Slashdot Mirror
NY Legislature Rejects "Microsoft Amendment"
An anonymous reader writes "Finally, some good news on electronic voting. The New York state legislature rejected an amendment proposed by Microsoft's lobbyists which would have gutted New York's requirements for voting machine vendors to turn over their source code to the state Board of Elections. Assemblywoman Barbara Lifton commented: 'The voting machine vendors have known for two years what our laws said. Now they're saying that those parts of their systems using Microsoft software have to be proprietary? It's just wrong.'"
Right next to a MS ad, even.
Please, for the good of Humanity, vote Obama.
Who reacted with a HA! HA! Nelson is my copilot...
But platform code that is obtained from a third party vendor should be acceptable provided that it is widely used as a general purpose platform and there is a reliable demonstration that the code has not been modified.
I would rather see voting platforms built on microsoft trustworthy computing platforms without code review of the platform part of the system than built on a platform where I cannot be sure what code is running.
The code reviews are useless unless I am sure that the machines actually run the code that was reviewed.
Of course paper and pencil requires no code review.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
... in a long battle for transparent eVoting, but I'll take it.
Sorry Steve, Bill - but some of us want to see what these things actually do when we use 'em to cast a vote.
Meanwhile, I'm damned sure that somebody in Diebold went all Ballmer on the furniture... though I can't wait to see their source code ; I'm sure it's gonna be worth some huge laughs @ your nearest code-monkey pit, punctuated with lots of sounds along the lines of: "WTF were these asshats THINKING!?".
Quo usque tandem abutere, Nimbus, patientia nostra?
After that amendment passed, I was worried about NYS letting this fly. I'm glad to see that the legislators are attentive.
The real question is: What does Microsoft have to hide from election officials?
-Are they worrying that the source will be leaked?
-Due to the above fear, is MS afraid of getting crap from the DRM loving media cartels?
-Is there something in the code that MS doesn't want seen?
-Are they afraid this mentality hurts the "security through obscurity" idea?
Of course this is all speculation. I'm just so curious why Microsoft is so opposed to sharing their code with a state government.
Is why the HELL anyone is trying to build a voting machine around an unsecureable platform in the first place? If these vendors want to sell systems that have specific requirements for auditability and securability, they can either comply with the requirements or fuck off.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
> But platform code that is obtained from a third party vendor should be acceptable provided that it is widely used as a general purpose platform and there is a reliable demonstration that the code has not been modified.
I disagree. I remember the backdoor !seineewerasreenigneepacsten password that sat in the IIS codebase for... how many years was it again?
> I would rather see voting platforms built on microsoft trustworthy computing platforms without code review of the platform part of the system than built on a platform where I cannot be sure what code is running.
I would rather have both and I can see no good reason not to demand both! Besides, it's not like they can't use BSD if they really want to. You can write GUIs for things other than Windows, you know.
I click on them all the time.
It's a deliciously satisfying way of transferring cold hard cash from Microsoft's wallet to Slashdot and Google.
It seems to me that what Microsoft is asking is that we "trust them" without having earned that trust. Without seeing the code how do I know that there isn't a backdoor?
Microsoft's security record has been dismal to put it politely. I certainly don't want to gamble my freedoms on a company that can't secure its own operating system and a company who has shown flagrant disregard for our laws.
As far I'm concerned Microsoft has shown that it will do almost anything to get what it wants. We don't need the fairness of our elections endangered by a company unwilling to provide transparency.
The race isn't always to the swift... but that's the way to bet!
Why isn't there an open source voting machine?
It should be constructed of off-the-shelf parts and it should run open source code!
Since it is more than just theoretically possible to hijack a voting machine via hardware methods, all aspecs of the design should be held for review.
Engineering is the art of compromise.
I'm not saying that because it's microsoft it always will have a backdoor or exploit... it's just if you take a look in history - major microsoft release = 20 holes found. i don't exactly have info on how the voting system would work, especially network wise, but i am curious to find out.
i would trust any software or firmware developer over microsoft any day, especially since it would be counting my vote.
Now don't mod me troll, but remind me again, what is so horrific about paper ballots? I know Florida had a huge fiasco in 2000 with them, but that had to do with punches, not filling in a bubble or anything....
Yikes, dude! No more caffeine for you today ... and maybe cut back on the sugary snacks too.
the legislature didn't actually "reject" it. they just didnt pass it. and yes, they concluded their regularly scheduled legislative session last week. BUT, they're expected back for a "special" session in July, and the governor has implied that he will call them back several times.
students of the NYS legislature will also tell you that the "special" sessions tend to be when the sneakiest things go on in NYS because, in general, they garner less attention and most of the legislators just want to make it as quick as possible and get back to their families.
that being said, NY does have a very strong voting rights coalition with a number of very smart and talented people working very hard to make sure that this DOESNT go through.
one good thing did happen at the end of session. is that NYVV's (New Yorker's for Verified Voting) Bo Lipari (who's been leading the charge AGAINST microsoft's lobbyists) has been granted a seat at the table. the citizen's advisory board now has statutory authority. which means that when the board of elections makes decisions about this stuff he's got a seat at the table to help shape the outcome.
just because I don't care doesn't mean I don't understand!
Wouldn't be surprised if MS tried to consolidate voting procedures the same way they have tried to do with the entertainment market.
"New to the Xbox Live Marketplace, vote for your favorite U.S. Presidential Puppet in the new 'Red Vs. Blue' civic action feature."
Inserting [insert witty signature here] here does not constitute a witty signature.
these voting machines use. But if they are based of Windows CE 6.0 then the machine vendors have nothing to complain.
Windows CE 6.0 source code is available under a shared source code license.
If they are indeed using CE 6.0 then vendors not releasing code are just using Microsoft as a ruse to protect access to their own code.
Open architecture, open source, public. There are ways to secure the verification of the vote, and more importantly, the counting of the vote. People are always going to try to cheat elections. An individual can steal a limited number of votes, but a dishonest supervisor of elections, or Secretary of State, can cheat in the tens of thousands. A consortium of universities should design and program the voting system in the open, with off the shelf parts. All of the elements are part of a very mature technology for which there is no justification for any proprietary claim. There is always pen and paper and a mix of human eyes. That is too damn simple, I guess.
Every AIS (Automated Information System, the NSA TLA for "computer") I've ever seen running a Microsoft OS that was also processing classified information ran in "system high" or "dedicated" mode -- where you treat the whole system as classified, only let cleared people touch it, and lock the whole thing up. The security of the OS is practically inconsequential. MS-DOS can be, was, and likely still is used in this way.
I'm not saying you can't secure MS Windows (well, not in this post, anyway); I'm just saying "It's used for classified processing" isn't a good argument.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
There is NOTHING wrong with a paper vote other than taking so long.
Oh yeah? What about the honesty of the people who are counting those paper votes.
Ballot-stuffing and outright deliberate miscounts can and still do happen with paper votes. Even right here in the USA, and even right here in my home state of Texas not that very long ago.
damn Proxomitron.
"National Security is the chief cause of national insecurity." - Celine's First Law
We may finally get a decent and honest candidate that way.
I prefer the "u" in honour as it seems to be missing these days.
You rock!!
Of course, you by yourself won't have much impact but there would be if 1% of Slashdot's reader base did.
Camping on quad since 1996.
its not like you are going to buy a site license for IIS through an MS advertisement link. There isn't a shopping cart .NET widget for that type of purchase.
Australia has some e-voting software that is open sourced, http://www.elections.act.gov.au/Elecvote.html also has a link to the source code.
My ism, it's full of beliefs.
Why is M$ software even on voting machine in the first place?
Why is it on ATM systems as well at least there it is more
slot and video Casino games must have there source code turned over the NGC and if windows was being used as the os then that code may have be turned over well. Windows may not even pass the testing need for Casino games as it may crash in the middle of a game. I once had a slot slow down and crash on me and it still slowly finished the bonus round and printed out the ticket then it disabled it self.
Is it just me or are we all over analyzing what is effectively a glorified bean counter.
/. has agreed that a paper trail is necessary. Anyone including Diebold who refuses to make a machine with a paper trail is definitely up to no good and likely WANTS their machine to be insecure in order to allow for vote stuffing/miscounting/false results/etc... I mean its not like it hasnt been done before.
Sure we want it to be secure and transparent which means Open Source has the best option for this to occur. Anything that is closed source should *NOT* be trusted. This includes the platform/OS the system runs on.
And is it *REALLY* that hard to ask that there be a god damn paper trail? I think just about every single person on
09F911029D74E35BD84156C5635688C0
+2 Troll is Slashdot's way of saying groupthink is confused
I can't think of any reasons why Microsoft is being difficult here. I can't think of any complex algorithms you'd have to invent and therefore protect to display and count votes.
All you need functions for: Security Wrapper. ID voter. Display Choices. Input Choices Into Database.
How is that going to be so complicated that it needs trade secret protection? Or is the final fucntion like, Collect Choices and Voter IDs into secondary database to be sold to politicians at the highest bidder?
Can any programmers tell us what complicates a voter system so much that microsoft feels the need to protect itself?
Up here in Canada, federal elections are administered by a single Federal body; Elections Canada. That means the ballot you get in Toronto is identical in structure to the ballot you'll get on Baffin Island. There's a single standard for marking and counting ballots.
Given that Canada is a single republic and the provinces are divisions of it, that is easy to do.
But the US is a federation of separate republics - the "several states" - which banded together, creating a central mechanism to handle defense, foreign policy, and inter-republic trade.
As such, the elections are the business of the individual states. The federal government only has an interest when federal officials are being elected, the fed is exercising its constitutional mandate to insure that the governmental forms in each of the states continue to be some kind of republic, or some other election-related constitutional issue (such as voting rights) is in play.
So while the Fed gets to make some requirements and veto some things, the states get to make the decisions on how the elections are run. With 50 of 'em and wildly different circumstances among them you get a lot of variation.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
So what happens now? Voting machine vendors have presumably already sold their machines to the local election boards. Now they are required to produce all the source. They can produce their own source, easily, but they probably don't even have Microsoft's code and couldn't legally turn it over if they did. So, are their contracts voided, and the election boards have to scramble to replace them? Or do they get hit with a fine? Or does New York somehow force Microsoft to turn over their code because a third party violated the law?
Without agreeing with the rhetorical gist of the GP, I believe the point being made was that the suggestion was so absurd that nobody would put it forward unless they were paid to do so.
I disagree with that premise, but I do agree that obscuring any aspect of a voting system that is being used to decide, among other things, the next president of the United Sates is the height of folly.
Risk is measured as a combination of:
In this case, the prize is political control of the most powerful nation in the world. So we need to ask ourselves: How much are fair and free elections worth? What, in effect, is the price of the democratic process in the US?
I think it's worth billions of dollars. That means stringent code review, impeccable chain of custody and constant supervision. Saving a few bucks by using an off-the-shelf operating system - especially one that is orders of magnitude more complex than what is actually required - that's absurd, in my opinion.
Crumb's Corollary: Never bring a knife to a bun fight.
I've always thought that the best way to create a proper e-voting system would be to run open source voting software from a live CD certified by the election board. Networked computers could transmit votes over the Net, and the results would be available as soon as the polls closed. Paper ballots are always a necessity, of course, but in this case, as a backup. Print two: one for the voter, on for the election board.
That's the last time I run code posted in somebody's sig...
Buy a batch of Z-80s or even 8080s; they are still being made. The design is so old that it's unlikely to have been compromised; but if you are really paranoid, the circuitry of an 8-bit CPU is simple enough that you could easily verify it by hand. Build a little voting box around one of those chips, and you're done.
The design would take half a year and cost less than a $1 million -- which is peanuts when the goal is to ensure the honesty of a democracy's most important event.
Source code or not, you can't look inside the machine and see what's running on it while it's running. Not ever. It doesn't matter who has access to whatever source code. It's just too easy for a very small number of people (or even just one) to tamper with these machines, and leave absolutely no meaningful trace. Anyone caught up in the source code debate has missed the problem.
http://www.unfocus.com/
It would take an herculean effort to suck more then MS.
This battle in the NY state legislature was between Microsoft's lobbyists for proprietary voting machines vs IBM's lobbyists to make the machines open and auditable outside the closed certification system that is totally rigged to sell vendor products.
IBM has won this battle. Possibly because it's a NY state based company (Armonk, NY). The trick will be seeing this victory applied elsewhere in the country.
NY is famous for being tough, smart and understanding security. I hope other people in other states are lucky enough to follow our lead.
--
make install -not war
The voting machine has a public/private key pair. It generates a random public/private key pair in between votes which stays resident only in memory (is not written to disk). When you vote, your votes are coded. It's then encrypted with the voter's private key and the voting machine's public key. The voter's plaintext vote, an index number, the encrypted vote, his private key, and the voting machine's public key are then printed on a piece of paper the voter can take home. The voting machine then stores the encrypted vote and the voter's public key. Nothing else.
When tallying the votes, each machine runs through its stored votes, decrypting the record of encrypted votes using each voter's public key and the machine's private key. All this information is then sent to a central vote tallying database. The unencrypted votes are used for the official tally. The encrypted votes are used as proof against tampering. The index is used to allow voters to query the database.
Once home, the voter can log into the vote tally web site. He can query the database to make sure it's recorded his vote right. He asks it to send the vote recorded with his index number. It takes the unencrypted vote, encrypts it with the voting machine's private key and the public key associated with that index and sends it to him. His computer then uses the voting machine's public key and his private key to decrypt it. If all went well, it should match what's on his printout.
The only way I can think of to commit vote fraud against this system would be by stuffing the ballot box with false votes. And even there you could do a sanity check by comparing the number of votes cast by the number of voters the precinct operators counted (they mark off your name after you vote, so it's fairly easy to count how many names they've marked off).
That's all I can think of off the top of my head.
I have a social problem, and I blame Microsoft too.
I'd feel more safe if the thing was running on linux. That being said...
u ntimeAndGPL
Even the GPL allows linking to C libraries. The runtime does not need to be covered by the GPL.
http://www.gnu.org/licenses/gpl-faq.html#WindowsR
The reasoning behind this exception would be the same reasoning for why microsoft should be able to keep their code private.
Basically you have to trust the runtime, which is used by dozens of applications and has already been tested. They do realtively simple functions and don't in general govern what the program actually does. I don't think microsoft could successfully commit voting fraud simply by supplying the OS and the C libraries.
If the government can't trust microsoft then I demand that they uninstall every single microsoft product from every system(probably not a bad idea anyway).
I want to know how much coding Barbara Lifton has actually done. When will they stop making legislation about things they know nothing about?!?!?!
The really sick thing is that they gave source to China after testifying in court that exposing the source code could endanger national security. By their own words, under oath in court, they are clearly traiters.
Maybe the situation changed? Twice? It was bad to expose the source, then perfectly fine for a brief while, then bad again. Yeah, sure, that's it.
Machines are made to work in the most restrictive state so that they can be sold everywhere. Cars, voting machines, whatever...
The real problem with using a Microsoft OS under a voting platform is the swiss cheese security model they seem to use. There's an awful lot of black hat coders that specialize in compromising Windows for a price; a political party could easily meet that price, and the resulting exploit could manipulate votes. A specialized exploit like this could be very stealthy and not be noticed until well after the election is certified - if ever.
The problem isn't so much that Microsoft won't open their code for inspection - the real problem is that the bad guys have been poking and prodding at Microsoft's products for years and they have a fine knowledge of the exploitable flaws standing by and ready to use. Combine that with an inability to verify the code - this just isn't acceptable. Windows is too darned easy to compromise; it's not suitable as a platform for a vote counting system.
What's really needed is a custom made vote machine. This isn't a complex function; a simple CPU and about 1K of code would do the trick. As a unique hardware based design (code in PROM) it'd be very difficult to compromise - and the code would be simple enough that reviewing it and verifying its integrity would be fairly simple.
You can bet that there'd be a lot of lobbying from Diebold and Sequoia to keep this from happening. Are those companies honorable? I don't know - but something that I've noticed is that Diebold ATM machines seem to be very, very secure and accurate. I've also seen some of the Diebold voting machine code that got published a while back. Not impressed with that at all; almost looked like it was designed to be easy to compromise. Hard to believe that a company with so much experience in secure computing would do such a thing.
Even if the vendors allow their source code to be viewed, you can be sure that only a few special people will get to look at it. We the people won't get that opportunity. That just creates another "soft spot" in the system; a stack of cash in the right hands would get most anything approved (assuming a sufficient quantity of cash).
As far as I'm concerned, we should be sticking with paper ballots until the security problems in electronic voting are completely identified and workable solutions are found and tested. The current crop of electronic voting machines are far too easy to compromise. Not just the machine itself, but also due to the small number of people who maintain / prepare / operate these systems. Compromise one of these individuals and you can control the vote...
It's a deliciously satisfying way of transferring cold hard cash from Microsoft's wallet to Slashdot and Google.
Sticking it to Microsoft, one cent at a time!
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Sorry for the flame-baitish subject, but it had to be said...
...vendors allow their source code to be viewed, ... only a few special people will get to look at it
I don't think that Microsoft would take the chance of attempting to rig an election
This is the company that was caught falsifying evidence right in front of a federal judge. Would they rig an election behind the scenes? Without a second thought.
The problem isn't so much that Microsoft won't open their code
Yes, this is a problem. Microsoft's customers are its business partners, not the people who buy computers. MS has been putting 'hooks' in their code for years to allow marketing access to the millions of MS users worldwide. There's a very reasonable probability that MS has similar hooks for gov't access. Gov't access to the voting booth and the ballots is a very, very dangerous thing. And yes, non-gov't black hats are also a worry.
As a unique hardware based design (code in PROM) it'd be very difficult to compromise
This is called 'security thru obscurity' and no, it doesn't work, even a little bit. All that's required is for one copy of the machine to be made publicly available. This has been proven in real world experiences time and again.
Diebold ATM machines seem to be very, very secure
HOW do you know? Please offer citations, including links to skilled, unbiased research. Diebold fought (and still fights) so hard to prevent its voting machines from being researched that I'd be surprised to find any trustworthy research on their ATMs.
The obvious answer here of course is open source code. Don't wait on Diebold or someone else to write it; we the people need to. I have no people-organizing skills of my own, but I am a good programmer. I'd be willing to put many, many free hours into this, if there were a project out there doing it.
Pavlov wouldn't be so famous if he'd used a can opener instead of a bell.
Some guys (I can't find cite, sorry) came up with a really cool verification scheme. Machine prints two copies of the voter's ballot, one for the voter, and one that gets stored and counted. The voter's ballot is transparent except for the printing.
The ballot paper is printed with a dot-matrix code. Normally, dot-matrix text is (for example) 9 * 16 dots. In this dot-matrix, however, each dot is subdivided into nine or more smaller dots. The 9*16 matrix is edge to edge. Each character printed only gets a few of the smaller dots, chosen by encrypted method. If you eyeball the ballot, all you see is white noise.
The characters on the two ballots are a one's complement of each other. The two ballots must be laid one over the other to correctly form the letters of the voter's choices. The voter could then verify, over the internet, that what the central counting system received matches the ballot the voter placed. The central system's website would put up a lifesize graphic of the ballot received and counted. The voter would place his/her transparent ballot directly on the monitor, overlaying the image. Together, the dots would line up and the voter's choice is clearly spelled out.
The voter's choice is kept secret; the encrypted ballot is hard to fake, impossible to replace (if the voter verifies); the overall system is verifiable at every level. And the actual vote is still paper.
Pavlov wouldn't be so famous if he'd used a can opener instead of a bell.
Better yet, just use the direct machine totals to give the media for its election night news coverage so they can report who probably won by 9 PM. Then run all the machine printed (for consistency) paper ballots through scanners to get a vote certification. If the results vary, then do the investigation to verify the votes. The difference here is no one need request the paper count; it always gets done as part of certification. This way, we get fast results, and always get a verification.
now we need to go OSS in diesel cars
In Mexico, since elections are clean, you have a representative of each party and candidate on each locality where voting is taking place.
These people witness that the count is fair and accurate as well as ensuring no tricks are played.
IANAL but write like a drunk one.
Stuck the dick right up bills ass hard some people after whats best for america if only everyone did.
You might want to ask the tree's about that. Paper consumption is a real world problem, too. Not to mention all those pencils.
I'm not a tree hugger by any means, but isn't it far more efficient and enviromentally friendly to use computer-based systems. It's got to be cheaper, too.
I think that its worth it to get this right, elections can be manipulated in paper based systems, too. All it take is the money and the will to do it.
Nobody should take the 255-vote "limitation" seriously, of course. An 8-bit CPU like the 8080 can use multi-precision arithmetic to count as high as it needs to, with no delay perceptible to the voter. All the voters in the universe could not exhaust the counting ability of a single 8080 chip.
...find it dangerous for a company heavily investing in lobbying to be selling voting machines...?
Eternity: will that be smoking, or non-smoking? I Corinthians 6:9-10
Microsoft isn't in a position to make subtle changes that would slip by in specific elections. Their lobbying arm isn't sufficiently "connected" in any local election to allow the technical fraud to slide by undetected. If they were to move their activities into areas where they could support this kind of activity it'd attract attention; there's a lot of media pundits that focus on nothing but Microsoft. I suspect the best they could do if they tried would be to subtly alter election results in Washington; this wouldn't make a lot of difference in the grand scheme of things.
The reason for PROM based voting machines is so the code can't be changed after the machine is in place. Did you know that many of the current crop of voting machines accept software updates through the same interface the voter plugs his authorization card into? Just one person in that district could step into the booth, insert a programming card, and that machine is compromised. One machine per polling place would be more than enough to control the election outcome.
And my proposal for a simple machine running bespoke code from PROM isn't to obscure the code - the code could be published for the world to see. Counting votes isn't complicated - even Microsoft could write this code and leave no bugs or exploitable holes. If there were holes, the "many eyes" looking at the source would find them - and since the physical machine runs from PROM, it can't be altered (easily) while in operation.
By keeping it simple, it's simple to validate the code. It also reduces the possibilities for vote fraud. Heck, you're a smart guy - what do you thing of Diebold building a voting machine that stores its counts in an Access database? Can they really guarantee that the counts will be correct?
To successfully rig an election... ...", not what it would take to do so. I agree, it would be complex. With programmable voting machines, it would first require technical hooks into the machinary. And that makes the morality of MS a relevant issue. ;) to quote Microsoft: ... disclaim[s] all ... warranties ... including ... fitness for a particular purpose
I was addressing the part that went "I don't think that Microsoft would take the chance of
It's all just a dream, anyway. I doubt elected officials would care or think the risk great enough to do anything this drastic.
And as for guarantees with Access databases, allow me
To the maximum extent permitted by law, Microsoft
(From the Access 2000 EULA)
Not just a little bit of uncertainty in their product, but the maximum uncertainty allowed by law.
Pavlov wouldn't be so famous if he'd used a can opener instead of a bell.
Sorry, but I don't see the rationale behind what you are saying.
Even if the solution is proprietary, it would be protected by copyright, and what the heck, it should be licensed with a free license as far as I am concerned.
IANAL but write like a drunk one.