Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Open Source Politics

New Hampshire Set To Pilot Voting Machines That Use Open-Source Software (therecord.media) 111

According to The Record, New Hampshire will pilot a new kind of voting machine that will use open-source software to tally the votes. The Record reports: The software that runs voting machines is typically distributed in a kind of black box -- like a car with its hood sealed shut. Because the election industry in the U.S. is dominated by three companies -- Dominion, Election Systems & Software and Hart InterCivic -- the software that runs their machines is private. The companies consider it their intellectual property and that has given rise to a roster of unfounded conspiracy theories about elections and their fairness. New Hampshire's experiment with open-source software is meant to address exactly that. The software by its very design allows you to pop the hood, modify the code, make suggestions for how to make it better, and work with other people to make it run more smoothly. The thinking is, if voting machines run on software anyone can audit and run, it is less likely to give rise to allegations of vote rigging.

The effort to make voting machines more transparent is the work of a group called VotingWorks. [...] On November 8, VotingWorks machines will be used in a real election in real time. New Hampshire is the second state to use the open-source machines after Mississippi first did so in 2019. Some 3,000 voters will run their paper ballots through the new machines, and then, to ensure nothing went awry, those same votes will be hand counted in a public session in Concord, N.H. Anyone who cares to will be able to see if the new machines recorded the votes correctly. The idea is to make clear there is nothing to hide. If someone is worried that a voting machine is programmed to flip a vote to their opponent, they can simply hire a computer expert to examine it and see, in real time.

This discussion has been archived. No new comments can be posted.

New Hampshire Set To Pilot Voting Machines That Use Open-Source Software

Comments Filter:
  • by filesiteguy ( 695431 ) <perfectreign@gmail.com> on Thursday November 03, 2022 @09:26PM (#63023213)
    Um, Los Angeles County uses various OSS component in their immense voting solution. https://vsap.lavote.gov/

    Have been since 2020.
  • I don't care (Score:5, Insightful)

    by Joce640k ( 829181 ) on Thursday November 03, 2022 @09:31PM (#63023227) Homepage

    a) I'm against any system that can't be physically watched by multiple parties and recounted if necessary. Electrons in a machine is just too easy to game and leave no trace..
    b) What's the advantage of electronic voting anyway? (Is it just "we have the results a few hours earlier!!" That doesn't seem enough)

    • The fact that it's open source means that you and anyone else can actually determine if such is possible and demonstrate that it could be done rather than just theorizing about it. It also means that such vulnerabilities can be fixed. I personally don't consider electronic voting to be an endpoint, but merely another tool that can be used to ensure the accuracy and integrity of elections. It's not as though non-electronic means are immune to tampering or free of issues.
      • I think at this point we need to dump the machines. Look at Brazil, if they had paper ballots with a chain of custody then there would be less chance of fraud and therefore less chance of mistrust. You may not have seen but there are some of the biggest protests I have ever seen (on TV). I mean you might only need that if you were up against a convicted criminal (such as in Brazil) but politics may have once been public service however now days it is about money for a lot of these people and of course power
        • if they had paper ballots with a chain of custody then there would be less chance of fraud

          You are assuming that the chain of custody is not corrupted. There are many cases of ballots being swapped or going missing despite a chain of custody. Who watches the watchers?

          Paper ballots are susceptible to fraud.

          Electronic ballots are susceptible to fraud.

          But the fraud mechanisms are different. So the best solution is to have both. E-voting for immediate recording plus a printed paper ballot/receipt that can be audited.

          • I live in Travis County and our electronic systems do exactly that. A ballot is printed after you vote electronically that you can visually verify is the way you voted. You then put the paper ballot into a scanner as you walk out the door. Seems pretty good to me. As you say, even with paper ballots, fraud was a thing (Chicago was famous for ballot stuffing). To a large extent democracy relies on trust and conformance. Trump not stepping down was a very bad thing on the conformance. Democracy is fragile, an
            • Travis County clerk Dana DeBeauvoir is a leader in developing and designing voting systems:
              https://www.wired.com/story/da... [wired.com]

              Because she has been working on multiple ways to expand voting access and improve election integrity, she has been targeted by the fascist (and literally criminal) Texas attorney general:
              https://www.texastribune.org/2... [texastribune.org]
              https://www.texastribune.org/2... [texastribune.org]

            • Trump did step down, you are really divorced from actual facts here. Where have you been the last two years while the successor has been burning the country?
              • Where have you been? Not a week goes by where some republican doesn't talk about the election being stolen. In fact many 2022 campaigns make this their headline issue. Seriously, where have you been? Do you also have a trump 2020 sign in your yard like I've seen in my area? Seriously, where have you been? And it was not so much step down as shown the door, and lardo would not have stood a chance against the secret service guys.
        • by Bert64 ( 520050 )

          This is a classic fear of the unknown...
          There are plenty of ways that paper based voting can be corrupted, and there are plenty of recorded incidents where that happened - and no doubt plenty more where it went undetected.

          Having open source code for the voting system allows anyone to verify the integrity of the system.
          Having both electronic counting and paper ballots allows for the results from two methods to be compared, and means that anyone wanting to commit election fraud would need to find a way to sub

          • by Entrope ( 68843 )

            You don't need blockchain to tell whether your vote was counted as you intended. You just need a public list of who voted and how. However, people want secret ballots for a lot of very good reasons, and blockchains violate that.

            • A blockchain address is not personably identifiable unless you know the owner. Same as ballot images with an ID number. Problem comes when you want to verify that only legal votes were counted. You would need someone to trust to audit back to a voter. I would like to see the technology that can preserve privacy and verify that a certain vote record maps to exactly one voter registration. Maybe if [https://inpher.io/technology/what-is-fully-homomorphic-encryption/ Fully Homeomorphic Encryption] can do
              • Is there any indication this system uses a blockchain? At the very least, this prevents altering historical processing data.
              • How does an illegal vote get cast anyway? It means that someone voted in my name while I also voted in my name, which makes both ballots get tossed out. Or maybe if the fake signature is not good I get to keep my ballot. The idea of "illegal votes" is so nebulous that it means very little in modern elections. A busload of undocumented aliens can not vote! When they inspected discrepancies in ballots during actual investigations the number of fraudulent ballots is extremely small, and most discrepancies

                • by Bert64 ( 520050 )

                  "It's not the people who vote that count, it's the people who count the votes"

                  Voter fraud is not just a case of illegal duplicate votes, there are many more options than that.

                  Assuming someone does illegally duplicate your vote, if the vote is on paper how is the duplicate identified? Especially with anonymous voting. It's quite difficult and time consuming to identify duplicate votes.

                  Assuming both duplicate votes get tossed out, then duplicating the votes of known supporters of the opposition is a viable st

          • The major fundamental difference is with paper ballots you have to put in some work (see the 2000 mules movie, it takes more people and much more effort) but with electronic systems one hacker can take the whole election. So paper ballots offer a level of defense even if not air tight at this point. There are improvements that can be made.
        • In quite a few countries its the paper voting systems that are misused for election fraud by booth capturing, vote /ballot stuffing etc. It's also easier for incumbent to manipulate under the guise of 'security' etc.

          Open-source, blockchain, immutable, easily auditable - those are all better options but to be introduced very carefully.

      • "The fact that it's open source means that you and anyone else can actually determine if such is possible and demonstrate that it could be done rather than just theorizing about it. It also means that such vulnerabilities can be fixed."

        The SSL [wikipedia.org] guys agree with you.

      • The fact that it's open source means that you and anyone else can actually determine if such is possible and demonstrate that it could be done rather than just theorizing about it. It also means that such vulnerabilities can be fixed.

        All you have to do then is prove that the source code matches the program running on the machine in the booth.

        It also assumes the compiler hasn't been rooted: https://wiki.c2.com/?TheKenTho... [c2.com]

        • The fact that it's open source means that you and anyone else can actually determine if such is possible and demonstrate that it could be done rather than just theorizing about it. It also means that such vulnerabilities can be fixed.

          That statement is trivially false. The fact that it's open source means that >computer experts who understand PKI and blockchain can examine it. Not me, and not "anyone".

          All you have to do then is prove that the source code matches the program running on the machine in the booth.

          Resulting in voting system in which government officials now have the ability to have computer experts stand up and can testify "I have examined the code, and didn't find any vulnerabilities". If the public believes these experts, that would be outstanding.

          It also assumes the compiler hasn't been rooted: https://wiki.c2.com/?TheKenTho... [c2.com]

          True enough. More notably, it assumes that just because it's open source, it can'

          • by cstacy ( 534252 )

            More notably, it assumes that just because it's open source, it can't have vulnerabilities. Have open source system ever had vulnerabilities exploited?

            They should use a Mac for the voting machine They are immune from malware and cannot be hacked. It just works!

      • Re:I don't care (Score:5, Insightful)

        by Vihai ( 668734 ) on Friday November 04, 2022 @03:57AM (#63023583) Homepage

        You would never be able to prove, at the voting booth, that the black box you have in front of you actually runs the software and only the software, plus the hardware it CLAIMS to be running.

        With paper voting YOU could VERIFY the process up to the ballot box (which does the anonymization) and then EVERYONE can verify the process.

        • Everyone who receives the ballot paper can validate the process.

          I can't sit at home and be sure my vote was included. That's what electronic voting offers. You can duplicate whatever data is being tallied. And multiple people can perform the same operations on it.

          The worry is from "are my results in there, or were they changed?" And I thought we had tools for that (signing a message with an identity not known/linked to you).

          But what about anonymity? What if we batched together many votes as a pool? Li

      • The fact that it's open source means that you and anyone else can actually determine if such is possible and demonstrate that it could be done rather than just theorizing about it.

        The only way to do that is with a verifiable process to ensure that the image on each machine precisely matches the hashes that can be generated with the public sources and no additional software has been loaded. None.

        So far, we don't have a process in place to have every machine checked by IT specialists to make sure they're oper

        • by cstacy ( 534252 )

          The fact that it's open source means that you and anyone else can actually determine if such is possible and demonstrate that it could be done rather than just theorizing about it.

          The only way to do that is with a verifiable process to ensure that the image on each machine precisely matches the hashes that can be generated with the public sources and no additional software has been loaded. None.

          So far, we don't have a process in place to have every machine checked by IT specialists to make sure they're operating at that level.

          This would actually be trivial to do. There are already people checking the machines each time they turn them on. An external diagnostic device wouldn't be much more than happens now.

      • by Whibla ( 210729 )

        It's not as though non-electronic means are immune to tampering or free of issues.

        It might be a question of scale.

        If I want to tamper with paper ballots I need access to them. There are a lot of polling stations, and counting facilities, and a lot of people working in them. This makes large (and I mean 'large') scale fraud incredibly difficult. Sure, it's possible to conceive of a situation in which the results from a single county (or w/e) tip the balance, and hence we can imagine a 'useful degree of cheating' when it comes to paper ballots, but a one in a million edge case, while an in

        • This is the strength of our distributed voting system.

          A couple volunteers could tamper with the votes in their neighborhood polling place -assuming that the other half dozen volunteers don't notice/care. But there are a million such neighborhood polling places in the country. It would take an inconceivably vast conspiracy to have a significant impact on a national election.

          • But there are a million such neighborhood polling places in the country.

            Err... correction. There are a couple hundred thousand, not a million.

            My point stands -but my math sucks! Don't ask me to count votes: 1...2...16...50...6...30...umm.

        • by cstacy ( 534252 )

          It might be a question of scale.

          If I want to tamper with paper ballots I need access to them. There are a lot of polling stations, and counting facilities, and a lot of people working in them. This makes large (and I mean 'large') scale fraud incredibly difficult.ng process.

          Major elections sometimes are very close, and come down to a very few (or even one single) vote cast in a critial neighborhood.

      • It means some people can verify it, but outsiders who are skeptical of democracy will always claim it isn't right. Ie, how do you know the software I'm looking at is on that machine, how do we know someone hasn't replaced some of the machines, how do we trust your certificate chain, etc. When the secretary of state, or local commissioner of elections, who is a life long conservative Republican, swears on a stack of Bibles that all the investigations show the election was fair, they get accused of being me

    • by Jeremi ( 14640 )

      I'm against any system that can't be physically watched by multiple parties and recounted if necessary. Electrons in a machine is just too easy to game and leave no trace..

      Agreed. At a minimum, any electronic voting machine must (a) print the voter's choices onto a paper ballot, (b) allow the voter to inspect that ballot for accuracy, and then either approve or reject it, and (c) keep all paper ballots in a secure location so that they can be manually recounted if/when necessary.

      That way, you don't have to trust the software, because you can verify its results by hand whenever there is any doubt.

      What's the advantage of electronic voting anyway? (Is it just "we have the results a few hours earlier!!" That doesn't seem enough)

      For vote-counting, it's also much more accurate to count votes electronically th

      • Re:I don't care (Score:5, Interesting)

        by quonset ( 4839537 ) on Friday November 04, 2022 @12:23AM (#63023445)

        Agreed. At a minimum, any electronic voting machine must (a) print the voter's choices onto a paper ballot, (b) allow the voter to inspect that ballot for accuracy, and then either approve or reject it, and (c) keep all paper ballots in a secure location so that they can be manually recounted if/when necessary.

        That way, you don't have to trust the software, because you can verify its results by hand whenever there is any doubt.

        That's what we do. You get a scantron ballot, fill in the appropriate bubbles for your choices, then run it through a machine. The machine keeps the tallies but the paper ballots are there in case there are questions and can be handcounted.

        Unlike in Georgia where voting servers are wiped [apnews.com] the moment a lawsuit is filed about voting irregularities.

        • by Anonymous Coward

          In a (probably futile) attempt to forestall the acolytes of the Big Lie, your link:
          - is from 2017
          - doesn't involve a device directly used to count votes

          For the 2020 election, Georgia replaced their DRE voting machines with ballot-marking devices. The paper ballots were used for the recounts.

          • by jbengt ( 874751 )

            In a (probably futile) attempt to forestall the acolytes of the Big Lie, your link:
            - is from 2017
            - doesn't involve a device directly used to count votes

            To add to that, the link states that the defendant in the lawsuit was the Republican election official.

    • Yeah, it's a solution looking for a problem. But it will become normal since it saves money. A lot of money. Election day is goddamn fucking expensive.

      I've worked on polls for over 30 years. In the past 10 years or so polling place counts on the actual day have reduced 10-15% due to pre-polling and e-voting online.

      People will always want to go to a polling place on the day, maybe it will reach 50-50 in the next 4 or 5 cycles. By then we'll have two or three more generations of technology and it will becom

    • a) I'm against any system that can't be physically watched by multiple parties and recounted if necessary. Electrons in a machine is just too easy to game and leave no trace..
      b) What's the advantage of electronic voting anyway? (Is it just "we have the results a few hours earlier!!" That doesn't seem enough)

      a) that's why there are people from the various parties on site watching what's going on when votes are counted.

      b) Yes, getting the results as quickly as possible but also as accurately as possible. Scanning a ballot is orders of magnitude faster and more accurate to count than some fat-fingered ape going one by one. If speed wasn't an issue, all the fascists out there wouldn't be howling there's goings on because it's taking too long to count the votes.

      The only way to to allow hand counting of votes woul

    • Re: I don't care (Score:3, Insightful)

      by simlox ( 6576120 )
      Here in Denmark we got the result of Tuesdays election before midnight - recounts the following days didn't change anything. There is no electronic voting machines, only pen and paper - and a lots of people watching the whole process. For a change I came just in the rush hour and had to wait 5 minutes in line - usually there is barely any line up.
      • Yes, a much smaller country too. And you don't have lines of people demanding to inspect each and every ballot during a recount, hoping to find some tell tale bamboo fibers that prove the ballots where whipped from China.

        The big delay is often with the mail in ballots. For some reason, most (all?) states forbid them from being counted in advance. And each envelope has a signature that has to be verified by hand, then the ballot removed and placed in a boxes to be counted when finally allowed. That right

    • by necro81 ( 917438 )

      electronic voting

      You clearly didn't read the article then, or even comprehend the summary. What is being discussed is electronic counting of the ballots. Paper ballots go in, results get tallied - the ballots remain in a lock box. The results of this OSS pilot will be cross-checked against a public hand count. There are no jurisdictions in New Hampshire that vote using purely electronic means. There are paper ballots; there are audits [nhpr.org].

      It is widely acknowledged by election officers [npr.org] - ya know, the p

    • Now let's say you've 50,000 watchers who each, serially, want a recount? If you say "sorry, we've done 20,000 recounts already, and the election was 6 years in the past", still some lunatic (probably from Arizona) will claim it was stolen and that the government officials are covering it up. There is no satisfaction possible for the conspiracy theorits!

      The logic goes like this:
      1) Our guy won, it's obvious. We've never met a single person who like the other guy. This is our base condition.l
      2) The election

    • Agreed.

      I want voting to be essentially scantron: a slip of paper that can be tabulated automatically by machine, but also can be hand counted by humans for audit/troubleshooting purposes. It is a known good technology that we are all familiar with.

      If you want use a touch-screen voting machine to generate it instead of pencils, fine -it may reduce errors (partial/misfill/smear/etc.) but the actual vote must be a hardcopy printout that shows in human readable format alongside the scanbubble so that the voter

      • It could also have a serial number on it so you can verify your own vote later.

        ie. Take a pic of your slip and type the number into the government web site.

    • by Rhipf ( 525263 )

      This isn't really an electronic voting machine it is an electronic vote counting machine. You vote bay marking a paper ballot. The ballot is then run through the vote counting machine to tabulate the vote.
      You don't trust the count? You can ask for a hand recount of the ballots.

  • by subreality ( 157447 ) on Thursday November 03, 2022 @09:34PM (#63023231)

    I want the voting machine to print out a piece of paper which has my votes on it, in a way I can personally verify before I drop it in a locked box. This lets the machines provide rapid updates for election day, and any questionable results can easily be audited by opening the boxes and checking the tallies.

    Open source is nice, but I can't personally audit that it's the code running on the machine when I cast my vote. Nor can I tell if someone opened the machine and changed the tallies.

    • I know it is hard to read the summary and all, but this is done the other way around. You mark a paper ballot. That ballot is the actual vote, and will be maintained for use in any recounts. The electronic part of it is just to read the marks off the paper, tally and collect them. This trial will then have human counters do the exact same thing the machines are intended to do, and then verify that they get with a few votes of the same number.
    • Could you necessarily tell if the secure box you think you dropped your auditable paper ballot into isn't some kind of gimmicked device that has only duped you into believing the results are correct? A magician could likely create props and routine to make it all appear legitimate when it's anything but. I think we put more trust into older methods just because they've been around for longer, but if you've seen a skilled stage magician, it should seem all too apparent that it's not too difficult to make som
    • Re: (Score:3, Informative)

      Republicans don’t want a paper trail. https://apnews.com/article/202... [apnews.com]

      Easier to make false claims that way.

      • That's just bs. Every republican I know is *screaming* for a paper trail... its the democrats that want wide open standards, no audits, no ID, no paper
        • I don't think you understand. A few Republican legislators in one state don't want to spend $37 million dollars for new equipment, and that obviously means that you can safely ignore all of the evidence of your own eyes and ears and just accept his generalization.

        • That's just bs. Every republican I know is *screaming* for a paper trail... its the democrats that want wide open standards, no audits, no ID, no paper

          Turns out not to be the case. It was the Republicans, not the Democrats, who blocked the voting security bills in 2019.
          https://thehill.com/homenews/h... [thehill.com]
          https://www.usatoday.com/story... [usatoday.com]
          https://www.upi.com/Top_News/U... [upi.com]
          https://www.theguardian.com/us... [theguardian.com]

        • That's just bs. Every republican I know is *screaming* for a paper trail... its the democrats that want wide open standards, no audits, no ID, no paper

          Republicans are screaming incoherently at everything because they don't want to admit they lost the election. The Dominion machines did nothing but scan paper ballots and certain people are still claiming they somehow rigged the election.

          Meanwhile, the original concern about voting machines were the GOP backed Diebold machines that had zero paper trail and could actually lose votes [slashdot.org].

          The Open vs Closed Source distinction is meaningless for voting machines since you can't rely on the machine running the softwa

    • I want the voting machine to print out a piece of paper which has my votes on it, in a way I can personally verify before I drop it in a locked box.

      That is how most states electronic machines work. Go to one machine, make your choices, print the ballot when done, look at the results to be sure they match the choices you made, go to a second machine that tallies the votes.

    • Plenty of voting machines work like that. Obviously you could skip the machine entirely and just mark your vote on paper with a pencil, but somehow people manage to screw that up. Here's the machine being used where I live, it prints out your vote result so you can visually check it, and then you walk over and insert the paper into a scanner while a clerk watches.

      https://www.essvote.com/produc... [essvote.com]

      "handles the entire marking process, eliminating unclear marks and the need for interpretation of the voter

  • The machines must be designed in a way where all code is directly inspectable, and is distributed on roms to all machines.

    It's all well and good to use oss for handling elections, but you can't really say that posting stuff on github is sufficient; I have to trust you that the code you posted is what's running on the machines, and in order to do that I have to be able to access the code on the machine (and it would be bad if I find that I have a way to flip bits while inspecting them).

    The other trust proble

    • by Jeremi ( 14640 ) on Thursday November 03, 2022 @10:10PM (#63023295) Homepage

      The problem is actually both simpler and more difficult than that, because it's not just a matter of coming up with a system that a trained computer engineer would consider trustworthy.... most voters are not trained computer engineers, and the real threshold is coming up with a system that they will consider trustworthy and agree to use.

      For most people, that eliminates just about anything more complicated than indelible-ink-on-paper. You can talk to them about pic24s and cryptographic code signatures and code review and so on until you're blue in the face, but you might as well be talking about elves and faeries for all the good it will do you. For most of them, all the technical explanations will be understood as just a long-winded way of saying "trust me", and many of them won't.

      That doesn't mean we can't use computerized voting systems, but it does mean those computerized voting systems need to commit ballots to paper, so they can be hand-checked when necessary to verify that they are working as expected.

    • No, it's the wrong idea.

      Use well designed paper ballots and manual counting. It works, is incredibly effective and is essentially unhackable.

      • If the vote counters use hand held calculators to add up their tallies then you're introducing a mechanism by which a hypothetical hack could occur and more importantly you're introducing a black box that will be a magnet for conspiracy theories in close races.

        • handheld calculators? What the actual fuck are you taking about??

          The way it's done is have one paper per vote. They are counted in pairs with randomly assigned partners. You make stacks of 10, then stacks of 10 of those etc. Where's the hack?

      • by jjo ( 62046 )

        Manual counting is inaccurate and labor-intensive. Verifiable electronic counting of paper ballots is better and cheaper.

  • What would be nice is if we could get some true cryptographically verified voting [chaum.com] as per Dr. Chaum. Something that can allow people to prove that their ballot was counted, but yet remain anonymous.

    • How do you allow people to verify who they voted for, without giving them a mechanism to get paid for their vote? We already have systems in place for people to verify their mail in ballot was received, but once the envelope is opened, the actually voting form and the signed envelope can never be matched back together.
      • by jonwil ( 467024 )

        My understanding is that this system allows you to prove that your vote was counted but not show who you voted for.

  • SO MANY RED FLAGS! (Score:5, Insightful)

    by Gravis Zero ( 934156 ) on Thursday November 03, 2022 @10:00PM (#63023275)

    I decided to take a little peek at VotingWorks and they have their code on github. [github.com]

    Here are my concerns:

    * Everything is written in Python and Typescript. NOTHING IS COMPILED TO BINARIES.
    * Dependencies are pulled via npm, yarn, and pnpm. NO PACKAGE VALIDATION.
    * Boots from a generic/unsecured Debian image you install on a VM from an non-validated ISO image. WTF?! THAT'S NOT SAFE AT ALL!
    * It runs a service on AWS. WHAT IDIOT THOUGHT THAT WAS SMART?!

    They are presuming there are no bad actors in these huge open source ecosystems. Everything about this is wrong.

    • by ljw1004 ( 764174 )

      Here are my concerns: (1) Everything is written in Python and Typescript. NOTHING IS COMPILED TO BINARIES. ...

      I understand the rest of your concerns but not this one. Why would an interpreted language be any greater a risk than a compiled language?

      • I almost modded you funny :-)

        If the web server is compromised, the attacker can change anything in the program with a text editor. With a compiled language, they would need access to the source code. While it is possible to hack binaries, it is not only vastly more difficult to do.

        This is also an argument against public open source software for zero compromise applications. For most applications, having the open source community review security is good enough and arguably better than most closed source
        • It is almost 2023 and we have mofos on here advocating for security-through-obscurity. SMH

          • Just to be clear, my comment does not advocate a reliance on security by obscurity alone. I assume you missed the sentence "For most applications, having the open source community review security is good enough and arguably better than most closed source code."

            If zero compromise is a goal, code review with third party assessment by a certified and qualified assessor and signed binaries is required. Allowing anyone to branch and modify code that is then used to replace a trusted system's code is a simple a
      • Why would an interpreted language be any greater a risk than a compiled language?

        * Reliance on an interpreter to execute which could be compromised at any stage (including runtime).
        * No code signing.
        * Static program analysis becomes impossible.

  • According to security experts, the most important thing is to always have an auditable paper trail!
  • by whit3 ( 318913 ) on Thursday November 03, 2022 @11:12PM (#63023379)
    Brazil, in the early days (1996?) gave access to source code
    for auditing, and accepted signatures in the executables, on all their
    'new' voting machines. No network, naturally;
    without physical access, you couldn't hack them.
    And, hacking would invalidate the signatures.

    So far, the scheme has worked. There's a lot of noise claiming fraud,
    but... good evidence says not.

  • by RoccamOccam ( 953524 ) on Friday November 04, 2022 @04:56AM (#63023631)
    According to CBS News (https://twitter.com/CBSMornings/status/1588135189183713282), virtually everyone involved in this project and everyone commenting on this story are "election deniers".

    CBS and @macfarlane assert without reason or sense here that if you want election audits, or use your right to object to a state's electors, or even if you oppose *unconstitutional* changes to election laws, that makes you an "election denier."

    • The whole thing is foolish at best so it makes sense that it would attract the election morons but since it's about the tabulation machines (not really a voting machine-- hell, you could call a mechanical pen a voting machine) those nuts are going to cling onto it.

      Any computer system requires experts who have to be relied upon as a holy man for each group who believes in their abilities and honesty. A voting system must be so simple an idiot can follow what is going on which means it can't rely upon ANY te

  • hat has given rise to a roster of unfounded conspiracy theories about elections and their fairness. New Hampshire's experiment with open-source software is meant to address exactly that

    And by "you," I mean everyone, not just Republicans or Democrats. An unfounded conspiracy theory has no evidence backing it up. There is PLENTY of evidence backing up the accusation that our elections are highly hackable internally, externally or both. We've known this for two decades; security researchers have consistently p

  • should be reviewable by anyone. Open Source is not really needed. What is required is a law that allows anyone to examine the code and all procedures associated with voting. Proprietary closed source code can still be copyrighted so even if the code was available for inspection by anyone, it would be easy to prove that a rival company had violated your copyright by using your company's code.
  • This whole vote-counting controversy is partly a response to past problems with vote counting in Windham NH and others. See for example https://www.wmur.com/article/w... [wmur.com] TLDR: Ballots were accidentally folded so that the creases ran directly through the circles that are filled in by the voter. That crease caused the optical scanner to misread the vote. The result was a 400-vote error between the machine count and the manual recount. The paper ballots are kept, so manual recounts can be done, but the error w
    • More follow-up details:

      https://www.doj.nh.gov/sb43/documents/accuvote-introduction-20210512.pdf

      NH voters currently blacken little circles on a paper ballot which is then scanned by a machine designed in 1986 using an NEC V25 chip (last made in 2003). It has no OS and most I/O is physically disabled. Results are stored on a battery-backed SRAM card last manufactured in 1998. Firmware is about 20k lines of C and assembly.

      So it's actually a pretty secure and verifiable system. The main problem

  • by packrat0x ( 798359 ) on Friday November 04, 2022 @08:28AM (#63023997)

    To paraphase Stalin: He who votes is unimportant,
    he who counts the votes is important.

    It's nice to have an accurate and secure voting machine, but poll workers
    can add additional votes for those who failed to vote, or they could substitute ballots of those who
    did.

    So while some countries mandate voting to prevent extra ballots from being cast, you still need Poll Watchers.

  • by RogueWarrior65 ( 678876 ) on Friday November 04, 2022 @09:58AM (#63024257)

    The first thing that one needs to understand (and admit to) is that a proprietary voting machine (or vote counting machine) cannot be audited. (But but but...) No buts. If you aren't allowed to see the source code and the schematic because it's "proprietary", it can't be audited or verified. (Oh but that's not a problem!) Really? Well, consider this analogy: gas pumps all have stickers on them saying that they have been verified by the local weighs and means department. But that verification process is to dispense known quantities of fuel into a measurement flask. Nefarious individuals knew this and programmed the pumps to dispense those amounts correctly but short it for any other amount. They were busted of course but long after people got screwed. The same methods can be applied to a proprietary voting machine. So, open source hardware and software that includes binary verification with something like MD5 would mitigate this potential problem.

    But what's to prevent someone from duplicating a paper ballot and magically showing up with stacks of them in the middle of the night because they were "found" in the trunk of a poll worker's car? At the moment, nothing. It's really painfully easy to copy current paper ballots. But we do know how to make it really hard to do that. The US Mint has a lot of features to do this. Special paper with those little red and blue hairs in it for one. The seals are reflective. There are verification pens for store owners to use. Beyond that, you'd need to apply a GUID to the ballot and use a sparse table of verified GUIDs so you couldn't just pick a random number.

    Of course, nobody in government is going to want to do any of this because they really don't want to fix the problem. They either want to be able to cheat or they want a political football to distract the citizenry from other issues.

    • But what's to prevent someone from duplicating a paper ballot and magically showing up with stacks of them in the middle of the night because they were "found" in the trunk of a poll worker's car? At the moment, nothing. It's really painfully easy to copy current paper ballots.

      Can you point to a single instance of this actually happening? Because I looked around (albeit briefly) and couldn't find one.

      That's not to say that no one ever has tried to forge a ballot... but there's absolutely zero evidence of this happening at scale.

  • Dominion Voting Systems is almost a perfect how-to-not example for secure elections. Getting everything open source is a good start.
    • Dominion Voting Systems is almost a perfect how-to-not example for secure elections.

      In what sense?

      Getting everything open source is a good start.

      Getting everything open source is completely irrelevant.

      The security of a voting machine is based on a verifiable paper trail.

      If you're relying on a specific version of a code base being run on the unmodified proper hardware then you have no security.

      • Yeah, you need to have hashcodes for the version of software and all sorts of other stuff, not disagreeing with that.
  • Um, is this really that hard to code?

    I don't care what software they use, as long as there is a paper trail of ballots, and by paper trail i mean PAPER ballots that are preserved for a LONG time.

  • If you don't care enough to go to the polling place and fill out your ballot then you obviously don't care enough to vote.

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (10) Sorry, but that's too useful.

Working...