California Interested In Open Source E-Voting Solutions
from the good-for-them dept
With so many problems with various e-voting systems, many have wondered why various state governments don’t simply require any e-voting system to be open sourced. It makes a tremendous amount of sense. Any trustworthy voting process needs to require transparency in how the votes are recorded and counted. Letting a hidden algorithm do the counting makes no sense. Open source e-voting code would be open to scrutiny, and would almost certainly lead to fewer problems and greater security. Yet, for some reason, election officials have always bought into the e-voting vendors’ false claims that open source code is somehow dangerous to an election.
It looks like that may be changing. California’s Secretary of State, Debra Bowen, who has been a major critic of e-voting vendors, is now saying that open sourcing e-voting systems could help fix many of the flaws found in today’s systems. It wouldn’t solve all the problems, but it would be a huge step forward.
Filed Under: california, debra bowen, e-voting, open source
Comments on “California Interested In Open Source E-Voting Solutions”
Open security?
Yet, for some reason, election officials have always bought into the e-voting vendors’ false claims that open source code is somehow dangerous to an election.
I think if the average non-techie person is asked whether something called “open source” would be more secure than a closed system, they’ll answer with the closed system most every time. I think the reason that e-voting vendors are able to sell their proprietary systems without open source requirements is no more difficult to understand than the answer to that question. Something with the word “open” in it must be less secure than its opposite, right? Given a certain level of knowlege or under scrutiny, it may make sense that publishing the source code of e-voting machines would improve them, but I don’t think this is as intuitive as some people think.
BTW, is there really any benefit to having the e-voting software fall under an open source license rather than just requiring the source code to be openly published? Wouldn’t an open publication requirement offer the same benefits of open source without its “stigma”?
Re: Open security?
“BTW, is there really any benefit to having the e-voting software fall under an open source license rather than just requiring the source code to be openly published? Wouldn’t an open publication requirement offer the same benefits of open source without its “stigma”?”
It’s a no brainer that even a non-techie can answer. Why would you pay tons of money to require a software company to open up its source code for scrutiny when you have “open source” alternative which is almost free?? The ‘stigma’? Oh, right, once you open up the source code of a proprietary software it will have the same ‘stigma’, the only difference is, again, you paid for it. With tax dollars, too.
Re: Re: Open security?
It’s a no brainer that even a non-techie can answer. Why would you pay tons of money to require a software company to open up its source code for scrutiny when you have “open source” alternative which is almost free??
The very point of my comment was that the choice is not a no-brainer, especially for non-technical people. On reading over the article, it’s not exactly clear to me whether they want to go to a full open source model, where the e-voting machine software was developed from the ground up as open source, or whether they just wanted require that the vendors publish their source code in an “open source” like mode so they could foster more open review. My comments were based on the latter interpretation.
In any case, the reason that I put scare quotes around stigma is that most people, whether it’s logical or not, attribute more quality to something that you have to pay for. So, I think a completely open source development effort for e-voting would be a hard sell to the general public. But if your goal is to improve security by openness, then requiring vendors to publish their source code could be a good compromise.
Re: Re: Re: Open security?
Their source code is their “Top Secret KFC Recipe”. The chances of them publishing it is more like driving their business to the ground. Only the their Top Programmers have the security clearance for this code. If they obliged to open it up and some “freak of technology accident” leaked that code into a forum somewhere, then what? What if the company has other products that uses the same source code?
Open source swings the door both ways for would be hackers and security. But what I’m really saying is we’ve wasted tons of money already on these proprietary software that we should give “free” a chance.
Re: Re: Re:2 Open security?
The chances of them publishing it is more like driving their business to the ground.
Maybe I’m thinking too much like a politician, but I’d think it’d be much easier to pass a law that said all e-voting machines had to use source code that was freely published than to mandate that all e-voting machines had to use open source software. If no companies accepted your bid because they thought their business model would be driven into the ground, then so be it. You’d still come off looking like the champion for the people. But that point is moot because even if it wasn’t Diebold, there’d be some company out there that’d accept the conditions. Ah, capitalism.
Re: Open security?
Perhaps, but we’ve been telling the closed source e-voting vendors that there is a problem for what, 8 years, and they don’t care. We know there’s a problem now, and they won’t fix it. Even if they publish their code, and we tell them there’s a problem, there’s no guarantee that it’ll get fixed. Open source means that we don’t have to wait for them to fix it, I could fix it for them if I wanted and knew how. So yes, there is a benefit, and it’s potentially a big one.
Re: Re: Open security?
Even if they publish their code, and we tell them there’s a problem, there’s no guarantee that it’ll get fixed.
Do you count service level agreements as a guarentee? I would hope that any rule imposed on an e-voting machine vendor to publish their source code would include a standard bug resolution / change control process. When all of their code was hidden, the vendors had plausible deniability. But how would the dynamic change if news started circulating about a huge bug that caused votes to be dropped? There would be huge social and political pressure to fix the bug as soon as possible. Admittadly, it’s still not a guarantee, but much closer to a workable solution that “Nope. Nothing wrong here. Please move along.”
Re: Re: Re: Open security?
Do you count service level agreements as a guarentee?
hell no.
all SLA’s guarantee is a response in a fixed time frame… as in “we will respond in X hours, guaranteed.” no vendor will certify when a fix will be made, only when the response will be given to the inquiry. you can’t guarantee a fix, nor can you guarantee that the “bug” isn’t by design.
all software, including open source software, comes with no guarantees of anything, including merchantability and suitability for a particular purpose.
all software is “use at your own risk” including the enterprise stuff that is “guaranteed” to work 99.99999999% of the time. software is the only industry in the world where you make a tool for a given purpose and don’t have to certify that the tool works for the purpose it was designed for.
Re: Re: Re:2 Open security?
software is the only industry in the world where you make a tool for a given purpose and don’t have to certify that the tool works for the purpose it was designed for.
This was exactly my point. There are no guarantees in software development.
Here’s OpenVote’s comment…
Even if they publish their code, and we tell them there’s a problem, there’s no guarantee that it’ll get fixed.
If you have proprietary software, proprietary software where the source code is open to peer review, or full open source, you still wouldn’t have any guarantees. But some options are better than others.
Re: Open security?
This is where education offsets intuition.
Re: Re: Open security?
“I know no safe depositary of the ultimate powers of the society but the people themselves; and if we think them not enlightened enough to exercise their control with a wholesome discretion, the remedy is not to take it from them, but to inform their discretion by education.”
– Thomas Jefferson
This is where education offsets intuition.
Agreed, but…the e-voting machine hardware vendors are currently taking advantage of the lack of general education on this topic. This isn’t to say that people can’t or should be educated on the subject, but as it stands now, because “open” sounds less secure, they get away with it.
Open....to hackers?
OK, so I’m a huge fan of this idea, and it makes a lot of sense to me, I’m just going to play Devil’s Advocate.
If voting software is open sourced, it makes it easier for crackers to find vulnerabilities, furthermore, people who edit it (and approve those edits) have to be trustworthy and non-partisan (something very few coders in my experience are). I know the response to this is that Diebold is quite blatantly partisan and COMPLETELY untrustworthy, but at least they have a business to protect. Open source hackers have nothing to lose by “accidentally” introducing a vulnerability or something.
Re: Open....to hackers?
I like what you’re doing here…
The thing about open sourcing it, is that you may have partisan coders, but you’ll have partisan coders from each side, instead of just the one that the company holds dear. The code will be reviewed by anyone who wants to review it, so should one side try to sneak something in, you’ll hear about it. With Diebold for example, the only thing they have to worry about is if they sneak something in for one party, and that party doesn’t win. With the source code closed off, no one can tell unless the customer isn’t happy. Open source hackers have the future of this country to worry about, and to someone not getting paid to code, that’s a pretty big deal.
Re: Open....to hackers?
First, good on you for thinking critically here. That said, here’s my response:
“If voting software is open sourced, it makes it easier for crackers to find vulnerabilities…”
True, but also easier for white hats to find those same vulnerabilities. The flip side is that closed source makes it easier to *build in* vulnerabilities (whether intentional or not.) Transparency of process is an absolute requirement for trustworthy elections.
“…furthermore, people who edit it (and approve those edits) have to be trustworthy and non-partisan (something very few coders in my experience are).”
True, but they tend to be able to focus on technical things. Also, while they are partisan (as are most of us) they tend to be from a wider partisan base than the general population (e.g., Paulites.)
Re: Re: Open....to hackers?
Just to add to that post, If a change is added and accepted than other programmers will still be able to look it over so it is still under scrutiny and much, much harder to hide something.
Re: Open....to hackers?
I don’t think that the software alone should be open source, I think that the whole process should be open source.
Have an open source plan for the whole shebang. Have a procedure laid out for how the line will form, how people verify your eligibility, what to do with irregularities, who can monitor the process, how machines will be setup, software/hardware on those machines, how the paper backups will be counted, etc).
Re: Re: Open....for everyone.
I believe the more commonly used term is “transparent”.
You can say the idea of using the open source methodology is to bring transparency to the more technical portion of the development of voting machines.
Re: Open....to hackers?
it’s called peer review. anyone can audit it, and anyone can fix it. that’s good news for voters, and bad news for people who depend on rigged elections (or the specter thereof).
anyone can find bugs, anyone can fix bugs. the more people involved the harder it is to pull anything shady because someone somewhere will find out. full access to source code means the problem can be easily made public.
an open system is transparent, and transparency isn’t very supportive of underhandedness. if you are in the business of rigging elections, it’s best to keep the number of vendors small and the whole process shrouded in mystery.
that is why open source e voting will never fly. too much money has been invested in a system that can be easily gamed and plausibly denied.
Letting a hidden algorithm do the counting ?
we need an algorithim to count??????
Re: Letting a hidden algorithm do the counting ?
New app at the Apple store online…the iVote app!
Re: Letting a hidden algorithm do the counting ?
Yes!! but we need algorithms + genetic algorithms to count ballots accurately and in realtime. Google does cloud computing (serial/parallel interfaced) at 3.5 trillion bits a minute. An ACCURATE, realtime vote count would give the political parties fits! They couldn’t rig the election!
i see why some ppl would be reluctant to have evoting or other system that requires great security to be open source.
main cause if you have access to the code it would be easier to find any “holes”, then again that wold lead to increased scrutiny as mentioned in the article which would allow aster fixes.
personally i see the benefit im not 100% sure that open source can lead to an unhackable system
Re: Re:
Nothing with a user interface is un-hackable. With as easy as it is now to hack into one of the E-Voting machines and how easy it is for them to mix up votes and how easy it is to have “user error”, anything would be an improvement. Or at least if the software/hardware screws up we know it’s not because someone payed to have it “screw up”.
YOU GUYS HAVE LOST IT
Open source voting machines, the techdirt hippies have finally lost it. Democracy only works when conducted in smokey back rooms, by the people that really matter (those that have the largest investment in our country. Remember it is the largess of the “capital-class” in America that allows you hippies to live in luxury. They are paying for your silly hybrid cars and ipods so be happy they give you even the illusion of involvement in drafting policy. Frankly, they shouldn’t have too.
VOTE McCain 2008 – CLOSED UNTIL CRISIS SOLVED AND WORLD SAVED
Re: YOU GUYS HAVE LOST IT
“They are paying for your silly hybrid cars and ipods so be happy they give you even the illusion of involvement in drafting policy.”
Where can I get one of these “capital-class” people to buy me a hybrid? Can I get them to reimburse me for my iPod since I already payed for it? Where is my luxury that they are paying for? I haven’t seen it yet.
Re: YOU GUYS HAVE LOST IT
I honestly can’t tell if this guy is being serious, or if his post is satire. If it’s the latter, than bravo, sir.
If it’s the former, though, I will have lost all faith in the intelligence of America (although there wasn’t really that much left to lose)
I maintain Oregon’s vote by mail, scantron system is still the simplest, easiest on the voter, and more secure than any digital setup out there.
Paper is the only way
Open source is not a magic wand that allows a non-computer-expert to oversee the honesty of an election. The most “open source” solution is thus paper, because it is open to oversight by the largest number of people. Anything else that seeks to reduce the oversight opportunity to an elite few people is inherently undemocratic.
I'm from Chicago...
…and they are experts at manipulating voting. They call it a Democratic Machine, not because of efficiency, but in the ability to manufacture votes. This is why Gore brought in Bill Daley to head up the 2000 effort. These people know how to steal elections.
With that said, how will we know that the code published is actually on the machines?????
Knowing the extents that these people will go to, at least there is a trail of people in a private company that can be sued or put in jail. Whatever happens, the election apparatus is generally run by party people. Secretaries of State and County governments aren’t setup to manage such an effort. Many people are just volunteering their time, but the parties (Democrats especially) are experts at controlling precincts. This is how Obama received ZERO votes in some sold black precincts against Hillary.
Hillary’s people controlled things and I doubt open source would help much.
I think Marx or Lenin said something like “it’s not who votes that counts, but who counts the votes.”
e-voting
Open Source e-voting is only dangerous if the software is full of bugs that don’t get fixed, which clearly shows where the e-voting companies get their point of view from.