Slashdot Mirror

← Back to Stories (view on slashdot.org)

NY Legislature Rejects "Microsoft Amendment"

Posted by kdawson on from the joy-in-mudville dept.

An anonymous reader writes "Finally, some good news on electronic voting. The New York state legislature rejected an amendment proposed by Microsoft's lobbyists which would have gutted New York's requirements for voting machine vendors to turn over their source code to the state Board of Elections. Assemblywoman Barbara Lifton commented: 'The voting machine vendors have known for two years what our laws said. Now they're saying that those parts of their systems using Microsoft software have to be proprietary? It's just wrong.'"

9 of 223 comments (clear)

  1. no its not by Zeinfeld · · Score: 4, Insightful
    I agree that the voting code should be published.

    But platform code that is obtained from a third party vendor should be acceptable provided that it is widely used as a general purpose platform and there is a reliable demonstration that the code has not been modified.

    I would rather see voting platforms built on microsoft trustworthy computing platforms without code review of the platform part of the system than built on a platform where I cannot be sure what code is running.

    The code reviews are useless unless I am sure that the machines actually run the code that was reviewed.

    Of course paper and pencil requires no code review.

    --
    Looking for an Information Security student project suggestion?
    Try http://dotcrimeManifesto.com/
    1. Re:no its not by Anonymous Coward · · Score: 5, Insightful

      The solution is to create a system where you don't have to trust the source code to begin with

      Touchscreen, vote, hit done, the machine prints a paper ballot. You review said ballot and deposit the paper ballot in the ballot box.

      What could be simpler and less prone to manipulation or error?

      In that scenario, you don't have to know jack shit about the voting machine or its source code. It doesn't matter. The voter reviews the output, not the internals. If people start noticing that a certain machine or certain brand of machines prints incorrect ballots frequently, well then steps can be taken to figure out why.

      But the end to end system can't be gamed.

      There is no level of code review or "trusted computing platform" specification that will provide anywhere NEAR that level of trust and confidence in the system. Add to that the fact that you have an incontrovertible source of paper ballots for recounts, what more does anyone want? why do we put up with anything less?

    2. Re:no its not by WindBourne · · Score: 4, Insightful

      palladium says that the OS that was installed on the OS was not modified from what the controller wants. It does NOTHING to guarantee that the OS was not compromised before being put on there. I will take a locally compiled version of BSD and/or Linux. In fact, better yet, I will take something that is DO-178B compliant in which the feds have already looked over it, and still looked over. BTW, when MS was asked if they would submit one of their OSs for Do-178B, they asked for the certs. A month later when asked, they laughed the CEO out. They said that NONE of their OSs could come close to close inspection.

      --
      I prefer the "u" in honour as it seems to be missing these days.
    3. Re:no its not by amRadioHed · · Score: 4, Insightful

      There is NOTHING wrong with a paper vote other than taking so long. Not that it even takes that long. Most results are in by the 11 O'clock news. In a close race you may need to wait till the morning to get your election results. Who cares?

      Electronic voting machines are the solution to a problem that doesn't exist and only result in complicating things immensely and making the results less reliable. I don't see the benefits.
      --
      We hope your rules and wisdom choke you / Now we are one in everlasting peace
  2. Glad to see NYS grew a pair... by Coopjust · · Score: 4, Insightful

    After that amendment passed, I was worried about NYS letting this fly. I'm glad to see that the legislators are attentive.

    The real question is: What does Microsoft have to hide from election officials?
    -Are they worrying that the source will be leaked?
    -Due to the above fear, is MS afraid of getting crap from the DRM loving media cartels?
    -Is there something in the code that MS doesn't want seen?
    -Are they afraid this mentality hurts the "security through obscurity" idea?

    Of course this is all speculation. I'm just so curious why Microsoft is so opposed to sharing their code with a state government.

    1. Re:Glad to see NYS grew a pair... by WrongSizeGlass · · Score: 5, Insightful

      I'm no fan of MS in any way, shape or form, but I can completely understand their reluctance to hand over their source code. In this day and age there is a good chance that it would be leaked faster than you can say BitTorrent.

      If the price of admission into the eVoting game is handing over their source code then they made a wise business decision. It's far too small of a market for MS to chance exposing Windows source (and all the security breaches that would soon follow). In the big picture of things, MS made the right decision. That aside, they still suck for trying to sneak that amendment in.

  3. What I want to know.. by jcr · · Score: 4, Insightful

    Is why the HELL anyone is trying to build a voting machine around an unsecureable platform in the first place? If these vendors want to sell systems that have specific requirements for auditability and securability, they can either comply with the requirements or fuck off.

    -jcr

    --
    The only title of honor that a tyrant can grant is "Enemy of the State."
  4. Re:Nothing to see here. Move along. by Vulva+R.+Thompson,+P · · Score: 5, Insightful

    I click on them all the time.

    It's a deliciously satisfying way of transferring cold hard cash from Microsoft's wallet to Slashdot and Google.

  5. Still missing the problem by Touvan · · Score: 4, Insightful

    Source code or not, you can't look inside the machine and see what's running on it while it's running. Not ever. It doesn't matter who has access to whatever source code. It's just too easy for a very small number of people (or even just one) to tamper with these machines, and leave absolutely no meaningful trace. Anyone caught up in the source code debate has missed the problem.

    --
    http://www.unfocus.com/