E-Voting Firms Recognize That Open Source Software Exists… But Seem Confused About What It Means
from the not-too-surprising dept
We’ve never quite understood why e-voting software shouldn’t be required to be public information. For the sake of actually allowing an open and transparent voting system, it’s hard to understand how any governing body would allow proprietary software to be used. There’s simply no way you can prove that the system is fair and transparent if the counting mechanism is totally hidden away. For years, the big e-voting firms have simply shrugged this off, but it looks like they’re at least open to discussing it. A trade group representing the big e-voting firms has put out a whitepaper discussing open source voting systems, where all they really do is show that they don’t actually understand much about open source technologies.
First, they claim that, even though they understand that “security through obscurity” isn’t effective, “there remains some underlying truths to the idea that software does maintain a level of security through the lack of available public knowledge of the inner workings of a software program.” Computer Science professor Dan Wallach does a nice job responding to that claim:
Really? No. Disclosing the source code only results in a complete forfeiture of the software’s security if there was never any security there in the first place. If the product is well-engineered, then disclosing the software will cause no additional security problems. If the product is poorly-engineered, then the lack of disclosure only serves the purpose of delaying the inevitable.
What we learned from the California Top-to-Bottom Review and the Ohio EVEREST study was that, indeed, these systems are unquestionably and unconscionably insecure. The authors of those reports (including yours truly) read the source code, which certainly made it easier to identify just how bad these systems were, but it’s fallacious to assume that a prospective attacker, lacking the source code and even lacking our reports, is somehow any less able to identify and exploit the flaws. The wide diversity of security flaws exploited on a regular basis in Microsoft Windows completely undercuts the ETC paper’s argument. The bad guys who build these attacks have no access to Windows’s source code, but they don’t need it. With common debugging tools (as well as customized attacking tools), they can tease apart the operation of the compiled, executable binary applications and engineer all sorts of malware.
Voting systems, in this regard, are just like Microsoft Windows. We have to assume, since voting machines are widely dispersed around the country, that attackers will have the opportunity to tear them apart and extract the machine code. Therefore, it’s fair to argue that source disclosure, or the lack thereof, has no meaningful impact on the operational security of our electronic voting machines. They’re broken. They need to be repaired.
The next oddity, is the claim that if a problem is found in open source software, then it won’t get fixed as quickly, because you have to wait for “the community” to fix it. That completely mistakes how open source software works. Again, Wallach points out how silly that is, noting that plenty of commercially-focused companies run open source projects, including maintaining and contributing code to the project. If these companies were to open source their code, there’s nothing stopping them from continuing to improve the security of the code. There’s no need to wait around… The paper has other problems as well, which Wallach discusses at the link above. To be honest, though, it’s quite telling that these firms don’t even seem to understand some of the basics of how open source software works.