NYT Calls For Open-Source Election Machines 302
anti-drew writes "The New York Times Magazine has an interesting editorial (free reg. req.) calling for open-source voting machines. From the article: 'Electronic voting has much to offer, but will we ever be able to trust these buggy machines? Yes, we will -- but only if we adopt the techniques of the 'open source' geeks.' That's quite an endorsement coming from the Times. Of course, one of the justifications was that open-source enthusiasts are 'libertarian freaks, nuttily suspicious of centralized power', who would 'scream to the high heavens if they found anything wrong'."
One armed bandits... (Score:2, Interesting)
Another argument (Score:5, Interesting)
well.. not completely true (Score:2, Interesting)
there was *some guy* who placed some code into a compiler once, so that even if there was no malicious code in the actual souce, once compiled, the executable had a block of code enabling the original author to do things (i.e. a backdoor). if i remember correctly, even if you were to recompile the compiler, the code would once again be placed into the compiler (and therefore future copies of the executable), i know its extremely unlikely that it will happen in this case, but im just pointing out that it can happen.
Some reasons why this is a good idea (Score:5, Interesting)
Cost Advantages:
NOW as distros like knoppix [knoppix.org] have proven, putting a full featured desktop on a CD is possible. That being said - putting your "voting machine" on a CD, and using standard PC hardware makes a lot of sense. You don't have to buy a bunch of larg proprietary machines that only get used ones in a while. The CD's can be verified. If one is careful it would even be easy to use hardware already in place - or obsoleted hardware. Such a system would also use a simple standard printer to print an encrypted voter verification (audit) record in case a recount is requested. This should eliminate the long standing problem with most other electronic voting systems (no real audit trail).
Development is spread out over a large not for profit group of programmers with the end result being free. The only real cost is the certification procedure each state decides to institute - and thus it is the state that becomes accountable. If a states procedures are not robust enough to catch dangerous bugs then it's their own fault. I would think that several states go in together and split the certification costs. Since the buy in price is almost nothing (essentially media) the states have more money to play with and spend on voter training AND certification.
Considering Diebold and others - this seems like a natural, easy and simple solution.
Ask not what your country can do for you, ask what you can do for your country - Come up with a simple, secure, reliable voting system on a CD that will boot from standard PC hardware.
SIDE NOTE: If my county uses electronic voting machines that do not have a paper trail - then I will vote by absentee ballot. I would STRONGLY urge any US voter to do the same.
cluge
AngryPeopleRule [angrypeoplerule.com]
Companies can still make money with open-source (Score:4, Interesting)
Just because something is OS doesn't mean that everyone is going to steal your trade secrets. If I were on a local voting comittee, I would almost certainly give the contract to the developer, because their people have the most experience with the machines.
Food for thought for Diebold, but who am I kidding. It will take a long time before people come to see open source as something more than just a bunch of punk kids who don't know how to make money.
Open source is only the start (Score:4, Interesting)
But then what is needed is a strict, multiparty custody chain, to ensure that the specific, compiled, verified code, as well as the machines it is run on, are what was actually verified.
it does no good to verify codebase X, if what finds its way to the machines is codebase Y
No Paper Trail, No Confidance. (Score:5, Interesting)
As bad as the old punch card system were, I liked the feeling of knocking out a chad, and then being able to see an actual physical representation of my vote.
With the amount that counties are already spending on these machines, it can't cost much more to add a printer.
200 year tradition of open source method (Score:3, Interesting)
In Australia voters get a piece of paper and a pen.
Uh.............. that's it.
The counting takes a lot less time than it took the New York Times to organize the Florida recount, and the method supports unlimited error checking.
Votes wouldn't be lost under this program (Score:5, Interesting)
Actually, regular voting is open source if you think about it. The ballot is checked off and goes into a box Everyone can see the process and how it works. Using proprietary machines is like giving your vote to an employee of a private company who hauls them off in a van and then reports the tally. If these machines were based off open source software, then you could possibly have a huge number of developers working on the project in their spare time that diebold could never compete with. Think of how many people would be going through the code to find mistakes.
I don't think we should imediatley switch over, but slowly as to allow many people the chance to look over the code and find bugs or backdoors. The system doesn't need to be that overly complicated either. We're not talking about installing a huge linux environment on these but rather something from emebeded linux.
Going open source shouldn't be the issue here, it's why we went to a closed source like diebold that is what's the question.
Auditing is the real problem (Score:3, Interesting)
What about india? (Score:3, Interesting)
THey have an electronic system that, although not impervious to fraud, is simple, elegant, and cheap, and gets the job done. The systems are so simple that it would be very difficult in practice to actually cheat.. and if you could doctor one machine, the damage you could do would be quite limited.
Security vs Obscurity (Score:2, Interesting)
Re:Exactly (Score:2, Interesting)
A: ( ) YES / ( ) NO
Re:Yeah, right (Score:2, Interesting)
Re:Yeah, right (Score:3, Interesting)
Re:So how do you prove... (Score:3, Interesting)
Rule 1 - The voting hardware and OS must be rather uniform, with only a few variations for regional preferences (it wouldn't be fair to force a small precinct to be forced to buy an overpowered version intended for high-volume voting places, therefore there would be a few different configurations available, but the number of allowed combinations of hardware and software must be discrete and small in number, not something where you can just put together whatever parts you want all willy-nilly.)
Rule 2 - The entirety of the machine, including the OS and the voting software on top of it, must all be considered a single 'thing' for the sake of verification. (i.e. if you have a third party verify a setup, then that setup is verified ONLY on that exact configuration. For a second configuration of hardware, a seperate verification is needed.)
Rule 3 - When a third party verifies that the system is good, they take a checksum of *everything* including the OS. (basically, do a checksum of the root directory, recursively descending everything under it.)
Rule 4 - The list of checksums of verified systems is given to voting poll station workers. When the system turns on, the first thing you do is run an automated checksummer on it (from a boot floppy or something like that, which is external to the machine itself and removable - and therefore is not part of the system itself, and is produced by different people entirely). When it spits its number out, compare that against the list of known "good" checksums. If it's on that list, the machine is safe and can be used. If it's not, then this fact must be logged, and a call must be made to the elections board, and the machine must not be used that election day (and must be inspected later when there's time to see what the problem is and determine if something untoward was being attempted.)
I'm picturing that the list of known "good" checksums would only have 5 or so numbers on it. Basicly, it's a mechanism to allow for upgrades and improvements or to allow for a few different hardware configuration options for different sized polling precincts.