Sequoia To Publish Source Code For Voting Machines

cecille writes "Voting machine maker Sequoia announced on Tuesday that they plan to release the source code for their new optical-scan voting machine. The source code will be released in November for public review. The company claims the announcement is unrelated to the recent release of the source code for a prototype voting machine by the Open Source Digital Voting Foundation. According to a VP quoted in the press release, 'Security through obfuscation and secrecy is not security.'"

Programming Thinking...Again

I've said it once, and I will say it again, you can publish ALL the code you want, but

1. In the event of a recount, can I get repeatable results?

2. In the event of a "software bug" can I hold someone responsible, will they pay for the cost of a reelection?

3. In the event of a hardware failure, can I hold someone responsible, are there contingency plans, will someone pay the cost of a reelection?

It's a matter of trust, and what you can put behind your software.

Since this is software, and programmers, the answer to these questions is generally "no" and "nothing".

Elections don't wait for service packs, bug fixes, hot fixes, etc A flaw in your software could cause chaos.

Simple programmers can't go to jail for negligence, can't get sued for bugs, and can't put anything concrete behind their code.

I can just picture reading the election software EULA, "NO WARRANTY" , "NO FITNESS FOR A PARTICULAR PURPOSE", "CONTAINS KNOWN DEFECTS"..

Bad Time to be a Sequoia Developer

[kbob88]

Boss: OK, guys. Marketing and PR has decided to release the source code publicly. You guys said our software is really nice, clean, secure code. So you don't have any problems with that, right?

Developers: Umm, yeah, sure, no problem... You know, we might want to make one or two very minor fixes first... [runs frantically back to computer and pounds away]

Re:plan to

[sunderland56]

Is there any guarantee that the source code they release is the actual code that will run on the machines during an election?

Cynicism be damned...

[SoTerrified]

But even a cynic like me sees this as a win. Seriously, this is what we've been fighting for. So in a world that manages to keep depressing me every time I turn on the news. I'm going to celebrate this little victory.

Re:plan to

[CityZen]

My thought exactly. In fact, there's no way to trust vendor-supplied hardware on this account, or any hardware of reasonable complexity at all.

I still think there's only one sensible way to do voting:

1. Let the voter fill in an optical scan form.
2. Let lots of different interested parties scan the form.
3. Verify that all parties have the same count after every form.
4. Lock the forms away in case a recount is needed.

If there's only one party doing the counting, they can never be trusted.
Only by having every competing interest do the counting (with constant cross-checking) can a system be potentially trusted.
Even then, you have to have enough parties involved to avoid the possibility of collusion.

Combine this with a system like Punchscan.org to add privacy, and maybe you've got something.

Unit Tests?

[Nocuous]

Unit tests are worthless, given that they are done by developers.

I'll take unit tests as a show of interest by the developers that they did, kind of, sorta want to deliver a usable product. What I really want is the regression tests, certified by the fugly, old, chain-smoking harridan who runs QA and haunts the dreams of the developers.