Slashdot Mirror
Source Code Access Denied in Disputed Race
MrMetlHed writes "A judge ruled Friday that congressional aspirant Christine Jennings has no right to examine the source code that runs the electronic voting machines at the center of a disputed Southwest Florida congressional race. From the article: 'The ruling Friday from Judge Gary prevents for now the Jennings camp from being able to use the programming code to try to show voting machines used in Sarasota County malfunctioned. Jennings claims that an unusually large number of undervotes (ballots that didn't show a vote) recorded in the race implies the machines lost the votes.'"
This is precisely why government shouldn't be using closed-box commercial software. We have no idea whether the machines are functioning as advertised. Do people not realize that we're essentially just handing a bunch of ballots to these companies and then just accepting the verdict they hand down? It boggles the mind that any democracy-loving representative can stand for this. Maybe there just aren't any left?
If your theory is different from practice, then your theory is wrong.
The source code for such nasty machines should by definition be publicly available. Who the fuck trusts those devices when its source code is unavailable??
But I am able to call bull shit when I see it. And refusing them, or at least a mutually agreed on qualified party, to review the code in question is asinine.
And proof positive that these things, if allowed at all, MUST be open source.
There's definitely something screwy going on. From the article, about 18000 votes were accepted that didn't actually vote for anything. Now, if I was designing an e-voting package, there's no way I'd mark a vote as accepted if it didn't vote for something, especially in a country like the US where voting is not mandatory. After all, if they've bothered to turn up at the voting booth, you can assume they actually intended to vote.
(The situation is a little different in my home country of Australia - mandatory voting means that we might get something out of having a "none-of-the-above" option)
I also wouldn't put much faith in the "two parallel tests" done by the state. Absolutely nothing tests code like the real world, and the fact that both tests revealed "100 percent accuracy" when errors were detected on all models of e-voting machines during the US Congressional elections just means that the tests weren't very good. I doubt very much that the tests involved as many as 18000 voters in the first place, not to mention underpaid and overworked electoral officials trying to help a horde of undereducated and over-opinionated voters, with only a couple of hours training conducted a couple of months before.
The court ruled that the "conjecture" of lost votes didn't warrant over-riding the trade secret status of the e-voting machine code. This is a mistake - an expert review could easily conducted under a NDA, thus protecting the trade secret status. Not to mention that the tools of democracy shouldn't have trade secret status in the first place... without examining the code, how does anyone know that there isn't a little switch saying "On Super Tuesday, switch into rig-the-election mode"? (Not that I think there is - it's just that there's no way to disprove it). Nor do you need to go the full open-source route for this - just like the expert review, a panel of experts could easily be responsible for certifying e-voting machines without any risk of the code being exposed.\
"Software is too expensive to build cheaply"
What the article doesn't discuss is the quarantining of machines from the actual election and reproducing their inputs in the "independent test." Anything less is uncertified evidence.
OTOH, should voting results have a presumption of validity? The problem is that voting bureaucracies are not designed for validation by authenticating ballots or statistical checks, but only on prompt decisiveness and the appearance of not having irregularities in the balloting or counting.
Wouldn't all this be solved by encrypted online voting, where you could check your own votes by a profile tied to an anonymous registration key issued by the DMV? Then make the data public for verification by the media?
This is exactly why I didn't vote. I didn't want to use the electronic machines. All we had around here, all I had available was either electronic machines. They gave me the runaround for weeks concerning absentee ballots. I tried several times and just threw my hands up.
How I understand it, the only way the machines can put votes where malicious programs want (IF they're infected) is if someone votes. If I don't vote, my vote can't be misused. And I surely don't trust this technology, especially how fast and secretive it was implemented.
I could be wrong. I hope this isn't the *future of voting.
*less and less trust. less accountability and verifiability. easier to rig an election.
I don't get it. In this case, the plaintiff isn't allowed to view presumably proprietary/copyrighted source code for a voting machine to go on a fishing expedition to see whether it caused her to lose.
On the other hand, the RIAA gets not only to view the contents of a woman's hard drive to go on a fishing expedition to see whether she was sharing music files, but they get to make their own copy of it, including all that stuff they don't hold the copyright on (Windows, the woman's e-mails, etc.).
It seems to me that what's good for the turkeys oughta be good for us chickens. Or something.
The inability to assess the logic of casting votes defies reason.
How long must we sing this song? A democracy without transparent practices for the transfer of power is not a democracy. All the way down to the ones and zeroes. Every question with regard to voting should be able to be answered.
It seems so primitive that it baffles me how someone could arrive at any other conclusion than "the process of voting is sacred and should, in fact *must*, bear great scrutiny".
this space intentionally left blank (oops)
I would really like to know the judge's credentials for this kind of case. He may have a law background but what does he know about computers and technology (and related laws)?
IIRC there were cases in the early 80s where judges made bad rulings because they simply had little or no understanding of computers/technology.
Keep the Classic Slashdot.
"The people who cast the votes decide nothing. The people who count the votes decide everything."
Please don't be confused... I don't think Joseph Stalin was a great man. I consider him a despicable and cold blooded tyrant. At the same time, I also happen to think he was a pretty sharp thinker, and a successful tyrant because he understood how political systems function. A democratic system cannot work unless there is absolute transparency in the voting process.
I'm an open source supporter but not a zealot. I don't have any problem with the existence of closed-source commercial software and I believe it has a right to exist. That being said, there's simply no place for closed-source software in our voting process. Voting is the foundation of our political system, and we can't settle for any ambiguity in its implementation. It's not as if vote counting is a technically demanding job, and there's no argument for keeping secret the process by which it's done.
This strikes me as a clear judicial mistake (not that I've read the article... too drunk and tired, frankly). In general, our judges don't seem to understand information technology well enough to make informed decisions. They don't understand that changing the results of an election is elementary for any programmer. Isn't that concept terrifying?
Our society is enamored with the labor saving possibilities made possible by the past century's technological advances, but thus far, the understanding of these technologies in government has not matched their application. This trend must not continue if we value our republic. In the strictest sense, our system is no longer a democracy if it has no educated oversight.
Our government needs an elected body of IT experts -- some kind of technically proficient oversight body that can rule on information technology as it applies to our system of government. Without any such educated oversight, our freedom and sovereignty is bit by bit diminished, and can be turned against our people. The possibility alone demands action.
Our founding fathers certainly didn't foresee the coming of mechanical information processing, but I firmly believe they would have wanted it to be open to review by the common man. What we need now are are IT patriots willing and motivated to take up the cause.
You can't win, Darth. If you mod me down, I shall become more powerful than you could possibly imagine.
15% of people who voted on the rest of the ticket, mysteriously didn't vote for their Congressman. Even funnier, it was very very strongly biased in favor of Democrat voters, 18% of people who voted Democrat on the remainder of the ticket didn't vote for a Congressman. Even stranger still, it was Florida the former seat of Katherine Harris, even stranger still other neighboring districts showed more typical errors of 3% or so with no political bias.
Fix the vote, make it verifiable, even now when you think the last vote was fair, you don't know it was, nobody can show it was, and there's so much money and power at stake, the vote must be totally trusted.
Florida has a Democrat voter majority, yet elects Republicans and it is more than gerrymandering.
When a judge makes the determination that the interests of a single business over those of a democratic process such as an election, then this judge's leanings are clear and obvious. I don't think the issue could be more complicated than that.
Elections are supposed to be transparent.
Sticking some software in the middle that nobody can see is akin to counting paper ballots in secret.
I don't mind voting machines, electronic or not. But transparency is a *must*, either way.
1 in 4 Maine children in struggle with hunger.
Instructions: 1. Vote 2. ? 3. Democracy! (oh, alright: and the winner PROFITS!)
"Testifying on behalf of Democrat Christine Jennings, MIT political scientist Charles Stewart said Jennings would have won the race by as many as 3,100 votes if there had not been an "excessive" undervote in the Nov. 7 election"
"Without the source code, it would be very difficult or impossible for me to determine how the software behaved," Dan Wallach, Rice University
was Re:Nothing tests code like the real world
davecb5620@gmail.com
There is no democracy in USA, it was lost decades ago. It is a two party dictatorship. (Not exactly - It is actually the Corporate rule)
Proof: Try finding answers to the following on internet. (Rest of the media is a PR tool of the dictators)
1. Why no independent wins any seats.
2. Why is it always a very close battle. (e.g. 250-251)
3. What is the percentage of members that get re-elected in a communist country(say former russia) and what is the percentage in USA.
Internet is the only remaining free media but not for long. No matter what we do, it is just a matter of time before the internet is also governed by the corporate. Ways to control are already in the works.
About half of the world knows who is responsible for the 11 towers, but only a handful in usa.
The answer is on the internet. Do your own research.
From the article
Buchanan backers and the company say that if there was an unusually large undervote it was likely because of bad ballot design.
It seems to me that admitting "bad ballot design" is worse than blaming the machines. Anyone who has taken statistics or marketing knows how easy it is to sway polls and sales by such methods as order in the phone book or on the ballot. IMHO bad design could just be effective design for the eventual winner.
70 If Vote=Jennings then Vote=Null
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
No one cares what the democrats did forty or a hundred and fifty years ago. Heck, the Republicans will claim that Bush's State of the Union address in 2003, where he claimed that Iraq was trying to buy Uranium, is old news and no longer relevant. That was 4 years ago! So, 40 years or 150 years is definitely old news!
Besides, that's dodging the issue. Bringing up old history doesn't help anyone. What we want to know is when our votes will start counting again. Bush has now won the Presidency twice, both times under extremely questionable circumstances. Republican Secretary of States, missing ballots, voters illegally purged from the voting lists, voting machines made by Republican operatives. This isn't some interesting sidenote in a history book that includes references to the book of Genesis. It's real life, it's happening now, and this kind of mealy-mouthed dismissal of American freedoms is either ignorant to the point of criminality, or is a bald-face destruction of the American process.
Citizens Against Plate Tectonics
I'm not saying it's a bad idea to know the source code. I'm just saying that wouldn't eliminate most of the problem.
- Who can look at source code and certify that it cannot be hacked?
- Even if (1) were possible, who can certify that the exact source code was (the only code) resident on every machine at the time of the voting?
Furthermore, because ballots are anonymous, what do we have to tie people to votes on a one-to-one basis? Granted, the tie-in is imperfect in the paper world, but the potential for abuse seems higher in the electronic world. As I think about how a "vote hacker" might operate, it seems pretty likely to me that such a person would be motivated to cover tracks. For instance s/he would replace the source code with the evil code before the voting but would also switch it back to the source code after the voting. That's a pretty simplistic scenario. I envision that "good" e-voting security would require polling stations to begin looking like secure server rooms. That would give civil libertarians (and maybe even the rest of us) the creeps, even if it were feasible to issue every voter a security badge, etc.I'm no security expert, but is it not generally accepted that simple systems are easier to secure, all other things being equal? Pencil and paper are pretty simple, right?
What trade secrets could possibly be in a voting machine? There should be NO secrets in voting.
"To those who are overly cautious, everything is impossible. "
It is quite a low point when Information Monopoly "rights" can override the right to open, free and fair elections.
There is really no alternative but to make this software public.
The voting software does not need to be free-software/open-source (though it would be best), but it does need to be public.
It is still possible for a company to hold and enforce copyrights on publicly available software.
Any complex compuations that are performed (that they claim to be trade secrets) cannot be trade secrets in a free democracy. These compuations, if wrong comprimise elections.
So, have I got this right -- the Courts of the USA have ruled that a corporation's secrets are more important than the processes of democracy?
I'm really glad I live in a country that still uses pencil-and-paper votes counted by hand.
Je fume. Tu fumes. Nous fûmes!
"Ms. Jennings assumes because there is an undervote that all those undervotes went for her"
l e?AID=/20061109/NEWS/611090343):
This is incorrect. Ms. Jennings believes that there were abnormally high undervotes in some counties, but not others, which changed the outcome of the race. This position was supported by ES&S, the vendor of the machines, in court testimony. This didn't require all of the undervotes to be case for her, just for the undervotes to be cast consistently with the votes counted in the same counties.
To quote the local papers (http://www.heraldtribune.com/apps/pbcs.dll/artic
"More than 18,000 voters who showed up at the polls voted in other races but not the Buchanan-Jennings race.
That means nearly 13 percent of voters did not vote for either candidate -- a massive undercount compared with other counties, including Manatee, which reported a 2 percent undervote.
If the missing votes had broken for Jennings by the same percentage as the counted votes in Sarasota County, the Democrat would have won the race by about 600 votes instead of losing by 368, according to a Herald-Tribune review. Even if the undervote had been 8 percent -- more than three times what it was in Manatee -- Jennings would have won by one vote."
Given that voters generally go to vote for the most important election, and then occasionally vote for the other races, undervoting is generally considered the error rate of the voting system. Thus, you consistently see very low undervotes reported by accurate voting mechanisms (e.g. precinct count optical scan typically reports 1% undervotes, probably a measure of voters actually intending to undervote) and very high undervotes by inaccurate voting mechanisms (e.g. punch card ballots typically report 7% undervotes, indicating that they probably fail to record 6% of votes cast). This pattern has been observed consistently across numerous elections for decades - bad voting systems create high undervote counts, and good voting systems don't, even when both systems are used in parallel by the same voters in the same place in the same election. Undervotes are considered such a problem in voting that the best argument for electronic voting systems is to reduce undervotes. Based on historical data, a 13% undervote rate is nearly unheard of, indicating that there was something seriously wrong with the way that the voting was conducted. Since DRE's (direct recording electronic votnig systems, meaning no paper ballots) are by definition impossible to audit, the only indication of a systemic failure would be based on the results looking implausible, such as two neighboring counties in the same election reporting wildly different undervote rates"
"SARASOTA
Total votes cast = 142,283
Undervote = 18,382
Difference = 12.92%
MANATEE
Total votes cast = 96,705
Undervote = 2,312
Difference = 2.39%
The odds of these two counties randomly having such a range of undervotes is 1:5,000,000.
Keeping in mind that DRE's by design can't be audited, you have to decide whether (1) it's impossible to challenge the results of an election run on DRE's, no matter what happens, or (2) you can challenge the results of an election run on DRE's if the results appear implausible.
I'm with NIST on this one. All DRE's should be decertified. Voting is too important to treat this way.
Enable 3D printed prosthetics!
In that voting is basically a statistical game of chance between two candidates, we ought to be studying gambling machine standards to see the level of security to which voting machines need to be raised. They may call Los Vegas Sin City, but those Nevadans may have written the document that saves our country. Since there is more money made in Vegas yearly (daily?) than is spent in a U.S. national political campaign, voting machines ought to be held to the same standards as the Nevada Gaming Commission's Technical Standards For Gaming Devices and On-Line Slot Systems http://www.gaming.nv.gov/documents/pdf/techstds_04 dec16_adopted.pdf
I sincerely doubt any of the voting systems I have heard about come even close! If there is a way to change the program in the machine in the field, a voting machine has already failed this test. They also require the system to detect and record the last 10 changes to its configuration, absorb an ungodly amount of static electricity without malfunctioning and require all unused ROM to be zeroed. . .
A run of the mill slot machine is likely infinitely more secure than a Diebold voting machine and probably a lot more secure than most voting machines.
Hold your fax up tight to the screen and press your foot pedal.
I reserve the right to think for myself. Others' opinions are optional. Puppy on lap = typos...not illiteracy.