Skip to comments.Microsoft Muscles the NYS Legislature (Software giant moves to weaken NY Election law)
Posted on 06/17/2007 10:46:20 PM PDT by dayglored
(Bo Lipari is the Executive Director of New Yorkers for Verified Voting, http://www.nyvv.org/)
Microsoft, the 800 pound gorilla of software development has moved forcefully into New York State, supported by voting machine vendors using Microsoft Windows in their touch screen voting machines and other systems. Over the last two months Microsoft and a cadre of high paid lobbyists have been working a full-court press in Albany in an attempt to bring about a serious weakening of New York State election law. This back door effort by private corporations to weaken public protections is about to bear fruit.
On Thursday, June 14, I recieved a copy of proposed changes to New York State Election Law drafted by Microsoft attorneys that has been circulating among the Legislature. These changes would gut the source code escrow and review provisions provided in our current law, which were fought for and won by election integrity activists around the state and adopted by the Legislature in June 2005. In an earlier blog I wrote about Microsoft's unwillingness to comply with New York State's escrow and review requirements. Now the software giant has gone a step further, not just saying we won't comply with your law but actively trying to change state law to serve their corporate interests. Microsoft's attorneys drafted an amendment which would add a paragraph to Section 1-104 of NYS Election Law defining election-dedicated voting system technology.
Microsofts proposed change to state law would effectively render our current requirements for escrow and the ability for independent review of source code in the event of disputes completely meaningless - and with it the protections the public fought so hard for...
(Excerpt) Read more at nyvv.org ...
Microsoft, which already refused to escrow its software in violation of this law, is now dismantling the law itself.
And lest you think, "Oh, they're just protecting their American intellectual property", let me remind you that Microsoft WILLINGLY GAVE THEIR SOURCE CODE TO THE CHINESE COMMUNISTS a while ago to try to prevent the Chicoms from developing an open-source alternative. The Chicoms got to read the software that Microsoft refuses to let Americans see.
Microsoft consistently donates more money to liberal Democratic candidates than to conservative Republicans -- this should not surprise anybody, but it should factor into how we view this decision to give American proprietary software to the Chicoms, while changing American laws so that if it screws up the next presidential election, American voters can't find out what went wrong.
We should be very concerned.
You may find this ping-worthy.
His argument is total BS. Read carefully what MS is proposing. They are saying that if someone builds a voter app to run in their environment that MS doesn't have to release the environment to the government or anyone else for independant review. This would remove the ability for pretty much anyone to get a look at MS's operating system source codes.
IE - if you build a voting machine app using pocket PC software, you still have to release the code - which anyone who knows software can reconstitute on a pocket PC environment and verify it works as it is suppose to.
The developer of the voting machine equipment themselves don't even have access to the environment source. MS is just doing this so that people can use their awesome development tools/environment and compete with those who are not.
His concern is about whether the ballots that are cast are counted and verified. Others are concerned with who gets to cast a ballot. The fact that he concentrates on one aspect doesn't invalidate his position, any more than if it were the other way around and he worried about IDs and not how the votes were counted. Your criticism is specious.
> His argument is total BS. Read carefully what MS is proposing. They are saying that if someone builds a voter app to run in their environment that MS doesn't have to release the environment to the government or anyone else for independant review. This would remove the ability for pretty much anyone to get a look at MS's operating system source codes.... IE - if you build a voting machine app using pocket PC software, you still have to release the code - which anyone who knows software can reconstitute on a pocket PC environment and verify it works as it is suppose to... The developer of the voting machine equipment themselves don't even have access to the environment source.
You are saying you don't care whether the software that runs the voting machines in America works correctly or not. I think that's blind and foolish. Software -- all software -- has flaws and errors. They're unavoidable. In something as crucial as counting votes in an election, there MUST be a way to find out if the software has made mistakes, and the only way to do that is to have access to source code.
> MS is just doing this so that people can use their awesome development tools/environment and compete with those who are not.
I have worked with Microsoft's development tools and environments professionally and privately for the past 18 years. I think you're confusing "awesome" with "bloated", but that's a different argument.
You are discounting flaws in the kernel...
where most of the exploit attempts would target.
Elections source code must be reviewable all the way down to the machine language source code. Memory calls at the hex and binary levels must be reviewable by independent experts.
What you are suggesting, and what MS is lobbying for, leaves huge holes open for low level memory buffer overflow exploits, and memory capture/alteration exploits and other attacks at boot up before the OS loads the election software program into memory.
From the assigned RAM that holds the election software’s tallies, the OS must control all hardware and memory switches that move that information out to external hardware, be it a memory card or ethernet connection or whatever. All of that must be reviewable by independent experts. The ENTIRE chain of custody of the information in memory must be 100% secure. MS is lobbying for a small fort to be built amongst a countryside full of thieves.
You've confused two very different things:
1. Whether something is analytically correct.
2. Whether something produces an expected output.
They are not the same. It's entirely possible to produce expected results with an incorrect process. So saying that you can reproduce and verify results, while a useful test, is not the same as knowing that the results were obtained using the correct procedure. As a trivial example, I claim to have a software program that produces squares of numbers. You test it by inputting "2", and sure enough you get "4" as a result, so you say "It works". But inside, the source code is not doing "x^2", it is actually doing "x+2". It just happened that for your test, the result was the same.
You cannot take an incorrect system -- one with errors in the source code -- and "test it until it works". That is what you propose to do with the Windows-based voting machines. I prefer to be able to know that the voting machine is doing the correct thing, analytically, by looking at the source code.
And if you think that the only errors of concern are those in the application, that the underlying operating system can't introduce subtle errors into the application running over it, then you are completely naive with regard to software. People looking to corrupt our voting machine software will aim for the underlying operating system.
I have no background in software engineering/computer science and am intrigued by this thread and your post. Are you saying that the ‘environment’ (I’m assuming this means the operating system and software environment that a software developer would use to build their own programs) is capable of altering the ‘intent’ of the software that uses it? Would this have to be done by altering the ‘environment’ after the election software was written, or could something be written into the source code that would corrupt any election software that uses it? I apologize if this is a ridiculous question.
> Are you saying that the environment (Im assuming this means the operating system and software environment that a software developer would use to build their own programs) is capable of altering the intent of the software that uses it?
> Would this have to be done by altering the environment after the election software was written, or could something be written into the source code that would corrupt any election software that uses it?
Either one, or a third option. It's quite possible to know about a weakness in the operating system, and exploit it after the voting machine is in place, causing the voting app to register incorrect votes, even if the application itself were written correctly.
> I apologize if this is a ridiculous question.
Not ridiculous at all -- it's the crux of the issue. Namely, if you can't see what's going on in the operating system, you cannot have full faith in the application.
Thanks for explaining this.
Don’t forget, if a company is using Windows CE it has access to most of the source code anyway. Modified to fit a voting machine, that code would still be subject to review. But modified for a platform that is also the basis for a voting machine, it would not.
So, Company A makes ATMs using Windows CE. Company A then uses the same hardware for their voting machine and drops their Windows CE implementation in the voting machine. Ta-da, many lines of operating system code the vendor had free reign to modify at will, and none of it subject to review.
Imagine if we were doing critical math equations (say they’re running a nuclear reactor) on a system, and all the software’s been thoroughly audited for this use, but you’re using an early Pentium processor and you’re not allowed to test that for accuracy.
You hit it on the head. dayglored has much more experience in the field than I, and gave a good reply.
This will only pass through pure strongarming and palm greasing, it’s a simple and straightforward concept that has been given alot of media time in NY State after the 2004 elections.
Anyone interested further can look at http://www.votingmachinesprocon.org/
it gives both sides of the debate, though it hasn’t mentioned the NYState lobbyist bill yet on the website...
Sure, but I wanted to avoid sparking a religious flamewar about operating systems, so I stuck to the transparency aspect -- since a closed proprietary microcontroller would also have the same problem as Windows.
But yes, a simpler system would be easier to characterize and analyze. And putting any mission-critical application over Windows is just asking for trouble. There are damn few analytically-correct operating systems; Windows is certainly NOT one of them.
> That they'd even be thinking about a Windows-based system for this means that the people working on this are either utterly, grossly incompetent, or are already planning subversion of the voting process.
I agree completely. I hope it's merely gross incompetence, but somedays, it's hard not to start thinking about tin-foil hats... ;-)
I hadn't yet thanked you for your excellent comment above in #5:
> What you are suggesting, and what MS is lobbying for, leaves huge holes open for low level memory buffer overflow exploits, and memory capture/alteration exploits and other attacks at boot up before the OS loads the election software program into memory... From the assigned RAM that holds the election softwares tallies, the OS must control all hardware and memory switches that move that information out to external hardware, be it a memory card or ethernet connection or whatever. All of that must be reviewable by independent experts. The ENTIRE chain of custody of the information in memory must be 100% secure. MS is lobbying for a small fort to be built amongst a countryside full of thieves.
Quite so. Those of us who have at one time or another had to use core (memory) dumps to locate "live" data and read values off the CPU stack during procedure calls, know only too well how easy it is for a malicious program to get into the memory of a running computer and alter, add, remove, all sorts of data, with the application completely unaware that the ground is shifting under it.
You said it more succinctly --
All of that must be reviewable by independent experts. The ENTIRE chain of custody of the information in memory must be 100% secure.Microsoft is trying to make it easier for the bad guys to corrupt and control American elections. We ignore this danger at our peril.
Voting machines shouldn’t run on any common OS at all.
Windows isn’t suitable for ATMs, certainly not for vote tabulators.
I was once toubleshooting the prototype of a PowerPC embedded system and it had a memory problem during bootup. So one might have said,
“PowerPC code corrupts RAM. Absolute PowerPC code corrupts RAM absolutely.”
OK who in New York State is going to look at Windows operating system source code and verify it? This is a joke. We’re not talking about Fourier transforms and teraflops here. We’re adding up integers, one at a time. How much dependency is there on the O/S for that? A PC Junior could handle this and not break a sweat.
ROFL that's more outrageous than your first post claiming Chinese have access to the source code but no Americans do. Funniest of all is you support free software like Linux being legally copied, renamed and resold as "Red Flag" in China. Me personally I don't agree with any electronic voting mechanism, nor with Microsoft's proposal, but your unadmitted desire to have it switched to Linux which *IS* actually available to everyone for tampering is hysterical.
Ignoring your comment about 'unadmitted desires', that you can't possibly know, i have to agree with you on electronic voting.
No matter WHAT operating system is used, mischief is easily accomplished, and not so easily detected.
Our leaders really weren't thinking after the 2k election. What we need is a LOW tech voting system...paper ballot and pencil, hand counted.
If ABCCBSNBCCNNFOX, don't like being able to predict results 10 minutes after voting is completed, tough $#!t.
Permanent marker, not pencil, but otherwise I fully agree. Technology is a wonderful thing, but it isn't always the right answer.
1) The original poster suggested this had some tie-in with MS supporting Democrats and this being a tool for them to tilt elections to the Ds. This clearly is not. This is about allowing MS (and also Apple!) developers to participate in the voting equipment market. Technical arguments aside, this is not a political thing, it's a business thing.
2) To my ears, the claim that MS's operating systems are inherently too unreliable to be used in a voting equipment machine sounds a lot like 'Bush lied, troops died.' One of those things that so many seem to accept but when examined is clearly false. So many devices out there use an embedded MS product and it is demonstrably reliable.
3) Voting equipment vendors aren't intentionally choosing an expensive development environment (from MS or Apple) over a free one (*nix) if they didn't determine the decision was, over-all, worth it.
4) You do not need the source code to verify that an OS is authentic. MS would probably co-operate with the state to allow them some kind of check-sum or similar authentication system to determine that the voting equipment machines are not running a broken/hacked OS.
5) These devices are incredibly hard to hack. IF you are worried about the MS devices being hacked, you have to be equally worried about the open-sourced ones being hacked. How do you verify that the code that is deposited is the same code that is on the actual machines? How do you verify that the code isn't hacked after it is installed on a machine? Pretty much every rational objection here being made to allowing an MS device ALSO APPLIES just as much to purely OSS application.
> ROFL that's more outrageous than your first post claiming Chinese have access to the source code but no Americans do. Funniest of all is you support free software like Linux being legally copied, renamed and resold as "Red Flag" in China. Me personally I don't agree with any electronic voting mechanism, nor with Microsoft's proposal, but your unadmitted desire to have it switched to Linux which *IS* actually available to everyone for tampering is hysterical.
Actually, GE, the Communist government of China WAS given copies of Windows source code by Microsoft. They handed copies to their Communist programmers to "evaluate", to make sure the American's weren't hiding backdoors and such. That means they crawled through it, every line. I'd think you'd remember that, it was a big deal a few years ago. Meanwhile, virtually no Americans can look at it, even with an NDA signed in blood.
And no, I don't think Linux is the best OS for voting machines. An embedded RTOS, or something based on BSD, would be my preference, since those are more readily secured. Many flavors of each of those are available in open source so they can be examined.
I don't have any problem admitting my desires: I want to be able to see the process by which my vote is collected and tallied, whether by computer or by paper ballot.
Only as a response to Linux, it being *completely* open source and fully available to the Chicoms with *no* obligation whatsover, not to mention according to the reports 100% of the Windows source wasn't even provided, and even then anyone who wanted to review had to come to the US and register to do it. Check the reports from Russia in my posting history, this is nothing new to anyone, just your poorly veiled attempt to attack Microsoft when you are a known proponent of "open" source yourself.
Meanwhile, virtually no Americans can look at it, even with an NDA signed in blood.
This is simply inaccurate, and further proof you're trying to blame Microsoft for not releasing their code, when releasing source code is something you actually support.
Many flavors of each of those are available in open source so they can be examined.
LMAO. Since you already forgot, this was your supposed complaint against Microsoft - that it was too open. But, just as I guessed, you now instead propose something that is completely open and free to anyone - BSD. Did you really expect to fool anyone? LOL.
in an early post you stated
"ROFL that's more outrageous than your first post claiming Chinese have access to the source code but no Americans do."
you thought that it was so funny that someone would say that the chinese had access to the source code that you were "ROFL."
now in this post you stated
"Only as a response to Linux,"
did you JUST now found out about this or did you really think someone wouldn't call you at on that?
come GE, you know better and you usually do better.
sidenote: IMO BSD would be a good choice, it is secure and you could add some final security without having to tell anyone what they are. a perfect mix of open and closed source.
a perfect system would be electronic with a paper roll that would be viewable but not able to be removed to act as a backup.
You actually think I just found out about "shared source"? As I said, check my posting history, this is old news, it's Microsoft's response to "open source", but not near as open. What's laughable is watching the open sourcers accuse Microsoft of giving something to the Chicomms, when their open source plan is based on giving them everything. Is that not a dirty disguise or what.
that well and good but why did you say this
“ROFL that’s more outrageous than your first post claiming Chinese have access to the source code but no Americans do.”
if you knew better?
argue all you want, it made you look stupid when you turned around a few post later and acknowledge that it was in fact true.
and on your second point, the purpose of linux is not to give code to the chicomms no more then the purpose of microsoft is to have the OS crash every day and infested with viruses. it is just the nature of the each given OS.
ROFL! Dave going postal again, open source fanatics are such a hoot. I didn’t acknowledge it was true, he obviously mischaracterized and twisted the truth, while trying to hide the facts. Microsoft doesn’t give all of their code away, and especially not more to foreigners than Americans as he claimed. The fact you boys support “open” source which does in fact give everything away to everyone on earth for free makes your supposed complaints about it absolutely ridiculous. If you can’t see the blatant hypocrisy on your own bug someone else for an explanation.