Help Black Box Voting Examine ES&S Software 197
From Bev:
"ES&S 'Unity' central tabulator software.
Software stash: three zip files --
http://www.blackbox1.org/ems.zip
http://www.blackbox1.org/un5.zip
http://www.blackbox1.org/Unity.zip
User Manuals for ES&S software can be found here:
http://www.bbvforum s.org/forums/messages/2197/2864.html
This is the ES&S central tabulator software, the ES&S counterpart to the Diebold
GEMS central tabulator software. No source code, sorry, and no software for the
precinct machines. This is reportedly one generation back, but from what I'm
told has significant similarities to the new stuff. I would appreciate it if
you can provide me with feedback on your impressions after looking at it. You
may want to Slashdot it or whatever.
Best,
Bev Harris
Founder
Black Box Voting
Don't bother (Score:4, Insightful)
The fact that it is closed and "secret" is offensive enough on its own to protest for change. If democratic election is not the most obvious case for open source (and open hardware), then nothing is.
Legit? (Score:3, Insightful)
Re:Don't bother (Score:3, Insightful)
Re:Don't bother (Score:4, Insightful)
Software is an illusion. You, as in a non-employee of an electronic voting firm, will never be able to prove that whatever software you audit and trust is actually running on the machine. You will never be able to guarantee that there isn't malicious code in the machine. You will never be able to prove it has no bugs. You will never be able to prove that it actually stored your vote in its internal memory exactly as you recorded it.
However, you can be sure that a printed ballot has correctly recorded your vote, because you can read it.
Give me a printed paper ballot, and I won't need to check the software for bugs. If it prints my ballot correctly, it's good enough. If it screws up, it's buggy. That easy.
Re:Don't bother (Score:4, Insightful)
To be more precise, you will be able to prove that the source code in front of you combined with those compiler/linker options generates the same binaries as exist on the machine. If your compilation does not generate the exact same binaries, then someone has some explaining to do.
This is the advantage of OSS voting code - it allows independent verification of the process without requiring a huge amount of trust to be invested in any stage of the process.
Re:Don't bother (Score:5, Insightful)
Don't get me wrong: I'm not saying it's not a good idea.
What I'm saying is this: since, even if recounts must be requested every time, a permanent voter-verified paper trail (and a true comprehensive system with regular audits and comparisons between paper vote counts and tabulations) solves almost everything, why are we instead trying to essentially unseat established, commercial enterprise e-voting vendors?
Wouldn't a more productive approach be to simply get a paper trail into place, since even an open source system is almost as worthless without one?
Keep in mind, too, that an open source system still needs to go through complex certification processes and code freezing just like the commercial products do. Even though the commercial products aren't "open source", the certification process allows for the necessary level of inspections by election agencies and external entities. The problem was the certification procedures being routinely ignored or bypassed for convenience, something that can just as easily happen with an "open source" solution.
The problem is that doing an electronic, anonymous, secret ballot that also exists in a system that attempts to enforce one-vote-per-person, combined with all the complexities and vagaries of local municipal and county systems is a lot harder than doing a vertically integrated system for one corporate customer (such as a bank).
Keep in mind, too, that much of the legislation (such as the Help America Vote Act) that essentially mandated e-voting in the hopes of ensuring uniform access to modern voting equipment was done in response to complaints about unfairness and inconsistency with manual systems in the 2000 elections, and not just in Florida. The one critical error was not explicitly recognizing that an electronic secret ballot is a hard thing to do, even without corruption, fraud, and incompetence, and a paper trail wasn't specifically mandated. And no, that wasn't by design. It was an error of omission.
Now, states, counties and municipalities have had to shell out hundreds of thousands, and sometimes millions, more dollars to add and retrofit certified paper trail functionality to existing systems (which, indeed, many are doing). But all e-voting vendors offer it. It just costs a lot of money.
So instead of trying to push out enterprise vendors with multi-million dollar contracts (which is essentially what demanding "all open source" would do, since no commercial vendor is going to open up ALL of their software and hardware code and designs), why not just work to get a permanent voter-verified paper trail in place in as many places as possible as soon as possible, perhaps even mandating it via legislation, since that will be required no matter what system is implemented?
What's more important: the egos of the people who have a vendetta against Diebold, Sequoia, and ES&S, or actually getting a mechanism into place as quickly as possible that guarantees votes will be accurately cast and counted (and at a minimum immediately shows if there is a problem? (And yes, I DO expect the burden of actually looking at the piece of paper to verify that it's correct to fall on the person who is voting.)
Atter the analysis is done... (Score:4, Insightful)
We should take a vote using GEMS to see if the Diebold software is good or not
Seriously though, I'm a little disapointed in the comments so far. First, this is not a political/partisan issue. Second, you don't need the source code to evaluate the operation of this software. Sure, it would be easier if we had it, but are you telling me that nobody here knows how to run a debugger or decompile some simple windows code ??? How many of you are drooling at the chance to take a whack at this stuff ? Go to it !@
For you people whining about no source code, how about you leave the real hacking to the real hackers and go back to your QA jobs
The procedure is what matters. (Score:4, Insightful)
The important thing isn't the voting software, it's an effective voting procedure.
There is a known effective voting procedure using paper ballots, ballot boxes, and little old ladies (err... party representatives) to count them. This procedure has one important property: fraud attempts tend to get thwarted because the little old ladies will yell when something fishy happens. ANY VOTING SYSTEM WITHOUT THIS PROPERTY SHOULD NOT EVEN BE CONSIDERED.
It may be possible to design a voting procedure using computers that is similarly effective. Here's the important thing: it needs to retain the property that little old ladies observing the process can immediately tell if something fishy is going on. NO FULLY COMPUTERIZED SYSTEM CAN HAVE THAT PROPERTY.
Someone suggested the following system here on Slashdot:
At the central tallying location, for each race:
If any candidate, observer, or 50 signatures question the validity of the counting machine's results - a manual recount occurs for that precinct. Every time - no "but that would be effort" bullshit.
This system takes all the properties of the hand count system and preserves them while spending money to gain two properties: Ballot generating machines for the blind, and fast counting for people who think that matters. Ballot generating machines are an easy problem, and sorting / counting machines are pretty cheap. We might have to use heavy cardstock for the ballots to survive the sort/count process for every race - that's $50 I'm willing to spend.
Re:I won't ask... (Score:2, Insightful)
Re:Don't bother (Score:3, Insightful)
Re:story is legitimate, I just talked to Bev by ph (Score:4, Insightful)
(Nothing personal, just illustrating the chains of trust necessarily involved in any security.)
Thanks for checking. If you really did
Re:Don't bother (Score:5, Insightful)
I'm not talking about a paper summary, I'm talking about a paper ballot.
That's the point. You can do whatever the hell you want inside the machine, perform whatever trickery you want, but if it prints a ballot with the choices I made on it, then that is all that matters and your trickery was for naught.
Anticipating the next question of "why electronic voting at all then?", the answer is the same reason we moved to it in the first place: preventing poorly formatted ballots from causing invalid votes, and for accessibility reasons.
Re:Hi, I'm Bev Harris. There's nothing fishy here. (Score:5, Insightful)
It would help significantly if there were a post either on the home page of blackboxvoting.org, or in the bbvforums.org forums under your name. This way there would be some credible record that this information did truly come from Bev Harris.
Re:No source code, sorry (Score:1, Insightful)
Nobody said reverse-engineering was easy, young grasshopper.
How was this obtained? (Score:4, Insightful)
No point in getting into the goods and bads of electronic voting, because all we have here is somebody not associated with ES&S posting a copy of the ES&S software. Another slashdotter has posted at least three times in this discussion that this is all legit because he called and spoke with Bev Harris -- but Bev Harris is *not* from ES&S. Her validation does not make the software legal to obtain.
I found a very interesting little news article from two years ago: http://www.seattleweekly.com/news/0410/040310_new
"Harris started surfing the Web. On Jan. 23, 2003, she hit the mother lode. On an unprotected Web site, she found 40,000 files of Diebold Election Systems' source code--the guts of software to run touch-screen voting machines.
Given her past actions (and without getting into the ethical or moral value of her crusade) I highly doubt that she has the legal right to distribute the software that she's making available today.
Not only that... (Score:3, Insightful)
People--- Maintaining the integrity of anonymous transactions just isn't compatible with the nature of complex computing systems. Even fully-identified transactions, as in banking, are precarious enough to warrant an industry of anti-malware (which sadly, often cannot create a secure environment).
Add to that the idiosyncracies and exploitability of what is essentially Personal Computing hardware consisting of billions of logic gates and almost infinately maleable storage media... all to record a few bits of information per transaction?
That is asking for trouble.
Even if polling authorities can somehow effectively and independantly verify the source code logic, there is no way to be sure about the hardware logic, as each IC is effectively its own "Black Box" that cannot be peered into.
Finally, a computerized ballot is an invisible ballot. The bits being displayed on the touchscreen are only a proxy for the bits being recorded, and the opportunities for de-linking the display information with the recorded info are myriad. The concept of a voting system where the voter never actually sees the ballot they are casting is bizarre and tragic.
For the above reasons, only physical ballots can ultimately be considered as real. Any such voting system that does not print a physical ballot is a fraud.
Re:Don't bother (Score:3, Insightful)
No, you cannot prove it, because you cannot know that the software/hardware isn't lying to you. It's like a rootkit, designed to fool you into thinking everything is normal while simultaneously subverting the machine. It's only even conceivable to do this with some kind of Trusted Computing platform, but there's the rub -- when it is you the user who does not trust the manufacturer, how do you know that the Trusted Computing encryption chip isn't similarly designed to lie to you?
OSS is nice, but it does not solve the fundamental problem. Until we solve that fundamental problem, lobbying for open source is counter-productive. It will be a more difficult fight, and it won't fix anything. The real fight is for paper ballots. Once we know the machine is working right because it prints our ballots correctly, then we can worry about the source code if there is still a reason to.
Here's one difference: (Score:3, Insightful)
None of us can buy the secret voting system software that we are forced to use as the sole means of exercising our voice as owners of our own government. Citizens own the government, not the other way around.
When you own something, you have to have a way to convey your management decisions. As citizens, the way we invoke our management rights is through our vote, and the system that defines, authenticates, records and counts our vote is owned by someone else who says we not only can't look at the source code, we can't even install a working version of the compiled code to see anything at all about how it works.
That's what's different. This situation is more akin to the owner of Halflife being told he is not allowed to see how his own product works.