views:

910

answers:

12

Sooo...it's only sort of programming related, but I figure it's election day, right? Is there a single good reason why they aren't, not necessarily open source in that anyone can contribute, but open source in that anyone could inspect the source?

+1  A: 

the problem is opensourcing the software would be a no-op.

They don't have any decent cryptography, and there has been demonstrated and relatively easy ways to contravene them simply by hot-swapping a ROM chip in the voting booth, or Having a device that augments the records in the record cartridge.


@Mnementh The bad cryptography and the possibility to swap the ROM-chip has nothing to do with open-sourcing the code? So there is the point?

There are only 3 logical reasons for opensourcing this code:

  1. To put under scrutiny how the votes are counted to be certain its doing it right.
  2. For somebody to be able to modify that code for their own needs.
  3. To put the software into public domain so public committers can improve on it.

Points 1 and 3 are blown out of the water in terms of usefulness and "proving your vote counts" because you have no assurance that the code you are seeing/improving runs on these devices.

So that leaves only condition 2 being useful, and as you are not going to own your own voting machine, and have no need for one for anything more than nefarious causes or to simply prove their vulnerability.

For the majority of cases all it would mean is that there would be more information publically available on how to contravene these machines, so you would no longer need physical access to one in order to attempt reverse engineer their software and develop compromised ROM chips for use in said devices, grossly reducing the barrier to entry for the compromise of the voting system.

Granted, even in a non-opensource state this information can still leak, and you just have a false sense of security because you assume "theres no leak, I am safe", but on the contrary, if you open source it people will assume "hundreds of people have looked at the source code, I am safe" which is an equally bad false sense of security.

People are looking for a silver bullet safe way of voting, and sadly, there is none. Not without growing a race of purified peoples whom are brought up by non-committal monks in isolationist shrines to have a breed of people simply for the task of witnessing and counting votes accurately, whom are trained to be amoral and can't be bribed to switch the vote.

( It would sort of be like the 'dark angel' series except with voting agents instead of assassins, and we all know how that show works out, one of them would go rouge, we'd trust them, and they'd screw us all )

Kent Fredric
The bad cryptography and the possibility to swap the ROM-chip has nothing to do with open-sourcing the code? So there is the point?
Mnementh
+5  A: 

The reason they aren't open source, is because, as Kent mentioned, it wouldn't help. You could open source the code. But there's no way to ensure that the voting machine you are using is actually running the code that is open sourced.

Kibbee
Well, yes, but that is irrelevant. The intent of open-sourcing it is mainly for public verification of soundness of the implementation, not for increasing trust in the integrity of the software company.
Svante
Kibbee, supposing the voting machine was not running the code that was open sourced, there would be no shortage of media persons looking for open sourcers (who are in no short supply) who could easily prove that the binaries on the machine aren't the same as the one's that were open sourced.Open sourcing voting machines is a great step in the right direction.
Vulcan Eager
You could allow a small percentage of all the machines be randomly chosen by Miley Cyrus and then examined (hash comparison?) by Donald Knuth.
Joe Philllips
+16  A: 

In Belgium, the sourcecode for the voting machines is freely downloadable.

Dave Van den Eynde
Same in Australia, at least in the one jurisdiction where e-Voting is currently used... <http://www.elections.act.gov.au/elections/electronicvoting.html>
Stobor
Link got mangled: http://www.elections.act.gov.au/elections/electronicvoting.html
Stobor
+1  A: 

Because politicians buy them. Anything politicians get their hands in goes to shit, because 99% of the time they're only experience is in running for office, not doing things like adequately vetting hardware and software.

Also, kickbacks.


The truth hurts, doesn't it?

Will
Well, it might be like that in your country, but don't generalize for the whole world.
Barth
No, I'm sure your rulers are all benevolent and only have your best interests at heart.
Will
Yeah! Polititicians suck. They never manage the country correctly. Oh, btw: Software developers suck, too. My computer always crashes. And dentists suck, I got an aching tooth. Seriously: You really don't think politicians are human? Just a reminder: Ghandi is a politician, too.
soulmerge
I KNOW they're human. But look around--there are lots of people who think they are superhuman, and place in them superhuman power. People think that driving more money and more power into the hands of politicians will somehow solve all our everyday, mundane problems. I suggest you read The Road to Serfdom if you believe this.
Will
+26  A: 
erickson
And the FUD isn't even really necessary. Government IT projects are invariably designed to funnel contracts to the big, lobby-friendly vendors and consultancies; the idea of just doing it properly and cheaply oneself using open-source or commodity software is alien.
bobince
I don't think that funneling to big, lobbying contractors will ever change. However, I have seen more acceptance of FOSS in government contracts in the last few years, which is nice. Consideration of COTS, at least in the DOD, is starting to include FOSS. They used to be quite hostile to use of OSS.
erickson
You might wanna post some references if you're gonna post such a strong theory. I'm not saying its not probable but its too easy to just shrug and state: "oh yea the man's corrupt innit?"
Quibblesome
You are right, Quarrelsome. I was at the peak of my biennial "voting machines suck" cycle back in October and struggling to think rationally. I've added one example of the stunts vendors pulled, but I will continue to add links here as I find them.
erickson
+1  A: 

There is no specific reason not to open-source the software (and even opening the hardware-layout) of voting machines. It has no security impact, as some try to state, because if closed or open source, the ROM can be switched. The machine need some sort of verifier to check, if the code loaded is really the one certified for the election. Open-Sourcing would make no difference.

Mnementh
I believe that open source would make a difference. Currently, voting machine vendors have no incentive to innovate. An open source project could address the problem that you cite by implementing a verifiable voting scheme. The downside is that verifiable votes lend themselves to vote buying.
erickson
That could be the case. But open-sourcing has no direct impact on security.
Mnementh
Good point, for the company that is there to sell machines - unless their sales base is braniacs, what good it do them tell everyone how system works? Probably, though coutner-intuitive, sellers of the machine grasp that gummints would think disclosure weakens the crypto. Therefore, sellers of equipment leave development of crypto-systems for voting to open discussion on, what? -> government funded universities .... maybe one day we can all be Section 8's
Nicholas Jordan
+4  A: 

There is no reason that open source code is better than closed source in this case. How you voted must always remain a secret for obvious reasons. The ONLY real safeguard is the paper trail.

I WORKED with these machines and if so inclined I would have made malicious code that flips votes the way I wanted after 10 cast ballots to defeat whatever ridiculous Logic and Accuracy tests were thrown at the machine before deployment (We never went past one test vote).

Randomly pick a certain percentage of machines and compare the paper trail to the electronic tally. If Diebold had been confident of its machines then they would have insisted that this be the last step in any election.

Dining Philanderer
Your having WORKED on these machines doesn't change the fact that closed source systems aren't VERIFIABLE.6 votes! You six fellas stand in a line now and take what's coming.
Vulcan Eager
Though opening the source for these machines doesn't make them more reliable in itself, it does open up the security to more eyes, making a potential security hole much more likely to be announced and closed. Though I agree that some people will try to exploit the software, there are larger masses who would work to secure the system out of interest for fair elections, so I think you'd far outweigh the downsides of this move, and you'd improve trust in the system itself.
rwmnau
A: 

Because if they were they would not be able to blame inaccurate votes on calibration-errors on the touchscreen.

A: 
  • The people responsible have a "security by obscurity" bad meme stuck somewhere
  • The people building the software don't want to help competitors
  • The people building the software fear embarrassment
  • There are not enough people in the legislative process who understand the flaws in all of the above
Svante
+5  A: 

In the context of this discussion, you might find this paper interesting:

Secret-Ballot Receipts: True Voter-Verifiable Elections

It's written by David Chaum, the cryptographer responsible for DigiCash, among other things. From his bio page on Wikipedia, I also found End-to-end auditable voting systems.

Update! Now it seems we can see if this really works: First Test for Election Cryptography.

Don Wakefield
Awesome. I wish it was dumbed down a little bit. I'm still not entirely sure how your "vote" can be tallied from the web copy of your receipt.
Joe Philllips
+1  A: 

Security Through Obscurity!

Brian
A: 

So far, most replies have been technical in nature, but most likely, voting machines are not open source because the company under contract to develop them has no incentive to make them open source.

If a company develops an open source voting system, anyone came come around later to support that system. And, quite honestly, I doubt the government would accept the equivalent of a SourceForge project as the basis for an entire election.

Perhaps there should be an honest-broker authority that oversees the development of an open-source voting system, and contributors to that system should be vetted before they can view or commit source code.

David