NYT Calls For Open-Source Election Machines

anti-drew writes "The New York Times Magazine has an interesting editorial (free reg. req.) calling for open-source voting machines. From the article: 'Electronic voting has much to offer, but will we ever be able to trust these buggy machines? Yes, we will -- but only if we adopt the techniques of the 'open source' geeks.' That's quite an endorsement coming from the Times. Of course, one of the justifications was that open-source enthusiasts are 'libertarian freaks, nuttily suspicious of centralized power', who would 'scream to the high heavens if they found anything wrong'."

One armed bandits...

[Anonymous Coward]

That comment reminds me of a history book of Las Vegas which noted the distrust that regular gamblers had against the electronic one armed bandits, who much preferred the electromechanical machines.

Another argument

[gregmac]

I think a strong argument that you could put forward would be that the current system of manually counting votes is the equivalent of 'open source'. Everyone knows what they do (count votes), and how they do it (by looking at each one and recording the number). I believe you can even watch them do it, if you'd like. Open source is pretty much the equivalent. You can see what the code is doing, and how it's doing it.

well.. not completely true

[Haydn Fenton]

alas, my memory fails me yet again (please, no lame 'upgrade' jokes), i know my explanation will suck due to lack of facts, but here ya are anyway;

there was *some guy* who placed some code into a compiler once, so that even if there was no malicious code in the actual souce, once compiled, the executable had a block of code enabling the original author to do things (i.e. a backdoor). if i remember correctly, even if you were to recompile the compiler, the code would once again be placed into the compiler (and therefore future copies of the executable), i know its extremely unlikely that it will happen in this case, but im just pointing out that it can happen.

Some reasons why this is a good idea

[cluge]

One of the biggest problems with voting machines is cost per use. Voting machines are relatively" expensive and are used at most twice a year, and often only once every 2-4 years. If they aren't being used, they are simple taking up room in storage (which costs money).

Cost Advantages:
NOW as distros like knoppix [knoppix.org] have proven, putting a full featured desktop on a CD is possible. That being said - putting your "voting machine" on a CD, and using standard PC hardware makes a lot of sense. You don't have to buy a bunch of larg proprietary machines that only get used ones in a while. The CD's can be verified. If one is careful it would even be easy to use hardware already in place - or obsoleted hardware. Such a system would also use a simple standard printer to print an encrypted voter verification (audit) record in case a recount is requested. This should eliminate the long standing problem with most other electronic voting systems (no real audit trail).

Development is spread out over a large not for profit group of programmers with the end result being free. The only real cost is the certification procedure each state decides to institute - and thus it is the state that becomes accountable. If a states procedures are not robust enough to catch dangerous bugs then it's their own fault. I would think that several states go in together and split the certification costs. Since the buy in price is almost nothing (essentially media) the states have more money to play with and spend on voter training AND certification.

Considering Diebold and others - this seems like a natural, easy and simple solution.

Ask not what your country can do for you, ask what you can do for your country - Come up with a simple, secure, reliable voting system on a CD that will boot from standard PC hardware.

SIDE NOTE: If my county uses electronic voting machines that do not have a paper trail - then I will vote by absentee ballot. I would STRONGLY urge any US voter to do the same.

cluge
AngryPeopleRule [angrypeoplerule.com]

Companies can still make money with open-source

[foidulus]

voting machines. Someone has to provide tech support in case something goes wrong, or barring being able to fix it, idemnity. And who better to do that than the people who made the code?
Just because something is OS doesn't mean that everyone is going to steal your trade secrets. If I were on a local voting comittee, I would almost certainly give the contract to the developer, because their people have the most experience with the machines.
Food for thought for Diebold, but who am I kidding. It will take a long time before people come to see open source as something more than just a bunch of punk kids who don't know how to make money.

Open source is only the start

[YrWrstNtmr]

Publically verifiable code. Sure. The geeks who can read and understand it will, far more than current distros and projects. If only for the novelty.

But then what is needed is a strict, multiparty custody chain, to ensure that the specific, compiled, verified code, as well as the machines it is run on, are what was actually verified.
it does no good to verify codebase X, if what finds its way to the machines is codebase Y

No Paper Trail, No Confidance.

[Suburbanpride]

I voted on one of the new Deibold machines here in San Diego, and it didn't instill much confidence in me, thanks to everything I had read about Diebold. but even if the machine was open source, it still wouldn't make me confidant unless there was a paper trail. It was spooky just go up to a console, insert a card and hit a few buttons. It didn't feel like voting.

As bad as the old punch card system were, I liked the feeling of knocking out a chad, and then being able to see an actual physical representation of my vote.

With the amount that counties are already spending on these machines, it can't cost much more to add a printer.

200 year tradition of open source method

[wombatmobile]

In Australia voters get a piece of paper and a pen.

Uh.............. that's it.

The counting takes a lot less time than it took the New York Times to organize the Florida recount, and the method supports unlimited error checking.

Votes wouldn't be lost under this program

[Stevyn]

They'd just be under /dev/null

Actually, regular voting is open source if you think about it. The ballot is checked off and goes into a box Everyone can see the process and how it works. Using proprietary machines is like giving your vote to an employee of a private company who hauls them off in a van and then reports the tally. If these machines were based off open source software, then you could possibly have a huge number of developers working on the project in their spare time that diebold could never compete with. Think of how many people would be going through the code to find mistakes.

I don't think we should imediatley switch over, but slowly as to allow many people the chance to look over the code and find bugs or backdoors. The system doesn't need to be that overly complicated either. We're not talking about installing a huge linux environment on these but rather something from emebeded linux.

Going open source shouldn't be the issue here, it's why we went to a closed source like diebold that is what's the question.

Auditing is the real problem

[5n3ak3rp1mp]

If every one of these voting machines printed out a line on some old dot-matrix printer in another room the instant every vote was cast, a technical difficulty would be a minor inconvenience instead of the catastrophe it is now, due to the audit trail. Cringely hints as much in this column: No Confidence Vote: Why the Current Touch Screen Voting Fiasco Was Pretty Much Inevitable [pbs.org]

What about india?

[mindstrm]

I mean, they are a democracy that's voting population absolutely dwarfs the US of A.

THey have an electronic system that, although not impervious to fraud, is simple, elegant, and cheap, and gets the job done. The systems are so simple that it would be very difficult in practice to actually cheat.. and if you could doctor one machine, the damage you could do would be quite limited.

Security vs Obscurity

[Gathers]

"If you take a letter, lock it in a safe, hide the safe somewhere in the city and then tell someone to read the letter, that's not security. That's obscurity. On the other hand, if you take a letter and lock it in a safe, then give someone the safe along with the design specifications of the safe and a hundred identical safes with their combinations so that he and the world's best safe crackers can study the locking mechanism - and you still can't open the safe and read the letter - that's security."

- Bruce Schneier in his book Applied Cryptography

Re:Exactly

[shepd]

Q: Should we end emacipation?

A: ( ) YES / ( ) NO

Re:Yeah, right

[SiMac]

The New York Times had an unlimited subscription to LexisNexis. They said that Lamo ran a certain amount of money's worth of LexisNexis subscriptions, but this was only if he had been paying by the search. To the New York Times, all this cost absolutely nothing.

Re:Yeah, right

[senatorpjt]

Apparently, since Lexis-Nexis likes the New York Times so much, they charge $100 per search, rather than the $7 they charge everyone else.

Re:So how do you prove...

[DunbarTheInept]

The solution is to use a checksum of the code in the following fashion:

Rule 1 - The voting hardware and OS must be rather uniform, with only a few variations for regional preferences (it wouldn't be fair to force a small precinct to be forced to buy an overpowered version intended for high-volume voting places, therefore there would be a few different configurations available, but the number of allowed combinations of hardware and software must be discrete and small in number, not something where you can just put together whatever parts you want all willy-nilly.)

Rule 2 - The entirety of the machine, including the OS and the voting software on top of it, must all be considered a single 'thing' for the sake of verification. (i.e. if you have a third party verify a setup, then that setup is verified ONLY on that exact configuration. For a second configuration of hardware, a seperate verification is needed.)

Rule 3 - When a third party verifies that the system is good, they take a checksum of *everything* including the OS. (basically, do a checksum of the root directory, recursively descending everything under it.)

Rule 4 - The list of checksums of verified systems is given to voting poll station workers. When the system turns on, the first thing you do is run an automated checksummer on it (from a boot floppy or something like that, which is external to the machine itself and removable - and therefore is not part of the system itself, and is produced by different people entirely). When it spits its number out, compare that against the list of known "good" checksums. If it's on that list, the machine is safe and can be used. If it's not, then this fact must be logged, and a call must be made to the elections board, and the machine must not be used that election day (and must be inspected later when there's time to see what the problem is and determine if something untoward was being attempted.)

I'm picturing that the list of known "good" checksums would only have 5 or so numbers on it. Basicly, it's a mechanism to allow for upgrades and improvements or to allow for a few different hardware configuration options for different sized polling precincts.