Monday, October 23, 2006

Suddenly Open Source Voting

Maryland's primary elections, you might remember, were a disaster. The governor was calling for paper ballots for the November election, but what ever happened with that? No, it looks like we're stuck with the electronic voting machines. Computer experts have shown that they can be hacked easily to give incorrect vote counts, using programs that delete themselves after they've done their business, so nobody ever knows what happened. Well, we've seen all kinds of problems with these machines.

So this is a little funny:
Diebold Election Systems Inc. expressed alarm and state election officials contacted the FBI yesterday after a former legislator received an anonymous package containing what appears to be the computer code that ran Maryland's polls in 2004.

Cheryl C. Kagan, a longtime critic of Maryland's elections chief, says the fact that the computer disks were sent to her - along with an unsigned note criticizing the management of the state elections board - demonstrates that Maryland's voting system faces grave security threats.

A spokesman for Diebold, which manufactures the state's touch-screen voting machines, said the company is treating the software Kagan received as "stolen" and not as "picked up" at the State Board of Elections, as the anonymous note claimed. Lawyers for the company are seeking its return. Former delegate gets purported Diebold code

OK, listen, there is an important twist to this story.

There are two kinds of computer code in this world: proprietary code and "open source." Proprietary code is written by developers inside a company who do not let anyone else see how their programs work. I guess the advantage of that is that it would be hard for somebody to copy the functionality of the application, as they'd have to reverse engineer the whole thing and most people wouldn't bother to do that. It makes it harder for people to steal the software.

Open source means that the computer code for the application is available for the public to look at. While this may seem risky -- you might think this was make it easier for hackers to find a way to break into the program -- in reality this makes it much more secure. What happens is that programmers can see if there are vulnerabilities in the program, so they can tell the original developers where it is and how to fix it. This really happens. Open source keeps you honest, you can't have weak security, for instance, in an open source program, because everybody would know.

The problem with the Diebold voting machines, really, is that the code is proprietary. Nobody really knows how the developers wrote the programs that run on the voting machines. We don't know what kinds of loopholes they might have left in accidentally, or even added intentionally, that would allow easy manipulation of votes.

People in the computer science world are amazed that America would allow something as fundamentally important as voting to be managed by proprietary code. It just doesn't make sense. Voting belongs to the public, it doesn't belong to one company. The public should have every right to see how it's done.

Thus the irony of this news story. Diebold is suddenly ... open source. This legislator who received this package took it to an expert to have it analyzed, to see if it was real or not. It would seem amazing, unbelievable, if somebody along the way didn't make copies of these programs. Everybody should have a look at this stuff, so we can find out just how bad the situation really is.

3 Comments:

Blogger andrear said...

Can we get our $140M back from Diebold!!!

October 23, 2006 4:27 PM  
Blogger Theresa said...

Ok, Jim.

I don't agree that you should make the software open source.

It might be interesting to know whether or not the code is hosted on Linux, however, I would assume that they are using secure network protocols to communicate between the machines...

Do you know if these are wireless machines at the voting places or not ?

You are right in my marketspace, Jim my dear, embedded software is what I do for a living.

October 23, 2006 10:26 PM  
Blogger JimK said...

Excellent, Theresa, then perhaps you will be kind in not being too critical of my high-level treatment of the subject.

In fact, you are probably just the person to educate us here, it sounds like. If you haven't followed this subject, then please help us out. Scan Brad Blog and Black Box Voting, and let us know how secure it sounds to you.

So please, take a look, see what your opinion is. If it matters any, Theresa, remember that it's the Democrats who want to use the electronic voting systems in Maryland. Republicans are against them. And so am I.

JimK

October 23, 2006 10:32 PM  

Post a Comment

<< Home