Favorite Files

No favorite files added yet

Recent Posts

1. Comment - Could open source be the solution to the e-voting debacle?

   (Aug 9, 2008 - 5:56 PM)

   Open source is a false solution, as several computer security experts have repeatedly warned.
   
   In July 2007, California tested Sequoia:
   
   Manual source code inspection is laborious, time-intensive, and costly. A rough estimate is that a trained software engineer can inspect approximately 100 lines of code per hour, under optimal conditions. If team members did nothing other than read source code for hours on end—something that few developers can sustain for any length of time—then it would have taken us over a year just to read all of the source code. (CA TTBR Sequoia Source Code Review, p.4)
   
   NY State Board of Elections Co-Chair Douglass Kellner explains:
   
   “Fighting fraud carried out by code is also particularly expensive. Some e-voting systems run on 150,000 lines of code and to uncover whether fraud has occurred, or by whom and how, requires an army of programmers, a number of years, and millions of dollars. Even then, there is no guarantee that their examination will produce results."
   
   Rice University professor of computer science, Dan Wallach, advised in 2007:
   
   "This is a classic computer security problem. Whoever gets into the machine first wins. So if the Trojan horse software is in there first, you ask it to test itself -- it will always lie to you and tell you everything is fine. And no matter what testing code you try to add after the fact, it's too late. It can now create a world where the testing software can't tell that the machine has been compromised, even though it has...."
   
   Even the National Institute of Standards and Technology admits that open source is no solution:
   
   "[E]xperience in testing software and systems has shown that testing to high degrees of security and reliability is from a practical perspective not possible." (NIST) 2006
   
   Wallach testified Before NIST in 2004:
   "[W]hile 'logic-and-accuracy testing' can sometimes detect flaws, it will never be comprehensive; important flaws will always escape any amount of testing."
   
   California’s Top to Bottom Review Red Team Overview report drives the point home:
   
   "The use of computers in performing voting and tallying introduces serious concerns about the integrity and confidentiality of the voting process."
   
   Open source is no solution; software driven devices have no place in honest elections. Software can be changed without detection. It is the worse possible technology for honest elections.