Dear Linux Magazine Reader,
Some issues facing the open source community are difficult to explain to outsiders, but some are problems the whole world faces. One issue most people care about is the right to vote. What does the right to vote have to do with open source software?
The Open Voting Consortium (OVC) is a group of experts devoted to ensuring that electronic voting systems remain auditable and open in future elections. This mission is actually quite consistent with the open source movement's focus on alerting the world to the problem of private companies controlling critical segments of the economy through proprietary software. In the case of the voting machine business, a few companies control a large portion of the industry, and no one really knows if their software has problems or not, since it isn't freely available for public review. And, as is often the case within the closed circles of closed source, proprietary hardware requires proprietary software, perpetuating a cycle of dependence that keeps the vendor in control.
The OVC identifies the following problems with the electronic voting industry:
- Black Box Secrecy: Computer programs that run election machines and tabulate results are secret and cannot be checked by the public. This invites corruption, and there is currently no way to assure accountability.
- Corporate Control: Large corporations like Diebold and ESS dominate electronic voting machine sales and control our voting software. These companies have a strong influence over processes for approving machines, and they often control whether testing results are even shared.
- No Paper Trail: Electronic voting terminals became popular after the hanging chad scandal in the 2000 US presidential election, but many machines purchased since then have no paper ballot, which makes accurate recounts impossible. Of votes cast in the November 2004 election, 30% were on machines that couldn't be audited.
- No Consistent Data to Check Results: In the US alone, there are 185,000 voting precincts and 800,000 voting machines. Most systems consist of technology cobbled together to minimally meet a patchwork of inconsistent requirements.
- Limited Access: Older style voting terminals posed major problems for the handicapped or the sight impaired. Touch screen voting systems partly remedy this problem but introduce a host of other problems.
The OVC proposes a comprehensive approach to addressing these issues. They have devised a complete system for fair and free electronic voting, and they have even built a prototype voting machine that embodies the project goals.
The open voting machine prints a summary paper ballot for every vote cast electronically. Voters can review their choices in the summary, and those who have difficulty reading can even listen to a spoken version of the summary (generated electronically and played through headphones). The summary paper ballots are placed in a secure ballot box, where they will serve as a cross-check and permanent record of the electronic tally.
Most important, the software used with the system is all open source. It will be subject to public review, it will be freely available to anyone who wants to use it, and it won't be controlled by proprietary interests.
The OVC is headed by a team of computer scientists. I have always thought it was quite a red flag that so many highly qualified professional computer experts are so decidedly under-enthusiastic about the whole concept of electronic voting, and yet, all too often, the warnings of these experts go unanswered. The well-known fiasco of the 2000 US presidential election and the more recent fiascos of the 2004 vote count in Ohio http://www.openvoting.org/files/Conyersreport.pdf make it obvious that something needs to happen – not just in the US, but in every democracy that depends on electronic voting devices.
I encourage anyone who embraces the ideals of freedom and open source software to visit the Open Voting Consortium at http://www.openvoting.org.
Read full article as PDF:Comment.pdf (59.62 kB)
hardware weaknessesjoe casad Sep 22, 2008 6:50pm GMT
Isn't it true that if someone has access to the physical box that they can "own" the box if they want?
While this is true in an abstract sense of any machine, and that many of the common machines are exceptionally bad, it is not impossible to fix many of them. Some run windows as a back end, and leave a memory card slot active in the running system, which is an easily exploitable weakness, but if you just strip the hardware driver out of the software on the system you run on election day, it is possible to plug that hole.
In any serious election polling places are monitored, and while no hardware is uncrackable, it is feasible to make hardware very hard to crack under well monitored conditions, software alone can not solve this problem, but neither can technology. Security requires systems which can be effectively administered and checked by humans, the current hardware/software makes this impossible, changing the software in many cases would make it at least possible to actually have a verifiable election.
Open VoteIsn't it true that if someone has access to the physical box that they can "own" the box if they want?
So what does it matter if the voting software is clean, open, certified, and "perfect", if the voting machines are not secure the accuracy of the vote cannot be assured. There is a report on the net that the current voting machines can be hacked in about 1 minute.
New release comes with better semantic search and improvements to Kontact.
Annual code quality report shows FOSS is more secure at all project size levels.
A new class of problems lets a malicious app pre-configure an invisible privilege update.
New Hack language adds static typing and other conveniences.
New crypto policy system will offer easier configuration and more uniform security.
Ubuntu founder denounces insecurity in proprietary, close-source software blobs.
Vulnerability affects many Linux web servers