NY Legislature Rejects "Microsoft Amendment"

← Back to Stories (view on slashdot.org)

NY Legislature Rejects "Microsoft Amendment"

Posted by kdawson on Tuesday June 26, 2007 @09:50AM from the joy-in-mudville dept.

An anonymous reader writes "Finally, some good news on electronic voting. The New York state legislature rejected an amendment proposed by Microsoft's lobbyists which would have gutted New York's requirements for voting machine vendors to turn over their source code to the state Board of Elections. Assemblywoman Barbara Lifton commented: 'The voting machine vendors have known for two years what our laws said. Now they're saying that those parts of their systems using Microsoft software have to be proprietary? It's just wrong.'"

17 of 223 comments (clear)

Min score:

Reason:

Sort:

no its not by Zeinfeld · 2007-06-26 09:55 · Score: 4, Insightful

I agree that the voting code should be published.
But platform code that is obtained from a third party vendor should be acceptable provided that it is widely used as a general purpose platform and there is a reliable demonstration that the code has not been modified.
I would rather see voting platforms built on microsoft trustworthy computing platforms without code review of the platform part of the system than built on a platform where I cannot be sure what code is running.
The code reviews are useless unless I am sure that the machines actually run the code that was reviewed.
Of course paper and pencil requires no code review.

--
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
1. Re:no its not by Anonymous Coward · 2007-06-26 10:05 · Score: 5, Insightful
  
  The solution is to create a system where you don't have to trust the source code to begin with
  
  Touchscreen, vote, hit done, the machine prints a paper ballot. You review said ballot and deposit the paper ballot in the ballot box.
  
  What could be simpler and less prone to manipulation or error?
  
  In that scenario, you don't have to know jack shit about the voting machine or its source code. It doesn't matter. The voter reviews the output, not the internals. If people start noticing that a certain machine or certain brand of machines prints incorrect ballots frequently, well then steps can be taken to figure out why.
  
  But the end to end system can't be gamed.
  
  There is no level of code review or "trusted computing platform" specification that will provide anywhere NEAR that level of trust and confidence in the system. Add to that the fact that you have an incontrovertible source of paper ballots for recounts, what more does anyone want? why do we put up with anything less?
2. Re:no its not by WindBourne · 2007-06-26 10:59 · Score: 4, Insightful
  
  palladium says that the OS that was installed on the OS was not modified from what the controller wants. It does NOTHING to guarantee that the OS was not compromised before being put on there. I will take a locally compiled version of BSD and/or Linux. In fact, better yet, I will take something that is DO-178B compliant in which the feds have already looked over it, and still looked over. BTW, when MS was asked if they would submit one of their OSs for Do-178B, they asked for the certs. A month later when asked, they laughed the CEO out. They said that NONE of their OSs could come close to close inspection.
  
  --
  I prefer the "u" in honour as it seems to be missing these days.
3. Re:no its not by Original+Replica · 2007-06-26 11:22 · Score: 5, Interesting
  
  In this particular case the risk of a trapdoor in the platform code is a lower concern than the risk of the running code being substituted on the final machine.
  
  IANAProgrammer, But for this application neither is acceptable.
  Given what the code is required to do (allow for the selection of a vote in each catagory, record said votes, provide totals for each catagory) shouldn't the code be blindingly simple? Give me ANSI graphics and no mouse driver. Give me three imputs: cursor up, cursor down, enter/select. Hell, it can print out on a dot matrix. It should be a requirement that the code be small enough to be reviewed completely, without excessive effort.
  
  --
  We are all just people.
4. Re:no its not by KlomDark · 2007-06-26 11:35 · Score: 4, Interesting
  
  There's a better system than that - your vote is stored in a database, but your vote is also printed out for you to review. You then put the paper in a box that is kept under lock and key. For quick results, the database count is the one that is looked at. However, any third party can request to count the paper votes and compare them to the database count. If they do not match, then there is a physical audit trail to show that someone was monkeying with the software. This way, we get fast results, and verification.
  
  Trust, then verify, is the solution in this case.
5. Re:no its not by amRadioHed · 2007-06-26 12:18 · Score: 4, Insightful
  
  There is NOTHING wrong with a paper vote other than taking so long. Not that it even takes that long. Most results are in by the 11 O'clock news. In a close race you may need to wait till the morning to get your election results. Who cares?
  
  Electronic voting machines are the solution to a problem that doesn't exist and only result in complicating things immensely and making the results less reliable. I don't see the benefits.
  
  --
  We hope your rules and wisdom choke you / Now we are one in everlasting peace
6. Re:no its not by nschubach · 2007-06-26 12:35 · Score: 4, Interesting
  
  Doesn't the Microsoft EULA state that their OS is not to be used in mission critical applications or applications where the lives of people could be at risk anyway? I remember reading that on the NT4 EULA. Not sure if it remained in the text...
  
  --
  Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
Glad to see NYS grew a pair... by Coopjust · 2007-06-26 10:01 · Score: 4, Insightful

After that amendment passed, I was worried about NYS letting this fly. I'm glad to see that the legislators are attentive.

The real question is: What does Microsoft have to hide from election officials?
-Are they worrying that the source will be leaked?
-Due to the above fear, is MS afraid of getting crap from the DRM loving media cartels?
-Is there something in the code that MS doesn't want seen?
-Are they afraid this mentality hurts the "security through obscurity" idea?

Of course this is all speculation. I'm just so curious why Microsoft is so opposed to sharing their code with a state government.
1. Re:Glad to see NYS grew a pair... by WrongSizeGlass · 2007-06-26 10:11 · Score: 5, Insightful
  
  I'm no fan of MS in any way, shape or form, but I can completely understand their reluctance to hand over their source code. In this day and age there is a good chance that it would be leaked faster than you can say BitTorrent.
  
  If the price of admission into the eVoting game is handing over their source code then they made a wise business decision. It's far too small of a market for MS to chance exposing Windows source (and all the security breaches that would soon follow). In the big picture of things, MS made the right decision. That aside, they still suck for trying to sneak that amendment in.
What I want to know.. by jcr · 2007-06-26 10:03 · Score: 4, Insightful

Is why the HELL anyone is trying to build a voting machine around an unsecureable platform in the first place? If these vendors want to sell systems that have specific requirements for auditability and securability, they can either comply with the requirements or fuck off.

-jcr

--
The only title of honor that a tyrant can grant is "Enemy of the State."
Re:Nothing to see here. Move along. by Vulva+R.+Thompson,+P · 2007-06-26 10:05 · Score: 5, Insightful

I click on them all the time.

It's a deliciously satisfying way of transferring cold hard cash from Microsoft's wallet to Slashdot and Google.
I don't want to rain on everyone's parade but..... by putch · 2007-06-26 10:37 · Score: 4, Interesting

the legislature didn't actually "reject" it. they just didnt pass it. and yes, they concluded their regularly scheduled legislative session last week. BUT, they're expected back for a "special" session in July, and the governor has implied that he will call them back several times.

students of the NYS legislature will also tell you that the "special" sessions tend to be when the sneakiest things go on in NYS because, in general, they garner less attention and most of the legislators just want to make it as quick as possible and get back to their families.

that being said, NY does have a very strong voting rights coalition with a number of very smart and talented people working very hard to make sure that this DOESNT go through.

one good thing did happen at the end of session. is that NYVV's (New Yorker's for Verified Voting) Bo Lipari (who's been leading the charge AGAINST microsoft's lobbyists) has been granted a seat at the table. the citizen's advisory board now has statutory authority. which means that when the board of elections makes decisions about this stuff he's got a seat at the table to help shape the outcome.

--
just because I don't care doesn't mean I don't understand!
Re:Nothing to see here. Move along. by jamie · 2007-06-26 11:08 · Score: 4, Funny

You rock!!
Re:Nothing to see here. Move along. by lena_10326 · 2007-06-26 11:21 · Score: 5, Interesting

I click on them all the time. It's a deliciously satisfying way of transferring cold hard cash from Microsoft's wallet to Slashdot and Google.
And you're also diluting the CPA, which is the real measure of ad performance. http://en.wikipedia.org/wiki/Cost_Per_Action

Of course, you by yourself won't have much impact but there would be if 1% of Slashdot's reader base did.

--
Camping on quad since 1996.
Risk analysis by grcumb · 2007-06-26 12:33 · Score: 4, Interesting
So the only reason someone would disagree with your point of view is that they are paid to do so?

Without agreeing with the rhetorical gist of the GP, I believe the point being made was that the suggestion was so absurd that nobody would put it forward unless they were paid to do so.

I disagree with that premise, but I do agree that obscuring any aspect of a voting system that is being used to decide, among other things, the next president of the United Sates is the height of folly.

Security is risk control, not risk elimination. In this particular case the risk of a trapdoor in the platform code is a lower concern than the risk of the running code being substituted on the final machine.

Risk is measured as a combination of:
- How easy it is to attack using a particular vector;
- What the payoff will be for the attacker;
- What the cost will be to the defender if the exploit succeeds;
- What the cost of securing that vector is.
In this case, the prize is political control of the most powerful nation in the world. So we need to ask ourselves: How much are fair and free elections worth? What, in effect, is the price of the democratic process in the US?

I think it's worth billions of dollars. That means stringent code review, impeccable chain of custody and constant supervision. Saving a few bucks by using an off-the-shelf operating system - especially one that is orders of magnitude more complex than what is actually required - that's absurd, in my opinion.
--
Crumb's Corollary: Never bring a knife to a bun fight.
Simplify the hardware by Stephen+Ma · 2007-06-26 12:46 · Score: 4, Interesting

Simplify the hardware; you don't need the latest, fanciest CPU if all you want to do is count.
Buy a batch of Z-80s or even 8080s; they are still being made. The design is so old that it's unlikely to have been compromised; but if you are really paranoid, the circuitry of an 8-bit CPU is simple enough that you could easily verify it by hand. Build a little voting box around one of those chips, and you're done.
The design would take half a year and cost less than a $1 million -- which is peanuts when the goal is to ensure the honesty of a democracy's most important event.
Still missing the problem by Touvan · 2007-06-26 12:57 · Score: 4, Insightful

Source code or not, you can't look inside the machine and see what's running on it while it's running. Not ever. It doesn't matter who has access to whatever source code. It's just too easy for a very small number of people (or even just one) to tamper with these machines, and leave absolutely no meaningful trace. Anyone caught up in the source code debate has missed the problem.

--
http://www.unfocus.com/