Source Code Access Denied in Disputed Race 310
MrMetlHed writes "A judge ruled Friday that congressional aspirant Christine Jennings has no right to examine the source code that runs the electronic voting machines at the center of a disputed Southwest Florida congressional race. From the article: 'The ruling Friday from Judge Gary prevents for now the Jennings camp from being able to use the programming code to try to show voting machines used in Sarasota County malfunctioned. Jennings claims that an unusually large number of undervotes (ballots that didn't show a vote) recorded in the race implies the machines lost the votes.'"
Outrageous (Score:5, Interesting)
Re:first post (Score:1, Interesting)
I'm not bashing because
Thanks.
Beautiful system we have here. (Score:2, Interesting)
How I understand it, the only way the machines can put votes where malicious programs want (IF they're infected) is if someone votes. If I don't vote, my vote can't be misused. And I surely don't trust this technology, especially how fast and secretive it was implemented.
I could be wrong. I hope this isn't the *future of voting.
*less and less trust. less accountability and verifiability. easier to rig an election.
Judge's credentials? (Score:3, Interesting)
IIRC there were cases in the early 80s where judges made bad rulings because they simply had little or no understanding of computers/technology.
Re:unfuckingbelivable (Score:1, Interesting)
Judge Gary and the butterfly ballot .. (Score:3, Interesting)
"Without the source code [heraldtribune.com], it would be very difficult or impossible for me to determine how the software behaved," Dan Wallach, Rice University
was Re:Nothing tests code like the real world
Re:Outrageous (Score:4, Interesting)
The other thing to consider is the number of holes that might be discovered if everyone had access to the Windows source code
Re:unfuckingbelivable (Score:5, Interesting)
Why should Joe Public have to rely on someone like me saying 'trust me, it's secure?' Would you be willing to have a ballot paper written in Kanji and an expert tell you which set of symbols corresponded to your candidate? I certainly wouldn't, so why should the rest of the population have to place the same faith in experts?
Even if you could "verify" source code ... (Score:3, Interesting)
I'm not saying it's a bad idea to know the source code. I'm just saying that wouldn't eliminate most of the problem.
I'm no security expert, but is it not generally accepted that simple systems are easier to secure, all other things being equal? Pencil and paper are pretty simple, right?
Re:Outrageous (Score:4, Interesting)
A) They`re usefulness in gaining inappropriate access.
B) How many holes are left.
Now with A), Windows with its single user administration accounts and open privileges to system by all users, makes any userland bug into an root-level access nightmare. Yes, you can have a separate admin-account. No, XP doesn`t support this fully on the file-level (I`ve done it many times, and it`s a PITA because of bugs in XP regarding running programs or installing software as administrator)
A) will hopefully be fully solved in VISTA. How many years after UNIX solved this?
With B), you cannot really know. Open access to the source code and the whole world watching, makes it pretty obvious you`re going to have more fixes for Linux and BSD. With closed source, you never really know how many holes are left except when someone stumbles on one in the dark, you never really know what the software does or if it contains any backdoors.
It is not so far-fetched to state that the more fixes you have to a system, the more secure it is. But it`s really hard to say. Are NT programmers more proficient than Linux-programmers concerning security? Experience shows that security has never been Microsoft`s priority, marketshare has.
So IMHO Linux and BSD are very much more secure than Windows / NT / XP, maybe even BECAUSE of more fixes for the systems.. But also for the multi-user models used in UNIX which adds a layer of security with the root user, unless the user runs as root all day long of course.
So ANY system will be insecure if the user do stupid things.
Re:Nothing tests code like the real world (Score:4, Interesting)
I have this continual argument with a friend who believes that voting should be compulsory and the spoiling the paper should be a crime - forcing you to vote for *someone*.
I argue the other way - that actually the way the voting turnout is dropping is actually healthy. People should vote for what they believe in... ideally policies, but 'he has a nice suit', although not something I'd encourage as a voting decision, is at least a positive vote.
People stay home for 4 reasons:
1. They don't believe in the system
2. They believe in the system, but are not in a marginal so believe it doesn't work for them (similar to (1)).
3. They don't like any candidate
4. They don't give a flying fuck.
I don't *want* people in 3. and 4. to vote. They'll vote randomly, introducing noise into the results. If the purpose of democracy is to elect good government (debatable in itself, probably) then making them vote is against that purpose. 1. and 2. can be sorted out by things like politicians getting off their butts and actually canvasing (thus involving the people.. I haven't seen a politician around here ever), some education, and maybe reform (smaller voting regions perhaps, making them more representative to counter 2.).
Me, I'm a 3. so a 'none of the above' answer would be great. If a politician actually bothered to even ask for my vote, or *gasp* try to tell me why I should vote for them (and party policies don't count - I don't vote for parties I vote for people) then I probably would vote positively.
Re:Outrageous (Score:5, Interesting)
Re:Outrageous (Score:3, Interesting)
Well yeah, but it is misleading that you suggest Windows is less secure just because it is closed source. To disqualify that statement you just need to consider that if Linux became closed source tomorrow it would be no less secure than it is today.
No, the problem with Windows is that M$ made some bad design choices in the early days (90's) and opted to endlessly patch problems rather than rearchitect the kernel/OS (what Vista is supposed to be). The community around linux on the other hand represents "oversight" and helps force speedy correction of underlying flaws. So basically I am saying that with Linux-like oversight on its closed source code, Windows would be really good. To bad that is not feasable.
Re:Outrageous (Score:5, Interesting)
If the public/government doesn't require similar validation and reliability for electronic voting machines, it's because your votes aren't considered important or valuable. I don't see any way to escape that conclusion, given the way things are.
Re:Outrageous (Score:3, Interesting)
I happen to agree that a completely secure system can be established fairly easily. Give the voter a touch screen for all of their choices, they push buttons, it says "Person/Initiative/Proposal/Whatever X are you sure?" and you confirm it, once all things you are voting on are done with, you get a final summary page to confirm, then it records that information and says have a nice day, and also prints out a human readable slip that contains all your votes. You fold it in half just like a normal paper ballot, the person running things seals it and plops it in the ballot box like always. There you have it. Instant the polls close, you have your numbers, and the number can be verified by hand counting of the printouts. In fact, have the electronic number the "Tentative" count, and only the hand count is official. You get instant preliminary results and trusted final results.
That being said voting regardless of system boils down to trust. I will use trust in the same sense the parent has used it as, severely scrutinized. The problem with pure electronic voting is that, while it requires utmost trust, as do all methods of voting, this trust cannot be given. The machine has a tally in it, and the master machine tallies all of the tallies and gives the final result. A person wrote the code and a person assembled the machine. Let us say the code is fully open and completely trusted. How trusted is the fact that the machine is running THAT code? How hard is it to switch out a rom chip? Was the machine fully inspected to make sure the code is identical in all ways to that which is trusted? Its just not possible to trust this machines numbers. Trust is an issue because there is nothing to prevent this machine from being designed to randomly, with chance 1/5, reassign votes from person X to person Y when writing them down. Where is the log? The log may be 10000% fool proof but the vote was logged normally, everything was normal. All it takes is one tiny piece of code to switch how the vote is recorded. Its displayed for the user as normal, but a single line of code randomly flips it over when its recorded. How can this sort of thing be stopped? Hopefully such tampering would be obvious in the code with enough eyes looking for it. As I said however, how hard is the code to change? If its just on a disk of a windows box as some of these voting stations are...well its trivial to swap the code out at any point. If its on a ROM as it should be, how hard is it to switch out the ROM? Is there only one ROM? It ended up that in many of the voting terminals used in previous elections, there were actually TWO ROM chips, and a hidden switch in the back to switch between them. With such a device, it would be trivial to have your trusted code on one, and your malfeasant code on the other. No amount of auditing the code and verifying the correct code is running will save you from this, you would have to fully verify the hardware too. But what if it wasn't a switch, what if the hidden rom is selected by a timer, only active when its actually the election, and switching back to the trusted ROM the second the polls close? Well, then you could set the system clock to whenever the election is supposed to be and always test under those conditions. Unless of course there is a second clock elsewhere that is not changed when the admin adjusts the system clock.
That was a lot of text. What it boils down to is its possible to build a very devious voting machine that to the user appears fully functional and seems to record their votes correctly, but does not actually record them correctly. A software audit will not protect you, and machine audit will not protect you, and a detailed examination of the device will not protect you. You would have to crack them open and verify every circuit in there, every IC chip, every single ROM. How could you do this? A full verification would, I imagine, destroy the machine beyond all hope of repair. It would be impossible to verify the actual machines used in vot