Forgot your password?
typodupeerror
United States Government The Courts Politics News Technology

Source Code Access Denied in Disputed Race 310

Posted by Zonk
from the why-not-clear-things-up dept.
MrMetlHed writes "A judge ruled Friday that congressional aspirant Christine Jennings has no right to examine the source code that runs the electronic voting machines at the center of a disputed Southwest Florida congressional race. From the article: 'The ruling Friday from Judge Gary prevents for now the Jennings camp from being able to use the programming code to try to show voting machines used in Sarasota County malfunctioned. Jennings claims that an unusually large number of undervotes (ballots that didn't show a vote) recorded in the race implies the machines lost the votes.'"
This discussion has been archived. No new comments can be posted.

Source Code Access Denied in Disputed Race

Comments Filter:
  • Outrageous (Score:5, Interesting)

    by Xeth (614132) on Saturday December 30, 2006 @07:38AM (#17407920) Journal
    This is precisely why government shouldn't be using closed-box commercial software. We have no idea whether the machines are functioning as advertised. Do people not realize that we're essentially just handing a bunch of ballots to these companies and then just accepting the verdict they hand down? It boggles the mind that any democracy-loving representative can stand for this. Maybe there just aren't any left?
    • Re:Outrageous (Score:5, Insightful)

      by wakejagr (781977) on Saturday December 30, 2006 @08:10AM (#17408028) Journal

      There are at least two reasons why there is little uproar about these machines using closed-source software.

      • most people (including judges, elected officials, and others who are in a position to directly change the situation) don't realize that having no access to the source code means votes cast using the machines are unverifiable
      • too many people (especially those who are only in a position to indirectly change the situation: voters) feel that the situation with these machines is no more broken than the rest of the system. Remember hanging chads?
      • by aussie_a (778472)
        When I use my paper and pencil I don't get any hanging chads. Why aren't people using paper and pencils in a manner that is easy to understand which box corresponds to which person?
      • by mordors9 (665662)
        I think there is a third reason. The authorities have the public so fearful of the shadowy hacker, that they may fear that if the code is released the hackers will find some way to exploit it.
        • If the shadowy hacker is so clever and dangerous, then they should be MORE worried about them getting hold of the closed software and exploiting it while no one can do anything about it because of the fact that it's closed to us good people who could have caught the problem before it became a (major) problem.
        • Re: (Score:2, Funny)

          by Dunbal (464142)
          The authorities have the public so fearful of the shadowy hacker, that they may fear that if the code is released the hackers will find some way to exploit it.

          linux code - freely available. Number of linux exploits - minimal.
          windows code - closed source. Number of windows exploits - incredible.

                There's a pattern here, if only I could put my finger on it...
          • Re: (Score:3, Informative)

            by TheRaven64 (641858)
            Last time I checked, over pretty much any timescale there were more exploits found in Linux than in the Windows NT kernel. If you are going to compare all of Windows, then you need to include a set of comparable applications (e.g. X.org, FireFox, much of GNOME or KDE). Take a look at this page [openbsd.org] for all of the security holes found in third party applications available for OpenBSD since 4.0 was shipped a couple of months ago.

            Most 'Windows' exploits are exploits in bundled userland software. If you compar

            • Re:Outrageous (Score:4, Interesting)

              by leenks (906881) on Saturday December 30, 2006 @10:16AM (#17408470)
              That's true, but it only shows half the picture (like most statistics). If you look at the time it took to fix the exploits and ship the fix to customers then most Open Source projects win hands down. Microsoft does occasionally do this in quite a timely manner, but most of the time it is weeks, months or even years.

              The other thing to consider is the number of holes that might be discovered if everyone had access to the Windows source code :)
            • Re:Outrageous (Score:4, Interesting)

              by Anonymous Coward on Saturday December 30, 2006 @11:35AM (#17408890)
              What is interesting is not how much security holes found, but:

              A) They`re usefulness in gaining inappropriate access.
              B) How many holes are left.

              Now with A), Windows with its single user administration accounts and open privileges to system by all users, makes any userland bug into an root-level access nightmare. Yes, you can have a separate admin-account. No, XP doesn`t support this fully on the file-level (I`ve done it many times, and it`s a PITA because of bugs in XP regarding running programs or installing software as administrator)
              A) will hopefully be fully solved in VISTA. How many years after UNIX solved this?

              With B), you cannot really know. Open access to the source code and the whole world watching, makes it pretty obvious you`re going to have more fixes for Linux and BSD. With closed source, you never really know how many holes are left except when someone stumbles on one in the dark, you never really know what the software does or if it contains any backdoors.

              It is not so far-fetched to state that the more fixes you have to a system, the more secure it is. But it`s really hard to say. Are NT programmers more proficient than Linux-programmers concerning security? Experience shows that security has never been Microsoft`s priority, marketshare has.

              So IMHO Linux and BSD are very much more secure than Windows / NT / XP, maybe even BECAUSE of more fixes for the systems.. But also for the multi-user models used in UNIX which adds a layer of security with the root user, unless the user runs as root all day long of course.

              So ANY system will be insecure if the user do stupid things.
            • Considering the Win32 API permits code injection as a function it's not secure. Besides, comparing to Mac OS X we get a lot fewer exploits. Also, your example includes asterix, which has no comparable windows program, as well as 2 browsers, while windows has one. trac also doesn't come on windows. Besides, they don't come in the default install. Besides, "Only one remote hole in default install in ten years" vs. "20 minutes to r00t." seems pretty open and shut to me. And voting machines are embedded devices
          • Re: (Score:3, Interesting)

            by Jahz (831343)

            linux code - freely available. Number of linux exploits - minimal.
            windows code - closed source. Number of windows exploits - incredible.

            Well yeah, but it is misleading that you suggest Windows is less secure just because it is closed source. To disqualify that statement you just need to consider that if Linux became closed source tomorrow it would be no less secure than it is today.

            No, the problem with Windows is that M$ made some bad design choices in the early days (90's) and opted to endlessly patch pro

      • Re:Outrageous (Score:5, Insightful)

        by secolactico (519805) on Saturday December 30, 2006 @09:42AM (#17408360) Journal
        most people (including judges, elected officials, and others who are in a position to directly change the situation) don't realize that having no access to the source code means votes cast using the machines are unverifiable

        Judges are not expected to be expert at every subject. They should, however, be able to find expert advice for the subject at hand. Both parts should have presented properly accredited expert witnesses and the court might have retained independent experts as well (IANAL).

        If the fact that the judge is not knowledgeable enough to rule accordingly in an issue indicates that the judicial system (in addition to the election system) might be broken.

        Or maybe the complainant dropped the ball somewhere in the process.
        • by john82 (68332)
          Or perhaps it was a matter of jurisdiction?

          IANAL (duh), but do we know who owns the rights to the code? If the state has no legal claim on the code (I don't think paying for the code counts, it's a question of what was written in the contract), then the judge would not have the authority to open access to the code.

          It seems to me quite possible that the state does not hold those rights. This is commercial code which the vendor hopes to sell in other locations. Which leads me to a separate question for all of
          • Re:Outrageous (Score:5, Insightful)

            by Tony Hoyle (11698) <tmh@nodomain.org> on Saturday December 30, 2006 @12:10PM (#17409110) Homepage
            IANAL (duh), but do we know who owns the rights to the code? If the state has no legal claim on the code (I don't think paying for the code counts, it's a question of what was written in the contract), then the judge would not have the authority to open access to the code.

            For something as sensitive as a voting machine the government should have the contract, and all the rights to the source code - the state should be able to request the source from the government.

            If that isn't the case then someone should be fired. By a firing squad.
          • by Anpheus (908711)
            Eminent Domain. If there ever were a good case for using it, this would be it.
          • Re:Outrageous (Score:4, Informative)

            by spisska (796395) on Saturday December 30, 2006 @01:39PM (#17409944)
            This is commercial code which the vendor hopes to sell in other locations. Which leads me to a separate question for all of those advocating open source code: What should be the compensation model for using the code?

            The question is irrelevant. Voting machine vendors already have to submit machines and source to certification agencies for Logic and Acciracy testing and certification. For any machine in use on election day, the source code (and/or mechanical parts) have already been disected, examined, and certified.

            This is the reason why Diebold machines were decertified in California -- not, as is often claimed, because they are insecure, but because Diebold updated certified firmware with code that had not gone through certification [cnn.com].

            The state already has the right to examine source code, and has already done so. What the judge decided (wrongly, IMHO) is that this right does not extend to parties involved in a disputed election where the primary claim hinges on whether or not the machines and code functioned as they were supposed to.

            NIST has recently recommended requiring the effective open-sourcing of voting machine code, but these recommendations (Voluntary Voting Systems Guidelines) won't go into effect until 2009. Previously, and in the current VVSG, NIST recommends keeping certified source code in escrow so it is available for examination in case of dispute.

      • Sometimes sensitive information is examined by experts behind closed doors, similar to a meeting in the Judge's chambers for a rape or abuse trial. There are many technology experts with security clearance for the military and other environments who have sworn and demonstrated their willingness to maintain silence.

        Why not have them examine the code and submit a report?

        • Why would the opinion of such an expert be intrinsically more reliable (or less-subvertible) than any other expert?

          Oh, I agree with you that this would be better than letting the closed-source vendor off the hook completely, but nevertheless it should simply be a legal requirement for voting machines that the code and hardware design be open. I don't particularly care if it's released under the GPL or some other public license, or if the vendor keeps the rights. That's irrelevant anyway, in this context.
      • Re:Outrageous (Score:5, Interesting)

        by Bob3141592 (225638) on Saturday December 30, 2006 @08:26PM (#17412648) Homepage
        There's no reason this code should ever be closed. In the computers that run casino games, the government regulatory agencies requires all source code be provided for scrutiny, as well as mandating registered CRCs and digital signatures to prove that the code executing is the code that was inspected. There's all sorts of inspections and reliability tests done on initial submittal and also throughout the lifetime of the computer's use. They do this because those computers affect money, and everyone knows money is important.

        If the public/government doesn't require similar validation and reliability for electronic voting machines, it's because your votes aren't considered important or valuable. I don't see any way to escape that conclusion, given the way things are.
    • Re:Outrageous (Score:5, Insightful)

      by Millenniumman (924859) on Saturday December 30, 2006 @11:38AM (#17408896)
      The source code wouldn't help matters. Assuming the machines were rigged, it would be simple to release the the code from a properly functioning codeline. If it was rigged, most of the people at the company wouldn't have access to that code, or someone would report it.

      Open source is only open source up to a point. There is no way to verify that what is running on a machine is the same as the code released. Anyone working on the machines can tamper with it: "./configure --all-votes-are-$(myparty) && make && make install". Maybe you could use digital signing on the official builds and restrict the machines to them, but keep in mind that violates the GPLv3, and there are no assurances it won't be hacked. On the other hand, it is very unlikely someone is going to reverse engineer closed source software while they are supposed to be setting up the machines and no one will notice.
      • Re:Outrageous (Score:4, Insightful)

        by Watson Ladd (955755) on Saturday December 30, 2006 @11:57AM (#17409006)
        Open source does not equal GPLv3. You could release the code under GPLv2 and use digitally signed and restricted builds. You could use a signature on GPLv3 code that makes a big red "WARNING:DO NOT USE" sign turn on in the booth but otherwise functions normally. Or you could blow PROMS with the code at the factory and the guys sticking it into the voting machines could read out the code from the ROM to verify. With closed source software you can verify that the machines are all running the election software, but you can't verify the software.
    • Re: (Score:2, Troll)

      by NineNine (235196)
      It boggles the mind that any democracy-loving representative can stand for this.

      The United States Ministry of Language would like you to know that we live in a "Freedom-loving" country. We love "Freedom" according to President Bush. "Freedom" != "Democracy"
  • Some thoughts (Score:2, Informative)

    by stikves (127823)
    I think the machines will always be subject to much discussion until their source codes are approved by all the parties and the installation of the hardware is done in front of inspectors in all sites.

    But as it will not probably be done, we'll not see an end of unfairness claims.
  • unfuckingbelivable (Score:5, Insightful)

    by Anonymous Coward on Saturday December 30, 2006 @07:40AM (#17407930)
    The source code for such nasty machines should by definition be publicly available. Who the fuck trusts those devices when its source code is unavailable??
    • by A beautiful mind (821714) on Saturday December 30, 2006 @07:52AM (#17407968)
      I would mod up parent if I could, as it perfectly catches the gist of the problem. The profanity is there to hilight the seriousness of what people who believe in democracy face. Anyone who belittles the problem by political correct weaselwords does a disservice and does not contribute to the/a solution.

      Not knowing the source code for a voting machine is the equivalent to saying "a miracle happens here" at a critical part in a mathematical proof. Completely utterly unnaceptable.
      • by Architect_sasyr (938685) on Saturday December 30, 2006 @08:47AM (#17408162)
        Indeed, despite their choice of language, they have it in one.

        Just because, in this case, the judge won't understand it, or the company thinks they stand to lose money from letting it be seen, doesn't mean we shouldn't be able to see it... my latest GPS device (a TomTom) has an Open Source system on it, runs on Linux. Thankfully, I don't understand it, and I don't want to, its not my field. BUT WHEN IT COMES DOWN TO IT, if for a second I didn't trust the machine, I could take a look and know exactly what it was doing.

        With a voting machine this should be an integral part of the trust process... we know how the box where we slip our voting slips works... why should we not know how the machine we punch our answers into work the same way?
      • by TheRaven64 (641858) on Saturday December 30, 2006 @10:17AM (#17408476) Journal

        Not knowing the source code for a voting machine is the equivalent to saying "a miracle happens here" at a critical part in a mathematical proof. Completely utterly unnaceptable.
        Having any kind of electronic voting machine is unacceptable in a democracy. Do you have the skill to audit the source code and say with 100% certainty that there are no exploitable bugs? I could with maybe 40-60% certainty. Is that enough for democracy? I would say that less than 1% of the population is more qualified than me to perform the audit (assuming access to the source code). Is it good enough that 1% of the population can say 'I am fairly confident that this doesn't have any holes.

        Why should Joe Public have to rely on someone like me saying 'trust me, it's secure?' Would you be willing to have a ballot paper written in Kanji and an expert tell you which set of symbols corresponded to your candidate? I certainly wouldn't, so why should the rest of the population have to place the same faith in experts?

        • High-integrity software can be made. You just provide a proof of correctness that can be machine or hand checked. Anyone can check the proof just by checking that the proper axioms and lemmas are used at each step. If it can be done for avionics, it can be done for voting machines. It's just rocket science!
          • A proof of correctness for such a large system would be unthinkable... a proof can be hard enough to do for a small algorithm, like say, an encryption method. But here you'd start having to get proof for the GUI, so you'd need to give proof for the graphic APIs, OS Shell in general and then the full OS (yes... even writing an unproved spec for libc would be a daunting task).

            Even if you could just check the app while blindingly trusting the OS and APIs, you'd have to give proof for the GUI, the db backend, t
            • by zotz (3951)
              I am not so sure.

              Let me be stupid for a bit...

              Let's say we design a system with two types of machines.

              1. Vote taking and printing machines. These take the voter's choices and print out a paper ballot which the voters can verify on their own before putting their ballots ina the box.

              2. Vote counting machines which can count these paper ballots.

              I leave it for discussion if we need machines of type 1.

              Hand recounts are always possible.

              Problems?

              all the best,

              drew
          • Re: (Score:3, Insightful)

            by TheRaven64 (641858)

            Anyone can check the proof just by checking that the proper axioms and lemmas are used at each step.

            Anyone? I think you live in an interesting world where even 50% of the population even knows what an axiom or lemma is, let alone how to check a mathematical proof. In a democratic state, everyone gets to vote, therefore, everyone should be able to validate the electoral procedure, not just the mathematicians and computer scientists. Here's an example I provided in another post:

            By having an electronic voting system, you are asking the majority of the population to trust that it is carried out correctly

        • by repvik (96666)
          Is it good enough that 1% of the population can say 'I am fairly confident that this doesn't have any holes.
          Why should Joe Public have to rely on someone like me saying 'trust me, it's secure?'

          Well, it's a hell of a lot better than 20-30 guys at some company that may or not share the same political opinions. Voting machines, when implemented properly should be the most reliable way to count the votes.
        • by hey! (33014) on Saturday December 30, 2006 @01:16PM (#17409704) Homepage Journal

            Having any kind of electronic voting machine is unacceptable in a democracy.


          I disagree.

          Having an electronic machine that prints a human readable, machine tabulatable paper ballot could be a good thing,if the user interface was designed reasonably. For one thing it would assist blind voters, and provide assistance for voters in the language they're most comfortable in.
      • Re: (Score:3, Informative)

        Not knowing the source code for a voting machine is the equivalent to saying "a miracle happens here" at a critical part in a mathematical proof. Completely utterly unnaceptable.

        are you aware of the fact that when it comes to belief in evolution, the USA is 2nd to the last, worldwide, in our ability to think logically and rationally and believe in science and not the boogeyman?

        (if you can trust penn/teller's numbers, we're the worst only second to turkey, I believe, in evolution disbelief!)

        so you say 'a mir
  • by NewToNix (668737) on Saturday December 30, 2006 @07:42AM (#17407934) Journal
    This will surely be appealed, it's a bad decision on the Judge's part. And here's the obligatory IANAL bit.

    But I am able to call bull shit when I see it. And refusing them, or at least a mutually agreed on qualified party, to review the code in question is asinine.

    And proof positive that these things, if allowed at all, MUST be open source.

    • by Alchemar (720449)
      One of the problems with are current system is that you can not appeal a bad decision, you can only appeal if correct procedure was not followed, the other problem is that judges have given themselves the authority to overrule a jury, most of the cases based on "The jury didn't understand the law in this case" the purpose of a jury by peers was to keep people from having their lives ruined by legal loopholes. The jury has the right to say the law is screwed up and should not be applied, but judges want th
  • There's definitely something screwy going on. From the article, about 18000 votes were accepted that didn't actually vote for anything. Now, if I was designing an e-voting package, there's no way I'd mark a vote as accepted if it didn't vote for something, especially in a country like the US where voting is not mandatory. After all, if they've bothered to turn up at the voting booth, you can assume they actually intended to vote.

    (The situation is a little different in my home country of Australia - mandator
    • by DRJlaw (946416) on Saturday December 30, 2006 @08:44AM (#17408154)
      There's definitely something screwy going on. From the article, about 18000 votes were accepted that didn't actually vote for anything. Now, if I was designing an e-voting package, there's no way I'd mark a vote as accepted if it didn't vote for something, especially in a country like the US where voting is not mandatory. After all, if they've bothered to turn up at the voting booth, you can assume they actually intended to vote.

      You're misreading the article.

      "Some 18,000 Sarasota County electronic ballots did not register a vote in the race, a much higher undervote rate _ nearly 15 percent _ than in others such as those for governor or U.S. Senate. Jennings contends the machines lost the votes. Buchanan backers and the company say that if there was an unusually large undervote it was likely because of bad ballot design."

      There were 18,000 people who did not vote for either Jennings or Buchanan (or another option, if any). People routinely vote for "none of the above" when they dislike each of the candidates, when they have little information about the candidates, etc. You cannot refuse to accept the voter's selections once the voter has showed up at the polls and voted in even one race, because that may very well be the voter's intent. Arguably, you cannot refuse to accept a submission that contains no selections, because that too may be the voter's intent.

      You are at best arguing about the sufficiency of the selection review prior to a submission. There is not enough information in the article to discuss this information, and it does not support the candidate's allegations of fraud, so that it is essentially irrelevant to the legal case taking place after the election. You're free to argue against the ballot presentation selected/entered by the various Boards of Election, but you can hardly argue based solely on the undervote that this was a programming "feature" or design defect.
      • Actually, I just forgot that you guys hold a lot of different elections on the one day... my bad.

        I would argue that a "none-of-the-above" option is what you want, instead of allowing no selection. The article still makes it sound like there was no vote recorded at all.

        Still, what I'm really arguing is that the fact that there was some testing done by the state is not sufficient grounds to conclude that the software didn't have bugs.
        • "Testifying on behalf of Democrat Christine Jennings, MIT political scientist Charles Stewart said Jennings would have won the race by as many as 3,100 votes if there had not been an "excessive" undervote in the Nov. 7 election"

          "Without the source code [heraldtribune.com], it would be very difficult or impossible for me to determine how the software behaved," Dan Wallach, Rice University

          was Re:Nothing tests code like the real world
        • by Tony Hoyle (11698) <tmh@nodomain.org> on Saturday December 30, 2006 @12:26PM (#17409246) Homepage
          A 'None of the above would be great'. IMO we already have that though.... people who stayed at home.

          I have this continual argument with a friend who believes that voting should be compulsory and the spoiling the paper should be a crime - forcing you to vote for *someone*.

          I argue the other way - that actually the way the voting turnout is dropping is actually healthy. People should vote for what they believe in... ideally policies, but 'he has a nice suit', although not something I'd encourage as a voting decision, is at least a positive vote.

          People stay home for 4 reasons:

          1. They don't believe in the system
          2. They believe in the system, but are not in a marginal so believe it doesn't work for them (similar to (1)).
          3. They don't like any candidate
          4. They don't give a flying fuck.

          I don't *want* people in 3. and 4. to vote. They'll vote randomly, introducing noise into the results. If the purpose of democracy is to elect good government (debatable in itself, probably) then making them vote is against that purpose. 1. and 2. can be sorted out by things like politicians getting off their butts and actually canvasing (thus involving the people.. I haven't seen a politician around here ever), some education, and maybe reform (smaller voting regions perhaps, making them more representative to counter 2.).

          Me, I'm a 3. so a 'none of the above' answer would be great. If a politician actually bothered to even ask for my vote, or *gasp* try to tell me why I should vote for them (and party policies don't count - I don't vote for parties I vote for people) then I probably would vote positively.

      • by PPGMD (679725)
        Exactly in that race. I couldn't stand either candidate and I personally wrote in "Inanimate Carbon Rod" for that race. But I am in Manatee County and we use the scantron like ballots which are harder for Jennings to use to cast doubt on the race. She lost in a district that has historically (even before the touch screen voting) gone to Republicans. Sure the margin is getting tighter, but it isn't close enough for Jennings someone who was in the nobody position of Lt. Governor to come in and sweep it.
      • Appeared to me to be one where the undervote of 18,000 does not surprise me. I saw the ads for each side (I live in a neighboring county) and I was tempted to not vote that race myself. The bottom line is that BOTH cadidates are scum, and I believe that there was no "undervote", but just that many people who had no choice in that race. A mandatory "none of the above" entry probably could have won that race.
    • by theonetruekeebler (60888) on Saturday December 30, 2006 @09:01AM (#17408208) Homepage Journal

      From the article, about 18000 votes were accepted that didn't actually vote for anything
      What the article actually said was:

      18,000 Sarasota County electronic ballots did not register a vote in the race (emphasis added)
      It further says this means about fifteen percent of the ballots cast did not have a selection in this race.

      The loser says this happened because the software went all wonky. The winner says it probably happened because of poor layout -- voters didn't even find the race, or they found and misunderstood the race, or they fat-fingered the ballot.

      The loser, of course, can't challenge on the misunderstood-ballot theory, because it implies that her support base is statistically more likely do do something stupid than her opponent's.

      That said, I find this ruling intolerable. When the government is formed by the counting of ballots, the method of the counting must be open and available. I think it was Boss Tweed who said it best: "As long as I get to count the votes, what are you going to do about it?"

  • Incomplete article (Score:5, Insightful)

    by Somnus (46089) on Saturday December 30, 2006 @07:58AM (#17407982)
    What the article doesn't discuss is the quarantining of machines from the actual election and reproducing their inputs in the "independent test." Anything less is uncertified evidence.

    OTOH, should voting results have a presumption of validity? The problem is that voting bureaucracies are not designed for validation by authenticating ballots or statistical checks, but only on prompt decisiveness and the appearance of not having irregularities in the balloting or counting.

    Wouldn't all this be solved by encrypted online voting, where you could check your own votes by a profile tied to an anonymous registration key issued by the DMV? Then make the data public for verification by the media?
    • Re: (Score:3, Informative)

      by amaiman (103647)
      No. Ability to check your own vote means that if you give the key to someone else, they can verify your vote as well, this will lead to people selling their votes.
      • by zotz (3951)
        "this will lead to people selling their votes."

        Or being "pressured" to vote for a certain person.

        all the best,

        drew
    • by JackHoffman (1033824) on Saturday December 30, 2006 @09:36AM (#17408342)
      Wouldn't all this be solved by encrypted online voting, where you could check your own votes by a profile tied to an anonymous registration key issued by the DMV?

      The problem with most "verified" voting mechanisms is that they allow voters to prove a vote for a certain party, which in turn makes buying votes feasible. You have to create a pretty elaborate system to prevent this kind of abuse and most of the proposed systems which look like they could solve this still don't prevent ballot stuffing.

      Classic paper ballot voting solves these problems by using an observable and public process. The only secret act is the casting of the vote and there is practically nothing a voter can do in that secret phase to change the outcome beyond his normal participation in the poll. All other steps in an election are, at least theoretically, public: You can watch the sealing of the empty ballot boxes, you can watch the admission of the voters and you can observe the counting. Nobody has to trust someone else. If people take an interest in the process, they can see for themselves that it is done right.

      Electronic voting always has the problem that you can't observe the code execution. Sure, you can verify that the code in the PROM is correct, but you can't verify that the code is what actually gets executed on election day. You can't verify the contents of the memory modules beyond what another unverifiable machine tells you. IMHO, the problems with electronic voting are unsolvable without giving up at least one of the democratic principles of a secret ballot. The central problem is that there is secret information involved which cannot be verifiable to the point that you can verify the whole process.
  • This is exactly why I didn't vote. I didn't want to use the electronic machines. All we had around here, all I had available was either electronic machines. They gave me the runaround for weeks concerning absentee ballots. I tried several times and just threw my hands up.

    How I understand it, the only way the machines can put votes where malicious programs want (IF they're infected) is if someone votes. If I don't vote, my vote can't be misused. And I surely don't trust this technology, especially
    • by Orlando (12257)
      This stance only makes sense if you then make a visible public statement about why you didn't vote, or aproach the relevant authorities about the problem. I hope you did.
    • Hate to break it to you, its the present of voting now. Many areas went down the path of no return already.
    • 70 If Vote=Jennings then Vote=Null
    • by carpeweb (949895)
      the only way the machines can put votes where malicious programs want (IF they're infected) is if someone votes

      Well, I know diddly squat about the details of the machines, but would they not have or connect to a database in some fashion? If so, how would a vote be the only way to trigger a fraudulent action? Even if there's no database involved, why couldn't a clock trigger a fraudulent action? I'm no computer expert, but don't most of them have clocks?
  • by Dachannien (617929) on Saturday December 30, 2006 @08:29AM (#17408106)
    I don't get it. In this case, the plaintiff isn't allowed to view presumably proprietary/copyrighted source code for a voting machine to go on a fishing expedition to see whether it caused her to lose.

    On the other hand, the RIAA gets not only to view the contents of a woman's hard drive to go on a fishing expedition to see whether she was sharing music files, but they get to make their own copy of it, including all that stuff they don't hold the copyright on (Windows, the woman's e-mails, etc.).

    It seems to me that what's good for the turkeys oughta be good for us chickens. Or something.
  • logic and reason (Score:5, Insightful)

    by bnf (16861) on Saturday December 30, 2006 @08:30AM (#17408108) Homepage
    The inability to assess the logic of casting votes defies reason.

    How long must we sing this song? A democracy without transparent practices for the transfer of power is not a democracy. All the way down to the ones and zeroes. Every question with regard to voting should be able to be answered.

    It seems so primitive that it baffles me how someone could arrive at any other conclusion than "the process of voting is sacred and should, in fact *must*, bear great scrutiny".
  • Judge's credentials? (Score:3, Interesting)

    by Monoman (8745) on Saturday December 30, 2006 @08:44AM (#17408156) Homepage
    I would really like to know the judge's credentials for this kind of case. He may have a law background but what does he know about computers and technology (and related laws)?

    IIRC there were cases in the early 80s where judges made bad rulings because they simply had little or no understanding of computers/technology.
    • Fuck that, I want to know the state of the judges finances before and after the decision.
    • by Guppy06 (410832)
      "I would really like to know the judge's credentials for this kind of case. He may have a law background but what does he know about computers and technology (and related laws)"

      He's there because he had the credentials and got elected.

      What would you rather have, the current system, or one where the judge is expected to defer to the opinions of "experts" in all cases? I would rather have judges misrule based on lack of knowledge rather than misrule because (e. g.) the expert from Diebold told him it could n
  • by SpectreHiro (961765) on Saturday December 30, 2006 @08:50AM (#17408176) Homepage
    "The people who cast the votes decide nothing. The people who count the votes decide everything."

    Please don't be confused... I don't think Joseph Stalin was a great man. I consider him a despicable and cold blooded tyrant. At the same time, I also happen to think he was a pretty sharp thinker, and a successful tyrant because he understood how political systems function. A democratic system cannot work unless there is absolute transparency in the voting process.

    I'm an open source supporter but not a zealot. I don't have any problem with the existence of closed-source commercial software and I believe it has a right to exist. That being said, there's simply no place for closed-source software in our voting process. Voting is the foundation of our political system, and we can't settle for any ambiguity in its implementation. It's not as if vote counting is a technically demanding job, and there's no argument for keeping secret the process by which it's done.

    This strikes me as a clear judicial mistake (not that I've read the article... too drunk and tired, frankly). In general, our judges don't seem to understand information technology well enough to make informed decisions. They don't understand that changing the results of an election is elementary for any programmer. Isn't that concept terrifying?

    Our society is enamored with the labor saving possibilities made possible by the past century's technological advances, but thus far, the understanding of these technologies in government has not matched their application. This trend must not continue if we value our republic. In the strictest sense, our system is no longer a democracy if it has no educated oversight.

    Our government needs an elected body of IT experts -- some kind of technically proficient oversight body that can rule on information technology as it applies to our system of government. Without any such educated oversight, our freedom and sovereignty is bit by bit diminished, and can be turned against our people. The possibility alone demands action.

    Our founding fathers certainly didn't foresee the coming of mechanical information processing, but I firmly believe they would have wanted it to be open to review by the common man. What we need now are are IT patriots willing and motivated to take up the cause.
    • Re: (Score:3, Insightful)

      by frdmfghtr (603968)

      It's not as if vote counting is a technically demanding job, and there's no argument for keeping secret the process by which it's done.

      This is true, and yet it seems impossible to develop vote-counting software to do it accurately. I'm not referring to the 18,000 undervotes here, I'm referring to election reports in times past where it was reported that machines were counting several thousand more votes than voters in the particular precincts; while not voting in a particular race COULD result in the afo

    • A very good quote. A democracy can only work if those who cast the votes are the same people as those who count them.

      Our founding fathers certainly didn't foresee the coming of mechanical information processing, but I firmly believe they would have wanted it to be open to review by the common man.

      And this can never happen. Even if the source code is completely open, maybe 1% of the population has the skill to audit the code. The other 99% have to take it on trust, which is counter to the entire idea of open democracy.

      • by Orlando (12257)
        Even if the source code is completely open, maybe 1% of the population has the skill to audit the code. The other 99% have to take it on trust, which is counter to the entire idea of open democracy.

        I disagree. 1% is still almost 300,000 people by todays figures. Add to that the various academic institutions and liberty groups that would be keen on auditing the code, plus the opposition party(s) who also have more than a passing interest in keeping things fair, AND probably a large number of foreign people
    • by Orlando (12257)
      Our government needs an elected body of IT experts

      If, as you say (and I entirely agree) that "A democratic system cannot work unless there is absolute transparency in the voting process." then simply making the code availble for public perusal (open source) would be sufficient, as with the Australian system [wired.com]. Indeed, if you can't trust an elected government to manage it's evoting systems properly, then electing a second body to police the system doesn't ensure that the system will be any fairer.
  • 15% undervote (Score:3, Informative)

    by Anonymous Coward on Saturday December 30, 2006 @08:54AM (#17408188)
    15% of people who voted on the rest of the ticket, mysteriously didn't vote for their Congressman. Even funnier, it was very very strongly biased in favor of Democrat voters, 18% of people who voted Democrat on the remainder of the ticket didn't vote for a Congressman. Even stranger still, it was Florida the former seat of Katherine Harris, even stranger still other neighboring districts showed more typical errors of 3% or so with no political bias.

    Fix the vote, make it verifiable, even now when you think the last vote was fair, you don't know it was, nobody can show it was, and there's so much money and power at stake, the vote must be totally trusted.

    Florida has a Democrat voter majority, yet elects Republicans and it is more than gerrymandering.
  • by erroneus (253617) on Saturday December 30, 2006 @09:39AM (#17408354) Homepage
    When a judge makes the determination that the interests of a single business over those of a democratic process such as an election, then this judge's leanings are clear and obvious. I don't think the issue could be more complicated than that.
  • Transparency (Score:2, Insightful)

    by AlHunt (982887)
    Elections are supposed to be transparent.

    Sticking some software in the middle that nobody can see is akin to counting paper ballots in secret.

    I don't mind voting machines, electronic or not. But transparency is a *must*, either way.
  • "maybe, this trend to paperless voting [democratic...ground.com] is the greatest scam ever perpetrated on the voting populace in the world's history...."
  • by musakko (739094) on Saturday December 30, 2006 @10:15AM (#17408458)
    Instructions: 1. Vote 2. ? 3. Democracy! (oh, alright: and the winner PROFITS!)
  • Democracy! (Score:3, Insightful)

    by slmdmd (769525) on Saturday December 30, 2006 @10:44AM (#17408608)
    There is no democracy in USA, it was lost decades ago. It is a two party dictatorship. (Not exactly - It is actually the Corporate rule)
    Proof: Try finding answers to the following on internet. (Rest of the media is a PR tool of the dictators)
    1. Why no independent wins any seats.
    2. Why is it always a very close battle. (e.g. 250-251)
    3. What is the percentage of members that get re-elected in a communist country(say former russia) and what is the percentage in USA.
    Internet is the only remaining free media but not for long. No matter what we do, it is just a matter of time before the internet is also governed by the corporate. Ways to control are already in the works.
    About half of the world knows who is responsible for the 11 towers, but only a handful in usa.
    The answer is on the internet. Do your own research.
    • Re: (Score:2, Insightful)

      by PPGMD (679725)
      Your a moron, and whoever modded you up is one too.

      1. Most independents don't win for a number of reasons. First most are built around a single person, that person can only run in a single race, and thus is geographically limited, which limits the amount of votes that he can win. Second few independent parties are winners, people like to back winners. The last two parties that stood even a remote chance of winning a national election was the Green party under Nader, and the Reform party under Perot. Also

  • Bad Ballot Design (Score:2, Informative)

    by richwmn (621114)
    From the article
    Buchanan backers and the company say that if there was an unusually large undervote it was likely because of bad ballot design.
    It seems to me that admitting "bad ballot design" is worse than blaming the machines. Anyone who has taken statistics or marketing knows how easy it is to sway polls and sales by such methods as order in the phone book or on the ballot. IMHO bad design could just be effective design for the eventual winner.
  • Couldn't be stated more clearly: "Business tops democracy"

    So let's sit around and bitch.
  • by carpeweb (949895) on Saturday December 30, 2006 @11:24AM (#17408824) Journal
    ... what would that prove?

    I'm not saying it's a bad idea to know the source code. I'm just saying that wouldn't eliminate most of the problem.
    1. Who can look at source code and certify that it cannot be hacked?
    2. Even if (1) were possible, who can certify that the exact source code was (the only code) resident on every machine at the time of the voting?
    Furthermore, because ballots are anonymous, what do we have to tie people to votes on a one-to-one basis? Granted, the tie-in is imperfect in the paper world, but the potential for abuse seems higher in the electronic world. As I think about how a "vote hacker" might operate, it seems pretty likely to me that such a person would be motivated to cover tracks. For instance s/he would replace the source code with the evil code before the voting but would also switch it back to the source code after the voting. That's a pretty simplistic scenario. I envision that "good" e-voting security would require polling stations to begin looking like secure server rooms. That would give civil libertarians (and maybe even the rest of us) the creeps, even if it were feasible to issue every voter a security badge, etc.

    I'm no security expert, but is it not generally accepted that simple systems are easier to secure, all other things being equal? Pencil and paper are pretty simple, right?
  • How does any part of an elections tally become a trade secret, anyway?
  • by stox (131684) on Saturday December 30, 2006 @12:12PM (#17409132) Homepage
    What trade secrets could possibly be in a voting machine? There should be NO secrets in voting.
  • It is quite a low point when Information Monopoly "rights" can override the right to open, free and fair elections.

    There is really no alternative but to make this software public.

    The voting software does not need to be free-software/open-source (though it would be best), but it does need to be public.
    It is still possible for a company to hold and enforce copyrights on publicly available software.

    Any complex compuations that are performed (that they claim to be trade secrets) cannot be trade secrets in a fre
  • Even the old mechanical tabulators could be rigged - who is going to count the teeth on a cog, to verify that it counts right?

    Bear in mind that the term 'bug' refers to cockroaches living in mechanical computers, causing computational errors.
  • by ajs318 (655362) <sd_resp2&earthshod,co,uk> on Saturday December 30, 2006 @02:06PM (#17410198)
    So, have I got this right -- the Courts of the USA have ruled that a corporation's secrets are more important than the processes of democracy?

    I'm really glad I live in a country that still uses pencil-and-paper votes counted by hand.
  • Step 1: Rig election

    Step 2: Change laws so election can't be verified

    Step 3: Profit!
  • Checking the source code for backdoors (and removing them) doesn't mean there aren't backdoors in the other software involved. It all comes down to trust [acm.org]:

    1. Can you trust the programmer to write bugfree code and not to insert hidden code [dur.ac.uk] or well-covered trapdoors [slashdot.org]?
    2. Can you trust the compiler not to insert malicious code independent of the code compiled? (See above paper.)
    3. What about the preprocessor, assembler, and linker (or interpreter)?

    That's a lot of trust to share.

White dwarf seeks red giant for binary relationship.

Working...