California Interested In Open Source E-Voting Solutions

from the good-for-them dept

With so many problems with various e-voting systems, many have wondered why various state governments don't simply require any e-voting system to be open sourced. It makes a tremendous amount of sense. Any trustworthy voting process needs to require transparency in how the votes are recorded and counted. Letting a hidden algorithm do the counting makes no sense. Open source e-voting code would be open to scrutiny, and would almost certainly lead to fewer problems and greater security. Yet, for some reason, election officials have always bought into the e-voting vendors' false claims that open source code is somehow dangerous to an election.

It looks like that may be changing. California's Secretary of State, Debra Bowen, who has been a major critic of e-voting vendors, is now saying that open sourcing e-voting systems could help fix many of the flaws found in today's systems. It wouldn't solve all the problems, but it would be a huge step forward.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Hulser, Sep 26th, 2008 @ 9:52am

    Open security?

    Yet, for some reason, election officials have always bought into the e-voting vendors' false claims that open source code is somehow dangerous to an election.

    I think if the average non-techie person is asked whether something called "open source" would be more secure than a closed system, they'll answer with the closed system most every time. I think the reason that e-voting vendors are able to sell their proprietary systems without open source requirements is no more difficult to understand than the answer to that question. Something with the word "open" in it must be less secure than its opposite, right? Given a certain level of knowlege or under scrutiny, it may make sense that publishing the source code of e-voting machines would improve them, but I don't think this is as intuitive as some people think.

    BTW, is there really any benefit to having the e-voting software fall under an open source license rather than just requiring the source code to be openly published? Wouldn't an open publication requirement offer the same benefits of open source without its "stigma"?

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    klim, Sep 26th, 2008 @ 10:18am

    Re: Open security?

    "BTW, is there really any benefit to having the e-voting software fall under an open source license rather than just requiring the source code to be openly published? Wouldn't an open publication requirement offer the same benefits of open source without its "stigma"?"



    It's a no brainer that even a non-techie can answer. Why would you pay tons of money to require a software company to open up its source code for scrutiny when you have "open source" alternative which is almost free?? The 'stigma'? Oh, right, once you open up the source code of a proprietary software it will have the same 'stigma', the only difference is, again, you paid for it. With tax dollars, too.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    JJ, Sep 26th, 2008 @ 10:26am

    Open....to hackers?

    OK, so I'm a huge fan of this idea, and it makes a lot of sense to me, I'm just going to play Devil's Advocate.

    If voting software is open sourced, it makes it easier for crackers to find vulnerabilities, furthermore, people who edit it (and approve those edits) have to be trustworthy and non-partisan (something very few coders in my experience are). I know the response to this is that Diebold is quite blatantly partisan and COMPLETELY untrustworthy, but at least they have a business to protect. Open source hackers have nothing to lose by "accidentally" introducing a vulnerability or something.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Joe, Sep 26th, 2008 @ 10:28am

    Letting a hidden algorithm do the counting ?

    we need an algorithim to count??????

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    OpenVote, Sep 26th, 2008 @ 10:31am

    Re: Open security?

    Perhaps, but we've been telling the closed source e-voting vendors that there is a problem for what, 8 years, and they don't care. We know there's a problem now, and they won't fix it. Even if they publish their code, and we tell them there's a problem, there's no guarantee that it'll get fixed. Open source means that we don't have to wait for them to fix it, I could fix it for them if I wanted and knew how. So yes, there is a benefit, and it's potentially a big one.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    bob, Sep 26th, 2008 @ 10:32am

    Re: Open security?

    This is where education offsets intuition.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Chuck Norris' Enemy (deceased), Sep 26th, 2008 @ 10:37am

    Re: Letting a hidden algorithm do the counting ?

    New app at the Apple store online...the iVote app!

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    OpenVote, Sep 26th, 2008 @ 10:38am

    Re: Open....to hackers?

    I like what you're doing here...

    The thing about open sourcing it, is that you may have partisan coders, but you'll have partisan coders from each side, instead of just the one that the company holds dear. The code will be reviewed by anyone who wants to review it, so should one side try to sneak something in, you'll hear about it. With Diebold for example, the only thing they have to worry about is if they sneak something in for one party, and that party doesn't win. With the source code closed off, no one can tell unless the customer isn't happy. Open source hackers have the future of this country to worry about, and to someone not getting paid to code, that's a pretty big deal.

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    ChurchHatesTucker (profile), Sep 26th, 2008 @ 10:41am

    Re: Open....to hackers?

    First, good on you for thinking critically here. That said, here's my response:

    "If voting software is open sourced, it makes it easier for crackers to find vulnerabilities..."

    True, but also easier for white hats to find those same vulnerabilities. The flip side is that closed source makes it easier to *build in* vulnerabilities (whether intentional or not.) Transparency of process is an absolute requirement for trustworthy elections.

    "...furthermore, people who edit it (and approve those edits) have to be trustworthy and non-partisan (something very few coders in my experience are)."

    True, but they tend to be able to focus on technical things. Also, while they are partisan (as are most of us) they tend to be from a wider partisan base than the general population (e.g., Paulites.)

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    wasnt me!, Sep 26th, 2008 @ 10:45am

    i see why some ppl would be reluctant to have evoting or other system that requires great security to be open source.

    main cause if you have access to the code it would be easier to find any "holes", then again that wold lead to increased scrutiny as mentioned in the article which would allow aster fixes.

    personally i see the benefit im not 100% sure that open source can lead to an unhackable system

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Chronno S. Trigger, Sep 26th, 2008 @ 10:47am

    Re: Re: Open....to hackers?

    Just to add to that post, If a change is added and accepted than other programmers will still be able to look it over so it is still under scrutiny and much, much harder to hide something.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Hulser, Sep 26th, 2008 @ 10:47am

    Re: Re: Open security?

    It's a no brainer that even a non-techie can answer. Why would you pay tons of money to require a software company to open up its source code for scrutiny when you have "open source" alternative which is almost free??

    The very point of my comment was that the choice is not a no-brainer, especially for non-technical people. On reading over the article, it's not exactly clear to me whether they want to go to a full open source model, where the e-voting machine software was developed from the ground up as open source, or whether they just wanted require that the vendors publish their source code in an "open source" like mode so they could foster more open review. My comments were based on the latter interpretation.

    In any case, the reason that I put scare quotes around stigma is that most people, whether it's logical or not, attribute more quality to something that you have to pay for. So, I think a completely open source development effort for e-voting would be a hard sell to the general public. But if your goal is to improve security by openness, then requiring vendors to publish their source code could be a good compromise.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Jim, Sep 26th, 2008 @ 10:48am

    Re: Open....to hackers?

    I don't think that the software alone should be open source, I think that the whole process should be open source.

    Have an open source plan for the whole shebang. Have a procedure laid out for how the line will form, how people verify your eligibility, what to do with irregularities, who can monitor the process, how machines will be setup, software/hardware on those machines, how the paper backups will be counted, etc).

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Hulser, Sep 26th, 2008 @ 10:54am

    Re: Re: Open security?

    Even if they publish their code, and we tell them there's a problem, there's no guarantee that it'll get fixed.

    Do you count service level agreements as a guarentee? I would hope that any rule imposed on an e-voting machine vendor to publish their source code would include a standard bug resolution / change control process. When all of their code was hidden, the vendors had plausible deniability. But how would the dynamic change if news started circulating about a huge bug that caused votes to be dropped? There would be huge social and political pressure to fix the bug as soon as possible. Admittadly, it's still not a guarantee, but much closer to a workable solution that "Nope. Nothing wrong here. Please move along."

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Chronno S. Trigger, Sep 26th, 2008 @ 10:58am

    Re:

    Nothing with a user interface is un-hackable. With as easy as it is now to hack into one of the E-Voting machines and how easy it is for them to mix up votes and how easy it is to have "user error", anything would be an improvement. Or at least if the software/hardware screws up we know it's not because someone payed to have it "screw up".

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Hulser, Sep 26th, 2008 @ 11:01am

    Re: Re: Open security?

    "I know no safe depositary of the ultimate powers of the society but the people themselves; and if we think them not enlightened enough to exercise their control with a wholesome discretion, the remedy is not to take it from them, but to inform their discretion by education."
    - Thomas Jefferson

    This is where education offsets intuition.
    Agreed, but...the e-voting machine hardware vendors are currently taking advantage of the lack of general education on this topic. This isn't to say that people can't or should be educated on the subject, but as it stands now, because "open" sounds less secure, they get away with it.

     

    reply to this | link to this | view in thread ]

  17.  
    icon
    chris (profile), Sep 26th, 2008 @ 11:12am

    Re: Open....to hackers?

    it's called peer review. anyone can audit it, and anyone can fix it. that's good news for voters, and bad news for people who depend on rigged elections (or the specter thereof).

    anyone can find bugs, anyone can fix bugs. the more people involved the harder it is to pull anything shady because someone somewhere will find out. full access to source code means the problem can be easily made public.

    an open system is transparent, and transparency isn't very supportive of underhandedness. if you are in the business of rigging elections, it's best to keep the number of vendors small and the whole process shrouded in mystery.

    that is why open source e voting will never fly. too much money has been invested in a system that can be easily gamed and plausibly denied.

     

    reply to this | link to this | view in thread ]

  18.  
    icon
    chris (profile), Sep 26th, 2008 @ 11:21am

    Re: Re: Re: Open security?

    Do you count service level agreements as a guarentee?

    hell no.

    all SLA's guarantee is a response in a fixed time frame... as in "we will respond in X hours, guaranteed." no vendor will certify when a fix will be made, only when the response will be given to the inquiry. you can't guarantee a fix, nor can you guarantee that the "bug" isn't by design.

    all software, including open source software, comes with no guarantees of anything, including merchantability and suitability for a particular purpose.

    all software is "use at your own risk" including the enterprise stuff that is "guaranteed" to work 99.99999999% of the time. software is the only industry in the world where you make a tool for a given purpose and don't have to certify that the tool works for the purpose it was designed for.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Hulser, Sep 26th, 2008 @ 11:30am

    Re: Re: Re: Re: Open security?

    software is the only industry in the world where you make a tool for a given purpose and don't have to certify that the tool works for the purpose it was designed for.

    This was exactly my point. There are no guarantees in software development.

    Here's OpenVote's comment...

    Even if they publish their code, and we tell them there's a problem, there's no guarantee that it'll get fixed.

    If you have proprietary software, proprietary software where the source code is open to peer review, or full open source, you still wouldn't have any guarantees. But some options are better than others.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    NeoConBushSupporter, Sep 26th, 2008 @ 11:48am

    YOU GUYS HAVE LOST IT

    Open source voting machines, the techdirt hippies have finally lost it. Democracy only works when conducted in smokey back rooms, by the people that really matter (those that have the largest investment in our country. Remember it is the largess of the "capital-class" in America that allows you hippies to live in luxury. They are paying for your silly hybrid cars and ipods so be happy they give you even the illusion of involvement in drafting policy. Frankly, they shouldn’t have too.


    VOTE McCain 2008 - CLOSED UNTIL CRISIS SOLVED AND WORLD SAVED

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Davidc, Sep 26th, 2008 @ 12:36pm

    I maintain Oregon's vote by mail, scantron system is still the simplest, easiest on the voter, and more secure than any digital setup out there.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    klim, Sep 26th, 2008 @ 12:48pm

    Re: Re: Re: Open security?

    Their source code is their "Top Secret KFC Recipe". The chances of them publishing it is more like driving their business to the ground. Only the their Top Programmers have the security clearance for this code. If they obliged to open it up and some "freak of technology accident" leaked that code into a forum somewhere, then what? What if the company has other products that uses the same source code?

    Open source swings the door both ways for would be hackers and security. But what I'm really saying is we've wasted tons of money already on these proprietary software that we should give "free" a chance.

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Hulser, Sep 26th, 2008 @ 1:05pm

    Re: Re: Re: Re: Open security?

    The chances of them publishing it is more like driving their business to the ground.

    Maybe I'm thinking too much like a politician, but I'd think it'd be much easier to pass a law that said all e-voting machines had to use source code that was freely published than to mandate that all e-voting machines had to use open source software. If no companies accepted your bid because they thought their business model would be driven into the ground, then so be it. You'd still come off looking like the champion for the people. But that point is moot because even if it wasn't Diebold, there'd be some company out there that'd accept the conditions. Ah, capitalism.

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Chronno S. Trigger, Sep 26th, 2008 @ 1:59pm

    Re: YOU GUYS HAVE LOST IT

    "They are paying for your silly hybrid cars and ipods so be happy they give you even the illusion of involvement in drafting policy."

    Where can I get one of these "capital-class" people to buy me a hybrid? Can I get them to reimburse me for my iPod since I already payed for it? Where is my luxury that they are paying for? I haven't seen it yet.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    TheBeard, Sep 26th, 2008 @ 2:20pm

    Re: YOU GUYS HAVE LOST IT

    I honestly can't tell if this guy is being serious, or if his post is satire. If it's the latter, than bravo, sir.

    If it's the former, though, I will have lost all faith in the intelligence of America (although there wasn't really that much left to lose)

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    Carla Hein, Sep 26th, 2008 @ 2:57pm

    Re: Letting a hidden algorithm do the counting ?

    Yes!! but we need algorithms + genetic algorithms to count ballots accurately and in realtime. Google does cloud computing (serial/parallel interfaced) at 3.5 trillion bits a minute. An ACCURATE, realtime vote count would give the political parties fits! They couldn't rig the election!

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    Bunny, Sep 26th, 2008 @ 6:21pm

    Paper is the only way

    Open source is not a magic wand that allows a non-computer-expert to oversee the honesty of an election. The most "open source" solution is thus paper, because it is open to oversight by the largest number of people. Anything else that seeks to reduce the oversight opportunity to an elite few people is inherently undemocratic.

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Anonymous Coward, Sep 27th, 2008 @ 11:19am

    Open....for everyone.

    I believe the more commonly used term is "transparent".

    You can say the idea of using the open source methodology is to bring transparency to the more technical portion of the development of voting machines.

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    Alz, Sep 27th, 2008 @ 7:31pm

    I'm from Chicago...

    ...and they are experts at manipulating voting. They call it a Democratic Machine, not because of efficiency, but in the ability to manufacture votes. This is why Gore brought in Bill Daley to head up the 2000 effort. These people know how to steal elections.

    With that said, how will we know that the code published is actually on the machines?????

    Knowing the extents that these people will go to, at least there is a trail of people in a private company that can be sued or put in jail. Whatever happens, the election apparatus is generally run by party people. Secretaries of State and County governments aren't setup to manage such an effort. Many people are just volunteering their time, but the parties (Democrats especially) are experts at controlling precincts. This is how Obama received ZERO votes in some sold black precincts against Hillary.

    Hillary's people controlled things and I doubt open source would help much.

    I think Marx or Lenin said something like "it's not who votes that counts, but who counts the votes."

     

    reply to this | link to this | view in thread ]

  30.  
    identicon
    Neverhood, Sep 29th, 2008 @ 7:10am

    e-voting

    Open Source e-voting is only dangerous if the software is full of bugs that don't get fixed, which clearly shows where the e-voting companies get their point of view from.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This