Seeking The Source For Ireland's E-Voting System

WeeBull writes "Michael Cunningham from p45.net tried to request 'the source code of the electronic voting system first used in Ireland's May 2002 general election, plus any supporting technical documentation supplied to the Department of Environment and Local Government including the functional specifications' under Ireland's Freedom of Information legislation. The result wasn't what he expected ..."

Now that's creepy.

[JanusFury]

They don't even have the source code to software they used to run their elections?

Doesn't that mean that IF there was any fraud during the elections, that it is now impossible to prove whether or not it had to do with the software? Since the government doesn't have the actual code, any code they get from the authors in the future cannot be proven to be the code used in the election...

What a mess.

Re:Now that's creepy.

[afidel]

While it can't be proven all one would need to do is ask for the compile options, compile it with the same compiler and then compare the compiled version to the one they have from the election (assuming that they do have a copy, which they possibly do not considering that it appears they merely use the machines from this election software firm.) I believe that like encryption election code is one area where full public disclosure is absolutly necessary to assure that they system is operating as expected. The fact that the election commision in Ireland handed the auditing over to a private company is sure lunacy.

Re:Wow.. this is unusual

[Anonymous Coward]

It is unusual for a large software purchase to not involve at least code escrow giving the purchaser some hope of salvaging their systems if the supplier goes out of business. This isn't a few copies of Office they are talking about. That's not the same as the code being open, of course; It sounds very irresponsible to me that they have implemented such an important (and undoubtedly expensive) system without securing access to the code somehow.

Re:Wow.. this is unusual

[TheToon]

The voting system is the backbone of a democratic system. This is the number one indicator that a nation has taken the step forward and joined the democratic fold.

It needs to be auditable. It needs to be verifyable. To the full extent.

Look at the mess in Florida in the last US presidential elections. The system there worked as everything was on paper, so they just needed to go through all the ballot notes and re-count and re-evaluate them. After the extensive re-counts and press and public auditing of the result, it was found to be correct.

How can you do that audit if you don't know the system? And the only way to know a computer based system is to have all the information about it available, including source code.

Even more problems...

[Teancum]

I can tell you that if I were told that I had to provide source code for a product to compare against a compiled version for legal reasons (such as this case, where election results can be compared) in an after-the-fact case where binaries were produced by a compiler compared to the original...

I'd have to quit my job immediately (probabally not tell my employer that I'm quitting either, just not show up to work), grab my family, max my credit cards/home equity loans, donate my household furnishings to charity (like Salvation Army), and move to a non-extraditable country in a real hurry.

Really. I can't even imagine the legal BS you'd have to go under if something like this came up after an election was contested by powerful interests. If something like this had happened in Florida during the last U.S. Presidential election, people would have gone to jail, even if they had been completely honest and just "doing their job".

The best possible outcome in something like this is that the developer would be made the sacrificial lamb in the following witch hunt, given a felony criminal record, and serving a year or two in jail.

Well, the best outcome would be that the government would admit that it screwed up, and the company that made the elecion equipment would back the software developer throughout the whole legal mess that would still mean a couple of years of being a legal assistant rather than a software developer.

Maybe I'm just being paranoid, but I think with some of the past employers that I've had I would have been dumped immediately and the blame fixed straight on me. I've had to deal with lawyers as it is because of contract disputs, and I can't even imagine what it would be like in a public firestorm where this would really be an issue.

Re:software used in belgians elections

[dglaude]

What we don't have is the documentation, the compiler used, the checksum of the binary used during the election, ... Nor do we have the proof that this was the code really in use.

Check the code for yourself [wiki.ael.be]

Re:Expectations

[blibbleblobble]

Why not, for the sake of simplicity, just take all the ballot-papers, ship them off to a company in the Netherlands, and they can phone us and tell us who won the election? Does anyone else see a problem with this method of vote-counting?

Given that there is a problem with such a system, how about shipping all of the votes off to a secret black box designed and built by a company in the Netherlands, which phones up a central computer and tells us who won the election?

There's a reason that votes are counted in public, and it's not just the entertainment value.

Re:Expectations

[isorox]

There's a reason that votes are counted in public, and it's not just the entertainment value.


Sssh, you'll give them an idea for the next "reality TV" program.

Re:Wow.. this is unusual

[cduffy]

That's not to say all paper trails are broken, just that we need a better one.

If the voting machine prints out a piece of paper that says unambiguously in black and white (in text, and maybe a cryptographically signed barcode) exactly whose vote it represents, then you can't have that kind of situation unless the voting machine is tampered with or broken (and since the voter can look at the piece of paper it prints before they put it in the ballot box, they can verify that it's (at last in plain text) giving the vote that they want.

Not enough.

[Pendersempai]

Why would we want the source code in the first place? It's probably not motivated by a GPL-like desire to build on it; rather, it's an attempt to verify the validity, honesty, or security of the code involved.

But at the point where one is concerned about a grand conspiracy to rig national elections and control the government, viewing the source is not nearly enough.

Imagine that we vote electronically in ominous black boxes once per year, and the boxes tell us who our leaders are. You request the source code to these voting machines, and the government gives you some source code. As far as you can tell, it's valid. But what guarantee do you have that that code is actually running the black boxes?

As I see it, there are three main possible points of failure. The manufacturers of the boxes could distribute the machines with false election code pre-installed, the government could substitute such malware to remain in office, or a technician specializing in the repair of the machines could covertly substitute the code. The three are not equiprobable, but in any of the three cases, requesting the source code does not address the problem. Even if you mandated that the boxes themselves display their own code, quinelike, on a screen before you vote, you still have no guarantee that the code displayed is the code in operation.

How is this any worse than a system of punch-cards or a mechanical voting box? Because these other mechanisms are hard-wired and validated locally before the election commences. Re-wiring them on a massive scale is not feasible. The same is not true of a more versatile solution like electronic voting; such could be rigged to behave correctly in all pre-election tests and revert to its more insidious behavior on election day during polling hours.

If you're worried about a conspiracy, requesting the source code is not nearly enough. You'd need a system designed specifically to thwart tampering, even by its creators. And even so, you can only solve for one or maybe two of the possible points of failure. Allowing electronic black box voting assumes a certain amount of trust in the system. I don't know how much trust is necessary, but if one is worried enough to request source code, one shouldn't accept the voting method to begin with.

Re:Expectations

[blibbleblobble]

"Why not, for the sake of simplicity, avoid making bad analogies when the situation is perfectly comprehensible without?"

Because many people, ignoring the evidence on their desktops, make the argument "it's a computer therefore it can't fail"

Many people (technical readers excluded) would be shocked at the idea of trusting one company to count votes, yet would see no problem with allowing a computer programmed by that company to count votes. They've been brought-up to believe that software is something you buy in boxes, and have no understanding that it's possible to get trustworthy (i.e. auditable, open-source) software.

What I would like to see

[3.1415926535]

in an electronic voting system is a printout that gives the time and date of the vote, which candidate I voted for, and a cryptographic signature from the machine. Then the votes are revealed after the election and anyone with a computer can verify the signatures, and I can grep for my vote in the list. Then if everyone checks his own vote, he can raise a big stink if his vote isn't in the list, and he has a printout with a signed vote on it that gives proof of his claim.

Missing the Point

[KMonk]

Every voting system is based on trusting the government. The government runs the election, the voting booths, does the counting in paper elections etc, so no matter what the system - we have to trust that the government is not going to cheat us in anyway. The bottom line is they could if they wanted to ( I realize we could make a super secure system at some point that would bypass this, but the technology is not there yet, or at least the funding for it isn't) I think there is an obvious disadvantage to releasing the source: it lets other people get at the intricate details of the voting process. So if someone outside of the government wanted to screw up the voting, if it's possible you are giving them the resources to do it. We have to trust the government not everyone who can read voting systme code. Also, the government there says they don't have the code... that doesn't mean they couldn't easily get it.

Re:uselections2004.c

[jpmkm]

That would be nice. Actually it would be nice if everyone would just forget about christians(and religion altogether). Two thousand years is quite a long time, and there's no need for religion now.