Sequoia To Publish Source Code For Voting Machines

cecille writes "Voting machine maker Sequoia announced on Tuesday that they plan to release the source code for their new optical-scan voting machine. The source code will be released in November for public review. The company claims the announcement is unrelated to the recent release of the source code for a prototype voting machine by the Open Source Digital Voting Foundation. According to a VP quoted in the press release, 'Security through obfuscation and secrecy is not security.'"

plan to

[poetmatt]

okay, so they "plan to"

yet, we don't have a release yet.

is this to just avoid press or do people actually believe them?

Re:plan to

[TheKidWho]

No, everyone's out to trick you and lying.

Re:plan to

[kalirion]

Don't listen to parent, he is lying. So am I.

Re:plan to

[sunderland56]

Is there any guarantee that the source code they release is the actual code that will run on the machines during an election?

Re:plan to

okay, so they "plan to"

yet, we don't have a release yet.

is this to just avoid press or do people actually believe them?

Okay, so a few months back, Valve said they "plan to" release a sequel to Left 4 Dead.

Yet, we didn't have a release as soon as they said it.

Was that all just to incite fear in the population? Should we ever trust Valve again?

Re:plan to

[CityZen]

My thought exactly. In fact, there's no way to trust vendor-supplied hardware on this account, or any hardware of reasonable complexity at all.

I still think there's only one sensible way to do voting:

1. Let the voter fill in an optical scan form.
2. Let lots of different interested parties scan the form.
3. Verify that all parties have the same count after every form.
4. Lock the forms away in case a recount is needed.

If there's only one party doing the counting, they can never be trusted.
Only by having every competing interest do the counting (with constant cross-checking) can a system be potentially trusted.
Even then, you have to have enough parties involved to avoid the possibility of collusion.

Combine this with a system like Punchscan.org to add privacy, and maybe you've got something.

Re:plan to

[poetmatt]

wow, I didn't even think about that part.

Re:plan to

[Leafheart]

Is there any guarantee that the source code they release is the actual code that will run on the machines during an election?

Not unless they are forced to has the source released and the source on the machine. Upload it in front of the people and verify the hash.

Re:plan to

[shentino]

If only there was a way to verify a vote without compromising the anonymity of the voter.

Re:plan to

[RemyBR]

What if forms start to disappear between scans? For example, a party starts to "take care" of forms with votes contrary to them.

Re:plan to

[CityZen]

Yes, and what prevents the machine from then throwing that away and using the secondary code from the hidden hardware?

You cannot trust any single piece of hardware. That's why I suggested the only way to gain trust is through consensus (multiple parties doing the counting and checking each other).

Re:plan to

[CityZen]

Um, that's why I mentioned http://punchscan.org/ . Check it out.

Re:plan to

[CityZen]

This would result in an immediate discrepancy. But I take your point, in that there would need to be very careful handling of each & every scan sheet.

The fact that something "easy" like voting is hard (when there is motivation to hack the system) should be a lesson to every lawmaker and programmer. Laws & programs are easy to make when you can trust people to do the right thing all the time. But, in the real world, you need to design them both as if people will try to punch holes in them any way they can, because they will.

Re:plan to

[KillerBob]

Y'know, in Canada, we use this funky invention, called pen & paper for voting. You are given a ballot that clearly lists each candidate's name, their party affiliation, and has a white circle to the side. You make your mark in the circle of the candidate you want to vote for. If you mark more than one candidate, or if you mark outside of the circle, or make any kind of personally identifying mark on the ballot, your vote is considered spoiled and rejected. It's really idiot-proof, when you think about it... there's even a placard on display in the voting booths that shows examples of how to correctly mark the ballot, and what will cause your ballot to be rejected.

Each polling station has two members of staff, and will handle between 200-500 voters. At the end of polling day, those two will unseal the ballot box, and count the ballots. Each party has a right to have two representatives serve as scrutineers to make sure the count is done correctly. Once their count is completed, they report their count in to the returning officer for the electoral district. They then make arrangements to get the ballot box and its contents to the office of the RO. As the polling stations report in, their results are updated electronically with Elections, who can announce preliminary results. In cases where the count is close between candidates, a judicial recount is required, and candidats have the right to scrutinize the recount in order to make certain that it is done transparently and correctly. All the while, the anonymity of the vote is assured, because the ballot is rejected if it's personally identifiable. After the recount period, the returning officer will announce the official winner, which *usually* matches the preliminary results. It's an expensive way to do things (EC employs about 190,000 people during the average federal election), but we have our final and official results within days of polling day, not months.

Oh, and our elections are usually done in 36 days, not the year+ that American elections campaigns can take.

So yeah. If only there was a system where the vote could be verified efficiently, quickly, and while preserving the anonymity of the elector. Having a physical ballot where telling who the vote is for is idiot-proof, and where the candidates can oversee the ballot counting and have a right to contest a ballot that is invalid or miscounted... what a concept.

Re:plan to

[Bootarn]

There is

Re:plan to

[riverat1]

Open or closed source, how can you ever be sure what the software is on a device unless you personally compiled and loaded it? And even then what about the compiler and linker you used, the OS you're using, the BIOS and even the hardware itself?

Re:plan to

[sunderland56]

True - but in Canada, you are only voting for one person. The Senate is appointed, not elected; and you don't vote for Prime Minister at all.

In the USA, an election is actually about 50 simultaneous voting opportunities. You may be voting for your congressman, your senator, the President, your town mayor, several state-level positions, the county sheriff, a few propositions, your local school board... the list seems endless. The ballot is so long and so complicated that they have to mail out booklets to voters ahead of time just to explain all of the choices.

Also, remember that US elections are more frequent (at least once per year), and that there are roughly ten times the number of voters. Overall, while paper sounds like a great idea, I don't think it would work.

Re:plan to

[Phurge]

mod -5 stupid

Re:plan to

[KillerBob]

In the USA, an election is actually about 50 simultaneous voting opportunities. You may be voting for your congressman, your senator, the President, your town mayor, several state-level positions, the county sheriff, a few propositions, your local school board... the list seems endless. The ballot is so long and so complicated that they have to mail out booklets to voters ahead of time just to explain all of the choices.

That over-complication is what I was getting at. If there's multiple elections going on at the same time, great. Have a plebicite on every bill that passes before congress for all I care. But Don't put 50 different questions on the single ballot. The reason the Canadian system works is that it's so simple, and there's never more than one question on a ballot. If there's more than one question that needs to be asked, do it at multiple polling stations within the same building, with multiple different ballots. Or do a combined ballot, but stick with the large print, idiot-proof way of marking a ballot like we use. Crap like the whole dangling chads fiasco would never happen in the Canadian election system.

And as to your point about there being a lot more voters in the US... it's a fair point. But did you miss my point about each polling station being divided to have between 200-500 voters? 500 as the upper limit to keep it manageable for 2 people to count in a matter of hours, and 200 as a lower limit to preserve the anonymity of the vote... if a polling station only had 3 voters, it'd be too easy to tell who voted for what. There's no reason the same system couldn't be expanded to handle the size of the US electorate... our own election system was initially designed when the population of the country was significantly less than 1/10th what it is now.

Re:plan to

[Hurricane78]

As long as the voting machines are not completely locked high-security machines (what TCPA was *actually* meant to be for), and the source and binaries are signed and compiled by signed compilers inside the machine itself, one can meddle with it. Simple as that.

Of course then the process of signing the compiler would have to happen in an openly visible event, with the ability for third parties to check everything on the spot. Because as we know, one could simple modify a compiler, so that even if you compile a new version of the compiler with it, that does not have the bad code, the resulting binary still gets bad code. With no traces in the source.

Re:plan to

[CityZen]

What you describe has many of the elements that I suggested, such as the paper record and multiple parties overseeing the count.

Many parts of the US use a similar system. Unfortunately, the method of doing voting is not something that is set at the national level in the US. Every state has its own laws & regulations, and every county makes its own choices within what the state allows.

The result is that there are thousands of bodies making the same mistakes over and over again, being taken advantage of by voting machine companies, and generally making a big mess of things.

I think the US federal government should make certain regulations regarding voting, such as requiring a verifiable, recountable paper record, and requiring multiple party oversight of the counting process. Hopefully, within those requirements, opportunity for screwups will be reduced significantly.

Re:plan to

And, where, precisely would the thousands and thousands of poll workers come from to man these 50 different poll stations in the precinct? I've been a poll worker and a poll inspector in southern California, and it's hard to get enough volunteers to man the precincts we have now, so we wind up combining precincts into one polling place. It wouldn't be unusual, in a primary election, to have 5 or 6 different ballots for each precinct, each with different configurations (e.g. precinct A is voting for state assembly district 1, precinct B is voting for state assembly district 2, and each party has it's own candidates).

Then, too, there's the accessibility issue (one of the things driving electronic voting machines is so that voters who are blind, for instance, can vote by themselves, without using a poll worker to read the issues and mark the vote)

Re:plan to

[conureman]

In my county in California, We use the scanners to count the paper ballots, which get secured and stored in case recount or verification is needed. The hand-counting took an extra couple of hours, at worst, (and I don't think it is missed) which is not insignificant at the end of an already long day. We have a one-office ballot coming up in a few weeks, as a matter of fact; The task varies, but it is do-able.

Re:plan to

[david_thornley]

Here in Minnesota, we fill out an optical scan form. It's run through one scanner, and saved for later. A random selection of precincts does manual recounts, so that somebody will notice large discrepancies (the randomness of this has been questioned, though). If the reported vote is close enough, the law requires a manual recount; alternately, a losing candidate can ask for one.

It gets the vote totals in fairly fast, and these totals are accurate enough for most purposes. In event of a very close election, it's possible to do a manual recount. This isn't necessarily fast (the Senate contest recount and judging lasted through June), but it's no slower than doing manual from the beginning.

It's a little extra expense, but it looks to me to combine the best of electronic and manual voting.

Re:plan to

[wwahammy]

I know its nice to get up on your high horse but let me explain to you our situation. In Wisconsin our polls require at MINIMUM 4 poll workers, a chief voting inspector, an assistant chief voting inspector, and two people to sign in voters. The chief and assistant chief are usually of different political parties and rotate responsibilities for each election. The sign in workers use two different lists and the lists much match at all times.

We receive a set number of empty ballots. The number of ballots cast must match the number of ballots counted and any discrepancies must be accounted for (e.g. a voter made a mistake and needed a different ballot). Additionally the number of ballots cast must match the number of people signed in. I know this may sound silly but this is very important and we have to prevent discrepancies.

We use oddly enough a Sequoia optical scan system. This system is publicly tested a week before the election and any person may view this. Sample ballots are entered and the counts are verified to match. The pcmcia card with the voting software is put into a sealed plastic bag with a numbered pull tie. You can't open the envelope without wrecking it or breaking the pull tie. We verify the pull tie matches the previously recorded one. Once the pcmcia card is inserted a new numbered pull tie is used to lock the pcmcia slot. Also all the bins holding the completed ballots have numbered pull ties. All these numbers are verified when the pull tie is to be broken.

Our ballots require voters to draw a line next to the name of the candidate. The machine will reject bad ballots and give it back to the voter or if there's a write in they will be kept in a separate bin from the normal ballots. At all times we have a ballot where a voter made a mistake and the voter isn't there to fix it we try to figure out the voter's intent. If we can, we make a new ballot with the same votes and insert it into the machine, we must keep the original though.

When counting begins, we get the results from the machine's printout. We don't verify those results but we do verify the number of ballots and make sure that matches the number the machine says were cast. In the event of a close race or a candidate demands a recount, the ballots will be manually inspected. Anytime ballots are moved, any member of the public is allowed to witness it.

Tag story "noshit".

[cbiltcliffe]

According to a VP quoted in the press release, 'Security through obfuscation and secrecy is not security.'

About time they figured that out. Although it's probably still just some marketing PR-speak, rather than what they actually think....

Re:Tag story "noshit".

[SanityInAnarchy]

Right. Hell is a bit chilly, but hasn't frozen over until the source is actually released, and it's actually all of it, and under a tolerable license.

Re:Tag story "noshit".

[fuzzyfuzzyfungus]

Unfortunately, the "compiler" will turn out to be the binary installer for their previous version, with a new name...

Re:Tag story "noshit".

[SanityInAnarchy]

That's what I meant by "actually all of it."

Re:Tag story "noshit".

[kalirion]

Right. Hell is a bit chilly, but hasn't frozen over until the source is actually released, and it's actually all of it, and under a tolerable license.

What exactly do you mean by "tolerable license"? They're not planning to open source it (in the sense of allowing people to use it in their own products.)

Re:Tag story "noshit".

[Daniel_Staal]

How about a license that allows people to read it, comment on it (both pro and con) publicly without constraint, and doesn't automatically assume Sequioa own all voting-related code that person might subsequently write at some point in the future? (Obviously, that assumes the code isn't copied.)

That'd be about my minimum.

Re:Tag story "noshit".

[NotBornYesterday]

I don't think they are releasing it as open source, or under any open license. Rather, they are planning to publish their proprietary code for all to see.

Spokeswoman Michelle Shafer [...] said the firmware on the company’s new Frontier optical-scan machines is written in C# programming language and runs on Linux. The election management software - which sits on a computer at the election office and is used to create ballots and tabulate votes - runs on Microsoft Windows XP and uses a Microsoft SQL database.

Looks like they use a combination of open and closed source for their OSes. I wonder why they went with C# on Linux?

Re:Tag story "noshit".

[SanityInAnarchy]

I mean a license where I could look at the source and not have to sign away other rights.

For example: One kind of intolerable license is what the Flash specs used to be available under, which forbade anyone from reading them to develop a player. In other words, if I didn't read the Flash specs, I'd be allowed to work on Gnash, but if I did read the specs, I could only develop authoring and server-side tools.

I believe Adobe has fixed this recently, but you can see why I have a problem with that kind of license, more so than with a license which simply says "Noncommercial only," or "Must be under the same license," or even "You can't redistribute this," (or better, "You can't distribute any modified copies,") all of which would tend to prevent others from using it in their own products.

Re:Tag story "noshit".

[hrimhari]

I wonder why they went with C# on Linux?

I can only guess... Linux may be the easiest way to get a free OS and tweak it to your needs, since it already runs on everything from your generic PC to your electric toothbrush, then they probably held the opinion that C# was the current fashion in programming languages.

Re:Tag story "noshit".

[NotBornYesterday]

That makes about as much sense as anything I could think of. I thought they might be going with Linux on the optical scanners might be a cost-saving measure, and I figured that since they mostly seem to be a Microsoft shop, they might have more C# experience in-house than say, Java.

Their use of embedded Linux makes me wonder if their earlier refusals to release their code was legal. Not their C# stuff, or their DB schema or sql code, but if they took off-the-shelf Linux and resold it, aren't they at least required to make that source available along with any changes, if any, they made?

IANAL or GPL expert, just kind of wondering.

Re:Tag story "noshit".

but if they took off-the-shelf Linux and resold it, aren't they at least required to make that source available along with any changes, if any, they made?

Yes, but only to whoever they distribute it to. They don't have to give the source to anyone else.

A step in the right direction

[betterunixthanunix]

More work needs to be done; in particular, the government should simply mandate that no proprietary software may be used in any voting machine that is actually used in an election. Hoping for these companies to volunteer their source code is just not enough, although I do applaud Sequoia for taking this step.

Re:A step in the right direction

[DrVomact]

But we need another step: a requirement for a paper audit trail. According to the article, criticism of the Sequoia system first surfaced because some printed output didn't match the electronic totals. Open source is good, but in this case, it's not enough: we must be able to check the reliability of these machines and their operators against a paper record. That doesn't mean that every election has to involve an electronic and a paper count—but the paper will be there if we need it. As the reliability of a given system is proven over time, we'll come to trust it—though I think a cross-check of a statistically significant number of votes would always be a good idea.

Re:A step in the right direction

[cgenman]

More work needs to be done; in particular, the government should simply mandate that no proprietary software may be used in any voting machine that is actually used in an election.

Why not? The security of open source comes not from being on the creative commons, but from being seen and commented upon by hundreds of eyes. If Sequoia publishes their source code, and it gets properly vetted by hungry young researchers eager for their first big bug, why would that be any less secure than if the implementation were technically open-source? It should only be about 200 lines anyway.

I'd personally rather use an open-source voting system myself, but quite frankly the important fight is for security first.

As a side note, good on Sequoia for doing this. Even if you believe that this is just a cynical ploy to stall critics of the company, it still changes the discussion from "Is closed source the most secure software model out there" to "how open can you be with proprietary software so that you can get the security benefits?" This is good for us all. Hopefully this will be a success for Sequoia and the voting public in general, and we'll get more legitimate election results in the end.

Re:The Robinson Voting Method

Holy needlessly complicated and cumbersome ideas Batman!

I'd be more interested in this post

[al0ha]

if I didn't know that when someone makes a statement such as, "To Tell The Truth," they are generally trying to hide their true objective. This applies to the VP quote below, which is obviously not an original thought or deeply felt opinion, otherwise the company would have performed in this manner from day 1.

"According to a VP quoted in the press release, 'Security through obfuscation and secrecy is not security.'""

Re:I'd be more interested in this post

[TubeSteak]

How about they release the source code for their old voting machines.
You know, the ones that aren't "optical-scan".

Last I checked, the touchscreen ones are the voting machines that have caused so much grief.

Re:I'd be more interested in this post

[0100010001010011]

Pay no attention to the man behind the behind the curtain.

Re:I'd be more interested in this post

[Facegarden]

How about they release the source code for their old voting machines.
You know, the ones that aren't "optical-scan".

Last I checked, the touchscreen ones are the voting machines that have caused so much grief.

Yeah, that's what I was thinking! I think they are doing this in hopes people will forget about that.
-Taylor

Re:I'd be more interested in this post

[megamerican]

How about they release the source code for their old voting machines.
You know, the ones that aren't "optical-scan".

Last I checked, the touchscreen ones are the voting machines that have caused so much grief.

The touchscreens are just the tip of the iceberg for problems with electronic voting. It may be the most advertised problem of voting but it certainly isn't the worst problem.

Central tabulation of votes, memory cards, chain of custody of those cards, manipulation of the tabulation database and virtually every part of electronic voting has been a huge problem.

Bev Harris of blackboxvoting.org gained a copy of the GEMS database software and showed how it could easily manipulate votes without much chance of being caught.

Re:I'd be more interested in this post

[Red+Flayer]

Eats, shoots, and leaves.

"According to a VP quoted in the press release, 'Security through obfuscation and secrecy is not security.'""

Security through obfuscation, and secrecy is not security.

Obviously, they are saying that secrecy is useless, but one can obtain security via obfuscation.

ok. someone needs to say it.

[SnarfQuest]

Imagine a beowulf cluster of these?

Horray!

[Geoffrey.landis]

Wow-- horray for them!

There are still a lot of things to worry about with electronic voting-- but this goes a long way toward making the process transparent, and transparency (of the vote counting method) is absolutely essential to confidence in the results.

Great news!

Programming Thinking...Again

I've said it once, and I will say it again, you can publish ALL the code you want, but

1. In the event of a recount, can I get repeatable results?

2. In the event of a "software bug" can I hold someone responsible, will they pay for the cost of a reelection?

3. In the event of a hardware failure, can I hold someone responsible, are there contingency plans, will someone pay the cost of a reelection?

It's a matter of trust, and what you can put behind your software.

Since this is software, and programmers, the answer to these questions is generally "no" and "nothing".

Elections don't wait for service packs, bug fixes, hot fixes, etc A flaw in your software could cause chaos.

Simple programmers can't go to jail for negligence, can't get sued for bugs, and can't put anything concrete behind their code.

I can just picture reading the election software EULA, "NO WARRANTY" , "NO FITNESS FOR A PARTICULAR PURPOSE", "CONTAINS KNOWN DEFECTS"..

Re:Programming Thinking...Again

[arkane1234]

What the hell is a hot fix?
I've heard this term used so much and it's driving me nuts. I've literally been yelled at by my manager because I can't tell him the number of hot fixes for "Linux", while I'm holding a breakdown of every security patch (rpm/deb/etc).

WHAT is a "hot fix"?

Oh, and just to stay with the conversation in line here, no one is fully accountable for any huge issue that hasn't been tested.
The key is a test of the system beforehand. Most Open Source software is tested in pre-alpha/alpha (development), beta, and QA-beta states.

Re:Programming Thinking...Again

I've only heard it used in context with world of warcraft realm servers. In that case server hot fixes are when they change something on the server that doesn't require any changes to the client software.

Re:Programming Thinking...Again

[Toonol]

I thought a hot fix was a fix, patch, or upgrade applied while a system was running (without needing a suspend or reboot). It would make no sense to ask how many hotfixes Linux had, though; a fresh installation would have none.

Re:Programming Thinking...Again

Let's examine your arguments in the context of current proprietary voting systems.

1. Are you sure that current proprietary systems give you repeatable results? No, you are not.

2. How will you know if there's a software bug in our current proprietary voting system? You won't.

3. How will you know if there is a hardware failure in current proprietary voting systems? You won't.

It is a matter of trust, and I for one trust what I can verify. Something so fundamental to our democracy should not be kept secret.

Re:Programming Thinking...Again

[Phroggy]

1. In the event of a recount, can I get repeatable results?

They should test this with sample ballots. Scan the same set of ballots hundreds of times on different machines, prior to the election. There should be no discrepancies. The margin of error should be zero. If one machine counts one vote incorrectly, don't pay for the machines until the problem is identified and fixed and the test is run again (with a different set of sample ballots).

2. In the event of a "software bug" can I hold someone responsible, will they pay for the cost of a reelection?

These are optical scan machines. In the event of a software bug that causes votes to be miscounted, the bug can be fixed and the paper ballots can be recounted. In the mean time, the ballots can be counted by hand at the company's expense. No reelection is necessary.

3. In the event of a hardware failure, can I hold someone responsible, are there contingency plans, will someone pay the cost of a reelection?

The contingency plan is, you collect the paper ballots in a securely locked box, and count them later.

Re:Programming Thinking...Again

[cgenman]

Posting the source code to the wider community for review would definitely help with 1. and 2. by increasing the amount of reported bugs and helping the developers to patch them. Hardware failures are a bit more difficult to face down, but hardware is pretty good these days.

You can get all 3 if you want, but the cost would be outrageous. Districts who are struggling to find funding for their schools simply wouldn't be able to pay for all of that. You're essentially asking for the equivalent of 99.999% uptime with fiscal penalties for falling below that, and it just isn't cheap.

I had a friend who worked on the server software for those emergency button things that old people wear. They estimated that for every 5 minutes of downtime, someone died. A single server upgrade could involve a year or more of production and testing. That didn't come cheaply, and everyone knew the human cost that a single bug could precipitate.

Now flash forward to cities that have to decide between breaking union contracts with their street repair people or selling off all of their libraries, and you can see why voting systems are not at the top of the priority queue. In that view, there are easier ways to rig an election than through software, and that money would be better spent elsewhere.

It's for a "new system"

from the news release at (http://www.sequoiavote.com/press.php?ID=85) "Sequoia’s Frontier Election System Source Code will be available for public download through the company’s website beginning November 2009; System slated to enter the Election Assistance Commission’s Federal Voting System Certification Program in mid-2010". The Frontier system isn't event available as one of their products (from the product dropdown).

secrecy is not security?

[zerosomething]

so it's OK then to put my passwords on post-its?

Bad Time to be a Sequoia Developer

[kbob88]

Boss: OK, guys. Marketing and PR has decided to release the source code publicly. You guys said our software is really nice, clean, secure code. So you don't have any problems with that, right?

Developers: Umm, yeah, sure, no problem... You know, we might want to make one or two very minor fixes first... [runs frantically back to computer and pounds away]

Re:Bad Time to be a Sequoia Developer

[DeadDecoy]

Hope they release unit tests also. Otherwise I will be so very depressed.

Who owns vote data?

[Pete+Venkman]

The paper printout needs to be stored somewhere (maybe two or three different *somewheres*) so that if a question does come up after a vote, Sequoia can't say "Oh well, our warehouse leaked and those records were destroyed."

Re:Who owns vote data?

Those paper records go in a ballot box, the same as your ballot does now in a non-electronic election.

Where do they store ballots now and for how long? That's the answer to your question. We don't want to be able to verify every election to the dawn of time, just any arbitrarily selected *current* election.

Re:Who owns vote data?

[Pete+Venkman]

Well, I was thinking more along the lines of keeping data kind of like how a research project would, so that in case there were problems with one election *now*, those that wanted could look at past data too and see if there is a trend in the mistakes. I understand that eventually it wouldn't matter if there was a mistake 12 years ago, but this method of voting and vote counting needs to be proven too, almost like a research project's topic needs to be proven.

It's been tryed - U.S.A. election 2004

[Vandilizer]

Not something I think we need to repeat. Why is it that every time I see 'Diebold' my mind replaces it with 'Diabolical'.

You're still voting for crooks

If you want real democracy, then work on open sourcing the legislative process.

Why a delay?

[SnarfQuest]

I'd guess it's worries about patents, partners, and other politically related things.
Closed source makes it harder to claim patent infringement, when such things as xor and swinging side-to-side are allowed to be patented.

Re:Why a delay?

What is the patent number for counting... with the use of a computer?

Re:Why a delay?

[vlm]

I'd guess it's worries about patents, partners, and other politically related things.

The solution for Sequoia is pretty simple, write the fancy vote counting machine as an exact emulator of a 1928 IBM 301 tabulating machine, then overclock the emulation a wee bit. Nobody screws around with IBM's patent portfolio, and frankly an overclocked 301 is massive overkill for "counting votes".

http://en.wikipedia.org/wiki/Tabulating_machine

It is really a very elegant solution. Admittedly, I will freaking fall out of my chair laughing if I download their source code and discover this is exactly what they did.

Re:Why a delay?

[mirix]

Why not skip the emulation, and just run the ancient IBM electromagnetic tabulators..?

Released in November?

[damn_registrars]

Last time I checked we had a habit of voting in the first week of November in the US. I know there are more than a few elections being held around the country this year even though it is an odd year. If the voting company takes votes in the first week and then releases their source code in the last week; is that really progress? A lot of election results could likely be certified before we'd have time to see the code that counted the votes...

And of course if they did the same thing next year - after midterm 2010 elections - we could have an even more dramatic situation on our hands.

Re:Released in November?

[jggimi]

...even though it is an odd year...

I'll say. It's been a very, very odd year.

optical-scan?

[mikeee]

The key point here is actually that it's an optical-scan machine! You don't input votes on a keyboard or touchscreen but by feeding in an actual human-readable piece of paper (maybe it asks for confirmation that it read it correctly?), which then gets stored in a lockbox. This is obviously the Right Thing because it gives a built-in hardcopy audit trail.

In short, I think we're missing the SuddenOutbreakofCommonSense tag on this story...

Re:optical-scan?

[Nerdposeur]

You don't input votes on a keyboard or touchscreen but by feeding in an actual human-readable piece of paper

Added bonus: You need fewer machines. You can have as many simultaneous voters as you've got room to put desks, and just a few machines to scan the completed forms.

Cynicism be damned...

[SoTerrified]

But even a cynic like me sees this as a win. Seriously, this is what we've been fighting for. So in a world that manages to keep depressing me every time I turn on the news. I'm going to celebrate this little victory.

Cool

I'm a couple of lines of code away from the Presidency!

So say we find a bug...

[tlambert]

So say we find a bug...

Do we disclose it, or do we sell it to the highest bidder?

I mean this assumes the bug will be discovered by at least one honest person who chooses to disclose, right?

-- Terry

Re:The Robinson Voting Method

What a brilliant response.
How is the Robinson Voting Method "needlessly complicated and cumbersome"?

Oh, I see....
You mean - you're a shill who is desperate to keep a lid on the most important invention in the world? One that will stop the deaths of millions of people? (Which is what happens when tyrants get into power...)

Whoa

[idontgno]

According to a VP quoted in the press release, 'Security through obfuscation and secrecy is not security.'

Amazing. Did anyone notice whether there may have been an alien tentacle wrapped around the VP's throat manipulating his voice and his jaw?

That's such a turnabout (at least in publicly-stated position) that I may get whiplash trying to track.

Of course, words are cheap. We shall see how deeply this new-found wisdom is held.

Comprehensively and fairly open the subject source code for unfiltered public inspection, without explicit or implicit coercion against criticism, and respecting reasonable fair-use rights to quote and comment, and you will get full credit for your Damascus road conversion. Take one step towards intimidation, chilling of discourse, or SLAPP, and we will know that your glib sound-bite was just cheap empty talk.

And for as much or little as Nerd Rage counts, you will experience it.

J. Rubard

Code on, my *chunk

Re:Jeff Rubard

Oh my god no - *noes*, even - tha Internet eet does not work right.

good step

[garynuman]

I'm one of "those people" who still requests a paper ballot due to not trusting diebold machines, this however is a big step in convincing me to trust the machines though, in the past electronic voting has been, to me at least, the equivalent of the board of elections refusing to disclose how exactly they count paper ballots, doing it in secret, and destroying the ballots afterward.... not exactly conducive to honest elections as far as I'm concerned...

Re:The Robinson Voting Method

[cheftw]

Dear Sir,

I have googled your ideas and only found forum posts similar to this one.

It does nothing for your credibility. Next time anchor your link or have a crawlable page if you want anyone to see what you have to say.

Virus Rights!

[JesseBHolmes]

Someday soon, viruses will become intelligent enough to have their own voter suffrage movement. This is how modern democracy will end.

Re:Virus Rights!

[JesseBHolmes]

Not offtopic! The safety of voting machines from viruses has everything to do with virus suffrage.

Re:Virus Rights!

Someday soon, viruses will become intelligent enough to have their own voter suffrage movement. This is how modern democracy will end.

Correction: This is how truly modern democracy will begin!

Re:The Robinson Voting Method

Mr. Robinson, (I can only assume this is you, since you instantly became angry that someone might think your invention is less than genius)

If you had moderated and accepted the comments on your original post, you would have seen the many reason why this is extremely complicated, and still is open to fraud. i will not repost them here, as I am sure you have read them and chose to keep them hidden.

Oh, and "the most important invention in the world"? You think quite highly of yourself.

Good Day, Mr. Robinson.

Apparently there are no dependable guarantees.

[Futurepower(R)]

Even if they release source code, it is possible that the code they actually use in their voting machines is different than the code they release. It's entirely their choice which software is run on any given day, is that correct? They can do updates whenever they want. Their are apparently no dependable guarantees.

In the past, Sequoia Voting has not seemed especially knowledgeable: Sequoia e-voting machines disturbingly easy to hack. Quote: "Researchers from the Princeton University Center for Information Technology Policy ... were able to trivially circumvent the machine's physical security mechanisms and plant a hacked ROM that undetectably doctored the voting results."

See this article, also, about a Sequoia AVC Advantage voting machine: Evidence of New Jersey Election Discrepancies.

Off topic: Be skeptical about flu reports. The reports about flu were so flawed I took the time to write my own, using information from The Atlantic magazine and CBS News, among other sources.

Re:The Robinson Voting Method

There are many problems with the described method.

First off, the tokens should never be coins or anything of monetary value, or else people will steal them.
If you give a voter 5 tokens to vote on 5 issues, what's to prevent him from stuffing all 5 tokens into the one box he cares about?
How do you make sure the voter carries no extra tokens in with him? Body cavity search?
What do you do when the voter makes a mistake?
How do you propose to do a recount?
How do you make sure no one stuffs extra tokens in when no one is looking?
What if someone changes the box labels?
And then of course, how do you propose to add up counts across thousands of voting precincts?

This just the results of a few seconds thought. I'm sure more thinking would bring out more issues.

Unit Tests?

[Nocuous]

Unit tests are worthless, given that they are done by developers.

I'll take unit tests as a show of interest by the developers that they did, kind of, sorta want to deliver a usable product. What I really want is the regression tests, certified by the fugly, old, chain-smoking harridan who runs QA and haunts the dreams of the developers.

Re:Unit Tests?

[cecille]

Unit tests are good for ensuring that no one totals your code while making changes to other products/areas of the code base. But, yeah, I'd still rather have the QA guys sign off.

They are NOT open sourcing it.

[goombah99]

Voting companies have traditionally offered to "disclose" their source code in the past. By disclose they do not mean open source. in the past it has always meant that certain designated people can get access under certain conditions. E.g. state voting officials under rabid NDA's can see it if they sue.

Until they actually publish it, assume that "disclose" does not mean either access without NDA or open source.

Re:The Robinson Voting Method

Doesn't sound very auditable to me.

Pesky flags!

[syousef]

Developers: Umm, yeah, sure, no problem... You know, we might want to make one or two very minor fixes first... [runs frantically back to computer and pounds away]

The ifElectionRiggedFlag is proving harder to remove than we thought. That sucker is everywhere. How about we just rename it to ifTesting and set it to false?...and lets rename the forceWinningCandidate and forceWinningParty strings to blank while we're at it.

Require Unanimous Vote

[j0ebaker]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The Articles of Confederation required Unanimous consent for changes
to it. Well some criminals conviened and came up with the US
Constitution - they did it in secret and nobody signed the document as
a signature, only as witnesses. This is a problem. People have
gotten away from unanimous consent and I think we really need to get
back to the idea that one lone dissenter can and should be able to
stand his ground. I tend to be that one person quite allot these
days.

The idea is that nothing may be coerced and voluntary informed consent
free of deception with full disclosure - these are a perquisite to
all contract law.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkroyjcACgkQ7J1dPd3sAmC+6QCfTmlr2OFDKsb42WPqbymAWI6D
cP8An0cgyxdaqzwHJArmsS3xt17QXte0
=NVLo
-----END PGP SIGNATURE-----

Re:The Robinson Voting Method

Chaum voting > Robinson voting

VP quote

[Magrovsky]

"According to a VP quoted in the press release, 'Security through obfuscation and secrecy is not security."

But obfuscation and secrecy can bring much security! This VP should listen to that other VP, who obfuscated his house and kept his secrets in man-sized safes. He never had a security problem.

Read it again.

[Phroggy]

This is for an optical-scan voting machine. It scans a paper ballot. The paper ballot can be re-counted later - by hand if necessary. No additional audit trail is necessary.

You should be able to take the scanned ballots out of the machine, run them through another machine, and compare the totals. If you do this a dozen times on different machines, and the totals are off by one single vote, there's a serious problem.

Re:Read it again.

[mirix]

That depends on the nature of the flaw, though.
You could feed the ballots through 8 machines that all give you the same, but *wrong*, result.

Re:Read it again.

[Phroggy]

Count them manually first. If the machines agree with each other but disagree with the manual count, manually count them again. If you're sure of your manual count and the machines disagree, find out why.

Subject

[Legion303]

See, Diebold? It's not so hard.

Tag it as...

[unixan]

suddenoutbreakofcommonsense

Just Because

[__aalnoi707]

Just because they are releasing they source code, dose not mean that is the code that is complied on all there machines