NY Times Endorses Open-Source Election Software

jdauerbach writes "On its editorial page today, the New York Times called for election system reform, saying among other things that 'Congress should impose much more rigorous safeguards, including a requirement that all computer code be made public. It should require that all electronic machines produce a voter-verified paper trail.'"

Re:Some thoughts

[antifoidulus]

IIRC, The paper record is per machine, not per vote. After the polls close, each machine prints out a record of the votes recorded on it. So therefore there is a way to double check that the tabulations from all the machines is correct, but not that the tabulation on any given machine is correct. Now granted this does make it harder to modify the final tally, but it is far from impossible.
It also doesn't address machines crashing, poor user interfaces etc.....

International observers are saying the same

[MSBob]

International election observers noted several issues with the US election process this year. One of the criticisms in their report is electronic voting without any transparency or a paper trail. One of their recommendations was also to use open source code software for the voting machines. Here's the link

Re:Some thoughts on Diebold security

[JimMarch(equalccw)]

Diebold's "paper trail" is an end-of-day record on a long thin "cash register strip" showing how many votes each machine took in for each candidate and issue.

Problem 1: it's glitchier than a Microsoft Windows early beta. I've talked to Alameda and San Diego County pollworkers who tried to collect these at the end of the day, only to find that in some cases nothing printed and in others the printout didn't agree with the on-screen end-of-day tallies! And that was different machines in a single polling location.

Problem 2: this printout isn't done as the votes happen, but rather as a single end-of-day "run" under polling place supervisor control. If the machine crashes at any time during the day (which happens often enough), that'll cause the tallies between the memory card "electronic ballot box" (PCMCIA) and printout to vary.

Problem 3: this printout isn't open to public scrutiny. I've seen Public Records Act/FOIA type queries for copies fought by county elections officials across the nation, probably because photocopying a 12ft strip of 3" paper is a bitch :).

As to code scrutiny by independent labs:

The Federal Election Commission approves testing labs for reviewing voting machine code and products. They're the only ones allowed to see the source code on this stuff. The two biggest are Wyle Lab's elections operation in Huntsville, AL and "Ciber Inc" (formerly Metamore) also in Huntsville.

First, all of the voting machines in current use are certified by these labs to standards written by the FEC in 1990. You heard that right. There's also a 2000 standard by the FEC but since all of our electronic voting machines were built prior to 2000, they can be re-certified under the 1990 standards "forever", until the vendors announce significant enough upgrades/revamps to trigger the Y2000 review process. Which NONE have seen fit to do so far.

It gets worse.

We have 13,000 leaked Diebold memos floating around that document, among other things, Diebold lying to the testing labs. In one case, huge amounts of customized code used in WinCE was declared to be "Commercial Off The Shelf" ("COTS") and not subject to source code review.

The exact phrasing of these internal memos and a security analysis of their implications can be found at:

http://www.equalccw.com/sscomment.html

...and:

http://www.equalccw.com/sscomments2.html

Ain't puked quite yet?

Diebold Corp. in Ohio bought Global Election Systems in 2002 (Canadian company) and renamed it Diebold Election Systems. Global's first voting products were written on Unix boxes, where they wrote their own "Accubasic" compiler for some core vote-tally processes. When porting to Windows, they went to great lengths to get Accubasic working on the new platform. OK, query me this: if I'm writing the compiler and I'm publishing source code for scrutiny that's run through that compiler, how in the hell is the source code reviewer supposed to know what's REALLY going on!?

Ahh, but this presumes "bad intent" on Global's part, which normally isn't something you presume. Except that Global was founded in 1988 by three guys name of Norton Cooper, Charles Hong Lee and Michael K. Graye, all three of whom have prior felony convictions in the US and/or Canada for stock fraud, investment scams and the like. By 2000, Global hired a guy name of Jeffrey Dean as lead programmer on the central vote-tally product (GEMS, "Global Election Management Software", still part of the Diebold product line). Dean was a charming chap - convicted of 23 counts of computer-aided embezzlement from a Seattle law firm in what a court called a "sophisticated computer-aided accounting fraud". He was literally recruited while still in prison by another Global employee also doing time. See also this document for more details on these clowns:

Re:One more thing...

[cduffy]

As a result the US government MUST OWN the code that counts the votes. This can never be proprietary.

The US government isn't allowed to own copyrights to anything -- anything they develop directly or that's done as a work-for-hire for them is automatically public domain. (For this reason, there's a lot of code that's written by government contractors and remains under their ownership, even though the reason behind its production was government use).

Effectively, then, any government-developed voting system code would be public domain -- which would be, IMHO, entirely ideal.