Slashdot Mirror

← Back to Stories (view on slashdot.org)

E-Voting Source Code Made Public In Estonia

Posted by Soulskill on from the but-omg-hackers dept.

New submitter paavo512 writes "Server-side source code used for electronic voting was made fully public by Estonian officials on July 11 (in Estonian). The aim is to encourage more specialists to get involved in the technical analysis of the software. It is hoped that public overview will help to ensure the security of the system. E-voting has been successfully used five times in Estonia since 2007. It facilitates national ID cards which are obligatory for all citizens. In the next municipal elections later this year it is planned to test an experimental feature where the voter can check via a physically separate channel (smart phone) if his or her vote has been registered correctly. The publicized source code is available at GitHub."

12 of 88 comments (clear)

  1. The big question by Anonymous Coward · · Score: 2, Interesting

    How do you verify that the published source code is running unmodified on the production servers?

    1. Re:The big question by i+kan+reed · · Score: 4, Insightful

      The typical answer is the same magic answer that's been a part of democracy since the invention of the secret ballot: oversight. Think the oversight is foxes watching the hen-house? Volunteer!

    2. Re:The big question by MarcoAtWork · · Score: 4, Insightful

      it's a lot simpler to have oversight of paper ballots being counted by hand than of a program running on a computer somewhere: there's no way anybody can be sure the program being actually run is the program that was generated via the source code you are given.

      Not to mention that there is no way you can be sure about the *environment* the software is run on, since it would be trivial to have some kernel/environment exploits that could alter the result arbitrarily.

      The only way one could be sure there are no electronic shenanigans would be redundancy:

      - provide the source code and build instructions for all the software
      - at voting time anybody can come in, get the raw data and run it on their own compiled copy of the software, if there is a discrepancy flags would be raised and the result would not be accepted until at least a certain number of independent computers come up with the same result

      --
      -- the cake is a lie
    3. Re:The big question by lister+king+of+smeg · · Score: 2, Informative

      Ken Thompson compiler hack?

      --
      ---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
    4. Re:The big question by plover · · Score: 2

      I don't care how well you think you're watching. You are a human, and you are capable of overseeing simple activities, such as official pieces of paper being dropped in a box, or official stones being dropped in a jar. Your capabilities for "oversight" do not extend down to observing the correct bits are flowing through a CPU.

      The thing we've all forgotten in our rush to tune into the 24 hour news channel is that voting results do NOT have to be completed within 15 seconds of the polls closing. I don't care if Talking Hairpiece of the Nightly News wants to announce something, or if he really wants to announce something. The Constitutionally provided timeline for tallying election results specifies weeks, not minutes. The winner won't be seated in his office for two months following the election, so tallying the vote early or late doesn't change anything.

      My right to voting securely damn well better not be trumped by your desire to see a news story.

      --
      John
  2. e-stonian speaking here by Anonymous Coward · · Score: 5, Informative

    National ID cards are NOT mandatory for citizens.

    E-voting used five times? Uh, it has been an OPTION. People vote in person mostly. In press articles+commentaries, e-voting has drawn rampant suspicions of corruption. (There's a scandal with some party internal voting, which is quite unrelated, but......)

    As an estonian, I have to say I bloody hate this stupid hype. I also believe the cheapest and most reliable method of voting continues to be in-person voting. (Your BRAIN, casting the vote, is attached to your FACE, which typically is fuzzy-recognized by the local officials. This system is very hard to improve upon.)

    captcha: contrary

    1. Re:e-stonian speaking here by Anonymous Coward · · Score: 3, Informative

      National ID cards are NOT mandatory for citizens.

      E-voting used five times? Uh, it has been an OPTION. People vote in person mostly. In press articles+commentaries, e-voting has drawn rampant suspicions of corruption. (There's a scandal with some party internal voting, which is quite unrelated, but......)

      As an estonian, I have to say I bloody hate this stupid hype. I also believe the cheapest and most reliable method of voting continues to be in-person voting. (Your BRAIN, casting the vote, is attached to your FACE, which typically is fuzzy-recognized by the local officials. This system is very hard to improve upon.)

      captcha: contrary

      You are a lousy estonian then. ID cards are mandatory, passports are not. Soovitan sul seadust lugeda seltsimees.

    2. Re:e-stonian speaking here by Freultwah · · Score: 2

      It HAS been used five times, and nowhere in the summary does it say it has been mandatory and the only way. So, a nice strawman there, but try to rein in that hate a little better and use actual arguments. The e-voting system is an excellent option to improve participation, and if you do not like it, don't use it. There is no need to become a Bolshevik about it, as in "I don't like it for me, let's get rid of it for everybody".

      Besides, throwing all this Centre Party's FUD around is just not a good way to participate in a conversation. (A little background for those not familiar with the issue: The Estonian Centre Party whose voting demographic, ie. the elderly and the less educated, is largely less tech-savvy than that of the, say, liberals or the greens, keeps publicly accusing the system of being rigged against them because they do not get enough e-votes, tailing other political parties.)

    3. Re:e-stonian speaking here by Anonymous Coward · · Score: 2, Informative

      This is correct. Parent is not.
      (Estonian here as well, but I don't think calling each other comrades is "the thing" after the collapse of Soviet Union.)

  3. US aversion for ID cards by dargaud · · Score: 4, Insightful

    I truly do not understand the US aversion for identity papers. (*) There needs to be a way for you to interact with the state / federal government, it's obvious. But how do you prove who you are when you do ? ID papers provide this certification easily. I've heard all kind of 'slippery slope' arguments like 'it's the first step towards a nazi state'. Well duh, every country in Europe has had ID papers since at least WWII and it hasn't changed anything. Instead of that the US relies on driver's license for the same purpose, or much worse, social security number which anybody can figure out and copy at will. Dumb.

    (*) And at the same time I don't understand why most USamericans don't give a flying squirrel about the wholesale spying going on. They don't want a piece of paper to identify them once a year when a cop or a govnmt employee asks for it for a legitimate purpose, but they don't care to have their every word archived to some big brother 5 zetabytes database with sorry consequences years from now. Beats me.

    --
    Non-Linux Penguins ?
    1. Re:US aversion for ID cards by CanHasDIY · · Score: 2

      I truly do not understand the US aversion for identity papers.

      Well, basically it boils down to legal requirements for government accessibility - not everyone can get to the ID shop (a 90-year-old quadriplegic living below the poverty line doesn't really have the means to get an ID, and thus, to access their right to vote), and a lot of people bitch about the "cost to taxpayers" when you explain that charging people for access to government via legally required ID would be unconstitutional.

      Of course, there's also the ever-present rationale (if it can be called that) exhibited by egomanical morons, that their opinions are the only ones that matter.

      And at the same time I don't understand why most USamericans don't give a flying squirrel about the wholesale spying going on. They don't want a piece of paper to identify them once a year when a cop or a govnmt employee asks for it for a legitimate purpose, but they don't care to have their every word archived to some big brother 5 zetabytes database with sorry consequences years from now. Beats me.

      I blame it on a combination of the steadily declining quality of public education, mass media's extremely successful brainwashing programs, and the Democrat/Republican duopoly that ensures the aforementioned fucktards are the only ones whose voices get heard.

      --
      An enigma, wrapped in a riddle, shrouded in bacon and cheese
  4. Re:s/facilitates/is facilitated by/ by Samantha+Wright · · Score: 2

    Classic translation error. As far as hilarious editorial travesties go, I think that one's fairly understandable. Given that Estonian is pretty unambiguous about how to put the sentence in passive voice (See on hõlbustanud... instead of See lihtsustab... according to Google Translate) I'd guess the original author didn't know the exact meaning of "facilitate" in English, which is odd because Estonian has several comparable verbs which all have the same direction.

    --
    Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!