Source Code Access Denied in Disputed Race

MrMetlHed writes "A judge ruled Friday that congressional aspirant Christine Jennings has no right to examine the source code that runs the electronic voting machines at the center of a disputed Southwest Florida congressional race. From the article: 'The ruling Friday from Judge Gary prevents for now the Jennings camp from being able to use the programming code to try to show voting machines used in Sarasota County malfunctioned. Jennings claims that an unusually large number of undervotes (ballots that didn't show a vote) recorded in the race implies the machines lost the votes.'"

Outrageous

[Xeth]

This is precisely why government shouldn't be using closed-box commercial software. We have no idea whether the machines are functioning as advertised. Do people not realize that we're essentially just handing a bunch of ballots to these companies and then just accepting the verdict they hand down? It boggles the mind that any democracy-loving representative can stand for this. Maybe there just aren't any left?

Re:Outrageous

[leenks]

That's true, but it only shows half the picture (like most statistics). If you look at the time it took to fix the exploits and ship the fix to customers then most Open Source projects win hands down. Microsoft does occasionally do this in quite a timely manner, but most of the time it is weeks, months or even years.

The other thing to consider is the number of holes that might be discovered if everyone had access to the Windows source code :)

Re:Outrageous

What is interesting is not how much security holes found, but:

A) They`re usefulness in gaining inappropriate access.
B) How many holes are left.

Now with A), Windows with its single user administration accounts and open privileges to system by all users, makes any userland bug into an root-level access nightmare. Yes, you can have a separate admin-account. No, XP doesn`t support this fully on the file-level (I`ve done it many times, and it`s a PITA because of bugs in XP regarding running programs or installing software as administrator)
A) will hopefully be fully solved in VISTA. How many years after UNIX solved this?

With B), you cannot really know. Open access to the source code and the whole world watching, makes it pretty obvious you`re going to have more fixes for Linux and BSD. With closed source, you never really know how many holes are left except when someone stumbles on one in the dark, you never really know what the software does or if it contains any backdoors.

It is not so far-fetched to state that the more fixes you have to a system, the more secure it is. But it`s really hard to say. Are NT programmers more proficient than Linux-programmers concerning security? Experience shows that security has never been Microsoft`s priority, marketshare has.

So IMHO Linux and BSD are very much more secure than Windows / NT / XP, maybe even BECAUSE of more fixes for the systems.. But also for the multi-user models used in UNIX which adds a layer of security with the root user, unless the user runs as root all day long of course.

So ANY system will be insecure if the user do stupid things.

Re:Outrageous

[aztracker1]

Here in Arizona, we've had scan-tron style voting for quite a while.. it works well, and has a paper trail... this last election they've started offering the "e-voting" machines... imho they suck, even more for cost and logistical reasons. They're each as expensive as one scan-tron, and each is tied up while the person is voting.. a single scan-tron style unit can handle dozens of voters to one e-voting machine... But, people are sheep.

Re:Outrageous

[Bob3141592]

There's no reason this code should ever be closed. In the computers that run casino games, the government regulatory agencies requires all source code be provided for scrutiny, as well as mandating registered CRCs and digital signatures to prove that the code executing is the code that was inspected. There's all sorts of inspections and reliability tests done on initial submittal and also throughout the lifetime of the computer's use. They do this because those computers affect money, and everyone knows money is important.

If the public/government doesn't require similar validation and reliability for electronic voting machines, it's because your votes aren't considered important or valuable. I don't see any way to escape that conclusion, given the way things are.

Re:unfuckingbelivable

[TheRaven64]

Not knowing the source code for a voting machine is the equivalent to saying "a miracle happens here" at a critical part in a mathematical proof. Completely utterly unnaceptable. Having any kind of electronic voting machine is unacceptable in a democracy. Do you have the skill to audit the source code and say with 100% certainty that there are no exploitable bugs? I could with maybe 40-60% certainty. Is that enough for democracy? I would say that less than 1% of the population is more qualified than me to perform the audit (assuming access to the source code). Is it good enough that 1% of the population can say 'I am fairly confident that this doesn't have any holes.

Why should Joe Public have to rely on someone like me saying 'trust me, it's secure?' Would you be willing to have a ballot paper written in Kanji and an expert tell you which set of symbols corresponded to your candidate? I certainly wouldn't, so why should the rest of the population have to place the same faith in experts?