Slashdot Mirror
NY Legislature Rejects "Microsoft Amendment"
An anonymous reader writes "Finally, some good news on electronic voting. The New York state legislature rejected an amendment proposed by Microsoft's lobbyists which would have gutted New York's requirements for voting machine vendors to turn over their source code to the state Board of Elections. Assemblywoman Barbara Lifton commented: 'The voting machine vendors have known for two years what our laws said. Now they're saying that those parts of their systems using Microsoft software have to be proprietary? It's just wrong.'"
But platform code that is obtained from a third party vendor should be acceptable provided that it is widely used as a general purpose platform and there is a reliable demonstration that the code has not been modified.
I would rather see voting platforms built on microsoft trustworthy computing platforms without code review of the platform part of the system than built on a platform where I cannot be sure what code is running.
The code reviews are useless unless I am sure that the machines actually run the code that was reviewed.
Of course paper and pencil requires no code review.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Sorry Steve, Bill - but some of us want to see what these things actually do when we use 'em to cast a vote.
Meanwhile, I'm damned sure that somebody in Diebold went all Ballmer on the furniture... though I can't wait to see their source code ; I'm sure it's gonna be worth some huge laughs @ your nearest code-monkey pit, punctuated with lots of sounds along the lines of: "WTF were these asshats THINKING!?".
Quo usque tandem abutere, Nimbus, patientia nostra?
After that amendment passed, I was worried about NYS letting this fly. I'm glad to see that the legislators are attentive.
The real question is: What does Microsoft have to hide from election officials?
-Are they worrying that the source will be leaked?
-Due to the above fear, is MS afraid of getting crap from the DRM loving media cartels?
-Is there something in the code that MS doesn't want seen?
-Are they afraid this mentality hurts the "security through obscurity" idea?
Of course this is all speculation. I'm just so curious why Microsoft is so opposed to sharing their code with a state government.
Is why the HELL anyone is trying to build a voting machine around an unsecureable platform in the first place? If these vendors want to sell systems that have specific requirements for auditability and securability, they can either comply with the requirements or fuck off.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
> But platform code that is obtained from a third party vendor should be acceptable provided that it is widely used as a general purpose platform and there is a reliable demonstration that the code has not been modified.
I disagree. I remember the backdoor !seineewerasreenigneepacsten password that sat in the IIS codebase for... how many years was it again?
> I would rather see voting platforms built on microsoft trustworthy computing platforms without code review of the platform part of the system than built on a platform where I cannot be sure what code is running.
I would rather have both and I can see no good reason not to demand both! Besides, it's not like they can't use BSD if they really want to. You can write GUIs for things other than Windows, you know.
I click on them all the time.
It's a deliciously satisfying way of transferring cold hard cash from Microsoft's wallet to Slashdot and Google.
It seems to me that what Microsoft is asking is that we "trust them" without having earned that trust. Without seeing the code how do I know that there isn't a backdoor?
Microsoft's security record has been dismal to put it politely. I certainly don't want to gamble my freedoms on a company that can't secure its own operating system and a company who has shown flagrant disregard for our laws.
As far I'm concerned Microsoft has shown that it will do almost anything to get what it wants. We don't need the fairness of our elections endangered by a company unwilling to provide transparency.
The race isn't always to the swift... but that's the way to bet!
Why isn't there an open source voting machine?
It should be constructed of off-the-shelf parts and it should run open source code!
Now don't mod me troll, but remind me again, what is so horrific about paper ballots? I know Florida had a huge fiasco in 2000 with them, but that had to do with punches, not filling in a bubble or anything....
There is NOTHING wrong with a paper vote other than taking so long.
Oh yeah? What about the honesty of the people who are counting those paper votes.
Ballot-stuffing and outright deliberate miscounts can and still do happen with paper votes. Even right here in the USA, and even right here in my home state of Texas not that very long ago.
Is it just me or are we all over analyzing what is effectively a glorified bean counter.
/. has agreed that a paper trail is necessary. Anyone including Diebold who refuses to make a machine with a paper trail is definitely up to no good and likely WANTS their machine to be insecure in order to allow for vote stuffing/miscounting/false results/etc... I mean its not like it hasnt been done before.
Sure we want it to be secure and transparent which means Open Source has the best option for this to occur. Anything that is closed source should *NOT* be trusted. This includes the platform/OS the system runs on.
And is it *REALLY* that hard to ask that there be a god damn paper trail? I think just about every single person on
09F911029D74E35BD84156C5635688C0
+2 Troll is Slashdot's way of saying groupthink is confused
Source code or not, you can't look inside the machine and see what's running on it while it's running. Not ever. It doesn't matter who has access to whatever source code. It's just too easy for a very small number of people (or even just one) to tamper with these machines, and leave absolutely no meaningful trace. Anyone caught up in the source code debate has missed the problem.
http://www.unfocus.com/
I like it - you're almost there, but you've got some problems. If I'm mistaken, feel free to correct me.
Anyway, the problem of ensuring the voting remains anonymous seems to run counter to ensuring that the voter's vote is counted properly. Your solution would work if you didn't allow public access to the database but...security through obscurity?
My UID is a prime number. Yeah, I planned that.
I'd feel more safe if the thing was running on linux. That being said...
u ntimeAndGPL
Even the GPL allows linking to C libraries. The runtime does not need to be covered by the GPL.
http://www.gnu.org/licenses/gpl-faq.html#WindowsR
The reasoning behind this exception would be the same reasoning for why microsoft should be able to keep their code private.
Basically you have to trust the runtime, which is used by dozens of applications and has already been tested. They do realtively simple functions and don't in general govern what the program actually does. I don't think microsoft could successfully commit voting fraud simply by supplying the OS and the C libraries.
If the government can't trust microsoft then I demand that they uninstall every single microsoft product from every system(probably not a bad idea anyway).
I want to know how much coding Barbara Lifton has actually done. When will they stop making legislation about things they know nothing about?!?!?!
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;