26

Sooo...it's only sort of programming related, but I figure it's election day, right? Is there a single good reason why they aren't, not necessarily open source in that anyone can contribute, but open source in that anyone could inspect the source?

Robert Gamble
  • 106,424
  • 25
  • 145
  • 137
shsteimer
  • 28,436
  • 30
  • 79
  • 95

12 Answers12

40

Voting machines aren't open-source because lobbyists for the "electrical till" industry successfully hoodwinked politicians not qualified to make technology choices into buying their snake-oil. This was accomplished with a mix of anti-FOSS FUD and good ol' fashioned bribery campaign contributions.

Update: I will try to post links here from time to time that show how vendors respond to critical examination. Feel free to add your own. (Pro-OSS–only: "the man" can make his own post!)

erickson
  • 265,237
  • 58
  • 395
  • 493
  • And the FUD isn't even really necessary. Government IT projects are invariably designed to funnel contracts to the big, lobby-friendly vendors and consultancies; the idea of just doing it properly and cheaply oneself using open-source or commodity software is alien. – bobince Nov 04 '08 at 16:14
  • I don't think that funneling to big, lobbying contractors will ever change. However, I have seen more acceptance of FOSS in government contracts in the last few years, which is nice. Consideration of COTS, at least in the DOD, is starting to include FOSS. They used to be quite hostile to use of OSS. – erickson Nov 04 '08 at 16:18
  • 2
    You might wanna post some references if you're gonna post such a strong theory. I'm not saying its not probable but its too easy to just shrug and state: "oh yea the man's corrupt innit?" – Quibblesome Apr 21 '09 at 15:23
  • 2
    You are right, Quarrelsome. I was at the peak of my biennial "voting machines suck" cycle back in October and struggling to think rationally. I've added one example of the stunts vendors pulled, but I will continue to add links here as I find them. – erickson Apr 21 '09 at 17:01
25

In Belgium, the sourcecode for the voting machines is freely downloadable.

Dave Van den Eynde
  • 17,020
  • 7
  • 59
  • 90
7

In the context of this discussion, you might find this paper interesting:

Secret-Ballot Receipts: True Voter-Verifiable Elections

It's written by David Chaum, the cryptographer responsible for DigiCash, among other things. From his bio page on Wikipedia, I also found End-to-end auditable voting systems.

Update! Now it seems we can see if this really works: First Test for Election Cryptography.

Looking back in time now, I've read a couple of articles on the experiment in Takoma Park, and this system actually seems different from the one described in the original paper. However, it is still by David Chaum, and still supports the end-to-end audit properties. The system is called Scantegrity II.

Don Wakefield
  • 8,693
  • 3
  • 36
  • 54
  • Awesome. I wish it was dumbed down a little bit. I'm still not entirely sure how your "vote" can be tallied from the web copy of your receipt. – Joe Phillips Oct 10 '09 at 02:36
6

The reason they aren't open source, is because, as Kent mentioned, it wouldn't help. You could open source the code. But there's no way to ensure that the voting machine you are using is actually running the code that is open sourced.

Kibbee
  • 65,369
  • 27
  • 142
  • 182
  • Well, yes, but that is irrelevant. The intent of open-sourcing it is mainly for public verification of soundness of the implementation, not for increasing trust in the integrity of the software company. – Svante Nov 04 '08 at 17:40
  • Kibbee, supposing the voting machine was not running the code that was open sourced, there would be no shortage of media persons looking for open sourcers (who are in no short supply) who could easily prove that the binaries on the machine aren't the same as the one's that were open sourced. Open sourcing voting machines is a great step in the right direction. – Agnel Kurian Apr 21 '09 at 15:32
  • 1
    You could allow a small percentage of all the machines be randomly chosen by Miley Cyrus and then examined (hash comparison?) by Donald Knuth. – Joe Phillips Oct 10 '09 at 01:13
4

There is no reason that open source code is better than closed source in this case. How you voted must always remain a secret for obvious reasons. The ONLY real safeguard is the paper trail.

I WORKED with these machines and if so inclined I would have made malicious code that flips votes the way I wanted after 10 cast ballots to defeat whatever ridiculous Logic and Accuracy tests were thrown at the machine before deployment (We never went past one test vote).

Randomly pick a certain percentage of machines and compare the paper trail to the electronic tally. If Diebold had been confident of its machines then they would have insisted that this be the last step in any election.

DiningPhilanderer
  • 2,737
  • 3
  • 25
  • 29
  • Your having WORKED on these machines doesn't change the fact that closed source systems aren't VERIFIABLE. 6 votes! You six fellas stand in a line now and take what's coming. – Agnel Kurian Apr 21 '09 at 15:27
  • Though opening the source for these machines doesn't make them more reliable in itself, it does open up the security to more eyes, making a potential security hole much more likely to be announced and closed. Though I agree that some people will try to exploit the software, there are larger masses who would work to secure the system out of interest for fair elections, so I think you'd far outweigh the downsides of this move, and you'd improve trust in the system itself. – SqlRyan Apr 21 '09 at 17:28
2

Security Through Obscurity!

Brian
  • 25,523
  • 18
  • 82
  • 173
1

the problem is opensourcing the software would be a no-op.

They don't have any decent cryptography, and there has been demonstrated and relatively easy ways to contravene them simply by hot-swapping a ROM chip in the voting booth, or Having a device that augments the records in the record cartridge.

@Mnementh The bad cryptography and the possibility to swap the ROM-chip has nothing to do with open-sourcing the code? So there is the point?

There are only 3 logical reasons for opensourcing this code:

  1. To put under scrutiny how the votes are counted to be certain its doing it right.
  2. For somebody to be able to modify that code for their own needs.
  3. To put the software into public domain so public committers can improve on it.

Points 1 and 3 are blown out of the water in terms of usefulness and "proving your vote counts" because you have no assurance that the code you are seeing/improving runs on these devices.

So that leaves only condition 2 being useful, and as you are not going to own your own voting machine, and have no need for one for anything more than nefarious causes or to simply prove their vulnerability.

For the majority of cases all it would mean is that there would be more information publically available on how to contravene these machines, so you would no longer need physical access to one in order to attempt reverse engineer their software and develop compromised ROM chips for use in said devices, grossly reducing the barrier to entry for the compromise of the voting system.

Granted, even in a non-opensource state this information can still leak, and you just have a false sense of security because you assume "theres no leak, I am safe", but on the contrary, if you open source it people will assume "hundreds of people have looked at the source code, I am safe" which is an equally bad false sense of security.

People are looking for a silver bullet safe way of voting, and sadly, there is none. Not without growing a race of purified peoples whom are brought up by non-committal monks in isolationist shrines to have a breed of people simply for the task of witnessing and counting votes accurately, whom are trained to be amoral and can't be bribed to switch the vote.

( It would sort of be like the 'dark angel' series except with voting agents instead of assassins, and we all know how that show works out, one of them would go rouge, we'd trust them, and they'd screw us all )

Kent Fredric
  • 56,416
  • 14
  • 107
  • 150
  • The bad cryptography and the possibility to swap the ROM-chip has nothing to do with open-sourcing the code? So there is the point? – Mnementh Nov 04 '08 at 15:57
1

Because politicians buy them. Anything politicians get their hands in goes to shit, because 99% of the time they're only experience is in running for office, not doing things like adequately vetting hardware and software.

Also, kickbacks.

The truth hurts, doesn't it?

  • Well, it might be like that in your country, but don't generalize for the whole world. – Barth Nov 04 '08 at 16:11
  • No, I'm sure your rulers are all benevolent and only have your best interests at heart. –  Nov 04 '08 at 16:12
  • 1
    Yeah! Polititicians suck. They never manage the country correctly. Oh, btw: Software developers suck, too. My computer always crashes. And dentists suck, I got an aching tooth. Seriously: You really don't think politicians are human? Just a reminder: Ghandi is a politician, too. – soulmerge Apr 21 '09 at 15:29
  • 1
    I KNOW they're human. But look around--there are lots of people who think they are superhuman, and place in them superhuman power. People think that driving more money and more power into the hands of politicians will somehow solve all our everyday, mundane problems. I suggest you read The Road to Serfdom if you believe this. –  Apr 21 '09 at 17:06
1

There is no specific reason not to open-source the software (and even opening the hardware-layout) of voting machines. It has no security impact, as some try to state, because if closed or open source, the ROM can be switched. The machine need some sort of verifier to check, if the code loaded is really the one certified for the election. Open-Sourcing would make no difference.

Mnementh
  • 50,487
  • 48
  • 148
  • 202
  • I believe that open source would make a difference. Currently, voting machine vendors have no incentive to innovate. An open source project could address the problem that you cite by implementing a verifiable voting scheme. The downside is that verifiable votes lend themselves to vote buying. – erickson Nov 04 '08 at 16:08
  • That could be the case. But open-sourcing has no direct impact on security. – Mnementh Nov 04 '08 at 16:11
  • Good point, for the company that is there to sell machines - unless their sales base is braniacs, what good it do them tell everyone how system works? Probably, though coutner-intuitive, sellers of the machine grasp that gummints would think disclosure weakens the crypto. Therefore, sellers of equipment leave development of crypto-systems for voting to open discussion on, what? -> government funded universities .... maybe one day we can all be Section 8's – Nicholas Jordan Oct 10 '09 at 03:23
0

So far, most replies have been technical in nature, but most likely, voting machines are not open source because the company under contract to develop them has no incentive to make them open source.

If a company develops an open source voting system, anyone came come around later to support that system. And, quite honestly, I doubt the government would accept the equivalent of a SourceForge project as the basis for an entire election.

Perhaps there should be an honest-broker authority that oversees the development of an open-source voting system, and contributors to that system should be vetted before they can view or commit source code.

David Koelle
  • 20,726
  • 23
  • 93
  • 130
0

Because if they were they would not be able to blame inaccurate votes on calibration-errors on the touchscreen.

0
  • The people responsible have a "security by obscurity" bad meme stuck somewhere
  • The people building the software don't want to help competitors
  • The people building the software fear embarrassment
  • There are not enough people in the legislative process who understand the flaws in all of the above
Svante
  • 50,694
  • 11
  • 78
  • 122