Nation’s "First" "Open Source" Election Software "Released"
SomeTh...@aol.com
Jim Soper
http://www.wired.com/threatlevel/2009/10/open-source/
Nation’s First Open Source Election Software Released
By Kim Zetter
Photo (left to right): Dean Logan, Mitch Kapor, Heather Smith, Debra Bowen, Greg Miller. Courtesy Luke Wooden
LOS ANGELES — A group working to produce an open and transparent voting system to replace current proprietary systems has published its first batches of code for public review.
LOS ANGELES — A group working to produce an open and transparent voting system to replace current proprietary systems has published its first batches of code for public review.
The Open Source Digital Voting Foundation (OSDV) announced the availability of source code for its prototype election system Wednesday night at a panel discussion that included Mitch Kapor, creator of Lotus 1-2-3 and co-founder of the Electronic Frontier Foundation; California Secretary of State Debra Bowen; Los Angeles County Registrar-Recorder Dean Logan; and Heather Smith, director of Rock the Vote.
The OSDV, co-founded by Gregory Miller and John Sebes, launched its Trust the Vote Project in 2006 and has an eight-year roadmap to produce a comprehensive, publicly owned, open source electronic election system. The system would be available for licensing to manufacturers or election districts, and would include a voter registration component; firmware for casting ballots on voting devices (either touch-screen systems with a paper trail, optical-scan machines or ballot-marking devices); and an election management system for creating ballots, administering elections and counting votes.
“How we vote has become just as important as who we vote for,” Miller told the audience of filmmakers and technologists who gathered at the Bel-Air home of film producer Lawrence Bender to hear about the project. “We think it is imperative that the infrastructure on which we cast and count our ballots is an infrastructure that is publicly owned.”
Miller said the foundation wasn’t looking to put voting system companies out of business but to assume the heavy burden and costs of research and development to create a trustworthy system that will meet the needs of election officials for reliability and the needs of the voting public for accessibility, transparency, security and integrity.
“We believe we’re catalyzing a re-birth of the industry … by making the blueprint available to anyone who wants to use it,” Miller said.
The foundation has elicited help from academics and election officials from eight states as well as voter advocacy groups, such as Rock the Vote and the League of Women Voters, to guide developers in building the system. Technology bigwigs such as Oracle, Sun and IBM have also approached the group to help with the project.
“That was unexpected,” Miller said.
The code currently available for download and review represents only a small part of the total code and includes parts of an online voter registration portal and tracking system, election management software and a vote tabulator. Prototype code for producing ballots has been completed and will be posted soon. Code for auditing is still being designed.
The voting firmware and tabulator program are built on a minimized Linux platform (a stripped down version of Sharp) and the election management components are built with Ruby on Rails.
The foundation already has California, New Hampshire, North Dakota, Ohio, Oregon, Vermont and Washington interested in adopting the system and is in talks with 11 other states. Florida, which has been racked by voting machine problems since the 2000 presidential debacle, has also expressed interest, as has Georgia, which uses machines made by Premier Election Solutions (formerly Diebold Election Systems) statewide.
“Currently two vendors impact 80 percent of the vote” nationwide, Miller said, referring to Premier/Diebold and Election Systems & Software, which recently merged in a sale. But if all the states that have expressed interest in adopting the open source system follow through with implementing it, about 62 percent of the nation’s electorate would be voting on transparent, fully auditable machines he said.
The foundation is especially interested in getting a system that would be workable in Los Angeles County, the nation’s largest and most complex election district with 4.3 million voters casting ballots in seven languages.
“If Los Angeles County figures this out, we will have solved the problems for the rest of the country,” Miller said.
Kapor called the project “a breath of fresh air” and said it symbolized the kind of “disruptive innovation” that has characterized all of the best technological developments over the last thirty years.
Bev Harris
adding a comment that (a) it isn't the first time open source voting system
software has been released and (b) this is vaporware, and the reason they
didn't release the whole thing is because it hasn't been written yet.
I am not necessarily aligned with the Open Voting Consortium's work, but I will
say that (a) They published first, by a long shot and (b) they have a working
prototype, which was demonstrated at the recent LinuxWorld event, whereas the
new "Open Source Digital Voting Foundation" stuff isn't even finished.
Bev Harris
Founder - Black Box Voting
http://www.blackboxvoting.org
* * * * *
Government is the servant of the people, and not the master of them. The
people, in delegating authority, do not give their public servants the right
to decide what is good for the people to know and what is not good for them to
know. We insist on remaining informed so that we may retain control over the
instruments of government we have created.
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
Paul Lehto
different kinds and styles of election hackers and cheaters. THen,
when software fails, it can be blamed on the open source public and
not the vendor. Elegant solution to the "problem" of accountability!
(satire warning)
The election cheating pros have literally billions to gain and can
justify long hours and great sophistication. The same can not be said
for the amateur open source "detectives." Though open source can work
in other contexts, in elections it is hopelessly outclassed, it's like
the old days of the Dallas Cowboys football dynasty playing the
mid-level high school football team.
Paul Lehto
Paul R Lehto, J.D.
P.O. Box #1
Ishpeming, MI 49849
lehto...@gmail.com
906-204-4026
Kathy Dopp
>
>
> "Open source" among other things, means equal opportunity for all
> different kinds and styles of election hackers and cheaters. THen,
> when software fails, it can be blamed on the open source public and
> not the vendor. Elegant solution to the "problem" of accountability!
> (satire warning)
>
> The election cheating pros have literally billions to gain and can
> justify long hours and great sophistication. The same can not be said
> for the amateur open source "detectives." Though open source can work
> in other contexts, in elections it is hopelessly outclassed, it's like
> the old days of the Dallas Cowboys football dynasty playing the
> mid-level high school football team.
>
> Paul Lehto
>
Paul,
I don't know if that is what you mean but you sound a little like
election officials who claim that open source would make us more
susceptible to tampering (the security through obscurity approach.)
In fact it is much more likely that any open source system will have
much more accountability and security features built into it, making
it not only much more difficult to hack, but in addition, it would
point to who had to provide access to the hacker in order to hack it.
Vote counts can be fraudulently manipulated in many many ways that do
not require hacking any software at all, as we've seen.
If software is going to be used to count votes (which I recommend
since software can detect some kinds of errors and manipulations that
manual counting can not -- ideally there would be a 100% machine
count and a 100% manual count) then open source software is far
preferable for many reasons above trade secret software.
Bev is correct that the Sequoia system is so far vaporware in that it
has not been given yet to the EAC and to the ITAs for federal
certification and who knows what type of license it will have yet. I
would assume, however, that Sequoia has hired some professional
computer folks that know what they're doing (a huge change from what
we've seen thus far from most commercial vendors) or it would not be
makings its next new voting system open source.
I agree with you Paul and with Bev that open source is *not* in any
sense a solution to ensuring the accuracy of US election outcomes.
I have a background in both graduate level computer science and
mathematics so that colors my perspective and gives me some small
understanding of how much more secure and reliable and accountable
open source software tends to be.
--
Kathy Dopp
Town of Colonie, NY 12304
phone 518-952-4030
cell 518-505-0220
http://utahcountvotes.org
http://electionmathematics.org
http://kathydopp.com/serendipity/
Realities Mar Instant Runoff Voting - 18 Flaws and 4 Benefits
http://electionmathematics.org/ucvAnalysis/US/RCV-IRV/InstantRunoffVotingFlaws.pdf
Voters Have Reason to Worry
http://utahcountvotes.org/UT/UtahCountVotes-ThadHall-Response.pdf
Checking election outcome accuracy --- Post-election audit sampling
http://electionmathematics.org/em-audits/US/PEAuditSamplingMethods.pdf
Lucius Chiaraviglio
> FYI
> http://www.wired.com/threatlevel/2009/10/open-source/
>
> Nation’s First Open Source Election Software Released
Careful -- that's a trap too. Even if the people named in the article do not
realize it.
--
Lucius Chiaraviglio | luc...@verizon.net (main)
| lchi...@gmail.com (photos)
| lchi...@yahoo.com (alternative)
| luc...@post.harvard.edu (fwd only)
voternm
source' software is any better to secure people centered elections, or
software used in any form violates the law in Germany and it should
violate U.S. law too, if our government wasn't run by corporations.
Software that isn't protected or has un-accessible code would seem to
be harder to hack, but terminal and resident programs on memory cards,
BIOS chips, or through broadband I/O ports is just as easily used, as
Bev Harris and others have observed. This being the case, that we
can't eliminate "Black Box" corruption, then how can anyone advocate
use of software, open source or priority, at all?
Logistically, there are three phases of vulnerability: 1) casting
votes in the polls; 2) transferring the ballots, poll books, and
memory cards to the County, and; 3) the state canvass that currently
is 100% done by corporations contracted by every state's Secretary of
State.
Given the protocol and each logistical point of intervention to
violate the 'chain of custody,' isn't clearly the problem in the way
votes are cast and counted in the polls on election day. Any other
focus lets the chain of custody be violated. I mean if we let the
ballot be cast electronically on a DRE, then it is violated by going
onto a memory card that could be lost or changed by terminal but
resident programs. This is true for paper ballots that are scanned as
well because they are converted to memory card data too and treated
the same as DRE data. Paper ballots allow audits of precincts, so a
good hacker would not hack the scanner memory cards, but would move to
the county level.
Central Tabulators, as Bev Harris and Howard Dean demonstrated in
2004, can easily be hacked. Even though Ms. Harris used Gems software
from Diebold and WIndows Explorer software to change file data, this
could be done wholesale on a statewide level county to county till
election results are corrupted to yield desired results with terminal
but resident software. This software can be activated, as we have seen
in DRE demonstrations, by just asking the tabulator to total the
election results. With results being consistently kept within a 2%
margin to the precinct averages, no audit of precincts could detect
any corruption of the election on a county level even a 10% audit.
Here in New Mexico they announced the winner of the election before
all the precincts had reported results at 9:00 P.M. and never did an
audit. What good is an audit, as we saw in the 2000 election in
Florida, after the Secretary of State certifies the election? We now
know Gore won by independent audits and discovered election corruption
by removing 26,000 people from poll books and not letting them vote,
among other impediments not allowing the voter to vote, but none of
these corruptions matter after the Secretary of State Certifies the
election and the election results hit the news channels.
Each vote has to be counted by hand for presidential and congressional
races in the polls on election day to get real reliable counts of
votes cast. This is true even if electronic systems count park bonds
and judges elections. If a second system for canvassing the vote
exists, then the corruption of the electronic count becomes instantly
detectable and would obfuscate the need for audits or serve as a 100%
audit of the presidential and congressional votes cast that could
stand as a high probability that the other races were not corrupted.
But I would count the entire ballot and races on a county level, so
poll workers could end their day after the polls close, as if they are
using software to get totals, because counting 3 races by hand is
faster than the scanner can count all the races on the ballot.
If we use shorter and more condensed or brief ballots with fewer
races, the ballot could be counted in the polls on election day. No
expensive equipment is necessary and no corporations have to be
involved on any level. Voting more frequently would get voters more
involved and thereby educated more on the issues. People should get a
tax credit of $50 for every vote cast and more if they participate in
poll work to help motivate more participation and value to having
people participate in the election process.
Casey Reed
On Oct 28, 9:12 pm, Lucius Chiaraviglio <luci...@verizon.net> wrote:
>
> > FYI
> >http://www.wired.com/threatlevel/2009/10/open-source/
>
> > Nation’s First Open Source Election Software Released
>
> Careful -- that's a trap too. Even if the people named in the article do not
> realize it.
>
> --
> | lchia...@gmail.com (photos)
> | lchia...@yahoo.com (alternative)
> | luci...@post.harvard.edu (fwd only)
Lucius Chiaraviglio
> In fact it is much more likely that any open source system will have
> much more accountability and security features built into it, making
> it not only much more difficult to hack, but in addition, it would
> point to who had to provide access to the hacker in order to hack it.
Open source is not worse than proprietary software -- it has the
potential to be better for the reasons you say, but not enough better.
This is because you have absolutely no foolproof way to determine
that this is what is actually running on the machine (and that nothing
else is also running on the machine) when the machine is used for
an election. This is one of the BIG reasons that no programmable
device must ever be used for casting or counting votes. Humans
can make errors or be corrupted -- in fact these things happen quite
often -- but at least other people can potentially see what the other
humans are doing. This requires that the observers be let in to
where the votes are stored and counted, but at least once that
requirement is satisfied, the observers can see something bad
that is happening as long as no machines are involved, whereas
they cannot see what is going on inside machines (and in the
case of machines used for vote casting, if the observers could see
what was going on inside the machine, this would violate the
voter's privacy rights).
Lucius Chiaraviglio
> [. . .] Paper ballots allow audits of precincts, so a good hacker
> would not hack the scanner memory cards, but would move to the
> county level.
Only if they thought that they needed to. As we saw in Ohio in 2004,
the "random" audits were not random, thus rendering the recount
meaningless. If the hackers know which precincts are on the list
of precincts which could be audited, all they have to do is make sure
that their program does not steal votes in those particular precincts.
> [. . .] People should get a tax credit of $50 for every vote cast
> and more if they participate in poll work to help motivate more
> participation and value to having people participate in the
> election process.
--