RSSCould open source be the solution to the e-voting debacle?
By Michael Hatamoto | Published August 7, 2008, 3:01 PM
The chaos from the 2000 presidential election in Florida, and subsequent e-voting controversies, has left voters skeptical. So a former engineer from Intel and Borland has designed a new, open system to give voters peace of mind.
SAN FRANCISCO (BetaNews) - Engineer Alan Dechert and his team have created the Open Voting Consortium, an organization aimed at creating and offering open voting systems that can be trusted by voters. Rather than attempt to tinker with a voting machine already in use, Dechert and company created their own voting system from the ground up.
During the LinuxWorld Conference and Expo, LinuxWorld attendees had the chance to participate in a mock presidential election that offered insight into how elections would work with this system in place. After using a mouse to click through the ballot, a voter prints a copy of her ballot, which will include bar codes. Each ballot can be manually counted, be electronically photographed, or have its bar codes scanned to record the vote.
The paper ballots are stored in a box and can be later manually counted if a problem arises. An election worker then can print a tally sheet at the end of the day, which also has a barcode.
The barcode standard used by the voting machine is a common standard that can be scanned by the majority of scanners used today, Dechert told BetaNews during LinuxWorld. A numerical sequence is hidden in the code, and each bar code is unique so it is impossible to count it twice.
The system can operate on a regular PC, and there is no need to invest in expensive equipment. Most of the systems shown at LinuxWorld were $190 PCs and $70 printers, which is significantly cheaper than the voting machines used today, whose prices start at $3,000.
Dechert hopes to have the Consortium's voting machine certified by 2010, and the city of San Francisco has expressed interest in them, he said. Several other Bay Area voting jurisdictions are interested in learning more about the system and how soon it could be rolled out. Dechert said deploying the system in national elections will be a mission for the future; in the meantime, it will need to pass a stricter certification and be more closely analyzed.
There has been considerable controversy over the past three years as to whether or not open source e-voting software is beneficial to security. Open source supporters, including Dechert, believe the application's code can be analyzed for any security flaws or issues, and then be fixed by the open source community. Other analysts and researchers, however, contend that the open nature of the system will expose potential vulnerabilities to a wider community of malicious users.
However, an open source e-voting system would also let county and municipal governments avoid being locked into long-term contracts with e-voting manufacturers. Along with the long-term, expensive contracts involved when a government deals with private companies such as Sequoia Voting Systems and Premier Elections Solutions, they've also been unwilling to allow independent parties to determine the accuracy and integrity of their systems.
Open source is a false solution, as several computer security experts have repeatedly warned.
In July 2007, California tested Sequoia:
Manual source code inspection is laborious, time-intensive, and costly. A rough estimate is that a trained software engineer can inspect approximately 100 lines of code per hour, under optimal conditions. If team members did nothing other than read source code for hours on end—something that few developers can sustain for any length of time—then it would have taken us over a year just to read all of the source code. (CA TTBR Sequoia Source Code Review, p.4)
NY State Board of Elections Co-Chair Douglass Kellner explains:
“Fighting fraud carried out by code is also particularly expensive. Some e-voting systems run on 150,000 lines of code and to uncover whether fraud has occurred, or by whom and how, requires an army of programmers, a number of years, and millions of dollars. Even then, there is no guarantee that their examination will produce results."
Rice University professor of computer science, Dan Wallach, advised in 2007:
"This is a classic computer security problem. Whoever gets into the machine first wins. So if the Trojan horse software is in there first, you ask it to test itself -- it will always lie to you and tell you everything is fine. And no matter what testing code you try to add after the fact, it's too late. It can now create a world where the testing software can't tell that the machine has been compromised, even though it has...."
Even the National Institute of Standards and Technology admits that open source is no solution:
"[E]xperience in testing software and systems has shown that testing to high degrees of security and reliability is from a practical perspective not possible." (NIST) 2006
Wallach testified Before NIST in 2004:
"[W]hile 'logic-and-accuracy testing' can sometimes detect flaws, it will never be comprehensive; important flaws will always escape any amount of testing."
California’s Top to Bottom Review Red Team Overview report drives the point home:
"The use of computers in performing voting and tallying introduces serious concerns about the integrity and confidentiality of the voting process."
Open source is no solution; software driven devices have no place in honest elections. Software can be changed without detection. It is the worse possible technology for honest elections.
Score: 0
Pretty good idea it seems. If this works they just need to boot the electoral college. Who are those people anyway.
Score: 0
And what was wrong with paper and a pen?
If people can't do that properly then they don't need a vote (obviously other provisions for disabled people).
Put and x in the box.
How hard can it be?
Score: 0
Paper and pen means hand counting, which is time consuming, prone to errors, and unnecessary unless there is a close vote. Paper ballots should only be used as a backup, for audit purposes.
Score: 0
I say round them up on the market place and have them vote by raising the hand. Has the added benefit of all the dissidents being assembled right in front of the chopping block.
Score: 0