Source Code Access Denied in Disputed Race

MrMetlHed writes "A judge ruled Friday that congressional aspirant Christine Jennings has no right to examine the source code that runs the electronic voting machines at the center of a disputed Southwest Florida congressional race. From the article: 'The ruling Friday from Judge Gary prevents for now the Jennings camp from being able to use the programming code to try to show voting machines used in Sarasota County malfunctioned. Jennings claims that an unusually large number of undervotes (ballots that didn't show a vote) recorded in the race implies the machines lost the votes.'"

Re:Nothing tests code like the real world

[DRJlaw]

There's definitely something screwy going on. From the article, about 18000 votes were accepted that didn't actually vote for anything. Now, if I was designing an e-voting package, there's no way I'd mark a vote as accepted if it didn't vote for something, especially in a country like the US where voting is not mandatory. After all, if they've bothered to turn up at the voting booth, you can assume they actually intended to vote.

You're misreading the article.

"Some 18,000 Sarasota County electronic ballots did not register a vote in the race, a much higher undervote rate _ nearly 15 percent _ than in others such as those for governor or U.S. Senate. Jennings contends the machines lost the votes. Buchanan backers and the company say that if there was an unusually large undervote it was likely because of bad ballot design."

There were 18,000 people who did not vote for either Jennings or Buchanan (or another option, if any). People routinely vote for "none of the above" when they dislike each of the candidates, when they have little information about the candidates, etc. You cannot refuse to accept the voter's selections once the voter has showed up at the polls and voted in even one race, because that may very well be the voter's intent. Arguably, you cannot refuse to accept a submission that contains no selections, because that too may be the voter's intent.

You are at best arguing about the sufficiency of the selection review prior to a submission. There is not enough information in the article to discuss this information, and it does not support the candidate's allegations of fraud, so that it is essentially irrelevant to the legal case taking place after the election. You're free to argue against the ballot presentation selected/entered by the various Boards of Election, but you can hardly argue based solely on the undervote that this was a programming "feature" or design defect.

15% undervote

15% of people who voted on the rest of the ticket, mysteriously didn't vote for their Congressman. Even funnier, it was very very strongly biased in favor of Democrat voters, 18% of people who voted Democrat on the remainder of the ticket didn't vote for a Congressman. Even stranger still, it was Florida the former seat of Katherine Harris, even stranger still other neighboring districts showed more typical errors of 3% or so with no political bias.

Fix the vote, make it verifiable, even now when you think the last vote was fair, you don't know it was, nobody can show it was, and there's so much money and power at stake, the vote must be totally trusted.

Florida has a Democrat voter majority, yet elects Republicans and it is more than gerrymandering.

Re:Nothing tests code like the real world

[theonetruekeebler]

From the article, about 18000 votes were accepted that didn't actually vote for anything What the article actually said was:

18,000 Sarasota County electronic ballots did not register a vote in the race (emphasis added) It further says this means about fifteen percent of the ballots cast did not have a selection in this race.

The loser says this happened because the software went all wonky. The winner says it probably happened because of poor layout -- voters didn't even find the race, or they found and misunderstood the race, or they fat-fingered the ballot.

The loser, of course, can't challenge on the misunderstood-ballot theory, because it implies that her support base is statistically more likely do do something stupid than her opponent's.

That said, I find this ruling intolerable. When the government is formed by the counting of ballots, the method of the counting must be open and available. I think it was Boss Tweed who said it best: "As long as I get to count the votes, what are you going to do about it?"

Re:Incomplete article

[amaiman]

No. Ability to check your own vote means that if you give the key to someone else, they can verify your vote as well, this will lead to people selling their votes.

Re:Outrageous

[spisska]

This is commercial code which the vendor hopes to sell in other locations. Which leads me to a separate question for all of those advocating open source code: What should be the compensation model for using the code?

The question is irrelevant. Voting machine vendors already have to submit machines and source to certification agencies for Logic and Acciracy testing and certification. For any machine in use on election day, the source code (and/or mechanical parts) have already been disected, examined, and certified.

This is the reason why Diebold machines were decertified in California -- not, as is often claimed, because they are insecure, but because Diebold updated certified firmware with code that had not gone through certification.

The state already has the right to examine source code, and has already done so. What the judge decided (wrongly, IMHO) is that this right does not extend to parties involved in a disputed election where the primary claim hinges on whether or not the machines and code functioned as they were supposed to.

NIST has recently recommended requiring the effective open-sourcing of voting machine code, but these recommendations (Voluntary Voting Systems Guidelines) won't go into effect until 2009. Previously, and in the current VVSG, NIST recommends keeping certified source code in escrow so it is available for examination in case of dispute.