Slashdot Mirror

← Back to Stories (view on slashdot.org)

Opening Diebold Source, the Hard Way

Posted by ryuzaki0 on from the no-longer-obscure dept.

Doc Ruby writes to tell us about an article in the Baltimore (MD) Sun, reporting that someone sent a package to a former legislator containing what appears to be Diebold source code. From the article: "Diebold Election Systems Inc. expressed alarm and state election officials contacted the FBI yesterday after a former legislator received an anonymous package containing what appears to be the computer code that ran Maryland's polls in 2004... The availability of the code — the written instructions that tell the machines what to do — is important because some computer scientists worry that the machines are vulnerable to malicious and virtually undetectable vote-switching software. An examination of the instructions would enable technology experts to identify flaws, but Diebold says the code is proprietary and does not allow public scrutiny of it." Read on for more of Doc Ruby's comments and questions.
Maryland's primary elections last month were ruined by procedural and tech problems. Maryland used Diebold machines, even though its Republican governor "lost faith" in them as early as February this year, with months to do something about it before Maryland relied on them in their elections.

The Diebold code was secret, and was used in 2002 even though illegally uncertified — even by private analysts under nondisclosure. Now that it's being "opened by force," the first concern from Diebold, the government, and the media is that it could be further exploited by crackers. What if the voting software were open from the beginning, so its security relied only on hard secrets (like passwords and keys), not mere obscurity, which can be destroyed by "leaks" like the one reported by the Sun? The system's reliability would be known, and probably more secure after thorough public review. How much damage does secret source code employed in public service have to cause before we require it to be opened before we buy it, before we base our government on it?

43 of 299 comments (clear)

  1. Closed source? by insomniac8400 · · Score: 5, Insightful

    I think the closed source parking garage was a perfect example why the government shouldn't let a private company control government assets or processes.

    1. Re:Closed source? by Tim+C · · Score: 3, Insightful

      Businesses fear Open Source like the plague because they're afraid of govenments "buying" software then declaring it "Open Source" they don't have to pay.

      How the hell is that supposed to work? If you contract me to produce some software for you, and I use open source, you still have to pay me the agreed amount or see me in court. That's no different to me using bespoke code, COTS products or magicing it all up out of fairy dust.

      Any business that's truly afraid of what you suggest needs to fire the idiots it has in charge and/or hire a lawyer.

      --
      It's official. Most of you are morons.
    2. Re:Closed source? by mrchaotica · · Score: 2, Insightful

      Not to mention that we're talking about the government anyway -- if it really wants to it can just seize it via Eminent Domain anyway, whether it's open source, closed source, or anything else.

      --

      "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

    3. Re:Closed source? by jc42 · · Score: 4, Insightful

      Businesses fear Open Source like the plague because they're afraid of govenments "buying" software then declaring it "Open Source" they don't have to pay.

      How the hell is that supposed to work? If you contract me to produce some software for you, and I use open source, you still have to pay me the agreed amount or see me in court.

      Any company's lawyers will understand this. If they make such an argument, they are simply lying. Their real motive is that they don't want you to see some parts of the code. This could be because they're embarrassed by the shoddy quality. More often it's because there are things there in addition to what you think you paid for.

      In the case of Diebold, they made this very clear before the 2004 election, when then-CEO Wally O'Dell said - in writing - to the Ohio Republicans that he would deliver their state to George Bush. He lived up to that promise, and there are good grounds to suspect that this wasn't at all accidental. They want their code secret so that we can't find out some of the things they've got hidden there.

      In the case of elections, paranoia is simply rational. History tells us that the people running an election will cheat if given the slightest opportunity. Secret code makes cheating very easy, and the assumption should always be that secrecy like this is to hide what's going on.

      The only practical way to get honest elections with computerized equipment is to require that all the code be open and visible to the public. Anything less is a guarantee of dishonest elections.

      (Guaranteeing that the published code is actually what's running inside the machine is another issue. We need a way to do that, too.)

      --
      Those who do study history are doomed to stand helplessly by while everyone else repeats it.
    4. Re:Closed source? by Alchemar · · Score: 2, Insightful

      Open source and Free do not have to be one in the same. Many database companies have many options available to open source their code. Nobody is willing to pay tens of thousands or hundreds of thousands of dollars for software, and risk losing all of their records because they are stored in a proprietary format. For an extra fee most companies will put the code in an escrow account, usually with stipulations that if the company goes bankrupt or otherwise can no longer support the code, it will be released. For a greater fee most companies will give you the source code up front, and a license to expand it for in house use only. Some companies will let you buy a license to expand the code for specialized use and sell it for a profit. In all these cases the company maked money, and retains rights to their source code. Just because something is published does not make it free for the taking.

      Most goverment contracts have a clause requiring all source code be kept in escrow for this reason. If you hate working with the onboard computer on a car, imagine being stuck behind enemy lines in a new tank trying to figure out what error code 157 is and why it won't allow the engine to start. The military has to know what it is running on its equipment. I want to know why an exception was made for Diebold. It is my understanding that Windows has versions that allow just such a thing to meet military contracts. Just because Diebold uses a windows platform is no excuss around this requirement.

  2. Nuanced distinction by benhocking · · Score: 4, Insightful
    What if the voting software were open from the beginning, so its security relied only on hard secrets (like passwords and keys), not mere obscurity, which can be destroyed by "leaks" like the one reported by the Sun?
    Of course, passwords and keys can also be destroyed by leaks. The important distinction is that - if you're aware of the leak - it's much easier to assign a new password/key than to fix the software.
    --
    Ben Hocking
    Need a professional organizer?
  3. Due diligence by turbofisk · · Score: 5, Insightful

    One would think that the state would require the sourcecode for due diligence...

    1. Re:Due diligence by TubeSteak · · Score: 3, Insightful

      Did you RTFA?
      Or even the summary?

      Maryland was doing its due diligence by having the source code test at two independant software labs... which is, of course, where the source code leak came from.

      Diebold's "it was stolen" explanation strikes me as not being plausible, as the package contained discs from both testing labs. Diebold is claiming that either (A) someone worked at one lab & stole the discs, then broke into the other lab & stole discs, or that (B) someone broke into both labs & got their hands on these discs.

      --
      [Fuck Beta]
      o0t!
  4. What is the specific "problem"? by khasim · · Score: 5, Insightful

    #1. Flaws in the code that could be exploited by anyone who knew them. The classic "security via obscurity". This is just plain stupid.

    #2. Trade Secrets would be revealed. So Diebold has some ingenious work in the system that it does not want revealed.

    #3. Stolen code would be revealed. So Diebold illegally incorporated code from someone else in their product and doesn't want anyone to see it.

    #4. Legal code re-use. So Diebold uses the same code on their ATM's as their voting machines and they worry that anyone with access to the voting code could POSSIBLY find a flaw in the ATM systems.

    Anyone have any other possibilities?

    1. Re:What is the specific "problem"? by CosmeticLobotamy · · Score: 4, Insightful

      #5. They're just selling cheap-ass computers running a crappy piece of software at a hideous mark-up, and they don't want to have to compete with 50 other companies selling the same cheap-ass computers running the same crappy software, or software just different enough not to violate their copyright.

    2. Re:What is the specific "problem"? by Cracked+Pottery · · Score: 3, Insightful

      #5. Code that is so negligently flawed as to suggest the desire to make the machines subject to abuse, subjecting Diebold to untold economic damages and possible criminal investigation.

    3. Re:What is the specific "problem"? by VoidEngineer · · Score: 2, Insightful

      #5. They're using MS ACCESS "database"?

      WTF? My blood started boiling when I read that! **Access**?????

  5. what is good for the good is good for the gander by FudRucker · · Score: 4, Insightful

    if Diebold has done nothing wrong then they should have nothing to hide, that includes sourcecode, open the sourcecode and allow peer review by experts like those that build BSD & the Linux kernel

    --
    Politics is Treachery, Religion is Brainwashing
  6. Program complexity by NJVil · · Score: 5, Insightful

    Apart from a layer of security, just how complex does the software have to be?

    (Clear all variables)
    Enter selections
    Hit accept/enter
    Accumulate values for all selections
    Clear screen
    (Repeat)
    Export at end of election

    Why the hell does something of this level of incomplexity even need to be closed source?

    1. Re:Program complexity by From+A+Far+Away+Land · · Score: 4, Insightful

      "(Clear all variables)
      Enter selections
      Hit accept/enter
      Accumulate values for all selections
      Clear screen
      (Repeat)
      Export at end of election"

      You forgot the most important steps, and the reason these machines are a scam:
      - ??? [Elect who corporation pays for]
      - Profit!

      --
      Oh You POS
  7. Re:Source code not even needed to hack these machi by jorghis · · Score: 2, Insightful

    So how is this any different from a traditional low tech ballot box? If you allow someone unrestricted and unsupervized access to a box full of ballots its security breaks pretty fast too. While it may be possible that computerized voting could have made elections more secure than they were previously, the idea that we have taken a step backwards in terms of security seems like a stretch to me.

  8. Wave your rights.. by msimm · · Score: 5, Insightful

    Voting is public. How can a company legally be allowed *not* to disclose the mechanics of a system built to be used in public elections. What .. we should just assume we can trust the democratic system in the hands of big business? Every programmer? Every engineer? They might as well just hire a bunch of staff that go house to house promise to vote for us.

    There are lots of things that you should be able to keep secret, but not how my voting system works. We might as well do away with it altogether.

    --
    Quack, quack.
  9. Repeat after me: by Anonymous Coward · · Score: 1, Insightful
    Security through obscurity DOES NOT WORK.

    ..it might make you a lower profile target in certain situations but if somebody does target your system, it will be WEAKER than if it had been fully open to scrutiny from the beginning.

  10. Re:Open source & Availability by N3Roaster · · Score: 5, Insightful

    It's true that with open source, someone could potentially find a flaw, not tell anybody about it, and then exploit that flaw to manipulate an election. Why would someone do that? Obviously to advance an agenda, either by getting a win for a particular candidate who supports that agenda (so you'd want to manipulate the votes in a sneaky way) or if your agenda is getting rid of these voting machines, producing results that are clearly absurd (landslide victory for the Stallman write in campaign). I think the former is more subversive and likely to have financial support either from the candidates themselves or organizations supporting those candidates. Given this, it is reasonable to assume that if you are going to fix the vote for the win, your opponent will too, which means you need to either escalate the fraud operation, increasing the risk such fraud will be exposed, or you need to prevent your opponent from taking advantage of the flaws by having them patched and using that labor you saved by not escalating to instead get out the vote.

    I might also be way off in this analysis, but I think having the code open to public scrutiny and the hardware securely locked down (any potential tampering should be evident) would be the way to go if computers are used at all.

    --
    Remember RFC 873!
  11. Re:Source code not even needed to hack these machi by Anonymous Coward · · Score: 5, Insightful

    FUCK A PAPER TRAIL. We need PAPER ELECTIONS. Just that simple. Can paper elections be rigged? Of course they can. Can they be rigged as easily, as invisibly, as completely as digital elections? Hell no. What's mind boggling is that there's even a debate here. Get rid of digital voting machines. Hell, get rid of ANALOG voting machines. Piece of paper, ink pen, padlocked metal box. That's how sane people run elections. The notion of there being anything worth debating here is nothing but complete bullshit.

  12. Just Plain Dumb... by masdog · · Score: 2, Insightful

    On everyone's part. I know that electronic voting is the way of the future, but a closed source, no-bid electronic voting system going to a large political contributor is just asking for trouble.

    I hope some states get the balls to review the code or implement their own system.

    --
    My Sysadmin Blog
  13. EXCUSE ME? by Chabil+Ha' · · Score: 3, Insightful

    Diebold says the code is proprietary and does not allow public scrutiny of it.

    Where did the government drop the ball on this one? IANAL, but it seems to me that the moment something enters into the arena of figuring our elections, it ought, by the very nature of things, enter into public scrutiny. Are we suppose to just bend over and accept anything the see fit to inflict upon us? The contracts in the first place should have been drawn to allow for a public audit of the code.

    --
    We're all hypocrites. We all have hidden parts, it's the contrast between them that make us more a hypocrite than others
  14. Re:Unusual scenario by ip_fired · · Score: 4, Insightful

    These machines exist more than the 30 seconds that you'll be using one. Someone who is dedicated could get their hands on one (through old fashioned thievery) and then have the months you mentioned probing for exploits. Then they still just need 30 seconds to exploit it. The point is, now I have to place *my* trust in this machine, without knowing how it tallies everything.

    Keeping the source code hidden doesn't stop people from finding exploits, but allowing the source code to be open allows the public to see how their vote will be tallied (well, those who have programming knowledge, but I would be more likely to trust it several groups did a code audit and signed off on it).

    --
    Don't count your messages before they ACK.
  15. Re:emmm.... by mabhatter654 · · Score: 3, Insightful
    simple, their software guys tag a version as production, and ship it off to the certifing authority. That version then satisfies the election officals for "honesty". What Diebold employees were doing was using uncertified patches at the last minute to fix bugs... hours before or even DURING the elections!!! The "company line" was that it was "necessary" for the election, and officals had to accept it or not have voting machines available.

    If that's not suspect action then what is? Isn't that the very method of vote tampering we're all discussing?

  16. Re:Hopefully by megaditto · · Score: 4, Insightful

    Don't be caught by this bullshit bait.

    What we need is legal access to the actual code (+source, compiler, bootstrap process) running on the machines, not an illegal access to a piece of code someone chose to 'leak'.

    And more importantly, we need voter-verified paper trail.

    --
    Obama likes poor people so much, he wants to make more of them.
  17. Re:Why did they send it to him? by krs804 · · Score: 2, Insightful

    The former legislator may have lost the election due to a glitch found in the code.

  18. Re:It doesn't make sense by Anonymous Coward · · Score: 2, Insightful

    The fact that democrats haven't attacked this issue further convinces me of their incompetence.

    Silly boy. It's not imcompetence.
    They know full well how 'useful' these voting machines are to the entrenched PTB, and they're busy working on their own code exploits for the next election.

  19. Re:Source code not even needed to hack these machi by Anonymous Coward · · Score: 3, Insightful

    I think everyone knows this. Your friendly government officials know this. The unstated is the fact that Diebold spends large sums of money on lobbying. People in government are afraid to rock the boat. This is a byproduct of bureacracy. People will be punished for standing up to do the right thing.

    It wouldn't take much to do a manual vote count, but you see, in the end, greed rules. Greed causes harrassment, frivolous lawsuits, bogus investigation by government (the whistle blowers are a menace, you see), etc.

  20. Re:Disappointed! Period. by msuarezalvarez · · Score: 2, Insightful
    As an American, I am disappointed in this story. If it's true, then we in the USA are not much different when compared to folks in third world countries.

    As a citizen of a third world country: are you really, honestly surprised?

  21. Re:Source code not even needed to hack these machi by frdmfghtr · · Score: 4, Insightful
    FUCK A PAPER TRAIL. We need PAPER ELECTIONS. Just that simple. Can paper elections be rigged? Of course they can. Can they be rigged as easily, as invisibly, as completely as digital elections? Hell no. What's mind boggling is that there's even a debate here. Get rid of digital voting machines. Hell, get rid of ANALOG voting machines. Piece of paper, ink pen, padlocked metal box. That's how sane people run elections. The notion of there being anything worth debating here is nothing but complete bullshit.


    I have to agree--it has been proven that we, as a technologically advanced society, cannot reliably run an election using any sort of machine to count the ballots. I mean, when a machine counts more votes in a precinct than there are registered voters, that should be a big red flag lit up with a bright spotlight saying (no, SCREAMING) "Hey, something is all screwed up here, better take a look!" I wonder how many "irregularities" like this DON'T get caught.

    I will still support the use of some form of digital voting machine to print these paper ballots with the voter's choice marked, so that the ballots are marked in a consistent fashion and help prevent spoiled ballots (two candidates marked for the same position for example) but to count them, you need people, and only people.

    A rep from each candidate's election campaign to monitor the count and an official counter are what you need. Go ahead and use a spreadsheet to total up the counts if you like, since building a spreadsheet that can add two numbers is still something we can do reliably, but the official count for a precinct is done by hand.
    --
    Government's idea of a balanced budget: take money from the right pocket to balance...oh who am I kidding?
  22. Re:Source code not even needed to hack these machi by ScentCone · · Score: 1, Insightful

    I can just see Bush declaring an emergency on polling day which has the side-effect of banning exit polls... oh so convenient... get rid of those pesky exit polls... then no-one knows how the voting is going except those controlling the magic software...

    Utter nonsense. Any "emergency" so dire that someone can't stand on a sidewalk and ask someone else on the sidewalk a question would be an emergency so serious that it would prevent voting in the first place. You're dreaming up mustache-twirling fanstasy villainy just because you don't like someone. It's a little embarassing, really.

    Next thing you're going to tell me is that the previous administration had FBI dossiers on political opponents delivered to White House staff for review by campaign workers! Oh, wait, that did happen. If you can "just see Bush" doing something, why not actually explain how that would, in practical terms, work? That would at least show that you're thinking about it, and would more stylishly showcase your tin-foil hat by accenting it with some propertly conspiratorial crazy-flair.

    --
    Don't disappoint your bird dog. Go to the range.
  23. Re:Guaranteed only copy... by IcyHando'Death · · Score: 4, Insightful

    I love this part:

    "A spokesman for Diebold ... said the company is treating the software Kagan received as "stolen" ... Lawyers for the company are seeking its return.

    I see. So all the authorities have to do is recover the copy of the code that was "stole", and once again the American public can sleep sound in the knowledge that this security breach has been rectified.

    Now isn't this a fine illustration of how applying the term "stolen" to information is wrong-headed?

    My question is this: what could Diebold possibly expect to gain from recovering this "stolen" code? Do they expect to ever be able to use it again in their voting machines? Of course they do, and I'll bet they get away with it too, though why they should be able to, I'll never understand.

  24. Re:Source code not even needed to hack these machi by Jeremi · · Score: 4, Insightful
    So how is this any different from a traditional low tech ballot box? If you allow someone unrestricted and unsupervized access to a box full of ballots its security breaks pretty fast too.


    You're right, and that's why nobody has "unrestricted and unsupervized access" to the ballot box once it contains ballots. It is kept locked and in full public view during the election, and the ballots are carefully supervised (by at least two poll workers, usually more) at all times afterwards.


    The difference is, with the Diebold-style systems the "ballot box" is also a security hazard when it's empty. If you want an analogy, you'd have to imagine a ballot box that could be programmed before the election to create or destroy ballots during the election.... a device that would not be easy to implement in plastic ;^)

    --


    I don't care if it's 90,000 hectares. That lake was not my doing.
  25. Remote possibility by Haxx · · Score: 2, Insightful


        I have read and heard much about the conspiracy of electronic vote tampering. Many people claim Diebold and other companies could and would change election outcomes. The fact that it is even remotely possible, for a company to change the outcome of an election, should render the whole electronic voting sector obsolete and illegal. Why it isn't is beyond reason.

  26. Re:Disappointed! Period. by Jeremi · · Score: 4, Insightful
    What about the integrity of the elections?


    The problem in American is, everybody is so sure that we're the best democracy ever, that nobody bothers to check to see if that's the really case. People are able to overlook a lot, if seeing it would mean seeing their beloved country in a less-than-positive light.

    --


    I don't care if it's 90,000 hectares. That lake was not my doing.
  27. Re:Source code not even needed to hack these machi by Anonymous Coward · · Score: 1, Insightful

    If you want someone to take you seriously, you need to provide more than rumors. You need to link to evidence to back up your claims. You say the Diebold source code was put on an FTP server? Where is it? You say the data was over 3GB? What was in it? It is doubtful that Diebold's source exceeds one GB, mush less three. People don't take you seriously because you sound like a troll making stuff up.

  28. Re:Count em' by hand by Jeremi · · Score: 3, Insightful
    Why do it the hard and screwed up way?


    See, the problem with your antiquated Canadian 'system' is that you often end up electing officials based on the will of the voters. That's no way to run the most powerful country in the world -- leave it up to those yahoos? They'd probably just go and do something stupid, like electing the wrong guy. Who would save us from terrists, gays, and health care then? Hmmm? Hmmm??

    --


    I don't care if it's 90,000 hectares. That lake was not my doing.
  29. Re:Open source & Availability by sjames · · Score: 4, Insightful

    f not, it is more secure in a way, since malicious users can't test exploits on it before the election, and then they have limited timeframe to do that during the election.

    That is the crux of Diebold's argument for keeping the source closed. TFA reveals the flaw in that reasoning. Whoever that anonymous someone is, he sent the source to someone who is not supposed to have it at all. How many other anonymous somebodies have done the same thing in exchange for wads of cash? It's hard to say, but I'm not willing to bet democracy in the U.S. that the number is 0.

    It's the worst of both worlds. The bad guys see the code, but the good guys don't worry about little problems since "nobody but them will even know". Releases tend to happen when it's convieniant for sales rather than when it's done.

    Meanwhile in the open source world, we know everyone and his dog will see the code, so it had better be good. Of course, that is no golden guarantee of perfection. Security flaws happen in open source too.

    A much bigger factor is the ratio of good guys vs. bad guys reviewing the code. With proprietary code, reviews are limited to the dev team and an unknown (probably non-zero) number of bad guys. Open source has more bad guys looking at it, but a LOT more good guys with no vested interest in sweeping flaws under the rug.

  30. Because corruption is more of a concern by MarkusQ · · Score: 4, Insightful
    Nothing computer readable, not even a barcode.
    Why do you want to make sure that only the most fallible machine in the world can read the ballots?

    Because, I would presume, he is more worried about corruption than about failure. Computers may be more reliable, but they are also far more corruptible than any human.

    You will never find a human that will, after a few minutes of persuasion, reliably betray its principles, never tell anyone, never come back to blackmail you, and even completely forget the whole incident even happened should you care to ask him to, let alone thousands of identical humans who will do so in lockstep without giving the slightest indication that anything is amiss.

    If you want a conspiracy that won't fall apart, use computers. If you want to prevent such a conspiracy, keep the computers as far away from the process as you can.

    --MarkusQ

  31. Re:Source code not even needed to hack these machi by doom · · Score: 3, Insightful
    ...an emergency so serious that it would prevent voting in the first place.
    Indeed. That's a more likely scenario, I fear...
    Elections are conducted at the state level. The President does not have the authority to stop them.
    Heh. Now you're going to tell us that the Federal Supreme Court has no right to interfere in a state's electoral process...

  32. Re:Source code not even needed to hack these machi by Jeremi · · Score: 2, Insightful
    You are exceedingly naive if you think reality is the same thing as the rules.


    I never claimed that the non-elecronic solution was 100% foolproof... only that the electronic solution suffers from additional vulnerabilities that the current solution does not.


    We can run off any "independent observers" and do what we like with the ballot boxes. We can even pretend to be representatives of the major parties. We were all appointed by the local board of elections, whose members were all hand-selected for their willingness to "go with the program" by the local political boss.


    Of course. If you are willing and able to break the law with impunity, you can do all of those things and more. But at least people will know that you broke the law ("running off independent observers" is a violation of the law), and with any luck the ensuing publicity will land you in jail (or more likely, the high likelihood of being caught will dissuade you from trying such shennanigans in the first place).


    I don't think any voting system could be made to work properly in cases where all of the election workers and the local government are dishonest. So one has to assume that in most cases, at least some of the pollworkers are honest, or give up on democracy altogether. At least with the current system, cheating requires the subversion of the entire group of poll workers. That's better than a system where a single individual could botch the results without anyone else's help and without any creating any evidence of wrongdoing.

    --


    I don't care if it's 90,000 hectares. That lake was not my doing.
  33. Re:Source code not even needed to hack these machi by TapeCutter · · Score: 2, Insightful

    If you want someone to take you seriously, you need to provide more than rumors.

    You don't need the source code to realise the machines and the procedures surrounding them are open to undetectable fraud and who can say if a copy of "secret code" is kosha anyway? Even if we assume fraud is happening, evidence like that should be saved for an indictment, but at the moment there is no court case where someone has to prove fraud. However that is all just a distraction, doubters should not have to prove fraud, they should only need to show it's possible.

    In other words: You need proof to indict someone, you don't need it to judge the usefullness of these machines. A simple application of logic shows the design of "paperless elections" is at best hopelessly vunerable to cheating, and at worst a bloodless coup.

    My there are alot of AC's in this thread, or is that just a few very devoted AC's?

    --
    And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
  34. Re:Count em' by hand by PenGun · · Score: 2, Insightful

    I'm not sure what you mean. We have ballots and you mark them with a pen, then you put em' the box. No chads.

        PenGun
      Do What Now ??? ... Standards and Practices !