias and the potential for 'back door' code is immense.
As cited, the CA elections showed how unusable the current offerings of e-machines are.
The only criteria is if it is easy to use, traceable, and accurate.
It's lovely someone wants to develop and fork something so exotic like an electronic voting system.
I just hope some government will understand that it's NECESSARY for such software to be FULLY Open Source, to guarantee democracy. How can I trust a device I don't know what is REALLY doing with my votes?
(And if someone is scared by the fact someone can maliciously change the program in the local voting machines just before the election...well,it's enough for THAT election to use a freezed code with a definite SHA1 or MD5 checksum...isn't it?)
-- Patent no.123456: A way to personalize
... traditional voting with pen and paper!
I find the idea facinating that open sourcing your product is a binding contract with the community. You cannot back out unless interest in your product is so low that no one ever bothers to fork it. But time and again we see with efforts like this one or XFree86 that the idea of backing out of an open source stance is actually more harmful than remaining that way. While some will view this as a problem, as a consumer, I view it as a boon.
Even making motions toward open source without going all the way can result in "pseudo-forking" (I'm posting this from a Gnome desktop which was originally created in response to the original licensing terms of the Qt library upon which KDE was based).
It will be very interesting to see what the next few decades bring to the table in terms of open source business practices. I envision a sort of corporate ethics evolving around the benefits and dangers of open source development, and this can only be a healthy process. Much as I think RMS took leave of his senses in the mid-90s (who didn't), I have to say that he nailed it when he decided that the GPL would have the power to change the software industry. I doubt that any other legal tool has been able to so profoundly shape the future of business since the anti-trust laws of early last century.
Where are the specifications for this code?
What language is it written in?
Where is the source kept?
What platforms does it run under?
MoveOn.org is sponsoring a petition drive to urge U.S. voters to demand voter-verified paper ballots that can be audited and recounted if necessary. This is the ONLY solution.
A SECRET ballot means that the association between a specific person and a specific vote cast is vital to democracy. Doing otherwise can very easily lead to vote buying ("I'll pay you $x for proof you voted for my candidate!").
We need a specifications document laying out the requirements for this software, which platforms it runs on, etc.
We also need a copy of the existing code to (a) have a place to start from, (b) provide us something to look at and thus give us ideas for development methodologies, (c) give us a point of reference to use when lobbying congressmen, etc.
This must be on a paper trail so I know who I voted for. Election monitors (the people, one from each party, who literally looked over the shoulders of the people counting ballots in Florida) need to be able to verify the count afterwards in some statistically valid way.
Unitarian Church: Freethinkers Congregate!
Haven't you ever heard the saying "when I die, bury me in Chicago so I can keep voting" ? The Democrats did invent modern-day vote fraud, getting all sorts to vote for them: dead people, illegal immigrants, and in one California case, over 120 people in alphabetical order with identical handwriting signing the voter roll. I found it particularly ironic that Al Gore's team in the Florida recount included Daley, who is from ... CHICAGO!
BTW, the reason that the conservatives aren't screaming bloody murder about unauditable electronic voting is that the chairman of Diebold is a Republican who has pledged to help re-elect George Bush.
-paul
Pistol caliber is like religion: everyone has their favourite, and theirs is the only right choice.
"According to Software Improvement, simply releasing election-machine code under a liberal license such as the GPL is undesirable (because) ... unfettered access could lead to a compromise of the voting system, if a determined cracker could find and exploit flaws in the code."
Let's see: the audited access assures that no cracker can ever see the code, right?
And besides -- if we can't see the three-card-monte-man's hands, he can't cheat us?
The only argument that holds water is the IP/profit explanation I skipped in the quote above.
yech![this sig has been trunca
There is only one issue, and that's hardcopy records. No voting machine should be all electronic. It should spit out a receipt that tells you exactly how you voted. One copy to the voter, one copy goes into a sealed box.
In short, if any cheating occurs, we know immediately. Who cares how the software is developed? The only question is whether it can be verified after the fact.
Sometimes it's best to just let stupid people be stupid.
The error checking means they can't just say "Our machines gave us 10 billion votes for Bush and 1 billion votes for Gore." Esepecially cause there are not 10 billion americans.
They do things like this:
x votes on this machine every hour total, y votes for candidate A, z votes for Candidate B, w votes for none of the above.
And Diebold does all of this error checking in INCREDIBALLY BAD WAYS.
For example, they do error checking on original data, but make copies of the data. If the original is verified as accurate they approve the COPY, even if the copy is different from the original.
ANd of course there is all the security, which Diebold ignores. They put in back doors, use standard keys/passwords that apply to all the machines they make instead of unique ones (Would you buy a house that had a key that matched every other one on your street???
The simple truth is there is NO excuse for not using paper copy to double check any electronic voting machines except that the republicans are afraid of re-count votes.
They would rather risk election fraud then risk a recount.
The machines are NOT safer or in any way less likely to have bad counts, they have in fact been tested and found to in some cases generate MORE bad votes then optical machines.
excitingthingstodo.blogspot.com
Ok, fine, the company wants to protect its 'intellectual property'... That language alone should be enough to scare away most sane people.
Since when is the process by which we elect our leaders the 'property' of anyone except the citizenry? If a company wants to 'own' a process like that, fine, I just think that is obviously opposite that of a democratic, transparent process.
Surely, most people have an attention span long enough to grasp that simple concept.
If you must choose from Aor B, Vote for George Kerry, because John Bush is just plain evil...
:
:
Positions for important issues
George Kerry
1.Supports war in Iraq, will add more troops if needed.
2. Strongly supports the Patriot Act
3. Supports Big government spending on various nanny state programs
John Bush
1.Supports war in Iraq, will add more troops if needed.
2. Strongly supports the Patriot Act
3. Supports Big government spending on various nanny state programs
As you can see George Kerry is certainly a better candidate.....
In reality, the only way this situation will change is to start voting for third party candidates. The duopoly has gotten out of hand. The conventions are not even used for discussing the parties postion on issues, nor are they used to select a candidate. They have degenerated into a 3-day infomercial paid for by the taxpayers. I will be voting for Michael Badnarik (Libertarian) this time around as I refuse to eat the corporate dog food. Better a clear conscience and a "wasted" vote than supporting
either of the cluetards...
Service guarantees Citizenship! Questions Guarantee GITMO.... Amerika Uber Alles!
these machines sound like a solution even worse than the problem
WHAT PROBLEM ?! Could someone, anyone, please explain what the hell is wrong with a paper ballot and a pen?
Thats the system we use for parlimentary elections in the UK, and it seems to work fine. Arguments about whether voting machines should be closed or open source miss the point. There should not be any voting machines at all.
"I realise this is not a very popular opinion but it's the truth, and there for needs to be said" -Bill Hicks
... in some states. The R and D parties have passed laws that make it ludicrous to try and get a third party or independent candidate actually listed on the ballot. It varies, some states are incredibly difficult, some are just annoying. And you combine that with the collusion of big money mainstream media having a virtual lock out of any news on third partys and independents, you have in essence a hijacked government, controlled almost completely by two DEFINETLY for-uber-mega-profit organizations.
Anyway, with this article, I still think computerised voting is totally unnecessary, we just plain don't need it, don't need the cost, it is BILLIONS of dollars nationwide, we don't need computers to add simple sums at the precinct level,so just say *no*, no open source, no closed source, no source at all.
Some things computers are good for, others are an expensive hindrance. "Ohh shiny" and "we are in the computar age" don't cut it, computerised voting is "gadgets for gadgets sake", and someone's profits for the hardware and software, not because it's needed. Voting results should be reviewable with any set of biological eyeballs, anything else will be blackbox voting. It's bad enough with the stupid mechanical machines, we don't need anything beyond paper and pen, and a locked wooden box with a slit in the top to receive the ballots, and that's it.
Want to make it more fair? Institute at least a 24 hour voting period, and do the "ranking" method of voting, and have a "no one" option as well.
Typical Microsoft "embrace and extend" code: that only runs on MS-DOS or under emulation on NT. The getch() call isn't standard C or POSIX, so that program won't run as written on any standard UNIX system, including Microsoft's hosted UNIX they're considering including in Longhorn.
Recording votes in the ACT is not as simple as "++ some variable".
Calculating the outcome is not as simple as "max(...)".
Why not take 5 minutes to find out what exactly the software does before deciding that you are so much smarter/productive than the people who created it in the first place.
Remember to include things like independent code audits...
Who cares if you can get the source? Unless you can create a binary from a signed copy of the source on your own machine, then upload the compiled binary to the voting machine, how can you trust it? How do you know a secret final patch hasn't been added at the last minute?
Paper trail is the only way, open or closed source doesn't matter. If I can walk away with a record of my vote, I'll be happy. If you added a little cash register printer and a roll of tape inside the machine and spot-audit one percent of the machine results, I'll be even happier.
But if I can use an ink marker to make an indelible mark on a piece of paper, and have the paper counted physically by a dozen people, I'll be completely happy.
Paper! Ink! It works!
This whole sorry saga reminds me of a brutally frank piece of advice my Systems Analysis lecturer gave to the class.
"Give your client a number of possible designs for the system. If we were completely honest, one of those designs might be for a purely manual process. But we're computer people, so of course we only provide computer-based solutions."
Once more unto the breach, dear friends, once more, Or close the wall up with our American dead!
I can't understand where all the confusion is coming from on the E-Voting issue. The machines are supposed to address a problem:
Problem:
Present a list of voting choices in any number of languages, in audio for those who are blind, give them an opportunity to change their vote if they made a mistake, give them a second (and a third) chance to confirm their vote, and then make sure that their vote is counted.
It sounds like a great application for computers. After all, multi-lingual GUIs are common and practical, and computers give you the chance to change your mind before you finalize the vote.
Solution:
Use the computer to format the ballot, so that you don't have to have different versions for every language, and so that the voter can confirm and reconfirm the votes before finally committing them to a paper ballot. The computer then "fills in " the ovals on the ballot, eliminating improperly filled or inadequately filled circles, at which point the voter can look at the paper and quadruple check that he voted for the right people, and put that ballot into a "dumb" optical scanner that JUST COUNTS. Nothing to tamper with, nothing to worry about - you could have 5 terminals to every counter, which would save money over the current system and would still guarantee (actually enhance) the accuracy of the vote.
It's almost like somebody DOESN'T WANT the vote to be counted properly.
Open Source is desirable, but is not in itself a panacea. For example, impeccable code could be published, but something entirely different could be installed.
That is not to say that a paper system prevents dubious outcomes. It's just that they are more likely to come to light, and be contested (as far as a supreme court, maybe...)
You've had 4 years to do something other than insinuate
If you had only gone to see Fahrenheit 9/11, instead of relying on Limbaugh and O'Really to tell you whether it's good or not (use your own judgment for Pete's sake) you would have seen that considerable effort was made, and you wouldn't dare make that accusation.
Those efforts were made in vain.
mefus
In Open Society, GPL Software frees YOU!
But now that manufacturing is becoming more and more automated, and the pool of laborers is growing so quickly, labor is worth less and less and less, and physical resources those people sit on is worth more and more.
So as the decades wear on in this century, you can expect violence and genocide to become more and more frequent as responses to civil disobedience of any sort. The people of impoverished country X aren't going to put up with my exploiting them anymore? We'll, just kill them all and import workers from impoverished country Y.
Civil disobedience works with humans, but as society becomes more and more regimented and mechanical, it becomes more inhuman.
How about just splitting a state's electors along popular vote lines? In Presidential-2000 election 50% of Minnesota's 10 electors would have gone to Bush. (There are already a few (2?) states who do this).
And any state can chose to do this. If you want it in your state, ask for it. Or (if you have initiative in your state), file an initiative and start getting signatures.
However, the winner-take-all nature of most states' choice of electors is part of the original compromise that led to the electoral college.
With either popular-vote selection of the president or a proportional system of selecting voters, one populous state with a corrupt election system swings the election. Winner-take-all means corruption of one state can't override a narrow margin in a large set of small states.
Wiinner-take-all also sets up a situation where the presidential candidates must appeal to both the big AND the little states in order to collect enough electoral votes to win. With proportional voting it's more efficient to go for a big margin in a few large urban areas and ignore the flyover country.
And THAT LAST was why it was created: As a protection for the little states against being swamped by a couple big ones, in order to give them the confidence to sign on with the union in the first place. From the 1780s to today there have ALWAYS been a small number of heavily populated states and a large number of sparse ones. The president is a single officeholder for ALL the states, not just the urban ones. Make it a popular vote and he becomes the president of a few urban coastal cities, creating a political situation more like that of France.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
I helped write the original eVACS system. Forking the code for a US voting system is a nice idea, but probably won't be as helpful as you might like. Most of the complexity in the eVACS code is dealing with the ACT's Hare-Clark electoral system. That affects both the voting interface and the back end counting system. It even affects the system's whole architecture, because the votes have to all be recorded, then counted as a batch, rather than tallied as they are entered which is the obvious way to count a first-past-the-post US style election.
So looking at the system might yield some good ideas about how to organise the system (in particular how the sequence of voting and authentication is handled), but I don't think all that much code could be reused.
Id always advocate an open source voting system. It seems that it ought to be imperitive that any electronic voting system can be audited publically to reveal any flaws or biases. However, it seems to me that either way even with an open source system how would one prove that the system used during the electing / voting process is the same as the one being available for public audit?
And how to acertain that those running the system did or did not bias or effect the results in some way?
Maybe electronic voting isnt such a good idea at all? Maybe the safer option is to stick with a paper based situation that cannot easily be fudged ? (that is not to say that a paper based system is also not open to fudging...)
Whatever way, and whatever flaws, the public should have unfettered access to every part of the process at least to the extent that nothing is hidden. Open source and closed source are just as open to abuse as is a paper based system. As much of it remains examinable the better in my opinion.
Nick...
Electronic Music Made Using Linux http://soundcloud.com/polyp