Free as in Vote

Welcome

Article from Issue 215/2018
Author(s):

I get this familiar feeling whenever an election year rolls around. I guess it is kind of like despair mixed with something more proactive, like maybe annoyance. I'm not talking about politics exactly, although I will admit that politics get pretty annoying. What really concerns me now is the backward nature of voting technology and the sense that nothing ever gets done about it.

Dear Reader,

I get this familiar feeling whenever an election year rolls around. I guess it is kind of like despair mixed with something more proactive, like maybe annoyance. I'm not talking about politics exactly, although I will admit that politics get pretty annoying. What really concerns me now is the backward nature of voting technology and the sense that nothing ever gets done about it.

The vote-counting fiasco of the US 2000 election was 18 years ago. Since then, numerous studies have shown that our voting machines are insecure, and we have uncovered evidence of foreign powers attempting to hack our voting systems. If you're wondering "why isn't this problem fixed yet?" you're not alone.

It is fair to say that some (though not all) of the very worst machines have been retired in recent years, but other systems that have some pretty severe problems are still in active use. Many voting machines use software from the 1990s – including obsolete OpenSSL implementations and unpatched versions of Windows XP. And because these systems are all proprietary and closed source, the world has no way to audit them and see how broken they really are. At the recent DEF CON conference in Las Vegas [1], testers revealed numerous security issues with voting machines in use today. One had an SSL certificate that was five years old. Another had an easily accessible memory card, which an attacker with physical access could swap out, exploiting software vulnerabilities to get control and change vote totals. These stories come back every year, typically before an election, and everyone gets shocked; then after the election, the problem floats back down to the end of the priority queue.

In the midst of all this grim news, one very interesting and hopeful development is the ongoing work of the TrustTheVote project [2] and its parent organization, the Open Source Election Technology (OSET) Institute [3]. TrustTheVote is an effort to design a complete framework for the voting process, including registration, voting, and counting, that is logical, unified, sensible, and secure. OSET's Election Technology Framework will be based on open standards, so everyone in the world will know how it works, and the powerful crowd-sourcing capabilities of the open source development model will provide universal auditing and feedback to ensure that the system remains secure and up-to-date.

OSET and TrustTheVote are interested in the engineering. Instead of serving as just another voice in the room, they want to build the system that the other voices are talking about. As they state on their website:

  • No lofty academic research papers
  • No congressional testimony
  • No reliance on bureaucracy
  • No endless public debates
  • No TV news talking heads

Their focus is on "designing, developing, testing, and making available real production-ready and more trustworthy election administration software."

OSET and TrustTheVote have no intention of acting as vendors or distributors of voting machines. Their mission is to build a software framework that is then available to any vendor who wants to use it.

The voting machine industry in the US is mostly controlled by three companies, and those companies have changed very little over the years. In spite of all the negative publicity, no market forces have actually caused them to stop selling their cryptic, invisible systems to non-technical election officials. But open source software has great potential for disruption.

If the TrustTheVote project succeeds in bringing their framework into the discussion, voting machine vendors will have to make a choice. They can cooperate with TrustTheVote, integrating the universal election platform into their systems, and probably achieve vast savings in development costs, but they will need to give up some of their capacity for secrecy and competitive obfuscation.

On the other hand, if they insist on continuing to market their archaic, black-box systems, they will risk losing business to mainstream vendors such as HP, Oracle, and IBM, who will be perfectly happy to integrate TrustTheVote's framework rather than having to develop their own.

The Election Technology Framework is still a work in progress. According to the website, the current timeline calls for TrustTheVote to deliver "… production candidate election management systems plus ballot casting and counting devices for test and evaluation with the goal of being ready for deployment in the 2020 election cycle." Much has already been accomplished, but much work remains.

The TrustTheVote project could use more volunteers, especially volunteers who understand the importance of open standards and open source software. Of course, they also welcome donations, but another gift you can give to the TrustTheVote project is your awareness. Visit their website, send the link to your friends, and let the world know that we really do have a chance for better election security if concerned citizens tune in.

Joe Casad, Editor in Chief

Infos

  1. US Voting Systems: Full of Holes, Loaded with Pop Music, and Hacked by an 11-Year-Old: https://www.theregister.co.uk/2018/08/13/defcon_election_vote_hacking/
  2. TrustTheVote: https://trustthevote.org/
  3. Open Source Election Technology Institute: http://www.osetfoundation.org/

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Welcome

    The nature of the print publishing industry demands that I write this column some time before you read it. The first copies go on sale two weeks after our deadline, and, depending on where you live in the world, you could be seeing this issue one month or even two months after these words reach layout. Print publishing lives on because it has many admirable qualities, but low latency is not one of those benefits. This introduction is my graceful way of apologizing that what I'm thinking about now is probably not what you're thinking about when you read this. I'm thinking about the election in the US, which is happening the very day I write this column. You already know who won, and you are happily free from having to think about it, but maybe you should.

  • OpenSUSE Project Welcomes First Community Elected Board

    When polls closed at exactly 12 UTC last Saturday, the openSUSE Project had chosen its first community elected board.

  • Brazil to Use Linux-based Voting System

    The Brazilian election authority has announced that voting systems based on Linux will be used for the election later this year.

  • Comment

     

  • Steve McIntyre is the New Debian Project Leader

    The results of the election are confirmed: Debian veteran Steve McIntyre has won the Debian Project Leader (DPL) election in the third round of voting.

comments powered by Disqus

Direct Download

Read full article as PDF:

Price $2.95

News