Slashdot Mirror
Sequoia To Publish Source Code For Voting Machines
cecille writes "Voting machine maker Sequoia announced on Tuesday that they plan to release the source code for their new optical-scan voting machine. The source code will be released in November for public review. The company claims the announcement is unrelated to the recent release of the source code for a prototype voting machine by the Open Source Digital Voting Foundation. According to a VP quoted in the press release, 'Security through obfuscation and secrecy is not security.'"
More work needs to be done; in particular, the government should simply mandate that no proprietary software may be used in any voting machine that is actually used in an election. Hoping for these companies to volunteer their source code is just not enough, although I do applaud Sequoia for taking this step.
Palm trees and 8
if I didn't know that when someone makes a statement such as, "To Tell The Truth," they are generally trying to hide their true objective. This applies to the VP quote below, which is obviously not an original thought or deeply felt opinion, otherwise the company would have performed in this manner from day 1.
"According to a VP quoted in the press release, 'Security through obfuscation and secrecy is not security.'""
Did you ever wake up in the morning, with a Zombie Woof behind your eyes? -- FZ
Wow-- horray for them!
There are still a lot of things to worry about with electronic voting-- but this goes a long way toward making the process transparent, and transparency (of the vote counting method) is absolutely essential to confidence in the results.
Great news!
http://www.geoffreylandis.com
I've said it once, and I will say it again, you can publish ALL the code you want, but
1. In the event of a recount, can I get repeatable results?
2. In the event of a "software bug" can I hold someone responsible, will they pay for the cost of a reelection?
3. In the event of a hardware failure, can I hold someone responsible, are there contingency plans, will someone pay the cost of a reelection?
It's a matter of trust, and what you can put behind your software.
Since this is software, and programmers, the answer to these questions is generally "no" and "nothing".
Elections don't wait for service packs, bug fixes, hot fixes, etc A flaw in your software could cause chaos.
Simple programmers can't go to jail for negligence, can't get sued for bugs, and can't put anything concrete behind their code.
I can just picture reading the election software EULA, "NO WARRANTY" , "NO FITNESS FOR A PARTICULAR PURPOSE", "CONTAINS KNOWN DEFECTS"..
so it's OK then to put my passwords on post-its?
It all starts at 0
Boss: OK, guys. Marketing and PR has decided to release the source code publicly. You guys said our software is really nice, clean, secure code. So you don't have any problems with that, right?
Developers: Umm, yeah, sure, no problem... You know, we might want to make one or two very minor fixes first... [runs frantically back to computer and pounds away]
The paper printout needs to be stored somewhere (maybe two or three different *somewheres*) so that if a question does come up after a vote, Sequoia can't say "Oh well, our warehouse leaked and those records were destroyed."
Is there any guarantee that the source code they release is the actual code that will run on the machines during an election?
Last time I checked we had a habit of voting in the first week of November in the US. I know there are more than a few elections being held around the country this year even though it is an odd year. If the voting company takes votes in the first week and then releases their source code in the last week; is that really progress? A lot of election results could likely be certified before we'd have time to see the code that counted the votes...
And of course if they did the same thing next year - after midterm 2010 elections - we could have an even more dramatic situation on our hands.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
How about a license that allows people to read it, comment on it (both pro and con) publicly without constraint, and doesn't automatically assume Sequioa own all voting-related code that person might subsequently write at some point in the future? (Obviously, that assumes the code isn't copied.)
That'd be about my minimum.
'Sensible' is a curse word.
I don't think they are releasing it as open source, or under any open license. Rather, they are planning to publish their proprietary code for all to see.
Spokeswoman Michelle Shafer [...] said the firmware on the company’s new Frontier optical-scan machines is written in C# programming language and runs on Linux. The election management software - which sits on a computer at the election office and is used to create ballots and tabulate votes - runs on Microsoft Windows XP and uses a Microsoft SQL database.
Looks like they use a combination of open and closed source for their OSes. I wonder why they went with C# on Linux?
I prefer rogues to imbeciles because they sometimes take a rest.
The key point here is actually that it's an optical-scan machine! You don't input votes on a keyboard or touchscreen but by feeding in an actual human-readable piece of paper (maybe it asks for confirmation that it read it correctly?), which then gets stored in a lockbox. This is obviously the Right Thing because it gives a built-in hardcopy audit trail.
In short, I think we're missing the SuddenOutbreakofCommonSense tag on this story...
But even a cynic like me sees this as a win. Seriously, this is what we've been fighting for. So in a world that manages to keep depressing me every time I turn on the news. I'm going to celebrate this little victory.
According to a VP quoted in the press release, 'Security through obfuscation and secrecy is not security.'
Amazing. Did anyone notice whether there may have been an alien tentacle wrapped around the VP's throat manipulating his voice and his jaw?
That's such a turnabout (at least in publicly-stated position) that I may get whiplash trying to track.
Of course, words are cheap. We shall see how deeply this new-found wisdom is held.
Comprehensively and fairly open the subject source code for unfiltered public inspection, without explicit or implicit coercion against criticism, and respecting reasonable fair-use rights to quote and comment, and you will get full credit for your Damascus road conversion. Take one step towards intimidation, chilling of discourse, or SLAPP, and we will know that your glib sound-bite was just cheap empty talk.
And for as much or little as Nerd Rage counts, you will experience it.
Welcome to the Panopticon. Used to be a prison, now it's your home.
I'm one of "those people" who still requests a paper ballot due to not trusting diebold machines, this however is a big step in convincing me to trust the machines though, in the past electronic voting has been, to me at least, the equivalent of the board of elections refusing to disclose how exactly they count paper ballots, doing it in secret, and destroying the ballots afterward.... not exactly conducive to honest elections as far as I'm concerned...
Dear Sir,
I have googled your ideas and only found forum posts similar to this one.
It does nothing for your credibility. Next time anchor your link or have a crawlable page if you want anyone to see what you have to say.
Always back up, never back down. ---- Think you're cool 'cos your uid is prime? Take mine, modulo the one digit integers
My thought exactly. In fact, there's no way to trust vendor-supplied hardware on this account, or any hardware of reasonable complexity at all.
I still think there's only one sensible way to do voting:
1. Let the voter fill in an optical scan form.
2. Let lots of different interested parties scan the form.
3. Verify that all parties have the same count after every form.
4. Lock the forms away in case a recount is needed.
If there's only one party doing the counting, they can never be trusted.
Only by having every competing interest do the counting (with constant cross-checking) can a system be potentially trusted.
Even then, you have to have enough parties involved to avoid the possibility of collusion.
Combine this with a system like Punchscan.org to add privacy, and maybe you've got something.
I'd guess it's worries about patents, partners, and other politically related things.
The solution for Sequoia is pretty simple, write the fancy vote counting machine as an exact emulator of a 1928 IBM 301 tabulating machine, then overclock the emulation a wee bit. Nobody screws around with IBM's patent portfolio, and frankly an overclocked 301 is massive overkill for "counting votes".
http://en.wikipedia.org/wiki/Tabulating_machine
It is really a very elegant solution. Admittedly, I will freaking fall out of my chair laughing if I download their source code and discover this is exactly what they did.
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
Unit tests are worthless, given that they are done by developers.
I'll take unit tests as a show of interest by the developers that they did, kind of, sorta want to deliver a usable product. What I really want is the regression tests, certified by the fugly, old, chain-smoking harridan who runs QA and haunts the dreams of the developers.
Don't take it personally, but I'm not going to read your pithy response to my post.
Y'know, in Canada, we use this funky invention, called pen & paper for voting. You are given a ballot that clearly lists each candidate's name, their party affiliation, and has a white circle to the side. You make your mark in the circle of the candidate you want to vote for. If you mark more than one candidate, or if you mark outside of the circle, or make any kind of personally identifying mark on the ballot, your vote is considered spoiled and rejected. It's really idiot-proof, when you think about it... there's even a placard on display in the voting booths that shows examples of how to correctly mark the ballot, and what will cause your ballot to be rejected.
Each polling station has two members of staff, and will handle between 200-500 voters. At the end of polling day, those two will unseal the ballot box, and count the ballots. Each party has a right to have two representatives serve as scrutineers to make sure the count is done correctly. Once their count is completed, they report their count in to the returning officer for the electoral district. They then make arrangements to get the ballot box and its contents to the office of the RO. As the polling stations report in, their results are updated electronically with Elections, who can announce preliminary results. In cases where the count is close between candidates, a judicial recount is required, and candidats have the right to scrutinize the recount in order to make certain that it is done transparently and correctly. All the while, the anonymity of the vote is assured, because the ballot is rejected if it's personally identifiable. After the recount period, the returning officer will announce the official winner, which *usually* matches the preliminary results. It's an expensive way to do things (EC employs about 190,000 people during the average federal election), but we have our final and official results within days of polling day, not months.
Oh, and our elections are usually done in 36 days, not the year+ that American elections campaigns can take.
So yeah. If only there was a system where the vote could be verified efficiently, quickly, and while preserving the anonymity of the elector. Having a physical ballot where telling who the vote is for is idiot-proof, and where the candidates can oversee the ballot counting and have a right to contest a ballot that is invalid or miscounted... what a concept.
If you believe everything you read, you'd better not read. - Japanese proverb
That makes about as much sense as anything I could think of. I thought they might be going with Linux on the optical scanners might be a cost-saving measure, and I figured that since they mostly seem to be a Microsoft shop, they might have more C# experience in-house than say, Java.
Their use of embedded Linux makes me wonder if their earlier refusals to release their code was legal. Not their C# stuff, or their DB schema or sql code, but if they took off-the-shelf Linux and resold it, aren't they at least required to make that source available along with any changes, if any, they made?
IANAL or GPL expert, just kind of wondering.
I prefer rogues to imbeciles because they sometimes take a rest.