On Second Thought… Wisconsin E-Voting Bill Not As Impressive
from the oh-well dept
Well, so much for that. Last Wednesday we reported on a new e-voting law in Wisconsin that seemed very progressive. We noted that not only did it require a verifiable paper trail for recounts, but also that the source code must be “publicly accessible” so that it “may be used to independently verify the accuracy and reliability of the operating and tallying procedures to be employed at any election.” That sounded great to us — and we were surprised that only one source, the Wisconsin Technology Network, was mentioning the available source part of the story. The reason? The Wisconsin Technology Network was wrong. Adina Levin notes in a comment that the article that reported this has now corrected their original story, saying that the source code is not to be made public, but needs to be placed in escrow (like in other states, such as North Carolina) and will only be checked in case of a recount and then only under non-disclosure by certain parties. The original report was based on an earlier draft of the bill, before the lobbyists got a chance to hack out things like revealing the source code. So, better than nothing, but not quite as nice as originally reported.
Comments on “On Second Thought… Wisconsin E-Voting Bill Not As Impressive”
No Subject Given
Now all we need is proof of identification in Wisconsin!
Code Review
I don’t understand why you seem to feel that the source code should be made public. It seems to me that while the source code shouldn’t be totally “secret”, it also doesn’t need to be published. Why is it a problem that reviewers who want to look at the source have to sign an NDA? The only part of the Wisconsin system, as you outlined it, I don’t like is the part that says only select parties can review the code and then only in the event of a recount. A better system would be to allow anyone to review the code at any time after an application process. The application process would include a background check/security verification of the interested party and an NDA. This would allow anyone who truly wanted to look at the code to do so, but would keep hackers and other malicious parties from easily obtaining it. If a hacker really wanted ot, he could still obtain the code, but this would make it a little harder. It would also allow who has seen the code to be tracked better. The truth is, no matter how secure or well written a piece of software is, it can be hacked if there is enough incentive. So limiting/tracking access can help to keep th system more secure.
Re: Code Review
While I agree with the NDA comments you made, I find it a bit funny that automatically you make someone who gets the code through any means nescessary some sort of brigand. I mean, people have the right to know whether or not their vote is worth anything, and the only way to do that is to see the code. Without the code, then the public can’t be assured that the vote they cast is going to the right person. Even if it means hacking into the system and taking it, at least the code would be available for fully independent and public review.
(After all, what with the WMF issue being solved by a third-party faster, it seems the public has a better grasp of things).
Re: Re: Code Review
It’s funny you bring up WMF, didn’t the exploits show up before the fix? Unlike WMF fixes, what good is a software fix on election software if they all happen after the exploits happen?
Re: Re: Code Review
I didn’t mean to imply that people who get the code through some other means are “brigands.” of course there are plenty of regular people who want to see the code. At the moment the only way is by hacking. All I’m saying is that rather than keep it secret from all but a select few, allow anyone to see it if they go through an application process. I think that the code SHOULD be reviewed by a fully independent source. And I think ANYONE who is allowed to vote should have the right to review it. But that doesn’t mean that the code should be available without any safeguards. An application process would ensure that who sees the code can be tracked, and that those who do not have the right to see the code, cannot get access. There are plenty of people in the US that have no right to see the code (non-us citizens, unregistered voters, etc.). My point is basically that the code needs to be protected, but it doesn?t need to be secret.
(As an aside, the WMF exploit you mentioned, probably would have happened sooner if the Microsoft source code had been available to the hackers.)
Re: Code Review
As you say, nothing can prevent hacking, but openness can at least protect against fraud. All things being equal, information should be freely available to the public, should it not?
Re: Re: Code Review
“There are plenty of people in the US that have no right to see the code (non-us citizens, unregistered voters, etc.). My point is basically that the code needs to be protected, but it doesn?t need to be secret.”
There are plenty of voting Americans that I wouldn’t want to see that code either then if you think that one of those people can what can anyone else do. This is really a ridiculous discussion as the first time one of these machines gets hacked. Which seems to be next year everyone is gonna be saying how dumb were we no matter what way it goes. If you open it up we made it more available for people to find. If you leave it closed the compnay has the responsibility of being right just and fair if and only if no one can figure it out.
Maybe I’ll take a stab at it when it becomes time. I do pretty well with figuring things out.
Re: Re: Re: Code Review
“There are plenty of voting Americans that I wouldn’t want to see that code either”
I agree that there are plenty of Americans that I wouldn’t want to see the code either, but it isn’t a question of what I want or don’t want. If you are a voter, you have the right to see how the voting process works. You have the right to be assured that the voting process is fair. If that means you need to see the source code, you should be allowed to see it. So I really don’t think that keeping the source code closed should be allowed. That doesn’t mean that there shouldn’t be some safeguards on the access. if you are not a voter(for whatever reason) you do not have that right. Tracking who has access to the source code, will make it easier to prosecute and punish those who do hack it with the intent to defraud.
Hacking the source code with malicious intent is a crime, and should be treated as such. It is the same as if you found a way to rig a normal election. Dead people counted, bribed officials, etc.
Hacking it in a controlled environment for security research, isn’t a crime. That is only pointing out faults in the process so that they can be improved.
Viewing the source code for your own peace of mind should also not be a crime.
Code Review
Q. Why is it a problem that reviewers who want to look at the source have to sign an NDA?
A. Because few sane people would sign it. If you’re an expert in electronic voting, signing an NDA to see the source code of a voting machine from one company could make you “tainted” and unemployable by other companies in the field.
Meanwhile, here’s an example of Example of Open Source Voting:
Training material for Presiding Officers and Poll Clerks – UK Electoral Commission
Re: Code Review
“If you’re an expert in electronic voting, signing an NDA to see the source code of a voting machine from one company could make you “tainted” and unemployable by other companies in the field.”
I see where you are coming from. If I worked in the field of electronic voting, I wouldn’t want to sign it either. But don’t the companies who make the machines have the right to protect their product? They need to be sure that the code and specs of the machine aren’t copied and stolen by a competitor. Some solution where the code can be viewed and verified, but not copied and stolen is needed. I don’t think there is a solution like that unless the government researches, funds, and creates their own voting machines and software.