Slashdot Mirror
Australian Voting Software Goes Closed Source
From Diebold's last-minute installation of uncertified software updates on its touch-screen election machines in California (leading to decertification of the company's machines in several California counties) to ethically troublesome relationships between politicians and the companies whose machines count the votes that determine their employment, the possible benefits of electronic voting seem swamped at the moment by objections (from simply prudent to caustically cynical) to its security and integrity.
Within the world of electronic voting, though, eVACS (for "Electronic Voting and Counting System") has been a rare success story both for open source development methodology and for the benefits that electronic voting can offer. The first generation of eVACS (running on Debian Linux machines) was developed starting in March 2001 in response to a request for bids by the Australian Capitol Territory Electoral Commission (ACTEC), and it was done on a budget of only AUS$200,000.
(The Australian Capitol Territory includes Australia's capitol city, Canberra, as well as surrounding suburbs and Namadgi National Park.)
Besides a respectable list of features driven by ACTEC's initial requirements (like support for 12 voting languages, and audio support for blind voters), eVACS has an advantage not enjoyed by many electronic voting systems: it's been successfully, uneventfully used to gather votes in a national election. The election in which it played a part went smoothly, and the eVACS system itself functioned as hoped.
This year, though, ACTEC asked Software Improvement to update the code for future elections, and Software Improvement decided to go them one better -- or, in the eyes of open source enthusiasts, one worse. The notes Ritchie was provided to deliver announced a change to the process under which the code is released; specifically, a switch from an open source license to something the company calls "controlled open source."
According to Software Improvement, simply releasing election-machine code under a liberal license such as the GPL is undesirable for two reasons: it means a loss of the company's intellectual property, and unfettered access could lead to a compromise of the voting system, if a determined cracker could find and exploit flaws in the code. (Software Improvement has not supplied any examples to show that this has happened, however.)
The company's use of "open source" would find little support from organizations like the Free Software Foundation or the Open Source Initiative. Software Improvement's idea of software openness is rather limited. Claiming that open source development is insufficient, even inimical to creating trust in election systems, the company now says that portions of eVACS's codebase will be released only to approved analysts, and in encrypted form, to enable viewing only for auditing purposes, rather than code contribution. Repeated viewings would be reported to the company, and only a limited number of views would be permitted before the code would self-destruct.
After delivering the prepared presentation, Ritchie took a few minutes to react to the changes it announced.
"Six hours ago, while I was reading through this on the plane," said Ritchie, "I was infuriated to read what it actually says."
Ritchie, though, is a computer-literate political science student at the University of California - Davis, and behind the Open Vote Foundation. He said he's decided to resume the project represented on that site, started with the intent to fork and bring to the U.S. the first generation, GPL'd version of eVACS.
"A long time ago, I read the first news report about Diebold, wondered why we didn't have open source election software for our voting machines. Eventually, I found out that Australia had apparently beaten us to it. It seemed like a good thing; the eVACS system was developed and released as GPL code, it was checked and rechecked by computer science people and all kinds of election officials. I said, 'Why don't we bring this to the U.S.? It's GPL, let's do it.'"
So he started the nonprofit Open Vote Foundation to bring the software to the U.S., specifically to California. Ritchie went to the meeting at the California Attorney General's office which resulted in decertification of Diebold machines in that state's 2004 election process, and his involvement in the fight against Diebold's secret-source voting machines is what led him to the open source eVACS; now he finds that the restrictions on the formerly GPL software are "even worse that that on MS's shared source. To call that open source is a bit dishonest."
"As of 6 hours ago," he said, "I've decided to start that again. It's not that hard; I mean how hard is it to say 'add one to this vote'? ... I remembered my old plan, and thought 'Let's take the old Australian code, fork it, and work from that -- and that is still an option. This is the great thing about open source software. If the old lead developer goes insane, you can always fork it, right?"
I have been wondering lately if phsyically damaging these machines is not justified in a system that is supposed to cherish democracy to such a high degree. Civil disobedience is justified in some cases, and I believe that the use of unverifiable electronic voting machines with known vulnerabilities is just such a case.
Remember, Americans: Bring your voter registration card, and a sledgehammer for Diebold. They are stealing our freedom to vote, the very democracy over which so much blood has been spilled, and the corrupted political process is encouraging it via awarded contracts and almost silent acquiescence.
This crosses political affiliations and affects all Americans. I strongly believe that this must be stopped it by all means necessary or we will lose the ability to collectively affect the policies of our country, no matter how small your individual voice might be. This is zealous, without a doubt, but not all zealotry is bad. "Extremism in the defense of liberty is no vice." And some things are too important to wait upon the justice system to work, even when it does. Sometimes men must take justice into their own hands.
Live free or die.
"It is enough that the people know there was an election. The people who cast the votes decide nothing. The people who count the votes decide everything." Joseph Stalin
Introducing Microsoft Vacuum 1.0 The first Microsoft product that doesn't suck.
It's lovely someone wants to develop and fork something so exotic like an electronic voting system.
I just hope some government will understand that it's NECESSARY for such software to be FULLY Open Source, to guarantee democracy. How can I trust a device I don't know what is REALLY doing with my votes?
(And if someone is scared by the fact someone can maliciously change the program in the local voting machines just before the election...well,it's enough for THAT election to use a freezed code with a definite SHA1 or MD5 checksum...isn't it?)
-- Patent no.123456: A way to personalize
. . . is that the people leading the call for paper trails or even just paper ballots are either computing professionals or extremely technically literate. It's an interesting situation when technological "progress" is opposed by the elite rather than the traditional Luddites or the masses. Maybe we've all just read too much science fiction, but these machines sound like a solution even worse than the problem. I'd rather go through the Florida recount again than deal with the potentially catastrophic effects of the machines we use in CA.
I'm a little shocked, however, that more professed conservatives haven't spoken out against the new systems. To hear some of them tell it, the Democratic Party practically invented vote fraud, so you'd expect that they'd be much more suspicious of unverifiable, untrackable voting systems. But none of them seem to have anything to say on the matter - or have I not been looking in the right place?
But then I had the opportunity to speak with some senior managers from the company, who told me that, in fact, virtually the entire company was united behind dropping the electronic voting machines. They didn't trust the codebase (which was developed by a company Diebold acquired), felt the issue needed to be more deeply researched than it had been, and believed the bad publicity was hurting Diebold's reputation for security and reliability in its cash-management business.
But CEO Walden O'Dell disagrees. Virtually single-handedly, he has kept the e-voting project alive despite the vocal opposition of virtually everyone involved with it. When I asked the managers why they thought O'Dell was so strongly behind the project, their answers were blunt: "Politics."
If that's how management inside Diebold thinks, perhaps there's something to the conspiracy types after all....
- Watchful Babbler
I find the idea facinating that open sourcing your product is a binding contract with the community. You cannot back out unless interest in your product is so low that no one ever bothers to fork it. But time and again we see with efforts like this one or XFree86 that the idea of backing out of an open source stance is actually more harmful than remaining that way. While some will view this as a problem, as a consumer, I view it as a boon.
Even making motions toward open source without going all the way can result in "pseudo-forking" (I'm posting this from a Gnome desktop which was originally created in response to the original licensing terms of the Qt library upon which KDE was based).
It will be very interesting to see what the next few decades bring to the table in terms of open source business practices. I envision a sort of corporate ethics evolving around the benefits and dangers of open source development, and this can only be a healthy process. Much as I think RMS took leave of his senses in the mid-90s (who didn't), I have to say that he nailed it when he decided that the GPL would have the power to change the software industry. I doubt that any other legal tool has been able to so profoundly shape the future of business since the anti-trust laws of early last century.
Where are the specifications for this code?
What language is it written in?
Where is the source kept?
What platforms does it run under?
MoveOn.org is sponsoring a petition drive to urge U.S. voters to demand voter-verified paper ballots that can be audited and recounted if necessary. This is the ONLY solution.
A SECRET ballot means that the association between a specific person and a specific vote cast is vital to democracy. Doing otherwise can very easily lead to vote buying ("I'll pay you $x for proof you voted for my candidate!").
We need a specifications document laying out the requirements for this software, which platforms it runs on, etc.
We also need a copy of the existing code to (a) have a place to start from, (b) provide us something to look at and thus give us ideas for development methodologies, (c) give us a point of reference to use when lobbying congressmen, etc.
This must be on a paper trail so I know who I voted for. Election monitors (the people, one from each party, who literally looked over the shoulders of the people counting ballots in Florida) need to be able to verify the count afterwards in some statistically valid way.
Unitarian Church: Freethinkers Congregate!
If the old lead developer goes insane, you can always fork it, right?
Yep. However, getting the politician's buy-in on certifying the fork will be problematic:
On the one hand, we have academia and open source developers pushing their idea. (Politicians aren't real comfortable around smart people or people with multiple piercings)
On the other hand, we have a group of respectible business men pushing their idea. (Politicians can relate to business men because they wear the same suits and ties, and many of them were business men themselves at one point or another)
Who is going to win? Hmmmm....
Lodragan Draoidh
The more you explain it, the more I don't understand it. - Mark Twain
You know you're right. I wonder where we could find an ATM company? They have the knowledge and skills. I wonder where we could find one of those. They'd be really good at it.
In the olden days, people would sell their vote for money. It wasn't until I believe the 1850's or 1860's that we had an anonymous voting system. In an odd coincidence, we imported the Austrialian method back then too!
Before the 1860's you wrote in the name of the candidate you wished to vote for. In small enough precinects, you could literally know everyones handwritting. Before that, you actually walked into the town capital building, and announced your vote in a loud clear voice the the people in charge of keeping track.
Each candidate would have a witness there keeping track of who voted which way, and could then pay off the people who they bought a vote from.
As the other response said, I'd imagine that the first whites to vote for a black in Georgia probably didn't make it too far out of the voting booth before getting harrassed. Unless there was an anonymous system.
Kirby
... then we'd have fifteen different interfaces that all do pretty much the same thing, but they would each have their quirks and none of them would do it quite right. The software would take five years to develop from scratch, and at the end of it we would have a huge virtual machine-based system that executes XVL (Extensible Voting Language), which is horribly complex and slow, but allows for very fancy voting platforms, in theory. But as a result, the old voting hardware will be too slow and limited to run it, so we'd need all new machines based on the latest processors. We'd also have to wait a while for all the drivers to become available, and the Debian Voting Project wouldn't release the code until it ran properly on *every* platform, including PDP11 and ZX81. Meanwhile the FireVulture project will aim to develop a super-lightweight version of the codebase that will be fast and sleek, but it will run into problems due to schisms in the team, caused by differences of opinion about whether the code should be LGPL, GPL or BSD license.
The eventual system will work very well and be extremely stable, but by the time it is in widespread use the developers will have started on Version 2.0, which is a total rewrite from the ground up (they now feel they understand the problem much better, and can see that the original API needs to be redesigned). So Version 2.0 is totally incompatible with Version 1.0, and much confusion ensues as States try to decide which "standard" to go with.
Meanwhile, Microsoft comes out fast and dirty with Microsoft Vote and although it doesn't work too well at first (version 1.0 has a glitch where everyone who's first name begins with "L" is deleted), it works "well enough" and with the buckets of money that MS dumps on the States for new MS-compatible hardware, they quickly gain dominance in the market.
The Open Source projects try to shift their focus to work with the MS hardware, chasing Microsoft's lead and running into a brick wall with the closed XML format that is encrypted and depends on hardware DRM to work.
Apple brings out the iVote, which is a small device that lets you simply plug into an Apple voting machine anywhere and vote quickly and easily. Plus, it works. And quite a few people buy it and rave about how great it is, but because only Apple is allowed to make the actual voting machines, very few of them get manufactured and as a result the iVote falls into betamax territory.
In the end, everybody uses MS Vote and complains about how closed it is, the Open Source crowd eventually gets their act together and comes out with a fantastic system that kicks butt but nobody cares any more, and that was that for the United States of America, thanks and goodnight.
I can't understand where all the confusion is coming from on the E-Voting issue. The machines are supposed to address a problem:
Problem:
Present a list of voting choices in any number of languages, in audio for those who are blind, give them an opportunity to change their vote if they made a mistake, give them a second (and a third) chance to confirm their vote, and then make sure that their vote is counted.
It sounds like a great application for computers. After all, multi-lingual GUIs are common and practical, and computers give you the chance to change your mind before you finalize the vote.
Solution:
Use the computer to format the ballot, so that you don't have to have different versions for every language, and so that the voter can confirm and reconfirm the votes before finally committing them to a paper ballot. The computer then "fills in " the ovals on the ballot, eliminating improperly filled or inadequately filled circles, at which point the voter can look at the paper and quadruple check that he voted for the right people, and put that ballot into a "dumb" optical scanner that JUST COUNTS. Nothing to tamper with, nothing to worry about - you could have 5 terminals to every counter, which would save money over the current system and would still guarantee (actually enhance) the accuracy of the vote.
It's almost like somebody DOESN'T WANT the vote to be counted properly.
Open Source is desirable, but is not in itself a panacea. For example, impeccable code could be published, but something entirely different could be installed.
That is not to say that a paper system prevents dubious outcomes. It's just that they are more likely to come to light, and be contested (as far as a supreme court, maybe...)
Jesus Christ on an electric moped, it's not a Seinfeld quote, it's not a quote from some fictional movie, the line "The dingo's got my baby!" and the movie it was drawn from ( "A Cry in the Dark", iirc ) were based around a real case - that of Lindy Chamberlain.
This case was a total societal clusterfuck here in Australia. Half of the population believed in her story, and the other half thought she was full of it. Lindy ended up being found guilty of murder, and locked away for four years - after which her conviction was overturned ( and many people are still not convinced ).
To give you an idea of just how deeply this event has graved itself into the national psyche, I was four months old when it happened, and even I can tell you the name of the baby in question ( Azaria ). I guess the closest comparison Americans could make would be the kidnapping of the Lindbergh baby, although even that's not a real good fit.
It's not really that funny! Bleah!
One god, one market, one truth, one consumer.