California Interested In Open Source E-Voting Solutions
from the good-for-them dept
With so many problems with various e-voting systems, many have wondered why various state governments don't simply require any e-voting system to be open sourced. It makes a tremendous amount of sense. Any trustworthy voting process needs to require transparency in how the votes are recorded and counted. Letting a hidden algorithm do the counting makes no sense. Open source e-voting code would be open to scrutiny, and would almost certainly lead to fewer problems and greater security. Yet, for some reason, election officials have always bought into the e-voting vendors' false claims that open source code is somehow dangerous to an election.It looks like that may be changing. California's Secretary of State, Debra Bowen, who has been a major critic of e-voting vendors, is now saying that open sourcing e-voting systems could help fix many of the flaws found in today's systems. It wouldn't solve all the problems, but it would be a huge step forward.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: california, debra bowen, e-voting, open source
Reader Comments
Subscribe: RSS
View by: Time | Thread
Open security?
I think if the average non-techie person is asked whether something called "open source" would be more secure than a closed system, they'll answer with the closed system most every time. I think the reason that e-voting vendors are able to sell their proprietary systems without open source requirements is no more difficult to understand than the answer to that question. Something with the word "open" in it must be less secure than its opposite, right? Given a certain level of knowlege or under scrutiny, it may make sense that publishing the source code of e-voting machines would improve them, but I don't think this is as intuitive as some people think.
BTW, is there really any benefit to having the e-voting software fall under an open source license rather than just requiring the source code to be openly published? Wouldn't an open publication requirement offer the same benefits of open source without its "stigma"?
[ link to this | view in thread ]
Re: Open security?
It's a no brainer that even a non-techie can answer. Why would you pay tons of money to require a software company to open up its source code for scrutiny when you have "open source" alternative which is almost free?? The 'stigma'? Oh, right, once you open up the source code of a proprietary software it will have the same 'stigma', the only difference is, again, you paid for it. With tax dollars, too.
[ link to this | view in thread ]
Open....to hackers?
If voting software is open sourced, it makes it easier for crackers to find vulnerabilities, furthermore, people who edit it (and approve those edits) have to be trustworthy and non-partisan (something very few coders in my experience are). I know the response to this is that Diebold is quite blatantly partisan and COMPLETELY untrustworthy, but at least they have a business to protect. Open source hackers have nothing to lose by "accidentally" introducing a vulnerability or something.
[ link to this | view in thread ]
Letting a hidden algorithm do the counting ?
[ link to this | view in thread ]
Re: Open security?
[ link to this | view in thread ]
Re: Open security?
[ link to this | view in thread ]
Re: Letting a hidden algorithm do the counting ?
[ link to this | view in thread ]
Re: Open....to hackers?
The thing about open sourcing it, is that you may have partisan coders, but you'll have partisan coders from each side, instead of just the one that the company holds dear. The code will be reviewed by anyone who wants to review it, so should one side try to sneak something in, you'll hear about it. With Diebold for example, the only thing they have to worry about is if they sneak something in for one party, and that party doesn't win. With the source code closed off, no one can tell unless the customer isn't happy. Open source hackers have the future of this country to worry about, and to someone not getting paid to code, that's a pretty big deal.
[ link to this | view in thread ]
Re: Open....to hackers?
"If voting software is open sourced, it makes it easier for crackers to find vulnerabilities..."
True, but also easier for white hats to find those same vulnerabilities. The flip side is that closed source makes it easier to *build in* vulnerabilities (whether intentional or not.) Transparency of process is an absolute requirement for trustworthy elections.
"...furthermore, people who edit it (and approve those edits) have to be trustworthy and non-partisan (something very few coders in my experience are)."
True, but they tend to be able to focus on technical things. Also, while they are partisan (as are most of us) they tend to be from a wider partisan base than the general population (e.g., Paulites.)
[ link to this | view in thread ]
main cause if you have access to the code it would be easier to find any "holes", then again that wold lead to increased scrutiny as mentioned in the article which would allow aster fixes.
personally i see the benefit im not 100% sure that open source can lead to an unhackable system
[ link to this | view in thread ]
Re: Re: Open....to hackers?
[ link to this | view in thread ]
Re: Re: Open security?
The very point of my comment was that the choice is not a no-brainer, especially for non-technical people. On reading over the article, it's not exactly clear to me whether they want to go to a full open source model, where the e-voting machine software was developed from the ground up as open source, or whether they just wanted require that the vendors publish their source code in an "open source" like mode so they could foster more open review. My comments were based on the latter interpretation.
In any case, the reason that I put scare quotes around stigma is that most people, whether it's logical or not, attribute more quality to something that you have to pay for. So, I think a completely open source development effort for e-voting would be a hard sell to the general public. But if your goal is to improve security by openness, then requiring vendors to publish their source code could be a good compromise.
[ link to this | view in thread ]
Re: Open....to hackers?
Have an open source plan for the whole shebang. Have a procedure laid out for how the line will form, how people verify your eligibility, what to do with irregularities, who can monitor the process, how machines will be setup, software/hardware on those machines, how the paper backups will be counted, etc).
[ link to this | view in thread ]
Re: Re: Open security?
Do you count service level agreements as a guarentee? I would hope that any rule imposed on an e-voting machine vendor to publish their source code would include a standard bug resolution / change control process. When all of their code was hidden, the vendors had plausible deniability. But how would the dynamic change if news started circulating about a huge bug that caused votes to be dropped? There would be huge social and political pressure to fix the bug as soon as possible. Admittadly, it's still not a guarantee, but much closer to a workable solution that "Nope. Nothing wrong here. Please move along."
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Open security?
- Thomas Jefferson
This is where education offsets intuition.
Agreed, but...the e-voting machine hardware vendors are currently taking advantage of the lack of general education on this topic. This isn't to say that people can't or should be educated on the subject, but as it stands now, because "open" sounds less secure, they get away with it.
[ link to this | view in thread ]
Re: Open....to hackers?
anyone can find bugs, anyone can fix bugs. the more people involved the harder it is to pull anything shady because someone somewhere will find out. full access to source code means the problem can be easily made public.
an open system is transparent, and transparency isn't very supportive of underhandedness. if you are in the business of rigging elections, it's best to keep the number of vendors small and the whole process shrouded in mystery.
that is why open source e voting will never fly. too much money has been invested in a system that can be easily gamed and plausibly denied.
[ link to this | view in thread ]
Re: Re: Re: Open security?
hell no.
all SLA's guarantee is a response in a fixed time frame... as in "we will respond in X hours, guaranteed." no vendor will certify when a fix will be made, only when the response will be given to the inquiry. you can't guarantee a fix, nor can you guarantee that the "bug" isn't by design.
all software, including open source software, comes with no guarantees of anything, including merchantability and suitability for a particular purpose.
all software is "use at your own risk" including the enterprise stuff that is "guaranteed" to work 99.99999999% of the time. software is the only industry in the world where you make a tool for a given purpose and don't have to certify that the tool works for the purpose it was designed for.
[ link to this | view in thread ]
Re: Re: Re: Re: Open security?
This was exactly my point. There are no guarantees in software development.
Here's OpenVote's comment...
Even if they publish their code, and we tell them there's a problem, there's no guarantee that it'll get fixed.
If you have proprietary software, proprietary software where the source code is open to peer review, or full open source, you still wouldn't have any guarantees. But some options are better than others.
[ link to this | view in thread ]
YOU GUYS HAVE LOST IT
VOTE McCain 2008 - CLOSED UNTIL CRISIS SOLVED AND WORLD SAVED
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Re: Open security?
Open source swings the door both ways for would be hackers and security. But what I'm really saying is we've wasted tons of money already on these proprietary software that we should give "free" a chance.
[ link to this | view in thread ]
Re: Re: Re: Re: Open security?
Maybe I'm thinking too much like a politician, but I'd think it'd be much easier to pass a law that said all e-voting machines had to use source code that was freely published than to mandate that all e-voting machines had to use open source software. If no companies accepted your bid because they thought their business model would be driven into the ground, then so be it. You'd still come off looking like the champion for the people. But that point is moot because even if it wasn't Diebold, there'd be some company out there that'd accept the conditions. Ah, capitalism.
[ link to this | view in thread ]
Re: YOU GUYS HAVE LOST IT
Where can I get one of these "capital-class" people to buy me a hybrid? Can I get them to reimburse me for my iPod since I already payed for it? Where is my luxury that they are paying for? I haven't seen it yet.
[ link to this | view in thread ]
Re: YOU GUYS HAVE LOST IT
If it's the former, though, I will have lost all faith in the intelligence of America (although there wasn't really that much left to lose)
[ link to this | view in thread ]
Re: Letting a hidden algorithm do the counting ?
[ link to this | view in thread ]
Paper is the only way
[ link to this | view in thread ]
Open....for everyone.
You can say the idea of using the open source methodology is to bring transparency to the more technical portion of the development of voting machines.
[ link to this | view in thread ]
I'm from Chicago...
With that said, how will we know that the code published is actually on the machines?????
Knowing the extents that these people will go to, at least there is a trail of people in a private company that can be sued or put in jail. Whatever happens, the election apparatus is generally run by party people. Secretaries of State and County governments aren't setup to manage such an effort. Many people are just volunteering their time, but the parties (Democrats especially) are experts at controlling precincts. This is how Obama received ZERO votes in some sold black precincts against Hillary.
Hillary's people controlled things and I doubt open source would help much.
I think Marx or Lenin said something like "it's not who votes that counts, but who counts the votes."
[ link to this | view in thread ]
e-voting
[ link to this | view in thread ]