E-Voting Firms Recognize That Open Source Software Exists… But Seem Confused About What It Means
from the not-too-surprising dept
We’ve never quite understood why e-voting software shouldn’t be required to be public information. For the sake of actually allowing an open and transparent voting system, it’s hard to understand how any governing body would allow proprietary software to be used. There’s simply no way you can prove that the system is fair and transparent if the counting mechanism is totally hidden away. For years, the big e-voting firms have simply shrugged this off, but it looks like they’re at least open to discussing it. A trade group representing the big e-voting firms has put out a whitepaper discussing open source voting systems, where all they really do is show that they don’t actually understand much about open source technologies.
First, they claim that, even though they understand that “security through obscurity” isn’t effective, “there remains some underlying truths to the idea that software does maintain a level of security through the lack of available public knowledge of the inner workings of a software program.” Computer Science professor Dan Wallach does a nice job responding to that claim:
Really? No. Disclosing the source code only results in a complete forfeiture of the software’s security if there was never any security there in the first place. If the product is well-engineered, then disclosing the software will cause no additional security problems. If the product is poorly-engineered, then the lack of disclosure only serves the purpose of delaying the inevitable.
What we learned from the California Top-to-Bottom Review and the Ohio EVEREST study was that, indeed, these systems are unquestionably and unconscionably insecure. The authors of those reports (including yours truly) read the source code, which certainly made it easier to identify just how bad these systems were, but it’s fallacious to assume that a prospective attacker, lacking the source code and even lacking our reports, is somehow any less able to identify and exploit the flaws. The wide diversity of security flaws exploited on a regular basis in Microsoft Windows completely undercuts the ETC paper’s argument. The bad guys who build these attacks have no access to Windows’s source code, but they don’t need it. With common debugging tools (as well as customized attacking tools), they can tease apart the operation of the compiled, executable binary applications and engineer all sorts of malware.
Voting systems, in this regard, are just like Microsoft Windows. We have to assume, since voting machines are widely dispersed around the country, that attackers will have the opportunity to tear them apart and extract the machine code. Therefore, it’s fair to argue that source disclosure, or the lack thereof, has no meaningful impact on the operational security of our electronic voting machines. They’re broken. They need to be repaired.
The next oddity, is the claim that if a problem is found in open source software, then it won’t get fixed as quickly, because you have to wait for “the community” to fix it. That completely mistakes how open source software works. Again, Wallach points out how silly that is, noting that plenty of commercially-focused companies run open source projects, including maintaining and contributing code to the project. If these companies were to open source their code, there’s nothing stopping them from continuing to improve the security of the code. There’s no need to wait around… The paper has other problems as well, which Wallach discusses at the link above. To be honest, though, it’s quite telling that these firms don’t even seem to understand some of the basics of how open source software works.
Filed Under: e-voting, open source
Comments on “E-Voting Firms Recognize That Open Source Software Exists… But Seem Confused About What It Means”
Let me quote security expert Bruce Schneier:
“If I take a letter, lock it in a safe, hide the safe somewhere in New York, and then tell you to read the letter, that’s not security. That’s obscurity. On the other hand, if I take a letter and lock it in a safe, and then give you the safe along with the design specifications of the safe and a hundred identical safes with their combinations so that you and the world’s best safecrackers can study the locking mechanism–and you still can’t open the safe and read the letter, that’s security. “
Wait for the community? Come on, we all know that the community is much faster than the 2 guys you have on staff. We already know that the machines aren’t secure, and no one has fixed them. So we are already waiting.
If voting machines went open source, that software is solidly secure in no time. You have techies in all parties and all of them want to make sure no one else gets anything.
I don’t know why governments don’t require open source for everything that is ultimately needed for the public.
Re: Re:
I wish more places and companies used open source software. As a Student Government Senator at Northern Kentucky University I’m pushing to have OpenOffice installed on the school computers and want to get the schools programing department to participate in the creation of open source software.
Available for public scrutiny != FOSS
Voting machine systems should be required to publish their code even if they don’t want to put it under a GNU or other FOSS-type license.
The source code can be made available for public scrutiny without it being GNU or other open source software. There is nothing that prevents a company from publishing their code under traditional copyright. This would allow them to retain their rights to the code and still demonstrate the integrity of their software. If another company used their code in competing voting machines, then that would become apparent very quickly when the copying company published their source code.
The one essential element in a requirement to publish would be that public entities would be allowed to (in fact they should be required to) compile the published source using an open source compiler and load it onto the machines.
Re: Available for public scrutiny != FOSS
At this point there would be a takings isssue: Amendment 5 prevents the taking of private property for Public Purposes. Either govenment has to pay for the source code or it has to stay private property.
But, the sad thing is the Election Assistance Commission (EAC) HAD the chance last year to prevent this dilemma.
When the the EAC created the Certification and Testing Program, the refuse to incorporate into this new process the requirement that certification under the EAC requires source code disclosure.
Open Source Software
We successfully used open source software (Ballot Browser) here in California for an pilot program to verify election results, which as it turned out, were NOT accurate when first counted by Diebold’s black box system.
You can read about it here : http://humtp.com/
and here: wwwTEVSystems.com
e-voting
Well written and very appropriate! Congratulations!
As to the comment: “The next oddity, is the claim that if a problem is found in open source software, then it won’t get fixed as quickly, because you have to wait for “the community” to fix it.” What I am reading is they are really saying “if it were open source software, people would see the defects, and we would have to fix them”.
OSS is used for e-voting
OSS is currently used in the Australian state of the ACT for e-voting and has been since at least 2001.
http://www.elections.act.gov.au/elections/electronicvoting.html