Slashdot Mirror
NY Legislature Rejects "Microsoft Amendment"
An anonymous reader writes "Finally, some good news on electronic voting. The New York state legislature rejected an amendment proposed by Microsoft's lobbyists which would have gutted New York's requirements for voting machine vendors to turn over their source code to the state Board of Elections. Assemblywoman Barbara Lifton commented: 'The voting machine vendors have known for two years what our laws said. Now they're saying that those parts of their systems using Microsoft software have to be proprietary? It's just wrong.'"
Who reacted with a HA! HA! Nelson is my copilot...
But platform code that is obtained from a third party vendor should be acceptable provided that it is widely used as a general purpose platform and there is a reliable demonstration that the code has not been modified.
I would rather see voting platforms built on microsoft trustworthy computing platforms without code review of the platform part of the system than built on a platform where I cannot be sure what code is running.
The code reviews are useless unless I am sure that the machines actually run the code that was reviewed.
Of course paper and pencil requires no code review.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Sorry Steve, Bill - but some of us want to see what these things actually do when we use 'em to cast a vote.
Meanwhile, I'm damned sure that somebody in Diebold went all Ballmer on the furniture... though I can't wait to see their source code ; I'm sure it's gonna be worth some huge laughs @ your nearest code-monkey pit, punctuated with lots of sounds along the lines of: "WTF were these asshats THINKING!?".
Quo usque tandem abutere, Nimbus, patientia nostra?
After that amendment passed, I was worried about NYS letting this fly. I'm glad to see that the legislators are attentive.
The real question is: What does Microsoft have to hide from election officials?
-Are they worrying that the source will be leaked?
-Due to the above fear, is MS afraid of getting crap from the DRM loving media cartels?
-Is there something in the code that MS doesn't want seen?
-Are they afraid this mentality hurts the "security through obscurity" idea?
Of course this is all speculation. I'm just so curious why Microsoft is so opposed to sharing their code with a state government.
Is why the HELL anyone is trying to build a voting machine around an unsecureable platform in the first place? If these vendors want to sell systems that have specific requirements for auditability and securability, they can either comply with the requirements or fuck off.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
I click on them all the time.
It's a deliciously satisfying way of transferring cold hard cash from Microsoft's wallet to Slashdot and Google.
It seems to me that what Microsoft is asking is that we "trust them" without having earned that trust. Without seeing the code how do I know that there isn't a backdoor?
Microsoft's security record has been dismal to put it politely. I certainly don't want to gamble my freedoms on a company that can't secure its own operating system and a company who has shown flagrant disregard for our laws.
As far I'm concerned Microsoft has shown that it will do almost anything to get what it wants. We don't need the fairness of our elections endangered by a company unwilling to provide transparency.
The race isn't always to the swift... but that's the way to bet!
Why isn't there an open source voting machine?
It should be constructed of off-the-shelf parts and it should run open source code!
Now don't mod me troll, but remind me again, what is so horrific about paper ballots? I know Florida had a huge fiasco in 2000 with them, but that had to do with punches, not filling in a bubble or anything....
the legislature didn't actually "reject" it. they just didnt pass it. and yes, they concluded their regularly scheduled legislative session last week. BUT, they're expected back for a "special" session in July, and the governor has implied that he will call them back several times.
students of the NYS legislature will also tell you that the "special" sessions tend to be when the sneakiest things go on in NYS because, in general, they garner less attention and most of the legislators just want to make it as quick as possible and get back to their families.
that being said, NY does have a very strong voting rights coalition with a number of very smart and talented people working very hard to make sure that this DOESNT go through.
one good thing did happen at the end of session. is that NYVV's (New Yorker's for Verified Voting) Bo Lipari (who's been leading the charge AGAINST microsoft's lobbyists) has been granted a seat at the table. the citizen's advisory board now has statutory authority. which means that when the board of elections makes decisions about this stuff he's got a seat at the table to help shape the outcome.
just because I don't care doesn't mean I don't understand!
Wouldn't be surprised if MS tried to consolidate voting procedures the same way they have tried to do with the entertainment market.
"New to the Xbox Live Marketplace, vote for your favorite U.S. Presidential Puppet in the new 'Red Vs. Blue' civic action feature."
Inserting [insert witty signature here] here does not constitute a witty signature.
There is NOTHING wrong with a paper vote other than taking so long.
Oh yeah? What about the honesty of the people who are counting those paper votes.
Ballot-stuffing and outright deliberate miscounts can and still do happen with paper votes. Even right here in the USA, and even right here in my home state of Texas not that very long ago.
You rock!!
Of course, you by yourself won't have much impact but there would be if 1% of Slashdot's reader base did.
Camping on quad since 1996.
Australia has some e-voting software that is open sourced, http://www.elections.act.gov.au/Elecvote.html also has a link to the source code.
My ism, it's full of beliefs.
Is it just me or are we all over analyzing what is effectively a glorified bean counter.
/. has agreed that a paper trail is necessary. Anyone including Diebold who refuses to make a machine with a paper trail is definitely up to no good and likely WANTS their machine to be insecure in order to allow for vote stuffing/miscounting/false results/etc... I mean its not like it hasnt been done before.
Sure we want it to be secure and transparent which means Open Source has the best option for this to occur. Anything that is closed source should *NOT* be trusted. This includes the platform/OS the system runs on.
And is it *REALLY* that hard to ask that there be a god damn paper trail? I think just about every single person on
09F911029D74E35BD84156C5635688C0
+2 Troll is Slashdot's way of saying groupthink is confused
Without agreeing with the rhetorical gist of the GP, I believe the point being made was that the suggestion was so absurd that nobody would put it forward unless they were paid to do so.
I disagree with that premise, but I do agree that obscuring any aspect of a voting system that is being used to decide, among other things, the next president of the United Sates is the height of folly.
Risk is measured as a combination of:
In this case, the prize is political control of the most powerful nation in the world. So we need to ask ourselves: How much are fair and free elections worth? What, in effect, is the price of the democratic process in the US?
I think it's worth billions of dollars. That means stringent code review, impeccable chain of custody and constant supervision. Saving a few bucks by using an off-the-shelf operating system - especially one that is orders of magnitude more complex than what is actually required - that's absurd, in my opinion.
Crumb's Corollary: Never bring a knife to a bun fight.
Buy a batch of Z-80s or even 8080s; they are still being made. The design is so old that it's unlikely to have been compromised; but if you are really paranoid, the circuitry of an 8-bit CPU is simple enough that you could easily verify it by hand. Build a little voting box around one of those chips, and you're done.
The design would take half a year and cost less than a $1 million -- which is peanuts when the goal is to ensure the honesty of a democracy's most important event.
I am not a programmer, so maybe I'm way off base here, but how complicated could this code be?
I can't think of any reasons why Microsoft is being difficult here. I can't think of any complex algorithms you'd have to invent and therefore protect to display and count votes.
If I understand the problem correctly (please correct me if not - but I did RTFA, and went to the source, Bo Lipari's blog as well, and also to his organization's web site), the requirement is not for MS to escrow the code for the *voting* software; MS aren't writing it anyway, Diebold and others are. The requirement is that, since some manufacturers of the above-mentioned voting software wrote it for Windows, MS is supposed to escrow all the *Windows* source code to NYC. This is very silly IMHO (from an engineering point of view), but of course reason needn't apply.
Obviously, MS doesn't want to escrow all the Windows source to a bunch of political hacks. This has been presented on Slashdot as an attack by Microsoft on democracy and mum' apple pie, but what I believe is really hapenning is just a local political maneuver, as follows:
The hullabaloo was started by a certain Mr. Lipari who seems to have a complete dislike for any kind of electronic voting. IMHO, he invented this specific requirement knowing it's totally ridiculous. He presented it as defending democracy, and managed to sell it to the public. His intention is rather, I believe, to torpedo the whole e-voting concept in NY by getting ignorant politicians to vote for impossible requirements. Well, good for him - he seems to have succeeded. And if e-voting companies switch to Linux of FreeBSD or Windows CE (or any OS with available source code) he'll then ask for the BIOS, and the CPU firmware, and so on, until they give up.
Source code or not, you can't look inside the machine and see what's running on it while it's running. Not ever. It doesn't matter who has access to whatever source code. It's just too easy for a very small number of people (or even just one) to tamper with these machines, and leave absolutely no meaningful trace. Anyone caught up in the source code debate has missed the problem.
http://www.unfocus.com/
This battle in the NY state legislature was between Microsoft's lobbyists for proprietary voting machines vs IBM's lobbyists to make the machines open and auditable outside the closed certification system that is totally rigged to sell vendor products.
IBM has won this battle. Possibly because it's a NY state based company (Armonk, NY). The trick will be seeing this victory applied elsewhere in the country.
NY is famous for being tough, smart and understanding security. I hope other people in other states are lucky enough to follow our lead.
--
make install -not war
The voting machine has a public/private key pair. It generates a random public/private key pair in between votes which stays resident only in memory (is not written to disk). When you vote, your votes are coded. It's then encrypted with the voter's private key and the voting machine's public key. The voter's plaintext vote, an index number, the encrypted vote, his private key, and the voting machine's public key are then printed on a piece of paper the voter can take home. The voting machine then stores the encrypted vote and the voter's public key. Nothing else.
When tallying the votes, each machine runs through its stored votes, decrypting the record of encrypted votes using each voter's public key and the machine's private key. All this information is then sent to a central vote tallying database. The unencrypted votes are used for the official tally. The encrypted votes are used as proof against tampering. The index is used to allow voters to query the database.
Once home, the voter can log into the vote tally web site. He can query the database to make sure it's recorded his vote right. He asks it to send the vote recorded with his index number. It takes the unencrypted vote, encrypts it with the voting machine's private key and the public key associated with that index and sends it to him. His computer then uses the voting machine's public key and his private key to decrypt it. If all went well, it should match what's on his printout.
The only way I can think of to commit vote fraud against this system would be by stuffing the ballot box with false votes. And even there you could do a sanity check by comparing the number of votes cast by the number of voters the precinct operators counted (they mark off your name after you vote, so it's fairly easy to count how many names they've marked off).
That's all I can think of off the top of my head.