Reader Comments

Subscribe: RSS

View by: Time | Thread

• 

  Anonymous Coward, 9 Jan 2006 @ 6:32am

  
  

  No Subject Given

  Now all we need is proof of identification in Wisconsin!

  [ link to this | view in chronology ]

• 

  Jamie, 9 Jan 2006 @ 6:37am

  
  

  Code Review

  I don't understand why you seem to feel that the source code should be made public. It seems to me that while the source code shouldn't be totally "secret", it also doesn't need to be published. Why is it a problem that reviewers who want to look at the source have to sign an NDA? The only part of the Wisconsin system, as you outlined it, I don't like is the part that says only select parties can review the code and then only in the event of a recount. A better system would be to allow anyone to review the code at any time after an application process. The application process would include a background check/security verification of the interested party and an NDA. This would allow anyone who truly wanted to look at the code to do so, but would keep hackers and other malicious parties from easily obtaining it. If a hacker really wanted ot, he could still obtain the code, but this would make it a little harder. It would also allow who has seen the code to be tracked better. The truth is, no matter how secure or well written a piece of software is, it can be hacked if there is enough incentive. So limiting/tracking access can help to keep th system more secure.

  [ link to this | view in chronology ]

  • 

    ZOMG CENSORED, 9 Jan 2006 @ 7:08am

    
    

    Re: Code Review

    While I agree with the NDA comments you made, I find it a bit funny that automatically you make someone who gets the code through any means nescessary some sort of brigand. I mean, people have the right to know whether or not their vote is worth anything, and the only way to do that is to see the code. Without the code, then the public can't be assured that the vote they cast is going to the right person. Even if it means hacking into the system and taking it, at least the code would be available for fully independent and public review.
    
    (After all, what with the WMF issue being solved by a third-party faster, it seems the public has a better grasp of things).

    [ link to this | view in chronology ]

    • 

      MissingFrame, 9 Jan 2006 @ 7:29am

      
      

      Re: Code Review

      It's funny you bring up WMF, didn't the exploits show up before the fix? Unlike WMF fixes, what good is a software fix on election software if they all happen after the exploits happen?

      [ link to this | view in chronology ]

    • 

      Jamie, 9 Jan 2006 @ 8:22am

      
      

      Re: Code Review

      I didn't mean to imply that people who get the code through some other means are "brigands." of course there are plenty of regular people who want to see the code. At the moment the only way is by hacking. All I'm saying is that rather than keep it secret from all but a select few, allow anyone to see it if they go through an application process. I think that the code SHOULD be reviewed by a fully independent source. And I think ANYONE who is allowed to vote should have the right to review it. But that doesn't mean that the code should be available without any safeguards. An application process would ensure that who sees the code can be tracked, and that those who do not have the right to see the code, cannot get access. There are plenty of people in the US that have no right to see the code (non-us citizens, unregistered voters, etc.). My point is basically that the code needs to be protected, but it doesn’t need to be secret.
      
      (As an aside, the WMF exploit you mentioned, probably would have happened sooner if the Microsoft source code had been available to the hackers.)

      [ link to this | view in chronology ]

  • 

    Ryan Elisei, 9 Jan 2006 @ 8:48am

    
    

    Re: Code Review

    As you say, nothing can prevent hacking, but openness can at least protect against fraud. All things being equal, information should be freely available to the public, should it not?

    [ link to this | view in chronology ]

    • 

      Andrew Strasser, 9 Jan 2006 @ 9:54am

      
      

      Re: Code Review

      "There are plenty of people in the US that have no right to see the code (non-us citizens, unregistered voters, etc.). My point is basically that the code needs to be protected, but it doesn’t need to be secret."
      
      
      There are plenty of voting Americans that I wouldn't want to see that code either then if you think that one of those people can what can anyone else do. This is really a ridiculous discussion as the first time one of these machines gets hacked. Which seems to be next year everyone is gonna be saying how dumb were we no matter what way it goes. If you open it up we made it more available for people to find. If you leave it closed the compnay has the responsibility of being right just and fair if and only if no one can figure it out.
      
      Maybe I'll take a stab at it when it becomes time. I do pretty well with figuring things out.
      
      
      

      [ link to this | view in chronology ]

      • 

        Jamie, 9 Jan 2006 @ 11:10am

        
        

        Re: Code Review

        "There are plenty of voting Americans that I wouldn't want to see that code either"
        
        I agree that there are plenty of Americans that I wouldn't want to see the code either, but it isn't a question of what I want or don't want. If you are a voter, you have the right to see how the voting process works. You have the right to be assured that the voting process is fair. If that means you need to see the source code, you should be allowed to see it. So I really don't think that keeping the source code closed should be allowed. That doesn't mean that there shouldn't be some safeguards on the access. if you are not a voter(for whatever reason) you do not have that right. Tracking who has access to the source code, will make it easier to prosecute and punish those who do hack it with the intent to defraud.
        Hacking the source code with malicious intent is a crime, and should be treated as such. It is the same as if you found a way to rig a normal election. Dead people counted, bribed officials, etc.
        Hacking it in a controlled environment for security research, isn't a crime. That is only pointing out faults in the process so that they can be improved.
        Viewing the source code for your own peace of mind should also not be a crime.

        [ link to this | view in chronology ]

• 

  giafly, 9 Jan 2006 @ 10:45am

  
  

  Re: Code Review

  Q. Why is it a problem that reviewers who want to look at the source have to sign an NDA?
  
  A. Because few sane people would sign it. If you're an expert in electronic voting, signing an NDA to see the source code of a voting machine from one company could make you "tainted" and unemployable by other companies in the field.
  
  Meanwhile, here's an example of Example of Open Source Voting:
  Training material for Presiding Officers and Poll Clerks - UK Electoral Commission

  [ link to this | view in chronology ]

  • 

    Jamie, 9 Jan 2006 @ 11:22am

    
    

    Re: Code Review

    "If you're an expert in electronic voting, signing an NDA to see the source code of a voting machine from one company could make you "tainted" and unemployable by other companies in the field."
    
    I see where you are coming from. If I worked in the field of electronic voting, I wouldn't want to sign it either. But don't the companies who make the machines have the right to protect their product? They need to be sure that the code and specs of the machine aren't copied and stolen by a competitor. Some solution where the code can be viewed and verified, but not copied and stolen is needed. I don't think there is a solution like that unless the government researches, funds, and creates their own voting machines and software.

    [ link to this | view in chronology ]