Slashdot Mirror
NY Legislature Rejects "Microsoft Amendment"
An anonymous reader writes "Finally, some good news on electronic voting. The New York state legislature rejected an amendment proposed by Microsoft's lobbyists which would have gutted New York's requirements for voting machine vendors to turn over their source code to the state Board of Elections. Assemblywoman Barbara Lifton commented: 'The voting machine vendors have known for two years what our laws said. Now they're saying that those parts of their systems using Microsoft software have to be proprietary? It's just wrong.'"
But platform code that is obtained from a third party vendor should be acceptable provided that it is widely used as a general purpose platform and there is a reliable demonstration that the code has not been modified.
I would rather see voting platforms built on microsoft trustworthy computing platforms without code review of the platform part of the system than built on a platform where I cannot be sure what code is running.
The code reviews are useless unless I am sure that the machines actually run the code that was reviewed.
Of course paper and pencil requires no code review.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
After that amendment passed, I was worried about NYS letting this fly. I'm glad to see that the legislators are attentive.
The real question is: What does Microsoft have to hide from election officials?
-Are they worrying that the source will be leaked?
-Due to the above fear, is MS afraid of getting crap from the DRM loving media cartels?
-Is there something in the code that MS doesn't want seen?
-Are they afraid this mentality hurts the "security through obscurity" idea?
Of course this is all speculation. I'm just so curious why Microsoft is so opposed to sharing their code with a state government.
Is why the HELL anyone is trying to build a voting machine around an unsecureable platform in the first place? If these vendors want to sell systems that have specific requirements for auditability and securability, they can either comply with the requirements or fuck off.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
I click on them all the time.
It's a deliciously satisfying way of transferring cold hard cash from Microsoft's wallet to Slashdot and Google.
It seems to me that what Microsoft is asking is that we "trust them" without having earned that trust. Without seeing the code how do I know that there isn't a backdoor?
Microsoft's security record has been dismal to put it politely. I certainly don't want to gamble my freedoms on a company that can't secure its own operating system and a company who has shown flagrant disregard for our laws.
As far I'm concerned Microsoft has shown that it will do almost anything to get what it wants. We don't need the fairness of our elections endangered by a company unwilling to provide transparency.
The race isn't always to the swift... but that's the way to bet!
the legislature didn't actually "reject" it. they just didnt pass it. and yes, they concluded their regularly scheduled legislative session last week. BUT, they're expected back for a "special" session in July, and the governor has implied that he will call them back several times.
students of the NYS legislature will also tell you that the "special" sessions tend to be when the sneakiest things go on in NYS because, in general, they garner less attention and most of the legislators just want to make it as quick as possible and get back to their families.
that being said, NY does have a very strong voting rights coalition with a number of very smart and talented people working very hard to make sure that this DOESNT go through.
one good thing did happen at the end of session. is that NYVV's (New Yorker's for Verified Voting) Bo Lipari (who's been leading the charge AGAINST microsoft's lobbyists) has been granted a seat at the table. the citizen's advisory board now has statutory authority. which means that when the board of elections makes decisions about this stuff he's got a seat at the table to help shape the outcome.
just because I don't care doesn't mean I don't understand!
You sure as hell wont be seeing it. It'll be shown to a couple of high profile professional auditors who will give it the green or red light, and that's that. At NO point will the public see it.
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
You rock!!
Up here in Canada, federal elections are administered by a single Federal body; Elections Canada. That means the ballot you get in Toronto is identical in structure to the ballot you'll get on Baffin Island. There's a single standard for marking and counting ballots. The provinces have control of their own elections, obviously, but tend to follow standards very close to that set out by Elections Canada. Only at the lower levels can things be a little different. In my city, they have vote-counting machines and those ballots where you color in the selections you want. Still, even with that automated system (which has been in use in many jurisdictions in North America for decades) there is still the key paper trail, so that if the election is contested, you can go back to a good ol' fashioned recount.
The only argument I've seen against pen and paper ballots for the US is that, unlike some countries, a lot of different elections get tossed on top of congressional, presidential or state elections. Various local positions, voter initiatives, referrenda and the like get tossed into the brew, so that paper ballots could get to be quite volumnious, and possibly confusing, and I guess there is some advantage there to an electronic voting system which can make display of such complicated ballots much easier.
The world's burning. Moped Jesus spotted on I50. Details at 11.
Of course, you by yourself won't have much impact but there would be if 1% of Slashdot's reader base did.
Camping on quad since 1996.
thats why you don't trust them, and make them count in pairs with strict oversight, rotating the pairs and doing random checks. clearly you know nothing of how they count ballots.
If you mod me down, I will become more powerful than you can imagine....
Australia has some e-voting software that is open sourced, http://www.elections.act.gov.au/Elecvote.html also has a link to the source code.
My ism, it's full of beliefs.
Without agreeing with the rhetorical gist of the GP, I believe the point being made was that the suggestion was so absurd that nobody would put it forward unless they were paid to do so.
I disagree with that premise, but I do agree that obscuring any aspect of a voting system that is being used to decide, among other things, the next president of the United Sates is the height of folly.
Risk is measured as a combination of:
In this case, the prize is political control of the most powerful nation in the world. So we need to ask ourselves: How much are fair and free elections worth? What, in effect, is the price of the democratic process in the US?
I think it's worth billions of dollars. That means stringent code review, impeccable chain of custody and constant supervision. Saving a few bucks by using an off-the-shelf operating system - especially one that is orders of magnitude more complex than what is actually required - that's absurd, in my opinion.
Crumb's Corollary: Never bring a knife to a bun fight.
Buy a batch of Z-80s or even 8080s; they are still being made. The design is so old that it's unlikely to have been compromised; but if you are really paranoid, the circuitry of an 8-bit CPU is simple enough that you could easily verify it by hand. Build a little voting box around one of those chips, and you're done.
The design would take half a year and cost less than a $1 million -- which is peanuts when the goal is to ensure the honesty of a democracy's most important event.
I am not a programmer, so maybe I'm way off base here, but how complicated could this code be?
I can't think of any reasons why Microsoft is being difficult here. I can't think of any complex algorithms you'd have to invent and therefore protect to display and count votes.
If I understand the problem correctly (please correct me if not - but I did RTFA, and went to the source, Bo Lipari's blog as well, and also to his organization's web site), the requirement is not for MS to escrow the code for the *voting* software; MS aren't writing it anyway, Diebold and others are. The requirement is that, since some manufacturers of the above-mentioned voting software wrote it for Windows, MS is supposed to escrow all the *Windows* source code to NYC. This is very silly IMHO (from an engineering point of view), but of course reason needn't apply.
Obviously, MS doesn't want to escrow all the Windows source to a bunch of political hacks. This has been presented on Slashdot as an attack by Microsoft on democracy and mum' apple pie, but what I believe is really hapenning is just a local political maneuver, as follows:
The hullabaloo was started by a certain Mr. Lipari who seems to have a complete dislike for any kind of electronic voting. IMHO, he invented this specific requirement knowing it's totally ridiculous. He presented it as defending democracy, and managed to sell it to the public. His intention is rather, I believe, to torpedo the whole e-voting concept in NY by getting ignorant politicians to vote for impossible requirements. Well, good for him - he seems to have succeeded. And if e-voting companies switch to Linux of FreeBSD or Windows CE (or any OS with available source code) he'll then ask for the BIOS, and the CPU firmware, and so on, until they give up.
Source code or not, you can't look inside the machine and see what's running on it while it's running. Not ever. It doesn't matter who has access to whatever source code. It's just too easy for a very small number of people (or even just one) to tamper with these machines, and leave absolutely no meaningful trace. Anyone caught up in the source code debate has missed the problem.
http://www.unfocus.com/
The voting machine has a public/private key pair. It generates a random public/private key pair in between votes which stays resident only in memory (is not written to disk). When you vote, your votes are coded. It's then encrypted with the voter's private key and the voting machine's public key. The voter's plaintext vote, an index number, the encrypted vote, his private key, and the voting machine's public key are then printed on a piece of paper the voter can take home. The voting machine then stores the encrypted vote and the voter's public key. Nothing else.
When tallying the votes, each machine runs through its stored votes, decrypting the record of encrypted votes using each voter's public key and the machine's private key. All this information is then sent to a central vote tallying database. The unencrypted votes are used for the official tally. The encrypted votes are used as proof against tampering. The index is used to allow voters to query the database.
Once home, the voter can log into the vote tally web site. He can query the database to make sure it's recorded his vote right. He asks it to send the vote recorded with his index number. It takes the unencrypted vote, encrypts it with the voting machine's private key and the public key associated with that index and sends it to him. His computer then uses the voting machine's public key and his private key to decrypt it. If all went well, it should match what's on his printout.
The only way I can think of to commit vote fraud against this system would be by stuffing the ballot box with false votes. And even there you could do a sanity check by comparing the number of votes cast by the number of voters the precinct operators counted (they mark off your name after you vote, so it's fairly easy to count how many names they've marked off).
That's all I can think of off the top of my head.