Slashdot Mirror
Opening Diebold Source, the Hard Way
Doc Ruby writes to tell us about an article in the Baltimore (MD) Sun, reporting that someone sent a package to a former legislator containing what appears to be Diebold source code. From the article:
"Diebold Election Systems Inc. expressed alarm and state election officials contacted the FBI yesterday after a former legislator received an anonymous package containing what appears to be the computer code that ran Maryland's polls in 2004... The availability of the code — the written instructions that tell the machines what to do — is important because some computer scientists worry that the machines are vulnerable to malicious and virtually undetectable vote-switching software. An examination of the instructions would enable technology experts to identify flaws, but Diebold says the code is proprietary and does not allow public scrutiny of it." Read on for more of Doc Ruby's comments and questions.
Maryland's primary elections last month were ruined by procedural and tech problems. Maryland used Diebold machines, even though its Republican governor "lost faith" in them as early as February this year, with months to do something about it before Maryland relied on them in their elections.
The Diebold code was secret, and was used in 2002 even though illegally uncertified — even by private analysts under nondisclosure. Now that it's being "opened by force," the first concern from Diebold, the government, and the media is that it could be further exploited by crackers. What if the voting software were open from the beginning, so its security relied only on hard secrets (like passwords and keys), not mere obscurity, which can be destroyed by "leaks" like the one reported by the Sun? The system's reliability would be known, and probably more secure after thorough public review. How much damage does secret source code employed in public service have to cause before we require it to be opened before we buy it, before we base our government on it?
Maryland's primary elections last month were ruined by procedural and tech problems. Maryland used Diebold machines, even though its Republican governor "lost faith" in them as early as February this year, with months to do something about it before Maryland relied on them in their elections.
The Diebold code was secret, and was used in 2002 even though illegally uncertified — even by private analysts under nondisclosure. Now that it's being "opened by force," the first concern from Diebold, the government, and the media is that it could be further exploited by crackers. What if the voting software were open from the beginning, so its security relied only on hard secrets (like passwords and keys), not mere obscurity, which can be destroyed by "leaks" like the one reported by the Sun? The system's reliability would be known, and probably more secure after thorough public review. How much damage does secret source code employed in public service have to cause before we require it to be opened before we buy it, before we base our government on it?
I think the closed source parking garage was a perfect example why the government shouldn't let a private company control government assets or processes.
Ben Hocking
Need a professional organizer?
One would think that the state would require the sourcecode for due diligence...
#1. Flaws in the code that could be exploited by anyone who knew them. The classic "security via obscurity". This is just plain stupid.
#2. Trade Secrets would be revealed. So Diebold has some ingenious work in the system that it does not want revealed.
#3. Stolen code would be revealed. So Diebold illegally incorporated code from someone else in their product and doesn't want anyone to see it.
#4. Legal code re-use. So Diebold uses the same code on their ATM's as their voting machines and they worry that anyone with access to the voting code could POSSIBLY find a flaw in the ATM systems.
Anyone have any other possibilities?
if Diebold has done nothing wrong then they should have nothing to hide, that includes sourcecode, open the sourcecode and allow peer review by experts like those that build BSD & the Linux kernel
Politics is Treachery, Religion is Brainwashing
Apart from a layer of security, just how complex does the software have to be?
(Clear all variables)
Enter selections
Hit accept/enter
Accumulate values for all selections
Clear screen
(Repeat)
Export at end of election
Why the hell does something of this level of incomplexity even need to be closed source?
Voting is public. How can a company legally be allowed *not* to disclose the mechanics of a system built to be used in public elections. What .. we should just assume we can trust the democratic system in the hands of big business? Every programmer? Every engineer? They might as well just hire a bunch of staff that go house to house promise to vote for us.
There are lots of things that you should be able to keep secret, but not how my voting system works. We might as well do away with it altogether.
Quack, quack.
It's true that with open source, someone could potentially find a flaw, not tell anybody about it, and then exploit that flaw to manipulate an election. Why would someone do that? Obviously to advance an agenda, either by getting a win for a particular candidate who supports that agenda (so you'd want to manipulate the votes in a sneaky way) or if your agenda is getting rid of these voting machines, producing results that are clearly absurd (landslide victory for the Stallman write in campaign). I think the former is more subversive and likely to have financial support either from the candidates themselves or organizations supporting those candidates. Given this, it is reasonable to assume that if you are going to fix the vote for the win, your opponent will too, which means you need to either escalate the fraud operation, increasing the risk such fraud will be exposed, or you need to prevent your opponent from taking advantage of the flaws by having them patched and using that labor you saved by not escalating to instead get out the vote.
I might also be way off in this analysis, but I think having the code open to public scrutiny and the hardware securely locked down (any potential tampering should be evident) would be the way to go if computers are used at all.
Remember RFC 873!
FUCK A PAPER TRAIL. We need PAPER ELECTIONS. Just that simple. Can paper elections be rigged? Of course they can. Can they be rigged as easily, as invisibly, as completely as digital elections? Hell no. What's mind boggling is that there's even a debate here. Get rid of digital voting machines. Hell, get rid of ANALOG voting machines. Piece of paper, ink pen, padlocked metal box. That's how sane people run elections. The notion of there being anything worth debating here is nothing but complete bullshit.
These machines exist more than the 30 seconds that you'll be using one. Someone who is dedicated could get their hands on one (through old fashioned thievery) and then have the months you mentioned probing for exploits. Then they still just need 30 seconds to exploit it. The point is, now I have to place *my* trust in this machine, without knowing how it tallies everything.
Keeping the source code hidden doesn't stop people from finding exploits, but allowing the source code to be open allows the public to see how their vote will be tallied (well, those who have programming knowledge, but I would be more likely to trust it several groups did a code audit and signed off on it).
Don't count your messages before they ACK.
Don't be caught by this bullshit bait.
What we need is legal access to the actual code (+source, compiler, bootstrap process) running on the machines, not an illegal access to a piece of code someone chose to 'leak'.
And more importantly, we need voter-verified paper trail.
Obama likes poor people so much, he wants to make more of them.
I have to agree--it has been proven that we, as a technologically advanced society, cannot reliably run an election using any sort of machine to count the ballots. I mean, when a machine counts more votes in a precinct than there are registered voters, that should be a big red flag lit up with a bright spotlight saying (no, SCREAMING) "Hey, something is all screwed up here, better take a look!" I wonder how many "irregularities" like this DON'T get caught.
I will still support the use of some form of digital voting machine to print these paper ballots with the voter's choice marked, so that the ballots are marked in a consistent fashion and help prevent spoiled ballots (two candidates marked for the same position for example) but to count them, you need people, and only people.
A rep from each candidate's election campaign to monitor the count and an official counter are what you need. Go ahead and use a spreadsheet to total up the counts if you like, since building a spreadsheet that can add two numbers is still something we can do reliably, but the official count for a precinct is done by hand.
Government's idea of a balanced budget: take money from the right pocket to balance...oh who am I kidding?
I love this part:
... said the company is treating the software Kagan received as "stolen" ... Lawyers for the company are seeking its return.
"A spokesman for Diebold
I see. So all the authorities have to do is recover the copy of the code that was "stole", and once again the American public can sleep sound in the knowledge that this security breach has been rectified.
Now isn't this a fine illustration of how applying the term "stolen" to information is wrong-headed?
My question is this: what could Diebold possibly expect to gain from recovering this "stolen" code? Do they expect to ever be able to use it again in their voting machines? Of course they do, and I'll bet they get away with it too, though why they should be able to, I'll never understand.
You're right, and that's why nobody has "unrestricted and unsupervized access" to the ballot box once it contains ballots. It is kept locked and in full public view during the election, and the ballots are carefully supervised (by at least two poll workers, usually more) at all times afterwards.
The difference is, with the Diebold-style systems the "ballot box" is also a security hazard when it's empty. If you want an analogy, you'd have to imagine a ballot box that could be programmed before the election to create or destroy ballots during the election.... a device that would not be easy to implement in plastic
I don't care if it's 90,000 hectares. That lake was not my doing.
The problem in American is, everybody is so sure that we're the best democracy ever, that nobody bothers to check to see if that's the really case. People are able to overlook a lot, if seeing it would mean seeing their beloved country in a less-than-positive light.
I don't care if it's 90,000 hectares. That lake was not my doing.
f not, it is more secure in a way, since malicious users can't test exploits on it before the election, and then they have limited timeframe to do that during the election.
That is the crux of Diebold's argument for keeping the source closed. TFA reveals the flaw in that reasoning. Whoever that anonymous someone is, he sent the source to someone who is not supposed to have it at all. How many other anonymous somebodies have done the same thing in exchange for wads of cash? It's hard to say, but I'm not willing to bet democracy in the U.S. that the number is 0.
It's the worst of both worlds. The bad guys see the code, but the good guys don't worry about little problems since "nobody but them will even know". Releases tend to happen when it's convieniant for sales rather than when it's done.
Meanwhile in the open source world, we know everyone and his dog will see the code, so it had better be good. Of course, that is no golden guarantee of perfection. Security flaws happen in open source too.
A much bigger factor is the ratio of good guys vs. bad guys reviewing the code. With proprietary code, reviews are limited to the dev team and an unknown (probably non-zero) number of bad guys. Open source has more bad guys looking at it, but a LOT more good guys with no vested interest in sweeping flaws under the rug.
Because, I would presume, he is more worried about corruption than about failure. Computers may be more reliable, but they are also far more corruptible than any human.
You will never find a human that will, after a few minutes of persuasion, reliably betray its principles, never tell anyone, never come back to blackmail you, and even completely forget the whole incident even happened should you care to ask him to, let alone thousands of identical humans who will do so in lockstep without giving the slightest indication that anything is amiss.
If you want a conspiracy that won't fall apart, use computers. If you want to prevent such a conspiracy, keep the computers as far away from the process as you can.
--MarkusQ