Opening Diebold Source, the Hard Way

Doc Ruby writes to tell us about an article in the Baltimore (MD) Sun, reporting that someone sent a package to a former legislator containing what appears to be Diebold source code. From the article: "Diebold Election Systems Inc. expressed alarm and state election officials contacted the FBI yesterday after a former legislator received an anonymous package containing what appears to be the computer code that ran Maryland's polls in 2004... The availability of the code — the written instructions that tell the machines what to do — is important because some computer scientists worry that the machines are vulnerable to malicious and virtually undetectable vote-switching software. An examination of the instructions would enable technology experts to identify flaws, but Diebold says the code is proprietary and does not allow public scrutiny of it." Read on for more of Doc Ruby's comments and questions.
Maryland's primary elections last month were ruined by procedural and tech problems. Maryland used Diebold machines, even though its Republican governor "lost faith" in them as early as February this year, with months to do something about it before Maryland relied on them in their elections.

The Diebold code was secret, and was used in 2002 even though illegally uncertified — even by private analysts under nondisclosure. Now that it's being "opened by force," the first concern from Diebold, the government, and the media is that it could be further exploited by crackers. What if the voting software were open from the beginning, so its security relied only on hard secrets (like passwords and keys), not mere obscurity, which can be destroyed by "leaks" like the one reported by the Sun? The system's reliability would be known, and probably more secure after thorough public review. How much damage does secret source code employed in public service have to cause before we require it to be opened before we buy it, before we base our government on it?

Re:what is good for the good is good for the gande

[Homology]

if Diebold has done nothing wrong then they should have nothing to hide, that includes sourcecode, open the sourcecode and allow peer review by experts like those that build BSD & the Linux kernel

Peer review should by done by those that cares about security. For the Linux kernel, security comes after features and performance, so people with the mindset of OpenBSD developers are better for this kind of peer review. Note that there are Linux developers that cares about security, but the Linux community in general seems not to care that much.

Re:Source code not even needed to hack these machi

[ScentCone]

Piece of paper, ink pen, padlocked metal box. That's how sane people run elections.

Do you have any recollection of the Florida mess in 2000? The Gore campaign didn't like the results, and demanded recounts in certain districts though to be favorable to their candidate. There was no arguing about most of the poll documents, but because they were literally trying to differentiate between a few hundred votes, it came down to groups of people sitting around a table debating what they imagined a voter's thoughts really were when they left a partial impression next to ONE candidate's name, but then a slightly more dramatic impression next to another, etc.

Pens and paper are too ambiguous when you have campaign workers doing psychic readings after the fact and trying to produce the results they're looking for. Electronic voting mechanisms unambiguously record the voter's actions (or lack of them). A paper trail produced at the same time, reviewed by the voter, is the ideal method.

Re:Elected officials are teh suck

"Ross Goldstein". He wouldn't happen to be JEWISH by any chance?

Who'd have thought it?

It must be so nice working your butt off to pay taxes so that a foreign country can steal them to wage wars with YOUR OWN COUNTRYMEN fighting on the foreign country's behalf...

Israel and the jews run America.