Australian Voting Software Goes Closed Source 567
From Diebold's last-minute installation of uncertified software updates on its touch-screen election machines in California (leading to decertification of the company's machines in several California counties) to ethically troublesome relationships between politicians and the companies whose machines count the votes that determine their employment, the possible benefits of electronic voting seem swamped at the moment by objections (from simply prudent to caustically cynical) to its security and integrity.
Within the world of electronic voting, though, eVACS (for "Electronic Voting and Counting System") has been a rare success story both for open source development methodology and for the benefits that electronic voting can offer. The first generation of eVACS (running on Debian Linux machines) was developed starting in March 2001 in response to a request for bids by the Australian Capitol Territory Electoral Commission (ACTEC), and it was done on a budget of only AUS$200,000.
(The Australian Capitol Territory includes Australia's capitol city, Canberra, as well as surrounding suburbs and Namadgi National Park.)
Besides a respectable list of features driven by ACTEC's initial requirements (like support for 12 voting languages, and audio support for blind voters), eVACS has an advantage not enjoyed by many electronic voting systems: it's been successfully, uneventfully used to gather votes in a national election. The election in which it played a part went smoothly, and the eVACS system itself functioned as hoped.
This year, though, ACTEC asked Software Improvement to update the code for future elections, and Software Improvement decided to go them one better -- or, in the eyes of open source enthusiasts, one worse. The notes Ritchie was provided to deliver announced a change to the process under which the code is released; specifically, a switch from an open source license to something the company calls "controlled open source."
According to Software Improvement, simply releasing election-machine code under a liberal license such as the GPL is undesirable for two reasons: it means a loss of the company's intellectual property, and unfettered access could lead to a compromise of the voting system, if a determined cracker could find and exploit flaws in the code. (Software Improvement has not supplied any examples to show that this has happened, however.)
The company's use of "open source" would find little support from organizations like the Free Software Foundation or the Open Source Initiative. Software Improvement's idea of software openness is rather limited. Claiming that open source development is insufficient, even inimical to creating trust in election systems, the company now says that portions of eVACS's codebase will be released only to approved analysts, and in encrypted form, to enable viewing only for auditing purposes, rather than code contribution. Repeated viewings would be reported to the company, and only a limited number of views would be permitted before the code would self-destruct.
After delivering the prepared presentation, Ritchie took a few minutes to react to the changes it announced.
"Six hours ago, while I was reading through this on the plane," said Ritchie, "I was infuriated to read what it actually says."
Ritchie, though, is a computer-literate political science student at the University of California - Davis, and behind the Open Vote Foundation. He said he's decided to resume the project represented on that site, started with the intent to fork and bring to the U.S. the first generation, GPL'd version of eVACS.
"A long time ago, I read the first news report about Diebold, wondered why we didn't have open source election software for our voting machines. Eventually, I found out that Australia had apparently beaten us to it. It seemed like a good thing; the eVACS system was developed and released as GPL code, it was checked and rechecked by computer science people and all kinds of election officials. I said, 'Why don't we bring this to the U.S.? It's GPL, let's do it.'"
So he started the nonprofit Open Vote Foundation to bring the software to the U.S., specifically to California. Ritchie went to the meeting at the California Attorney General's office which resulted in decertification of Diebold machines in that state's 2004 election process, and his involvement in the fight against Diebold's secret-source voting machines is what led him to the open source eVACS; now he finds that the restrictions on the formerly GPL software are "even worse that that on MS's shared source. To call that open source is a bit dishonest."
"As of 6 hours ago," he said, "I've decided to start that again. It's not that hard; I mean how hard is it to say 'add one to this vote'? ... I remembered my old plan, and thought 'Let's take the old Australian code, fork it, and work from that -- and that is still an option. This is the great thing about open source software. If the old lead developer goes insane, you can always fork it, right?"
When is civil disobedience justified? (Score:5, Insightful)
Remember, Americans: Bring your voter registration card, and a sledgehammer for Diebold. They are stealing our freedom to vote, the very democracy over which so much blood has been spilled, and the corrupted political process is encouraging it via awarded contracts and almost silent acquiescence.
This crosses political affiliations and affects all Americans. I strongly believe that this must be stopped it by all means necessary or we will lose the ability to collectively affect the policies of our country, no matter how small your individual voice might be. This is zealous, without a doubt, but not all zealotry is bad. "Extremism in the defense of liberty is no vice." And some things are too important to wait upon the justice system to work, even when it does. Sometimes men must take justice into their own hands.
Live free or die.
More eyes will catch bad/illegal code (Score:5, Insightful)
More eyes checking on the code will find these problems faster than the machinations of a private corporation. Factor in corporate bias and the potential for 'back door' code is immense.
As cited, the CA elections showed how unusable the current offerings of e-machines are.
The only criteria is if it is easy to use, traceable, and accurate.
Fork it. Absolutely. But someone will care? (Score:5, Insightful)
I just hope some government will understand that it's NECESSARY for such software to be FULLY Open Source, to guarantee democracy. How can I trust a device I don't know what is REALLY doing with my votes?
(And if someone is scared by the fact someone can maliciously change the program in the local voting machines just before the election...well,it's enough for THAT election to use a freezed code with a definite SHA1 or MD5 checksum...isn't it?)
The solution is simple... (Score:4, Insightful)
Re:More eyes will catch bad/illegal code (Score:3, Insightful)
And one of the criteria of a successful election is that the votes be untraceable to the voter. It's still a mystery to me, and one of the sources of skepticism to many others.
Re:Fork it. Absolutely. But someone will care? (Score:2, Insightful)
A closed source voting system is the same as the vote counting that goes on behind closed doors.
You just have to hope that those in charge of either method are competent and trustworthy.
Re:More eyes will catch bad/illegal code (Score:3, Insightful)
It's a mystery to you why some people would want to avoid vigelantes and the death penalty over voting for the "wrong" candidate?
Re:When is civil disobedience justified? (Score:5, Insightful)
"Civil disobedience"? I do not think that means what you think it means.
Time to take a few hours and (re)read your Thoreau and Ghandi; damaging voting machines has NOTHING to do with civil disobedience, despite how cool you think that phrase sounds.
Opting out not possible with Open Source (Score:5, Insightful)
Even making motions toward open source without going all the way can result in "pseudo-forking" (I'm posting this from a Gnome desktop which was originally created in response to the original licensing terms of the Qt library upon which KDE was based).
It will be very interesting to see what the next few decades bring to the table in terms of open source business practices. I envision a sort of corporate ethics evolving around the benefits and dangers of open source development, and this can only be a healthy process. Much as I think RMS took leave of his senses in the mid-90s (who didn't), I have to say that he nailed it when he decided that the GPL would have the power to change the software industry. I doubt that any other legal tool has been able to so profoundly shape the future of business since the anti-trust laws of early last century.
Specifications? (Score:5, Insightful)
What language is it written in?
Where is the source kept?
What platforms does it run under?
MoveOn.org is sponsoring a petition drive to urge U.S. voters to demand voter-verified paper ballots that can be audited and recounted if necessary. This is the ONLY solution.
A SECRET ballot means that the association between a specific person and a specific vote cast is vital to democracy. Doing otherwise can very easily lead to vote buying ("I'll pay you $x for proof you voted for my candidate!").
We need a specifications document laying out the requirements for this software, which platforms it runs on, etc.
We also need a copy of the existing code to (a) have a place to start from, (b) provide us something to look at and thus give us ideas for development methodologies, (c) give us a point of reference to use when lobbying congressmen, etc.
This must be on a paper trail so I know who I voted for. Election monitors (the people, one from each party, who literally looked over the shoulders of the people counting ballots in Florida) need to be able to verify the count afterwards in some statistically valid way.
Re:What amuses me. . . (Score:5, Insightful)
Haven't you ever heard the saying "when I die, bury me in Chicago so I can keep voting" ? The Democrats did invent modern-day vote fraud, getting all sorts to vote for them: dead people, illegal immigrants, and in one California case, over 120 people in alphabetical order with identical handwriting signing the voter roll. I found it particularly ironic that Al Gore's team in the Florida recount included Daley, who is from ... CHICAGO!
BTW, the reason that the conservatives aren't screaming bloody murder about unauditable electronic voting is that the chairman of Diebold is a Republican who has pledged to help re-elect George Bush.
-paul
Re:When is civil disobedience justified? (Score:2, Insightful)
Re:When is civil disobedience justified? (Score:5, Insightful)
The flip side of this, of course, is that you'd be unilaterally deciding to deny a large group of people the opportunity to cast a ballot, and possibly voiding an entire election. It's always hard to make an objective determination of where to engage in civil disobedience, but I'd urge you make extremely damn well sure in your own mind about when voting machine vulnerabilities justify your deciding for all of us that we'd be better off with no voting at all.
Certainly if you walk into my polling place and start smashing machines with a sledgehammer, you'll be leaving on a stretcher. I wouldn't count on everyone immediately recognizing you as the hero of freedom that you see yourself as.
SI arguments: YECH! (Score:3, Insightful)
"According to Software Improvement, simply releasing election-machine code under a liberal license such as the GPL is undesirable (because) ... unfettered access could lead to a compromise of the voting system, if a determined cracker could find and exploit flaws in the code."
Let's see: the audited access assures that no cracker can ever see the code, right?
And besides -- if we can't see the three-card-monte-man's hands, he can't cheat us?
The only argument that holds water is the IP/profit explanation I skipped in the quote above.
yech!Re:When is civil disobedience justified? (Score:5, Insightful)
Re:When is civil disobedience justified? (Score:5, Insightful)
If you don't vote, however, you really have no right to complain about the way things work. This is a democracy after all, even if it has its share of problems, and individuals can work to change things, even if they aren't 100% successful.
Re:When is civil disobedience justified? (Score:5, Insightful)
I don't remember who said this: The difference between a patriot and a traitor is success.
Re:When is civil disobedience justified? (Score:5, Insightful)
"Extremism in the defense of liberty is no vice."
An opinions only, not truths. And, one I don't share.
"Sometimes men must take justice into their own hands."
Feel free to come on down to our voting country and try to take something into your own hands. Just don't whine and complain when you have your ass handed to you be people who aren't taking kindly to your presumption that you should determine that they shouldn't vote.
Re:When is civil disobedience justified? (Score:5, Insightful)
Sorry, but this is stupid (Score:3, Insightful)
There is only one issue, and that's hardcopy records. No voting machine should be all electronic. It should spit out a receipt that tells you exactly how you voted. One copy to the voter, one copy goes into a sealed box.
In short, if any cheating occurs, we know immediately. Who cares how the software is developed? The only question is whether it can be verified after the fact.
Re:When is civil disobedience justified? (Score:5, Insightful)
Re:"how hard is it to say 'add one to this vote" (Score:5, Insightful)
The error checking means they can't just say "Our machines gave us 10 billion votes for Bush and 1 billion votes for Gore." Esepecially cause there are not 10 billion americans.
They do things like this:
x votes on this machine every hour total, y votes for candidate A, z votes for Candidate B, w votes for none of the above.
And Diebold does all of this error checking in INCREDIBALLY BAD WAYS.
For example, they do error checking on original data, but make copies of the data. If the original is verified as accurate they approve the COPY, even if the copy is different from the original.
ANd of course there is all the security, which Diebold ignores. They put in back doors, use standard keys/passwords that apply to all the machines they make instead of unique ones (Would you buy a house that had a key that matched every other one on your street???
The simple truth is there is NO excuse for not using paper copy to double check any electronic voting machines except that the republicans are afraid of re-count votes.
They would rather risk election fraud then risk a recount.
The machines are NOT safer or in any way less likely to have bad counts, they have in fact been tested and found to in some cases generate MORE bad votes then optical machines.
"Intellectual Property" says it all... (Score:5, Insightful)
Since when is the process by which we elect our leaders the 'property' of anyone except the citizenry? If a company wants to 'own' a process like that, fine, I just think that is obviously opposite that of a democratic, transparent process.
Surely, most people have an attention span long enough to grasp that simple concept.
To choose or not to choose... (Score:3, Insightful)
Positions for important issues
George Kerry
1.Supports war in Iraq, will add more troops if needed.
2. Strongly supports the Patriot Act
3. Supports Big government spending on various nanny state programs
John Bush
1.Supports war in Iraq, will add more troops if needed.
2. Strongly supports the Patriot Act
3. Supports Big government spending on various nanny state programs
As you can see George Kerry is certainly a better candidate.....
In reality, the only way this situation will change is to start voting for third party candidates. The duopoly has gotten out of hand. The conventions are not even used for discussing the parties postion on issues, nor are they used to select a candidate. They have degenerated into a 3-day infomercial paid for by the taxpayers. I will be voting for Michael Badnarik (Libertarian) this time around as I refuse to eat the corporate dog food. Better a clear conscience and a "wasted" vote than supporting
either of the cluetards...
Re:When is civil disobedience justified? (Score:3, Insightful)
Have you ever actually voted? Because if you had, you would probably know that there are usually various referendums and "vote of the people" items on the ballot that affect you directly and have nothing to do with any political candidate or party (except that they were proposed by one/many). For example municipal bond proposals and tax rates are often added to the ballot.
Re:When is civil disobedience justified? (Score:2, Insightful)
Please, go read that. We'll wait.
Got all that? I didn't think so.
For those too sane to try that exercise, here's a representative sample:
Say what you like about Michael Moore, he's got a point. That is a MESS. Fourty-five whats just became ninety whatevers? Would it not have been easier to read if they had just rewritten the entire phrase they're amending? It goes on and on like that, 402 pages of it, all of it modifying the existing code in these oblique ways. If you submitted a kernel patch like that, Linus would have rejected it out of hand!
Now, I'm not saying they did anything untoward in this machination. I don't know! What I do know is that they made a lot of hey when the Abu Gahrib story broke about everything they did being "100% legal". I don't doubt it! I bet they could enter my house without a search warrant or look at what I've checked out at the library without my knowledge too!
Maybe you're too young to remember the Cold War, but that was what we were told happened in the Soviet Union!
And yes, I will eat my hat and promptly admit I was wrong *IF* this election is monitored by the UN [washingtonpost.com] and when he loses the popular vote AGAIN he leaves quietly. Happily.
Re:What amuses me. . . (Score:2, Insightful)
WHAT PROBLEM ?! Could someone, anyone, please explain what the hell is wrong with a paper ballot and a pen?
Thats the system we use for parlimentary elections in the UK, and it seems to work fine. Arguments about whether voting machines should be closed or open source miss the point. There should not be any voting machines at all.
same thing here.... (Score:4, Insightful)
Anyway, with this article, I still think computerised voting is totally unnecessary, we just plain don't need it, don't need the cost, it is BILLIONS of dollars nationwide, we don't need computers to add simple sums at the precinct level,so just say *no*, no open source, no closed source, no source at all.
Some things computers are good for, others are an expensive hindrance. "Ohh shiny" and "we are in the computar age" don't cut it, computerised voting is "gadgets for gadgets sake", and someone's profits for the hardware and software, not because it's needed. Voting results should be reviewable with any set of biological eyeballs, anything else will be blackbox voting. It's bad enough with the stupid mechanical machines, we don't need anything beyond paper and pen, and a locked wooden box with a slit in the top to receive the ballots, and that's it.
Want to make it more fair? Institute at least a 24 hour voting period, and do the "ranking" method of voting, and have a "no one" option as well.
Typical Microsoft code... (Score:3, Insightful)
Re:Sorry, but this is stupid (Score:3, Insightful)
Re:When is civil disobedience justified? (Score:4, Insightful)
How do you know whether it was counted? How do you know how they counted it? There was a thing in the news the other day about a postcard that was about 20 years late. It fell behind a machine, and when the machine was moved 20 years later, it was found and forwarded by the post office. If your card falls behind a desk and doesn't get found until too late to be counted, how do you know?
There is absolutely no verification whatsoever in today's non-electronic voting systems. So how is it a bad thing when electronic voting is no worse than the current system?
And no, I'm not playing devil's advocate. I can conceive of multiple ways for there to be verification while retaining anonymity with electronic voting that will not work with paper voting. So if you want your vote to count (and you want to know if your vote counted) you should be against paper voting and for electronic voting. Just make sure they don't let Diebold do it.
Re:i don't understand this election software stuff (Score:3, Insightful)
Calculating the outcome is not as simple as "max(...)".
Why not take 5 minutes to find out what exactly the software does before deciding that you are so much smarter/productive than the people who created it in the first place.
Remember to include things like independent code audits...
Worthless unless I compile and install it myself! (Score:4, Insightful)
Paper trail is the only way, open or closed source doesn't matter. If I can walk away with a record of my vote, I'll be happy. If you added a little cash register printer and a roll of tape inside the machine and spot-audit one percent of the machine results, I'll be even happier.
But if I can use an ink marker to make an indelible mark on a piece of paper, and have the paper counted physically by a dozen people, I'll be completely happy.
Paper! Ink! It works!
This whole sorry saga reminds me of a brutally frank piece of advice my Systems Analysis lecturer gave to the class.
"Give your client a number of possible designs for the system. If we were completely honest, one of those designs might be for a purely manual process. But we're computer people, so of course we only provide computer-based solutions."
Comment removed (Score:4, Insightful)
Comment removed (Score:3, Insightful)
Re:When is civil disobedience justified? (Score:3, Insightful)
This is because e-voting adds complexity to the system without actually bringing any benefit to it. It does not make it substantially easier to vote - larger print on the ballots would probably do more in that direction. It does not make it harder to defraud the voters. Since it removes the most convenient audit trail, it makes it easier.
I would prefer that e-voting actually made the process better in some way. Barring that, I would prefer that it not make it worse.
I still don't understand... (Score:5, Insightful)
Problem:
Present a list of voting choices in any number of languages, in audio for those who are blind, give them an opportunity to change their vote if they made a mistake, give them a second (and a third) chance to confirm their vote, and then make sure that their vote is counted.
It sounds like a great application for computers. After all, multi-lingual GUIs are common and practical, and computers give you the chance to change your mind before you finalize the vote.
Solution:
Use the computer to format the ballot, so that you don't have to have different versions for every language, and so that the voter can confirm and reconfirm the votes before finally committing them to a paper ballot. The computer then "fills in " the ovals on the ballot, eliminating improperly filled or inadequately filled circles, at which point the voter can look at the paper and quadruple check that he voted for the right people, and put that ballot into a "dumb" optical scanner that JUST COUNTS. Nothing to tamper with, nothing to worry about - you could have 5 terminals to every counter, which would save money over the current system and would still guarantee (actually enhance) the accuracy of the vote.
It's almost like somebody DOESN'T WANT the vote to be counted properly.
Vote counting must remain labour-intensive (Score:5, Insightful)
Open Source is desirable, but is not in itself a panacea. For example, impeccable code could be published, but something entirely different could be installed.
That is not to say that a paper system prevents dubious outcomes. It's just that they are more likely to come to light, and be contested (as far as a supreme court, maybe...)
Re:What amuses me. . . (Score:3, Insightful)
If you had only gone to see Fahrenheit 9/11, instead of relying on Limbaugh and O'Really to tell you whether it's good or not (use your own judgment for Pete's sake) you would have seen that considerable effort was made, and you wouldn't dare make that accusation.
Those efforts were made in vain.
Re:When is civil disobedience civil disobedience? (Score:2, Insightful)
But now that manufacturing is becoming more and more automated, and the pool of laborers is growing so quickly, labor is worth less and less and less, and physical resources those people sit on is worth more and more.
So as the decades wear on in this century, you can expect violence and genocide to become more and more frequent as responses to civil disobedience of any sort. The people of impoverished country X aren't going to put up with my exploiting them anymore? We'll, just kill them all and import workers from impoverished country Y.
Civil disobedience works with humans, but as society becomes more and more regimented and mechanical, it becomes more inhuman.
Re:When is civil disobedience justified? (Score:4, Insightful)
I won't join the Republican Party, or the Democratic Party, because that would mean I endorse their stranglehold on the American election system. So tell me again: How can my vote (any vote!) have weight?
Unless you're one of the very few actual *members*, you don't really join a party, you register as affiliated with a party. As to the weight of your vote, if you really dislike one party or another, register as affiliated with that party, and then vote for the weakest candidate(s) in the primaries belonging to *your* party. You're allowed to vote for anybody in the general election, so you've doubled the weight of your vote.
So tell me again: Where is the value in my vote?
To me, it seems that if you don't (at least) vote for the lesser of two evils, you've abdicated one of your most basic rights as a citizen and all your rights to complain about the people in power. If you don't vote, don't bitch. You are still entitled to bitch about the people you voted for.
Most elections are local, and from those elections come our future national representatives. Many local elections are decided by a few votes. A recent election here for city council was decided by two votes. If the defeated candidate had managed to get his wife and one other person to vote for him, we'd have a different council. :) That candidate is young and has political ambitions which could include national office, and he'll be back in the next election.
If you want your vote to have any value at all, then use it. If you want to increase the value of your vote, then do your homework and plan how to use it. Finally, if you have an issue you're enthused about, communicate that to people you know, and perhaps give some apathetic people a reason to vote. Again, you've multiplied your vote. You won't always win. That's not a reason to give up. If you don't vote, you are voting for the status quo. I don't care if you're a right-wing reactionary, a left-wing ultra-liberal, or a slashdot-wing libertarian, just do your homework, get stoked about some issue or candidate, and VOTE. The alternative is Not Good (TM) for the country.
Re:Trust the machines (Electoral College) (Score:3, Insightful)
And any state can chose to do this. If you want it in your state, ask for it. Or (if you have initiative in your state), file an initiative and start getting signatures.
However, the winner-take-all nature of most states' choice of electors is part of the original compromise that led to the electoral college.
With either popular-vote selection of the president or a proportional system of selecting voters, one populous state with a corrupt election system swings the election. Winner-take-all means corruption of one state can't override a narrow margin in a large set of small states.
Wiinner-take-all also sets up a situation where the presidential candidates must appeal to both the big AND the little states in order to collect enough electoral votes to win. With proportional voting it's more efficient to go for a big margin in a few large urban areas and ignore the flyover country.
And THAT LAST was why it was created: As a protection for the little states against being swamped by a couple big ones, in order to give them the confidence to sign on with the union in the first place. From the 1780s to today there have ALWAYS been a small number of heavily populated states and a large number of sparse ones. The president is a single officeholder for ALL the states, not just the urban ones. Make it a popular vote and he becomes the president of a few urban coastal cities, creating a political situation more like that of France.
Forking for US version won't help that much (Score:4, Insightful)
So looking at the system might yield some good ideas about how to organise the system (in particular how the sequence of voting and authentication is handled), but I don't think all that much code could be reused.
My thoughts... (Score:3, Insightful)
And how to acertain that those running the system did or did not bias or effect the results in some way?
Maybe electronic voting isnt such a good idea at all? Maybe the safer option is to stick with a paper based situation that cannot easily be fudged ? (that is not to say that a paper based system is also not open to fudging...)
Whatever way, and whatever flaws, the public should have unfettered access to every part of the process at least to the extent that nothing is hidden. Open source and closed source are just as open to abuse as is a paper based system. As much of it remains examinable the better in my opinion.
Nick...