[TriLUG] OT: OpenVote

Cristobal Palmer cristobalpalmer at gmail.com
Wed Jan 4 22:56:21 EST 2006 

> The weak point of DREs is that the capture of the voters intent
> becomes ephemeral immediately.  Even paper "audit trails" are one step
> removed from the vote.

I agree that DREs are bad. Let's focus on the feasability of an open
source system that would replace current optical scan systems,
something which would spit out a completed ballot or ballots for the
voter to deposit in the tabulator.

> Sure it's feasible technically, but it's only one small facet of
> verifying the trustworthiness of the overall system.

Agreed.

> Actually, the full quote, in context is:

<snip>

> So, it's not just eyes on the source code that is important in finding
> and fixing cases where the software doesn't seem to do what it should
> be doing. Another important aspect is people TESTING the code.
>
> My experience, gained through 30+ years as a professional software
> developer, is that testing is FAR more important than code inspection
> as a way of flushing out software problems.

I fail to see how this is problematic in developing the system. Of
course you would want to test it. How did Diebold do _their_ tests?
Surely you don't think a large enough pool of skilled, interested
linux-istas would be incapable of matching that.

> > I think we can restate that here, since what's important is that we
> > get eyeballs of all political stripes, leanings, persuasions, etc.
> > You're right that _most_ people aren't going to know what to look for
> > in the source code, but that's hardly necessary if what you're talking
> > about is the software that runs the tabulator.
>
> I would think that this is exactly where it's necessary, and insufficient.

it == testing?

> Access to the source code
> only really comes into it's own when the bug has been detected and the
> goal is to eradicate it.

Who's doing the testing on a closed-source, proprietary system? Am I
supposed to trust her/him/them more than an open development
community? Regardless of the process that brings us the voting system,
I'd like to be able to MIStrust all of the _individuals_ who took part
in its creation and implementation and still trust the system. I think
that could be done with a closed-source, proprietary system, but
making it open is an undeniable step towards that ideal system. I'm
not saying open source is a a panacea.

> It's not just the version of the software, but the versions of and
> trust in all of the tools in the chain from compilation through
> execution.  One of the problem with voting software is that it might
> not be wise to  trust the developers of the products which capture and
> count the vote.  This is slightly different from the problem of
> protecting from attacks from the outside.  We need to think about all
> of the ways in which a determined political operative working in one
> of the vendors of voting equipment might provide for obfuscated back
> doors.

I couldn't agree more. Perhaps I should have stated more clearly that
I envisioned an open source _system_, not just open source software
running on the tabulator.

> > the spectacular failures on the part of Diebold and its underlying
> > proprietary core <snip>
>
> One thing which should give anyone who is thinking seriously about
> protecting the validity of elections pause, is what kind of failures
> Diebold's systems really were.
>
> Were they failures because the systems were trying to protect the
> integrity of the electoral process and failed, or were they failures
> because the systems were trying to hide a corruption of the electoral
> process but provided evidence of that corruption.
>
> I'm not sure which one it was. This dilemma SHOULD be a bi-partisan concern.

Agreed, but why wait for the national parties to get in gear before
starting work on an alternative? Why not start designing a system that
will build in safeguards against these and other attacks? This country
could certainly use people with 30+ years of experience with systems.

> I'm not saying that this is a bad idea. However I think that it's MUCH
> harder, both technologically and politically than it appears on the
> surface.

Wussy.

If anybody really wants to help, here's a great place to start:

http://www.openvotingconsortium.org/

There's also the BBV website, but the forums
http://www.openvotingconsortium.org/ there are a lot to wade through.

-CMP

--

Cristobal M. Palmer
UNC-CH SILS Student
cristobalpalmer at gmail.com
cmpalmer at ils.unc.edu
ils.unc.edu/~cmpalmer
"Television-free since 2003"

More information about the TriLUG mailing list