E-Voting Firms Recognize That Open Source Software Exists... But Seem Confused About What It Means
from the not-too-surprising dept
First, they claim that, even though they understand that "security through obscurity" isn't effective, "there remains some underlying truths to the idea that software does maintain a level of security through the lack of available public knowledge of the inner workings of a software program." Computer Science professor Dan Wallach does a nice job responding to that claim:
Really? No. Disclosing the source code only results in a complete forfeiture of the software's security if there was never any security there in the first place. If the product is well-engineered, then disclosing the software will cause no additional security problems. If the product is poorly-engineered, then the lack of disclosure only serves the purpose of delaying the inevitable.The next oddity, is the claim that if a problem is found in open source software, then it won't get fixed as quickly, because you have to wait for "the community" to fix it. That completely mistakes how open source software works. Again, Wallach points out how silly that is, noting that plenty of commercially-focused companies run open source projects, including maintaining and contributing code to the project. If these companies were to open source their code, there's nothing stopping them from continuing to improve the security of the code. There's no need to wait around... The paper has other problems as well, which Wallach discusses at the link above. To be honest, though, it's quite telling that these firms don't even seem to understand some of the basics of how open source software works.
What we learned from the California Top-to-Bottom Review and the Ohio EVEREST study was that, indeed, these systems are unquestionably and unconscionably insecure. The authors of those reports (including yours truly) read the source code, which certainly made it easier to identify just how bad these systems were, but it's fallacious to assume that a prospective attacker, lacking the source code and even lacking our reports, is somehow any less able to identify and exploit the flaws. The wide diversity of security flaws exploited on a regular basis in Microsoft Windows completely undercuts the ETC paper's argument. The bad guys who build these attacks have no access to Windows's source code, but they don't need it. With common debugging tools (as well as customized attacking tools), they can tease apart the operation of the compiled, executable binary applications and engineer all sorts of malware.
Voting systems, in this regard, are just like Microsoft Windows. We have to assume, since voting machines are widely dispersed around the country, that attackers will have the opportunity to tear them apart and extract the machine code. Therefore, it's fair to argue that source disclosure, or the lack thereof, has no meaningful impact on the operational security of our electronic voting machines. They're broken. They need to be repaired.