Slashdot Mirror
Opening Diebold Source, the Hard Way
Doc Ruby writes to tell us about an article in the Baltimore (MD) Sun, reporting that someone sent a package to a former legislator containing what appears to be Diebold source code. From the article:
"Diebold Election Systems Inc. expressed alarm and state election officials contacted the FBI yesterday after a former legislator received an anonymous package containing what appears to be the computer code that ran Maryland's polls in 2004... The availability of the code — the written instructions that tell the machines what to do — is important because some computer scientists worry that the machines are vulnerable to malicious and virtually undetectable vote-switching software. An examination of the instructions would enable technology experts to identify flaws, but Diebold says the code is proprietary and does not allow public scrutiny of it." Read on for more of Doc Ruby's comments and questions.
Maryland's primary elections last month were ruined by procedural and tech problems. Maryland used Diebold machines, even though its Republican governor "lost faith" in them as early as February this year, with months to do something about it before Maryland relied on them in their elections.
The Diebold code was secret, and was used in 2002 even though illegally uncertified — even by private analysts under nondisclosure. Now that it's being "opened by force," the first concern from Diebold, the government, and the media is that it could be further exploited by crackers. What if the voting software were open from the beginning, so its security relied only on hard secrets (like passwords and keys), not mere obscurity, which can be destroyed by "leaks" like the one reported by the Sun? The system's reliability would be known, and probably more secure after thorough public review. How much damage does secret source code employed in public service have to cause before we require it to be opened before we buy it, before we base our government on it?
Maryland's primary elections last month were ruined by procedural and tech problems. Maryland used Diebold machines, even though its Republican governor "lost faith" in them as early as February this year, with months to do something about it before Maryland relied on them in their elections.
The Diebold code was secret, and was used in 2002 even though illegally uncertified — even by private analysts under nondisclosure. Now that it's being "opened by force," the first concern from Diebold, the government, and the media is that it could be further exploited by crackers. What if the voting software were open from the beginning, so its security relied only on hard secrets (like passwords and keys), not mere obscurity, which can be destroyed by "leaks" like the one reported by the Sun? The system's reliability would be known, and probably more secure after thorough public review. How much damage does secret source code employed in public service have to cause before we require it to be opened before we buy it, before we base our government on it?
I think the closed source parking garage was a perfect example why the government shouldn't let a private company control government assets or processes.
One would think that the state would require the sourcecode for due diligence...
#1. Flaws in the code that could be exploited by anyone who knew them. The classic "security via obscurity". This is just plain stupid.
#2. Trade Secrets would be revealed. So Diebold has some ingenious work in the system that it does not want revealed.
#3. Stolen code would be revealed. So Diebold illegally incorporated code from someone else in their product and doesn't want anyone to see it.
#4. Legal code re-use. So Diebold uses the same code on their ATM's as their voting machines and they worry that anyone with access to the voting code could POSSIBLY find a flaw in the ATM systems.
Anyone have any other possibilities?
Apart from a layer of security, just how complex does the software have to be?
(Clear all variables)
Enter selections
Hit accept/enter
Accumulate values for all selections
Clear screen
(Repeat)
Export at end of election
Why the hell does something of this level of incomplexity even need to be closed source?
Voting is public. How can a company legally be allowed *not* to disclose the mechanics of a system built to be used in public elections. What .. we should just assume we can trust the democratic system in the hands of big business? Every programmer? Every engineer? They might as well just hire a bunch of staff that go house to house promise to vote for us.
There are lots of things that you should be able to keep secret, but not how my voting system works. We might as well do away with it altogether.
Quack, quack.
It's true that with open source, someone could potentially find a flaw, not tell anybody about it, and then exploit that flaw to manipulate an election. Why would someone do that? Obviously to advance an agenda, either by getting a win for a particular candidate who supports that agenda (so you'd want to manipulate the votes in a sneaky way) or if your agenda is getting rid of these voting machines, producing results that are clearly absurd (landslide victory for the Stallman write in campaign). I think the former is more subversive and likely to have financial support either from the candidates themselves or organizations supporting those candidates. Given this, it is reasonable to assume that if you are going to fix the vote for the win, your opponent will too, which means you need to either escalate the fraud operation, increasing the risk such fraud will be exposed, or you need to prevent your opponent from taking advantage of the flaws by having them patched and using that labor you saved by not escalating to instead get out the vote.
I might also be way off in this analysis, but I think having the code open to public scrutiny and the hardware securely locked down (any potential tampering should be evident) would be the way to go if computers are used at all.
Remember RFC 873!
FUCK A PAPER TRAIL. We need PAPER ELECTIONS. Just that simple. Can paper elections be rigged? Of course they can. Can they be rigged as easily, as invisibly, as completely as digital elections? Hell no. What's mind boggling is that there's even a debate here. Get rid of digital voting machines. Hell, get rid of ANALOG voting machines. Piece of paper, ink pen, padlocked metal box. That's how sane people run elections. The notion of there being anything worth debating here is nothing but complete bullshit.