NY Legislature Rejects "Microsoft Amendment"

An anonymous reader writes "Finally, some good news on electronic voting. The New York state legislature rejected an amendment proposed by Microsoft's lobbyists which would have gutted New York's requirements for voting machine vendors to turn over their source code to the state Board of Elections. Assemblywoman Barbara Lifton commented: 'The voting machine vendors have known for two years what our laws said. Now they're saying that those parts of their systems using Microsoft software have to be proprietary? It's just wrong.'"

no its not

[Zeinfeld]

I agree that the voting code should be published.

But platform code that is obtained from a third party vendor should be acceptable provided that it is widely used as a general purpose platform and there is a reliable demonstration that the code has not been modified.

I would rather see voting platforms built on microsoft trustworthy computing platforms without code review of the platform part of the system than built on a platform where I cannot be sure what code is running.

The code reviews are useless unless I am sure that the machines actually run the code that was reviewed.

Of course paper and pencil requires no code review.

Re:no its not

[WindBourne]

The voting system in old USSR, Current China, Cuba, taliban controlled afghanastan, etc were on systems that were widely used. Personally, I would not trust them. Why settle for a system like MS, when you can insist on having no chance of an illegal election. NY has it right. Insist on all the code up front. Have it compile and then that is installed on the systems. Otherwise, the ppl from other countries have it right; There is NOTHING wrong with a paper vote other than taking so long.

Re:no its not

The solution is to create a system where you don't have to trust the source code to begin with

Touchscreen, vote, hit done, the machine prints a paper ballot. You review said ballot and deposit the paper ballot in the ballot box.

What could be simpler and less prone to manipulation or error?

In that scenario, you don't have to know jack shit about the voting machine or its source code. It doesn't matter. The voter reviews the output, not the internals. If people start noticing that a certain machine or certain brand of machines prints incorrect ballots frequently, well then steps can be taken to figure out why.

But the end to end system can't be gamed.

There is no level of code review or "trusted computing platform" specification that will provide anywhere NEAR that level of trust and confidence in the system. Add to that the fact that you have an incontrovertible source of paper ballots for recounts, what more does anyone want? why do we put up with anything less?

Re:no its not

[WindBourne]

palladium says that the OS that was installed on the OS was not modified from what the controller wants. It does NOTHING to guarantee that the OS was not compromised before being put on there. I will take a locally compiled version of BSD and/or Linux. In fact, better yet, I will take something that is DO-178B compliant in which the feds have already looked over it, and still looked over. BTW, when MS was asked if they would submit one of their OSs for Do-178B, they asked for the certs. A month later when asked, they laughed the CEO out. They said that NONE of their OSs could come close to close inspection.

Re:no its not

[timmarhy]

why not just use paper then? hell of a lot simpler and cheaper.

how does that paper assure you the recorded vote is saved in the system is the same as what the paper says? it doesn't.

the only form of electronic voting i can see working is a system of electronic paper, which lets you press directly on the box you want and fills it. you deposit it in the secure box as normal and it's then counted by a machine, advantage being that it's digital so your counter won't run into false positive problems like with pencil, and it's still human verifible like paper.

Re:no its not

[amRadioHed]

There is NOTHING wrong with a paper vote other than taking so long. Not that it even takes that long. Most results are in by the 11 O'clock news. In a close race you may need to wait till the morning to get your election results. Who cares?

Electronic voting machines are the solution to a problem that doesn't exist and only result in complicating things immensely and making the results less reliable. I don't see the benefits.

Re:no its not

[scatters]

The Royal Navy's Windows for Warships progam probably counts as both a critical application and one where people's lives are at risk.

e.g.

Prompt: An inbound missile has been detected that could hit your ship (time to impact: 15 seconds). Allow or Deny?
User: Clicks Deny.
Prompt: Are you sure (time to impact: 13 seconds). Yes or No?
User: Clicks Yes.
Prompt: Anti-Missile Counter Measures Application has encountered a problem and needs to close - we are sorry for your impending destruction. Send error report to Microsoft? Yes or No.

Glad to see NYS grew a pair...

[Coopjust]

After that amendment passed, I was worried about NYS letting this fly. I'm glad to see that the legislators are attentive.

The real question is: What does Microsoft have to hide from election officials?
-Are they worrying that the source will be leaked?
-Due to the above fear, is MS afraid of getting crap from the DRM loving media cartels?
-Is there something in the code that MS doesn't want seen?
-Are they afraid this mentality hurts the "security through obscurity" idea?

Of course this is all speculation. I'm just so curious why Microsoft is so opposed to sharing their code with a state government.

Re:Glad to see NYS grew a pair...

[WrongSizeGlass]

I'm no fan of MS in any way, shape or form, but I can completely understand their reluctance to hand over their source code. In this day and age there is a good chance that it would be leaked faster than you can say BitTorrent.

If the price of admission into the eVoting game is handing over their source code then they made a wise business decision. It's far too small of a market for MS to chance exposing Windows source (and all the security breaches that would soon follow). In the big picture of things, MS made the right decision. That aside, they still suck for trying to sneak that amendment in.

Re:Glad to see NYS grew a pair...

[drinkypoo]

The worst case here for Microsoft is that New York State refuses to allow any voting machines that run Windows.

You are thinking way too small here.

The worst case for Microsoft is that this is the first step towards all government computers being forced to run freely auditable code. That means no Windows.

This is frankly the only responsible thing to do from a security standpoint, and barring illegal collusion we would probably be there already.

What I want to know..

[jcr]

Is why the HELL anyone is trying to build a voting machine around an unsecureable platform in the first place? If these vendors want to sell systems that have specific requirements for auditability and securability, they can either comply with the requirements or fuck off.

-jcr

Re:What I want to know..

[WrongSizeGlass]

Is why the HELL anyone is trying to build a voting machine around an unsecureable platform in the first place? Because you can't rig an election if the voting machines are secure.

Re:Nothing to see here. Move along.

[Vulva+R.+Thompson,+P]

I click on them all the time.

It's a deliciously satisfying way of transferring cold hard cash from Microsoft's wallet to Slashdot and Google.

Don't Trust Microsoft With Our Elections...

[Eric+Damron]

It seems to me that what Microsoft is asking is that we "trust them" without having earned that trust. Without seeing the code how do I know that there isn't a backdoor?

Microsoft's security record has been dismal to put it politely. I certainly don't want to gamble my freedoms on a company that can't secure its own operating system and a company who has shown flagrant disregard for our laws.

As far I'm concerned Microsoft has shown that it will do almost anything to get what it wants. We don't need the fairness of our elections endangered by a company unwilling to provide transparency.

Still missing the problem

[Touvan]

Source code or not, you can't look inside the machine and see what's running on it while it's running. Not ever. It doesn't matter who has access to whatever source code. It's just too easy for a very small number of people (or even just one) to tamper with these machines, and leave absolutely no meaningful trace. Anyone caught up in the source code debate has missed the problem.

Re:Just make the database public

[Phroggy]

The system does not record who voted which way. The only way to link a vote with the voter is via the index number and private key printed on the voter's slip, which he is free to shred, eat, burn, whatever. I think it may even be possible to validate that the votes match by comparing the encrypted votes, without ever looking at the plaintext vote. It's been a while since I did the RSA key pair stuff. If you vote for my candidate, then bring me your slip with the private key so I can verify it online, I'll pay you $20.