A Really Open Election [OSS voting machines]

NY Times ^ | Published: May 30, 2004 | Clive Thompson

[ScuzzyTerminator]

A Really Open Election

By CLIVE THOMPSON

Published: May 30, 2004

This fall, as many as 20 percent of American voters will be able to cast their ballots on A.T.M.-style electronic voting machines. But to put it mildly, these machines -- where you simply touch a screen and a computer registers your vote -- have not inspired much confidence lately. North Carolina officials recently learned that a software glitch destroyed 436 e-ballots in early voting for the 2002 general election. In a Florida state election this past January, 134 votes apparently weren't recorded -- and this was in a race decided by a margin of only 12 votes. Since most of the machines don't leave any paper trail, there's no way to determine what actually happened. Most alarmingly, perhaps, California's secretary of state recently charged that Diebold -- the industry leader -- had installed uncertified voting machines and then misled state officials about it.

Electronic voting has much to offer, but will we ever be able to trust these buggy machines? Yes, we will -- but only if we adopt the techniques of the ''open source'' geeks.

One reason it's difficult to trust the voting software of companies like Diebold is that the source code remains a trade secret. A few federally approved software experts are allowed to examine the code and verify that it works as intended, and in some cases, states are allowed to keep a copy in escrow. But the public has no access, and this is troublesome. When the Diebold source code was accidentally posted online last year, a computer-science professor looked at it and found it was dangerously hackable. Diebold may have fixed its bugs, but since the firm won't share the code publicly, there's no way of knowing. Just trust us, the company says.

But is the counting of votes -- a fundamental of democracy -- something you want to take on faith? No, this problem requires a more definitive solution: ending the secrecy around the machines.

First off, the government should ditch the private-sector software makers. Then it should hire a crack team of programmers to write new code. Then -- and this is the crucial part -- it should put the source code online publicly, where anyone can critique or debug it. This honors the genius of the open-source movement. If you show something to a large enough group of critics, they'll notice (and find a way to remove) almost any possible flaw. If tens of thousands of programmers are scrutinizing the country's voting software, it's highly unlikely a serious bug will go uncaught. The government's programming team would then take the recommendations, incorporate them into an improved code and put that online, too. This is how the famous programmer Linus Torvalds developed his Linux operating system, and that's precisely why it's so rock solid -- while Microsoft's secretly developed operating systems, Linux proponents say, crash far more often and are easier to hack. Already, Australians have used the open-source strategy to build voting software for a state election, and it ran like a well-oiled Chevy. A group of civic-minded programmers known as the Open Voting Consortium has written its own open-source code.

But if our code were open, wouldn't cyberterrorists or other outlaws be able to locate flaws and possibly rig an election? Well, theoretically -- except that it's highly unlikely that they could spot an error that escaped thousands and thousands of scrutineers. Indeed, it may be far easier to infiltrate a private-sector company and tamper with its software. Diebold, after all, kept quiet about the bugs it found in its programs -- including one that subtracted more than 16,000 votes from Al Gore in a single Florida country during the initial vote counting in the 2000 election. Open-source enthusiasts, by contrast, are precisely the sort of people you'd like to see inspecting the voting code; they're often libertarian freaks, nuttily suspicious of centralized power, and they'd scream to the high heavens if they found anything wrong.

From the classification of documents to the refusal to name detainees, the Bush administration's actions show a high regard for secrecy. In essence, it's hiding its code, too. Inside such closed systems, nasty things can happen, as we're learning to our chagrin. Perhaps a blast of open-source candor is exactly what America needs right now.

[ScuzzyTerminator]

Commies taking over our elections ping

[inflation]

Yep! Lord knows that the public doesn't have any right to know how election results are computed. What do they think we are, a republic?

Commies!

[weegee]

Diebold, after all, kept quiet about the bugs it found in its programs -- including one that subtracted more than 16,000 votes from Al Gore in a single Florida country during the initial vote counting in the 2000 election.

This was the same Floriduh that used a butterfly ballot and antiquated punch machines? Who knew that they also had computer ballot boxes?

[dr_who_2]

I beg to differ. Sounds like the worse thing that could happen is that certain programmers who noticed dangerous flaws in the software could hold their tongue and exploit the flaw during an election. But then someone who knows about exploits that are possible with Diebold machines could do the same thing with commercial machines. I think though that the more eyes there are looking at the code, the better. In my experience, "trade secret" code is frequently labelled that way because the company doesn't want customers to know just how crappy it is. The important thing to do in order to make it work is to address all the problems before the election. Could be tough going on the first election, but bugs do get hammered down over time--provided that the system isn't scrapped after two years in favor of something completely new.

[ScuzzyTerminator]

We don't differ.

Security applications just should not be proprietary trade secrets. From a customer's perspective, vender secrecy can not add any value and may very well compromise security.

This does not mean that only "free" software is good. Publishing source code does not lose copyright or patent protection. Diebold can publish their code and still retain all rights to it. Publication does give away trade secrets but, by all accounts, Diebold's only secret is, as you delicately put it, how crappy its code is.

[backhoe]

Crosslinked:

-The Vote Fraud Archives--