Slashdot Mirror
Australian Voting Software Goes Closed Source
From Diebold's last-minute installation of uncertified software updates on its touch-screen election machines in California (leading to decertification of the company's machines in several California counties) to ethically troublesome relationships between politicians and the companies whose machines count the votes that determine their employment, the possible benefits of electronic voting seem swamped at the moment by objections (from simply prudent to caustically cynical) to its security and integrity.
Within the world of electronic voting, though, eVACS (for "Electronic Voting and Counting System") has been a rare success story both for open source development methodology and for the benefits that electronic voting can offer. The first generation of eVACS (running on Debian Linux machines) was developed starting in March 2001 in response to a request for bids by the Australian Capitol Territory Electoral Commission (ACTEC), and it was done on a budget of only AUS$200,000.
(The Australian Capitol Territory includes Australia's capitol city, Canberra, as well as surrounding suburbs and Namadgi National Park.)
Besides a respectable list of features driven by ACTEC's initial requirements (like support for 12 voting languages, and audio support for blind voters), eVACS has an advantage not enjoyed by many electronic voting systems: it's been successfully, uneventfully used to gather votes in a national election. The election in which it played a part went smoothly, and the eVACS system itself functioned as hoped.
This year, though, ACTEC asked Software Improvement to update the code for future elections, and Software Improvement decided to go them one better -- or, in the eyes of open source enthusiasts, one worse. The notes Ritchie was provided to deliver announced a change to the process under which the code is released; specifically, a switch from an open source license to something the company calls "controlled open source."
According to Software Improvement, simply releasing election-machine code under a liberal license such as the GPL is undesirable for two reasons: it means a loss of the company's intellectual property, and unfettered access could lead to a compromise of the voting system, if a determined cracker could find and exploit flaws in the code. (Software Improvement has not supplied any examples to show that this has happened, however.)
The company's use of "open source" would find little support from organizations like the Free Software Foundation or the Open Source Initiative. Software Improvement's idea of software openness is rather limited. Claiming that open source development is insufficient, even inimical to creating trust in election systems, the company now says that portions of eVACS's codebase will be released only to approved analysts, and in encrypted form, to enable viewing only for auditing purposes, rather than code contribution. Repeated viewings would be reported to the company, and only a limited number of views would be permitted before the code would self-destruct.
After delivering the prepared presentation, Ritchie took a few minutes to react to the changes it announced.
"Six hours ago, while I was reading through this on the plane," said Ritchie, "I was infuriated to read what it actually says."
Ritchie, though, is a computer-literate political science student at the University of California - Davis, and behind the Open Vote Foundation. He said he's decided to resume the project represented on that site, started with the intent to fork and bring to the U.S. the first generation, GPL'd version of eVACS.
"A long time ago, I read the first news report about Diebold, wondered why we didn't have open source election software for our voting machines. Eventually, I found out that Australia had apparently beaten us to it. It seemed like a good thing; the eVACS system was developed and released as GPL code, it was checked and rechecked by computer science people and all kinds of election officials. I said, 'Why don't we bring this to the U.S.? It's GPL, let's do it.'"
So he started the nonprofit Open Vote Foundation to bring the software to the U.S., specifically to California. Ritchie went to the meeting at the California Attorney General's office which resulted in decertification of Diebold machines in that state's 2004 election process, and his involvement in the fight against Diebold's secret-source voting machines is what led him to the open source eVACS; now he finds that the restrictions on the formerly GPL software are "even worse that that on MS's shared source. To call that open source is a bit dishonest."
"As of 6 hours ago," he said, "I've decided to start that again. It's not that hard; I mean how hard is it to say 'add one to this vote'? ... I remembered my old plan, and thought 'Let's take the old Australian code, fork it, and work from that -- and that is still an option. This is the great thing about open source software. If the old lead developer goes insane, you can always fork it, right?"
"A Dingo Ate My Vote."
I have been wondering lately if phsyically damaging these machines is not justified in a system that is supposed to cherish democracy to such a high degree. Civil disobedience is justified in some cases, and I believe that the use of unverifiable electronic voting machines with known vulnerabilities is just such a case.
Remember, Americans: Bring your voter registration card, and a sledgehammer for Diebold. They are stealing our freedom to vote, the very democracy over which so much blood has been spilled, and the corrupted political process is encouraging it via awarded contracts and almost silent acquiescence.
This crosses political affiliations and affects all Americans. I strongly believe that this must be stopped it by all means necessary or we will lose the ability to collectively affect the policies of our country, no matter how small your individual voice might be. This is zealous, without a doubt, but not all zealotry is bad. "Extremism in the defense of liberty is no vice." And some things are too important to wait upon the justice system to work, even when it does. Sometimes men must take justice into their own hands.
Live free or die.
As Diebold has proven, having a private firm develop voting machine code can be detrimental to a democratic society.
More eyes checking on the code will find these problems faster than the machinations of a private corporation. Factor in corporate bias and the potential for 'back door' code is immense.
As cited, the CA elections showed how unusable the current offerings of e-machines are.
The only criteria is if it is easy to use, traceable, and accurate.
"It is enough that the people know there was an election. The people who cast the votes decide nothing. The people who count the votes decide everything." Joseph Stalin
Introducing Microsoft Vacuum 1.0 The first Microsoft product that doesn't suck.
It's lovely someone wants to develop and fork something so exotic like an electronic voting system.
I just hope some government will understand that it's NECESSARY for such software to be FULLY Open Source, to guarantee democracy. How can I trust a device I don't know what is REALLY doing with my votes?
(And if someone is scared by the fact someone can maliciously change the program in the local voting machines just before the election...well,it's enough for THAT election to use a freezed code with a definite SHA1 or MD5 checksum...isn't it?)
-- Patent no.123456: A way to personalize
. . . is that the people leading the call for paper trails or even just paper ballots are either computing professionals or extremely technically literate. It's an interesting situation when technological "progress" is opposed by the elite rather than the traditional Luddites or the masses. Maybe we've all just read too much science fiction, but these machines sound like a solution even worse than the problem. I'd rather go through the Florida recount again than deal with the potentially catastrophic effects of the machines we use in CA.
I'm a little shocked, however, that more professed conservatives haven't spoken out against the new systems. To hear some of them tell it, the Democratic Party practically invented vote fraud, so you'd expect that they'd be much more suspicious of unverifiable, untrackable voting systems. But none of them seem to have anything to say on the matter - or have I not been looking in the right place?
But then I had the opportunity to speak with some senior managers from the company, who told me that, in fact, virtually the entire company was united behind dropping the electronic voting machines. They didn't trust the codebase (which was developed by a company Diebold acquired), felt the issue needed to be more deeply researched than it had been, and believed the bad publicity was hurting Diebold's reputation for security and reliability in its cash-management business.
But CEO Walden O'Dell disagrees. Virtually single-handedly, he has kept the e-voting project alive despite the vocal opposition of virtually everyone involved with it. When I asked the managers why they thought O'Dell was so strongly behind the project, their answers were blunt: "Politics."
If that's how management inside Diebold thinks, perhaps there's something to the conspiracy types after all....
- Watchful Babbler
I find the idea facinating that open sourcing your product is a binding contract with the community. You cannot back out unless interest in your product is so low that no one ever bothers to fork it. But time and again we see with efforts like this one or XFree86 that the idea of backing out of an open source stance is actually more harmful than remaining that way. While some will view this as a problem, as a consumer, I view it as a boon.
Even making motions toward open source without going all the way can result in "pseudo-forking" (I'm posting this from a Gnome desktop which was originally created in response to the original licensing terms of the Qt library upon which KDE was based).
It will be very interesting to see what the next few decades bring to the table in terms of open source business practices. I envision a sort of corporate ethics evolving around the benefits and dangers of open source development, and this can only be a healthy process. Much as I think RMS took leave of his senses in the mid-90s (who didn't), I have to say that he nailed it when he decided that the GPL would have the power to change the software industry. I doubt that any other legal tool has been able to so profoundly shape the future of business since the anti-trust laws of early last century.
Where are the specifications for this code?
What language is it written in?
Where is the source kept?
What platforms does it run under?
MoveOn.org is sponsoring a petition drive to urge U.S. voters to demand voter-verified paper ballots that can be audited and recounted if necessary. This is the ONLY solution.
A SECRET ballot means that the association between a specific person and a specific vote cast is vital to democracy. Doing otherwise can very easily lead to vote buying ("I'll pay you $x for proof you voted for my candidate!").
We need a specifications document laying out the requirements for this software, which platforms it runs on, etc.
We also need a copy of the existing code to (a) have a place to start from, (b) provide us something to look at and thus give us ideas for development methodologies, (c) give us a point of reference to use when lobbying congressmen, etc.
This must be on a paper trail so I know who I voted for. Election monitors (the people, one from each party, who literally looked over the shoulders of the people counting ballots in Florida) need to be able to verify the count afterwards in some statistically valid way.
Unitarian Church: Freethinkers Congregate!
If the old lead developer goes insane, you can always fork it, right?
Yep. However, getting the politician's buy-in on certifying the fork will be problematic:
On the one hand, we have academia and open source developers pushing their idea. (Politicians aren't real comfortable around smart people or people with multiple piercings)
On the other hand, we have a group of respectible business men pushing their idea. (Politicians can relate to business men because they wear the same suits and ties, and many of them were business men themselves at one point or another)
Who is going to win? Hmmmm....
Lodragan Draoidh
The more you explain it, the more I don't understand it. - Mark Twain
It's really pretty practical actually; it's impossible to get somebody all riled up for social change, put a sledgehammer in their hands and tell them "Now, that's *ONLY* for the voting machines. No hitting!" Witness the French "Revolution": once you tell Jimmy Rebel "go forth and smash!" he rarely stops where you want him to.
jaz
Death to Argument by Slogan!! (This post twice-encrypted with ROT-13. Replies not using same will be ignored)
You know you're right. I wonder where we could find an ATM company? They have the knowledge and skills. I wonder where we could find one of those. They'd be really good at it.
The error checking means they can't just say "Our machines gave us 10 billion votes for Bush and 1 billion votes for Gore." Esepecially cause there are not 10 billion americans.
They do things like this:
x votes on this machine every hour total, y votes for candidate A, z votes for Candidate B, w votes for none of the above.
And Diebold does all of this error checking in INCREDIBALLY BAD WAYS.
For example, they do error checking on original data, but make copies of the data. If the original is verified as accurate they approve the COPY, even if the copy is different from the original.
ANd of course there is all the security, which Diebold ignores. They put in back doors, use standard keys/passwords that apply to all the machines they make instead of unique ones (Would you buy a house that had a key that matched every other one on your street???
The simple truth is there is NO excuse for not using paper copy to double check any electronic voting machines except that the republicans are afraid of re-count votes.
They would rather risk election fraud then risk a recount.
The machines are NOT safer or in any way less likely to have bad counts, they have in fact been tested and found to in some cases generate MORE bad votes then optical machines.
excitingthingstodo.blogspot.com
Ok, fine, the company wants to protect its 'intellectual property'... That language alone should be enough to scare away most sane people.
Since when is the process by which we elect our leaders the 'property' of anyone except the citizenry? If a company wants to 'own' a process like that, fine, I just think that is obviously opposite that of a democratic, transparent process.
Surely, most people have an attention span long enough to grasp that simple concept.
... in some states. The R and D parties have passed laws that make it ludicrous to try and get a third party or independent candidate actually listed on the ballot. It varies, some states are incredibly difficult, some are just annoying. And you combine that with the collusion of big money mainstream media having a virtual lock out of any news on third partys and independents, you have in essence a hijacked government, controlled almost completely by two DEFINETLY for-uber-mega-profit organizations.
Anyway, with this article, I still think computerised voting is totally unnecessary, we just plain don't need it, don't need the cost, it is BILLIONS of dollars nationwide, we don't need computers to add simple sums at the precinct level,so just say *no*, no open source, no closed source, no source at all.
Some things computers are good for, others are an expensive hindrance. "Ohh shiny" and "we are in the computar age" don't cut it, computerised voting is "gadgets for gadgets sake", and someone's profits for the hardware and software, not because it's needed. Voting results should be reviewable with any set of biological eyeballs, anything else will be blackbox voting. It's bad enough with the stupid mechanical machines, we don't need anything beyond paper and pen, and a locked wooden box with a slit in the top to receive the ballots, and that's it.
Want to make it more fair? Institute at least a 24 hour voting period, and do the "ranking" method of voting, and have a "no one" option as well.
... then we'd have fifteen different interfaces that all do pretty much the same thing, but they would each have their quirks and none of them would do it quite right. The software would take five years to develop from scratch, and at the end of it we would have a huge virtual machine-based system that executes XVL (Extensible Voting Language), which is horribly complex and slow, but allows for very fancy voting platforms, in theory. But as a result, the old voting hardware will be too slow and limited to run it, so we'd need all new machines based on the latest processors. We'd also have to wait a while for all the drivers to become available, and the Debian Voting Project wouldn't release the code until it ran properly on *every* platform, including PDP11 and ZX81. Meanwhile the FireVulture project will aim to develop a super-lightweight version of the codebase that will be fast and sleek, but it will run into problems due to schisms in the team, caused by differences of opinion about whether the code should be LGPL, GPL or BSD license.
The eventual system will work very well and be extremely stable, but by the time it is in widespread use the developers will have started on Version 2.0, which is a total rewrite from the ground up (they now feel they understand the problem much better, and can see that the original API needs to be redesigned). So Version 2.0 is totally incompatible with Version 1.0, and much confusion ensues as States try to decide which "standard" to go with.
Meanwhile, Microsoft comes out fast and dirty with Microsoft Vote and although it doesn't work too well at first (version 1.0 has a glitch where everyone who's first name begins with "L" is deleted), it works "well enough" and with the buckets of money that MS dumps on the States for new MS-compatible hardware, they quickly gain dominance in the market.
The Open Source projects try to shift their focus to work with the MS hardware, chasing Microsoft's lead and running into a brick wall with the closed XML format that is encrypted and depends on hardware DRM to work.
Apple brings out the iVote, which is a small device that lets you simply plug into an Apple voting machine anywhere and vote quickly and easily. Plus, it works. And quite a few people buy it and rave about how great it is, but because only Apple is allowed to make the actual voting machines, very few of them get manufactured and as a result the iVote falls into betamax territory.
In the end, everybody uses MS Vote and complains about how closed it is, the Open Source crowd eventually gets their act together and comes out with a fantastic system that kicks butt but nobody cares any more, and that was that for the United States of America, thanks and goodnight.
I can't understand where all the confusion is coming from on the E-Voting issue. The machines are supposed to address a problem:
Problem:
Present a list of voting choices in any number of languages, in audio for those who are blind, give them an opportunity to change their vote if they made a mistake, give them a second (and a third) chance to confirm their vote, and then make sure that their vote is counted.
It sounds like a great application for computers. After all, multi-lingual GUIs are common and practical, and computers give you the chance to change your mind before you finalize the vote.
Solution:
Use the computer to format the ballot, so that you don't have to have different versions for every language, and so that the voter can confirm and reconfirm the votes before finally committing them to a paper ballot. The computer then "fills in " the ovals on the ballot, eliminating improperly filled or inadequately filled circles, at which point the voter can look at the paper and quadruple check that he voted for the right people, and put that ballot into a "dumb" optical scanner that JUST COUNTS. Nothing to tamper with, nothing to worry about - you could have 5 terminals to every counter, which would save money over the current system and would still guarantee (actually enhance) the accuracy of the vote.
It's almost like somebody DOESN'T WANT the vote to be counted properly.
Open Source is desirable, but is not in itself a panacea. For example, impeccable code could be published, but something entirely different could be installed.
That is not to say that a paper system prevents dubious outcomes. It's just that they are more likely to come to light, and be contested (as far as a supreme court, maybe...)
I helped write the original eVACS system. Forking the code for a US voting system is a nice idea, but probably won't be as helpful as you might like. Most of the complexity in the eVACS code is dealing with the ACT's Hare-Clark electoral system. That affects both the voting interface and the back end counting system. It even affects the system's whole architecture, because the votes have to all be recorded, then counted as a batch, rather than tallied as they are entered which is the obvious way to count a first-past-the-post US style election.
So looking at the system might yield some good ideas about how to organise the system (in particular how the sequence of voting and authentication is handled), but I don't think all that much code could be reused.