On Second Thought... Wisconsin E-Voting Bill Not As Impressive

from the oh-well dept

Well, so much for that. Last Wednesday we reported on a new e-voting law in Wisconsin that seemed very progressive. We noted that not only did it require a verifiable paper trail for recounts, but also that the source code must be "publicly accessible" so that it "may be used to independently verify the accuracy and reliability of the operating and tallying procedures to be employed at any election." That sounded great to us -- and we were surprised that only one source, the Wisconsin Technology Network, was mentioning the available source part of the story. The reason? The Wisconsin Technology Network was wrong. Adina Levin notes in a comment that the article that reported this has now corrected their original story, saying that the source code is not to be made public, but needs to be placed in escrow (like in other states, such as North Carolina) and will only be checked in case of a recount and then only under non-disclosure by certain parties. The original report was based on an earlier draft of the bill, before the lobbyists got a chance to hack out things like revealing the source code. So, better than nothing, but not quite as nice as originally reported.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 9 Jan 2006 @ 6:32am

    No Subject Given

    Now all we need is proof of identification in Wisconsin!

    link to this | view in chronology ]

  • identicon
    Jamie, 9 Jan 2006 @ 6:37am

    Code Review

    I don't understand why you seem to feel that the source code should be made public. It seems to me that while the source code shouldn't be totally "secret", it also doesn't need to be published. Why is it a problem that reviewers who want to look at the source have to sign an NDA? The only part of the Wisconsin system, as you outlined it, I don't like is the part that says only select parties can review the code and then only in the event of a recount. A better system would be to allow anyone to review the code at any time after an application process. The application process would include a background check/security verification of the interested party and an NDA. This would allow anyone who truly wanted to look at the code to do so, but would keep hackers and other malicious parties from easily obtaining it. If a hacker really wanted ot, he could still obtain the code, but this would make it a little harder. It would also allow who has seen the code to be tracked better. The truth is, no matter how secure or well written a piece of software is, it can be hacked if there is enough incentive. So limiting/tracking access can help to keep th system more secure.

    link to this | view in chronology ]

    • identicon
      ZOMG CENSORED, 9 Jan 2006 @ 7:08am

      Re: Code Review

      While I agree with the NDA comments you made, I find it a bit funny that automatically you make someone who gets the code through any means nescessary some sort of brigand. I mean, people have the right to know whether or not their vote is worth anything, and the only way to do that is to see the code. Without the code, then the public can't be assured that the vote they cast is going to the right person. Even if it means hacking into the system and taking it, at least the code would be available for fully independent and public review.

      (After all, what with the WMF issue being solved by a third-party faster, it seems the public has a better grasp of things).

      link to this | view in chronology ]

      • identicon
        MissingFrame, 9 Jan 2006 @ 7:29am

        Re: Code Review

        It's funny you bring up WMF, didn't the exploits show up before the fix? Unlike WMF fixes, what good is a software fix on election software if they all happen after the exploits happen?

        link to this | view in chronology ]

      • identicon
        Jamie, 9 Jan 2006 @ 8:22am

        Re: Code Review

        I didn't mean to imply that people who get the code through some other means are "brigands." of course there are plenty of regular people who want to see the code. At the moment the only way is by hacking. All I'm saying is that rather than keep it secret from all but a select few, allow anyone to see it if they go through an application process. I think that the code SHOULD be reviewed by a fully independent source. And I think ANYONE who is allowed to vote should have the right to review it. But that doesn't mean that the code should be available without any safeguards. An application process would ensure that who sees the code can be tracked, and that those who do not have the right to see the code, cannot get access. There are plenty of people in the US that have no right to see the code (non-us citizens, unregistered voters, etc.). My point is basically that the code needs to be protected, but it doesn’t need to be secret.

        (As an aside, the WMF exploit you mentioned, probably would have happened sooner if the Microsoft source code had been available to the hackers.)

        link to this | view in chronology ]

    • identicon
      Ryan Elisei, 9 Jan 2006 @ 8:48am

      Re: Code Review

      As you say, nothing can prevent hacking, but openness can at least protect against fraud. All things being equal, information should be freely available to the public, should it not?

      link to this | view in chronology ]

      • identicon
        Andrew Strasser, 9 Jan 2006 @ 9:54am

        Re: Code Review

        "There are plenty of people in the US that have no right to see the code (non-us citizens, unregistered voters, etc.). My point is basically that the code needs to be protected, but it doesn’t need to be secret."


        There are plenty of voting Americans that I wouldn't want to see that code either then if you think that one of those people can what can anyone else do. This is really a ridiculous discussion as the first time one of these machines gets hacked. Which seems to be next year everyone is gonna be saying how dumb were we no matter what way it goes. If you open it up we made it more available for people to find. If you leave it closed the compnay has the responsibility of being right just and fair if and only if no one can figure it out.

        Maybe I'll take a stab at it when it becomes time. I do pretty well with figuring things out.


        link to this | view in chronology ]

        • identicon
          Jamie, 9 Jan 2006 @ 11:10am

          Re: Code Review

          "There are plenty of voting Americans that I wouldn't want to see that code either"

          I agree that there are plenty of Americans that I wouldn't want to see the code either, but it isn't a question of what I want or don't want. If you are a voter, you have the right to see how the voting process works. You have the right to be assured that the voting process is fair. If that means you need to see the source code, you should be allowed to see it. So I really don't think that keeping the source code closed should be allowed. That doesn't mean that there shouldn't be some safeguards on the access. if you are not a voter(for whatever reason) you do not have that right. Tracking who has access to the source code, will make it easier to prosecute and punish those who do hack it with the intent to defraud.
          Hacking the source code with malicious intent is a crime, and should be treated as such. It is the same as if you found a way to rig a normal election. Dead people counted, bribed officials, etc.
          Hacking it in a controlled environment for security research, isn't a crime. That is only pointing out faults in the process so that they can be improved.
          Viewing the source code for your own peace of mind should also not be a crime.

          link to this | view in chronology ]

  • identicon
    giafly, 9 Jan 2006 @ 10:45am

    Re: Code Review

    Q. Why is it a problem that reviewers who want to look at the source have to sign an NDA?

    A. Because few sane people would sign it. If you're an expert in electronic voting, signing an NDA to see the source code of a voting machine from one company could make you "tainted" and unemployable by other companies in the field.

    Meanwhile, here's an example of Example of Open Source Voting:
    Training material for Presiding Officers and Poll Clerks - UK Electoral Commission

    link to this | view in chronology ]

    • identicon
      Jamie, 9 Jan 2006 @ 11:22am

      Re: Code Review

      "If you're an expert in electronic voting, signing an NDA to see the source code of a voting machine from one company could make you "tainted" and unemployable by other companies in the field."

      I see where you are coming from. If I worked in the field of electronic voting, I wouldn't want to sign it either. But don't the companies who make the machines have the right to protect their product? They need to be sure that the code and specs of the machine aren't copied and stolen by a competitor. Some solution where the code can be viewed and verified, but not copied and stolen is needed. I don't think there is a solution like that unless the government researches, funds, and creates their own voting machines and software.

      link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.