Forgot your password?
typodupeerror
Government Open Source Politics

E-Voting Source Code Made Public In Estonia 88

Posted by Soulskill
from the but-omg-hackers dept.
New submitter paavo512 writes "Server-side source code used for electronic voting was made fully public by Estonian officials on July 11 (in Estonian). The aim is to encourage more specialists to get involved in the technical analysis of the software. It is hoped that public overview will help to ensure the security of the system. E-voting has been successfully used five times in Estonia since 2007. It facilitates national ID cards which are obligatory for all citizens. In the next municipal elections later this year it is planned to test an experimental feature where the voter can check via a physically separate channel (smart phone) if his or her vote has been registered correctly. The publicized source code is available at GitHub."
This discussion has been archived. No new comments can be posted.

E-Voting Source Code Made Public In Estonia

Comments Filter:
  • The big question (Score:2, Interesting)

    by Anonymous Coward

    How do you verify that the published source code is running unmodified on the production servers?

    • by i kan reed (749298) on Friday July 12, 2013 @03:20PM (#44264121) Homepage Journal

      The typical answer is the same magic answer that's been a part of democracy since the invention of the secret ballot: oversight. Think the oversight is foxes watching the hen-house? Volunteer!

      • by MarcoAtWork (28889) on Friday July 12, 2013 @03:41PM (#44264301)

        it's a lot simpler to have oversight of paper ballots being counted by hand than of a program running on a computer somewhere: there's no way anybody can be sure the program being actually run is the program that was generated via the source code you are given.

        Not to mention that there is no way you can be sure about the *environment* the software is run on, since it would be trivial to have some kernel/environment exploits that could alter the result arbitrarily.

        The only way one could be sure there are no electronic shenanigans would be redundancy:

        - provide the source code and build instructions for all the software
        - at voting time anybody can come in, get the raw data and run it on their own compiled copy of the software, if there is a discrepancy flags would be raised and the result would not be accepted until at least a certain number of independent computers come up with the same result

        • Re: (Score:3, Informative)

          Ken Thompson compiler hack?

          • by Anonymous Coward

            Ken Thompson compiler hack?

            So they would somehow make sure that every independent person who built the software did so using the hacked compiler?

        • Democracy@Home - I actually find the idea quite interesting.

          Although now you have to find a way to ensure trust in the raw data...

          • for ballot box votes it would be pretty easy to guarantee raw data trust via the usual observers, as long as the voting machines leave a paper trail (and they should). For remote e-voting you would set up end-to-end vote verification as the poster below was saying, it would just be part of the voting process, you go to vote on the day, and the next day you verify that your vote was counted. With vote verification and distributed verification of the results it seems it would be a very solid system.

            This said

        • by jnork (1307843)

          Or you could have end-to-end verification of your vote. Doesn't guarantee the software is the same, but at least you'd know that YOUR vote got there intact. And if not, presumably there'd be something you could do about it. Enough people complaining might get paid attention to.

          "...planned to test an experimental feature where the voter can check via a physically separate channel (smart phone) if his or her vote has been registered correctly." Yep, that's the kind of thing I had in mind. It'd have to be done

        • by AK Marc (707885)
          There's one *very* easy way nobody likes to talk about. Abolish secret voting. Open voting is more secure than any secret ballot used or conceived of to date. It worked for the first 100 years of the US, and failed only when there was a Civil War. A return to Open Voting would allow for vote buying (which is easily possible today under all absentee voting systems I've seen in the US, but still doesn't happen), but eliminates 100% of the most common frauds. Fix the system in 1 easy step. Then it doesn'
          • The threat of an open ballot election isn't that someone will murder you, it's that the police chief you voted against "happens" to suspect you of running a meth-lab, and runs a no-knock warrant on your home. Or the health inspector might just find a few specks of dust that don't belong. It's like pay-for-play kickbacks, but you can't ever prove the connection.

            • by AK Marc (707885)
              So it's like today. If you vote for someone, you hope he does something that benefits you. Only there will possibly be more direct link between voting and actions. And yes, there have been cases of politicians acting against those who didn't vote for them. Even with secret ballots there will be. There will just be more guesses about who it was who voted against. Again, it's a problem today that secret ballots doesn't stop. The theory is that the candidates would not act in such a revenge manner. Aft
              • by Kavafy (1322911)

                Again, it's a problem today that secret ballots doesn't stop. The theory is that the candidates would not act in such a revenge manner. After all, it would do nothing to improve their chances of reelection, so why bother? Bribing for votes would be a much more effective election influencing act, rather than vote punishing.

                Isn't the point that, without a secret ballot, candidates can intimidate people into voting a particular way? IOW the key period is before the election, not after?

                • by AK Marc (707885)

                  Isn't the point that, without a secret ballot, candidates can intimidate people into voting a particular way? IOW the key period is before the election, not after?

                  They do that today. It's just less personal. If it became personal, John Smith gets a letter stating if he doesn't vote for Bob Barker his house will be demolished to make way for a road, don't you think John Smith publishing that letter would affect the campaign (and arrest) of Bob Barker?

      • by plover (150551)

        I don't care how well you think you're watching. You are a human, and you are capable of overseeing simple activities, such as official pieces of paper being dropped in a box, or official stones being dropped in a jar. Your capabilities for "oversight" do not extend down to observing the correct bits are flowing through a CPU.

        The thing we've all forgotten in our rush to tune into the 24 hour news channel is that voting results do NOT have to be completed within 15 seconds of the polls closing. I don't ca

      • by AK Marc (707885)
        Where I grew up, you could only volunteer if you were a verified fox (a member of a party with candidate in the election). How's that for oversight? If the US oversaw it's own elections to the degree they oversee others, all of the elections since 1996 would be declared invalid.
    • by Thry (962012)
      The same way you verify that the published final result matches the actual votes!
      • by Pieroxy (222434)

        The same way you verify that the published final result matches the actual votes!

        You mean by counting manually the bits in the RAM of the machine, or counting the votes (with a witness in the booth) and checking that against the overall results?

        The ONLY way to make e-voting productive is to have those machines ... produce a piece of paper on whitch the voter can check that the right name is printed on. Put it in an envelope, and in the urn. At the end of the day, the ballots are opened by some volunteers, the name printed on is read out loud, they are passed into a machine and a giant s

        • by manu0601 (2221348)

          The ONLY way to make e-voting productive is to have those machines ... produce a piece of paper on whitch the voter can check that the right name is printed on.

          You also need to check identity of voters and count them so that no vote can be injected. And that cannot be done remotely, voters need to attend physically for that, otherwise someone will manage to vote for the deads.

        • by AK Marc (707885)
          Paper or electronic, once they are in the urn, there are hundreds of ways to spoil them. Lose them, stuff them, in all sorts of ways. Paper is broken, that's why e-voting is getting traction. The only system not broken is voter-verified open voting.
          • by Pieroxy (222434)

            The only system not broken is voter-verified open voting.

            What is that? Can you give us more than 4 words to get an idea?

            • by AK Marc (707885)
              Vote buying in the US is easy. Your employer fills out 100 ballots (in an office of 100) and passes them out. You are required to sign them and hand them back. He'll seal them and send them for you. Your vote is cast in his desired manner or you are fired. He then calls a special day on vote Tuesday. Everyone works a 12 hour shift, in-house lunch provided, so nobody can sneak away to vote in person that day.

              That's all easily possible today. Yet it *never* happens. The *only* attack vector to open v
    • by Anonymous Coward

      Signed binaries and random unannounced audits.

    • by tsadi (576706)

      The part where they will be testing an "experimental feature where the voter can check via a physically separate channel (smart phone) if his or her vote has been registered correctly" sounds like a good start. When you get verified reports of people's votes getting changed along the way, you launch an investigation and trace how/where it happened.

      • by CastrTroy (595695)
        But then you no longer have a secret ballot. If you can prove that you voted for a specific person, you can be coerced by others (your boss, the mob, some guy giving you money) to prove that you voted for who they wanted you to vote for. A system has to be verifiable in the sense that you can be reasonably sure that all the votes are counted correctly, without being altered, and without being able to attach the votes to who cast them. This is why paper ballots work. Start with an empty sealed box, verifi
  • by Anonymous Coward

    ...Nothing can beat the audit trail of Elbonian clay tablets.

  • by Anonymous Coward on Friday July 12, 2013 @03:28PM (#44264191)

    National ID cards are NOT mandatory for citizens.

    E-voting used five times? Uh, it has been an OPTION. People vote in person mostly. In press articles+commentaries, e-voting has drawn rampant suspicions of corruption. (There's a scandal with some party internal voting, which is quite unrelated, but......)

    As an estonian, I have to say I bloody hate this stupid hype. I also believe the cheapest and most reliable method of voting continues to be in-person voting. (Your BRAIN, casting the vote, is attached to your FACE, which typically is fuzzy-recognized by the local officials. This system is very hard to improve upon.)

    captcha: contrary

    • The only ones with the "rampant suspicions of corruption" are the opposition parties spreading FUD, especially by comparing that to electronic voting elsewhere: voting machines - which is a totally different thing.

      The scandal with some party's internal voting didn't even use the same infrastructure. FUD much?

    • by Anonymous Coward

      In press articles+commentaries, e-voting has drawn rampant suspicions of corruption. (There's a scandal with some party internal voting, which is quite unrelated, but......

      Really? Rampant? There was one guy who pointed out a potential security vulnerability, which so far is unconfirmed - hypothetical, it relies on the assumption that a users computer could be compromised and the voting software UI manipulated, iirc. Party internal voting scandal is a completely different matter. They used a weak internal voting procedure which is unrelated of the state run e-voting system.

    • Re: (Score:3, Informative)

      by Anonymous Coward

      National ID cards are NOT mandatory for citizens.

      E-voting used five times? Uh, it has been an OPTION. People vote in person mostly. In press articles+commentaries, e-voting has drawn rampant suspicions of corruption. (There's a scandal with some party internal voting, which is quite unrelated, but......)

      As an estonian, I have to say I bloody hate this stupid hype. I also believe the cheapest and most reliable method of voting continues to be in-person voting. (Your BRAIN, casting the vote, is attached to your FACE, which typically is fuzzy-recognized by the local officials. This system is very hard to improve upon.)

      captcha: contrary

      You are a lousy estonian then. ID cards are mandatory, passports are not. Soovitan sul seadust lugeda seltsimees.

      • Re: (Score:2, Informative)

        by Anonymous Coward

        This is correct. Parent is not.
        (Estonian here as well, but I don't think calling each other comrades is "the thing" after the collapse of Soviet Union.)

    • The ID card is mandatory for citizens. https://www.eesti.ee/eng/topics/kodakondsus/eesti_kodakondsus/isikut_toendavad_dokumendid [eesti.ee] (English version).
    • by Anonymous Coward

      Estonian speaking and with law degree: national ID card is the one and only MANDATORY identification in Estonia. Passports are just travel documents and are not mandatory. ID cards, mandatory.

    • by Freultwah (739055)

      It HAS been used five times, and nowhere in the summary does it say it has been mandatory and the only way. So, a nice strawman there, but try to rein in that hate a little better and use actual arguments. The e-voting system is an excellent option to improve participation, and if you do not like it, don't use it. There is no need to become a Bolshevik about it, as in "I don't like it for me, let's get rid of it for everybody".

      Besides, throwing all this Centre Party's FUD around is just not a good way to pa

  • by dargaud (518470) <slashdot2@ g d a r g a u d . net> on Friday July 12, 2013 @03:42PM (#44264315) Homepage
    I truly do not understand the US aversion for identity papers. (*) There needs to be a way for you to interact with the state / federal government, it's obvious. But how do you prove who you are when you do ? ID papers provide this certification easily. I've heard all kind of 'slippery slope' arguments like 'it's the first step towards a nazi state'. Well duh, every country in Europe has had ID papers since at least WWII and it hasn't changed anything. Instead of that the US relies on driver's license for the same purpose, or much worse, social security number which anybody can figure out and copy at will. Dumb.

    (*) And at the same time I don't understand why most USamericans don't give a flying squirrel about the wholesale spying going on. They don't want a piece of paper to identify them once a year when a cop or a govnmt employee asks for it for a legitimate purpose, but they don't care to have their every word archived to some big brother 5 zetabytes database with sorry consequences years from now. Beats me.
    • I truly do not understand the US aversion for identity papers.

      Well, basically it boils down to legal requirements for government accessibility - not everyone can get to the ID shop (a 90-year-old quadriplegic living below the poverty line doesn't really have the means to get an ID, and thus, to access their right to vote), and a lot of people bitch about the "cost to taxpayers" when you explain that charging people for access to government via legally required ID would be unconstitutional.

      Of course, there's also the ever-present rationale (if it can be called that) ex

    • by Anonymous Coward

      There is a difference between having ID papers so you can use them at appropriate times and requiring every citizen to carry ID papers all the time. In the Netherlands, it used to be the former, it is now the latter, and I fucking hate it (and do not comply).

    • by Anonymous Coward

      There's no need for ID cards. In the UK, which, depending on which side you're on, is either in or just next to Europe, the system is the same like in the US. You identify using your name when you vote, and using a two utility bills (or a utility bill and a tax bill - from either HMRC or your local Council) when you open a bank account.

      If they were to introduce e-voting in the UK, they'd do it in a very similar way to postal voting. You ask for a postal vote form plus envelope, which you fill in and send to

    • by AK Marc (707885)
      The US sees them as the first step in control. Identify everyone, make them reveal home addresses, and require the papers be shown on demand, and you have a registration system. The next step is to come for the Communists. And under McCarthy, they really did, if they had a suitable national registry, there would have been mass arrests and internments. But there wasn't, so it was much harder for the government to get anything done. That's the point. We don't trust our government so we want to make it h
  • Under a NoDeriv license so it cannot be built upon. http://creativecommons.org/licenses/by-nc-nd/3.0/ [creativecommons.org]

"Catch a wave and you're sitting on top of the world." - The Beach Boys

Working...