Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sequoia To Publish Source Code For Voting Machines

Posted by timothy on from the this-time-on-purpose dept.

cecille writes "Voting machine maker Sequoia announced on Tuesday that they plan to release the source code for their new optical-scan voting machine. The source code will be released in November for public review. The company claims the announcement is unrelated to the recent release of the source code for a prototype voting machine by the Open Source Digital Voting Foundation. According to a VP quoted in the press release, 'Security through obfuscation and secrecy is not security.'"

11 of 102 comments (clear)

  1. Re:A step in the right direction by DrVomact · · Score: 4, Insightful

    But we need another step: a requirement for a paper audit trail. According to the article, criticism of the Sequoia system first surfaced because some printed output didn't match the electronic totals. Open source is good, but in this case, it's not enough: we must be able to check the reliability of these machines and their operators against a paper record. That doesn't mean that every election has to involve an electronic and a paper count—but the paper will be there if we need it. As the reliability of a given system is proven over time, we'll come to trust it—though I think a cross-check of a statistically significant number of votes would always be a good idea.

    --
    Great men are almost always bad men--Lord Acton's Corollary
  2. Horray! by Geoffrey.landis · · Score: 4, Insightful

    Wow-- horray for them!

    There are still a lot of things to worry about with electronic voting-- but this goes a long way toward making the process transparent, and transparency (of the vote counting method) is absolutely essential to confidence in the results.

    Great news!

    --
    http://www.geoffreylandis.com
  3. Programming Thinking...Again by Anonymous Coward · · Score: 5, Insightful

    I've said it once, and I will say it again, you can publish ALL the code you want, but

    1. In the event of a recount, can I get repeatable results?

    2. In the event of a "software bug" can I hold someone responsible, will they pay for the cost of a reelection?

    3. In the event of a hardware failure, can I hold someone responsible, are there contingency plans, will someone pay the cost of a reelection?

    It's a matter of trust, and what you can put behind your software.

    Since this is software, and programmers, the answer to these questions is generally "no" and "nothing".

    Elections don't wait for service packs, bug fixes, hot fixes, etc A flaw in your software could cause chaos.

    Simple programmers can't go to jail for negligence, can't get sued for bugs, and can't put anything concrete behind their code.

    I can just picture reading the election software EULA, "NO WARRANTY" , "NO FITNESS FOR A PARTICULAR PURPOSE", "CONTAINS KNOWN DEFECTS"..

  4. Bad Time to be a Sequoia Developer by kbob88 · · Score: 5, Insightful

    Boss: OK, guys. Marketing and PR has decided to release the source code publicly. You guys said our software is really nice, clean, secure code. So you don't have any problems with that, right?

    Developers: Umm, yeah, sure, no problem... You know, we might want to make one or two very minor fixes first... [runs frantically back to computer and pounds away]

  5. Re:plan to by sunderland56 · · Score: 5, Insightful

    Is there any guarantee that the source code they release is the actual code that will run on the machines during an election?

  6. Released in November? by damn_registrars · · Score: 4, Insightful

    Last time I checked we had a habit of voting in the first week of November in the US. I know there are more than a few elections being held around the country this year even though it is an odd year. If the voting company takes votes in the first week and then releases their source code in the last week; is that really progress? A lot of election results could likely be certified before we'd have time to see the code that counted the votes...

    And of course if they did the same thing next year - after midterm 2010 elections - we could have an even more dramatic situation on our hands.

    --
    Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
  7. optical-scan? by mikeee · · Score: 4, Insightful

    The key point here is actually that it's an optical-scan machine! You don't input votes on a keyboard or touchscreen but by feeding in an actual human-readable piece of paper (maybe it asks for confirmation that it read it correctly?), which then gets stored in a lockbox. This is obviously the Right Thing because it gives a built-in hardcopy audit trail.

    In short, I think we're missing the SuddenOutbreakofCommonSense tag on this story...

  8. Cynicism be damned... by SoTerrified · · Score: 5, Insightful

    But even a cynic like me sees this as a win. Seriously, this is what we've been fighting for. So in a world that manages to keep depressing me every time I turn on the news. I'm going to celebrate this little victory.

  9. Whoa by idontgno · · Score: 4, Insightful

    According to a VP quoted in the press release, 'Security through obfuscation and secrecy is not security.'

    Amazing. Did anyone notice whether there may have been an alien tentacle wrapped around the VP's throat manipulating his voice and his jaw?

    That's such a turnabout (at least in publicly-stated position) that I may get whiplash trying to track.

    Of course, words are cheap. We shall see how deeply this new-found wisdom is held.

    Comprehensively and fairly open the subject source code for unfiltered public inspection, without explicit or implicit coercion against criticism, and respecting reasonable fair-use rights to quote and comment, and you will get full credit for your Damascus road conversion. Take one step towards intimidation, chilling of discourse, or SLAPP, and we will know that your glib sound-bite was just cheap empty talk.

    And for as much or little as Nerd Rage counts, you will experience it.

    --
    Welcome to the Panopticon. Used to be a prison, now it's your home.
  10. Re:plan to by CityZen · · Score: 5, Interesting

    My thought exactly. In fact, there's no way to trust vendor-supplied hardware on this account, or any hardware of reasonable complexity at all.

    I still think there's only one sensible way to do voting:

    1. Let the voter fill in an optical scan form.
    2. Let lots of different interested parties scan the form.
    3. Verify that all parties have the same count after every form.
    4. Lock the forms away in case a recount is needed.

    If there's only one party doing the counting, they can never be trusted.
    Only by having every competing interest do the counting (with constant cross-checking) can a system be potentially trusted.
    Even then, you have to have enough parties involved to avoid the possibility of collusion.

    Combine this with a system like Punchscan.org to add privacy, and maybe you've got something.

  11. Unit Tests? by Nocuous · · Score: 5, Funny

    Unit tests are worthless, given that they are done by developers.

    I'll take unit tests as a show of interest by the developers that they did, kind of, sorta want to deliver a usable product. What I really want is the regression tests, certified by the fugly, old, chain-smoking harridan who runs QA and haunts the dreams of the developers.

    --
    Don't take it personally, but I'm not going to read your pithy response to my post.