Slashdot Mirror
NY Legislature Rejects "Microsoft Amendment"
An anonymous reader writes "Finally, some good news on electronic voting. The New York state legislature rejected an amendment proposed by Microsoft's lobbyists which would have gutted New York's requirements for voting machine vendors to turn over their source code to the state Board of Elections. Assemblywoman Barbara Lifton commented: 'The voting machine vendors have known for two years what our laws said. Now they're saying that those parts of their systems using Microsoft software have to be proprietary? It's just wrong.'"
the legislature didn't actually "reject" it. they just didnt pass it. and yes, they concluded their regularly scheduled legislative session last week. BUT, they're expected back for a "special" session in July, and the governor has implied that he will call them back several times.
students of the NYS legislature will also tell you that the "special" sessions tend to be when the sneakiest things go on in NYS because, in general, they garner less attention and most of the legislators just want to make it as quick as possible and get back to their families.
that being said, NY does have a very strong voting rights coalition with a number of very smart and talented people working very hard to make sure that this DOESNT go through.
one good thing did happen at the end of session. is that NYVV's (New Yorker's for Verified Voting) Bo Lipari (who's been leading the charge AGAINST microsoft's lobbyists) has been granted a seat at the table. the citizen's advisory board now has statutory authority. which means that when the board of elections makes decisions about this stuff he's got a seat at the table to help shape the outcome.
just because I don't care doesn't mean I don't understand!
That is a warranty issue between the buyer (local or state government) and the seller. It is immaterial to the issue at hand.
The proposed code reviews are not for warranty issues, they are to ensure that the vote is not being manipulated. And that is a very, very tall order for a code review to provide (especially system wide, with removable cards and databases and hardware issues, etc.)
For example, I don't give a rat's ass what warranty agreement McDonalds has with its point-of-sale terminal provider. I also don't need to do a code review on the POS terminal. I review it's output. If I get the proper order in my hands for the expected amount of money, I am satisfied with the machine. Otherwise I would complain, and eventually McDonalds would have to figure out WTF is wrong with its POS.
Same thing should apply to me as a voter. If I get the expected paper ballot out of the machine, I'm done and turn the ballot in to be counted. Any other details (up time, failures, paper jams, etc.) are not my concern as a voter (they might be my concern as a taxpayer of course). And those problems are likely not going to be solved by some code jockey doing an audit of the underlying C code.
Of course, you by yourself won't have much impact but there would be if 1% of Slashdot's reader base did.
Camping on quad since 1996.
In this particular case the risk of a trapdoor in the platform code is a lower concern than the risk of the running code being substituted on the final machine.
IANAProgrammer, But for this application neither is acceptable.
Given what the code is required to do (allow for the selection of a vote in each catagory, record said votes, provide totals for each catagory) shouldn't the code be blindingly simple? Give me ANSI graphics and no mouse driver. Give me three imputs: cursor up, cursor down, enter/select. Hell, it can print out on a dot matrix. It should be a requirement that the code be small enough to be reviewed completely, without excessive effort.
We are all just people.
There's a better system than that - your vote is stored in a database, but your vote is also printed out for you to review. You then put the paper in a box that is kept under lock and key. For quick results, the database count is the one that is looked at. However, any third party can request to count the paper votes and compare them to the database count. If they do not match, then there is a physical audit trail to show that someone was monkeying with the software. This way, we get fast results, and verification.
Trust, then verify, is the solution in this case.
Australia has some e-voting software that is open sourced, http://www.elections.act.gov.au/Elecvote.html also has a link to the source code.
My ism, it's full of beliefs.
Without agreeing with the rhetorical gist of the GP, I believe the point being made was that the suggestion was so absurd that nobody would put it forward unless they were paid to do so.
I disagree with that premise, but I do agree that obscuring any aspect of a voting system that is being used to decide, among other things, the next president of the United Sates is the height of folly.
Risk is measured as a combination of:
In this case, the prize is political control of the most powerful nation in the world. So we need to ask ourselves: How much are fair and free elections worth? What, in effect, is the price of the democratic process in the US?
I think it's worth billions of dollars. That means stringent code review, impeccable chain of custody and constant supervision. Saving a few bucks by using an off-the-shelf operating system - especially one that is orders of magnitude more complex than what is actually required - that's absurd, in my opinion.
Crumb's Corollary: Never bring a knife to a bun fight.
Doesn't the Microsoft EULA state that their OS is not to be used in mission critical applications or applications where the lives of people could be at risk anyway? I remember reading that on the NT4 EULA. Not sure if it remained in the text...
Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
Buy a batch of Z-80s or even 8080s; they are still being made. The design is so old that it's unlikely to have been compromised; but if you are really paranoid, the circuitry of an 8-bit CPU is simple enough that you could easily verify it by hand. Build a little voting box around one of those chips, and you're done.
The design would take half a year and cost less than a $1 million -- which is peanuts when the goal is to ensure the honesty of a democracy's most important event.
This battle in the NY state legislature was between Microsoft's lobbyists for proprietary voting machines vs IBM's lobbyists to make the machines open and auditable outside the closed certification system that is totally rigged to sell vendor products.
IBM has won this battle. Possibly because it's a NY state based company (Armonk, NY). The trick will be seeing this victory applied elsewhere in the country.
NY is famous for being tough, smart and understanding security. I hope other people in other states are lucky enough to follow our lead.
--
make install -not war
Simplify the architecture as far as possible. Like, 1980s architecture simple. Publish all the code publicly, so as many people as want to can comb over it. Make the 'bootstrapping' of the compiler chain a public event, open to observers. Use a hardware design that's as simple as possible, using parts that are old and widely understood. Make one single, standard reference design, and test/audit the hell out of it. Allow opposing political parties to act as observers during the election and vote-counting process. Keep an audit trail and make that public, too.
Alternately, just use pencils and learn to be slightly more patient than usual. The whole desire for electronic voting is due to a desire for immediate gratification and a pointless requirement to have the votes tallied on the same day as the election. It's stupid; voting is the most important thing in our government, if it takes a week, it takes a week. Democracy functioned without e-voting; we're just making the system more opaque than it needs to be.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."