Why aren't voting machines open source? [close

2019-03-09 08:39发布

问题:

Sooo...it's only sort of programming related, but I figure it's election day, right? Is there a single good reason why they aren't, not necessarily open source in that anyone can contribute, but open source in that anyone could inspect the source?

回答1:

Voting machines aren't open-source because lobbyists for the "electrical till" industry successfully hoodwinked politicians not qualified to make technology choices into buying their snake-oil. This was accomplished with a mix of anti-FOSS FUD and good ol' fashioned bribery campaign contributions.


Update: I will try to post links here from time to time that show how vendors respond to critical examination. Feel free to add your own. (Pro-OSS–only: "the man" can make his own post!)

  • Interesting Email from Sequoia


回答2:

In Belgium, the sourcecode for the voting machines is freely downloadable.



回答3:

In the context of this discussion, you might find this paper interesting:

Secret-Ballot Receipts: True Voter-Verifiable Elections

It's written by David Chaum, the cryptographer responsible for DigiCash, among other things. From his bio page on Wikipedia, I also found End-to-end auditable voting systems.

Update! Now it seems we can see if this really works: First Test for Election Cryptography.

Looking back in time now, I've read a couple of articles on the experiment in Takoma Park, and this system actually seems different from the one described in the original paper. However, it is still by David Chaum, and still supports the end-to-end audit properties. The system is called Scantegrity II.



回答4:

The reason they aren't open source, is because, as Kent mentioned, it wouldn't help. You could open source the code. But there's no way to ensure that the voting machine you are using is actually running the code that is open sourced.



回答5:

There is no reason that open source code is better than closed source in this case. How you voted must always remain a secret for obvious reasons. The ONLY real safeguard is the paper trail.

I WORKED with these machines and if so inclined I would have made malicious code that flips votes the way I wanted after 10 cast ballots to defeat whatever ridiculous Logic and Accuracy tests were thrown at the machine before deployment (We never went past one test vote).

Randomly pick a certain percentage of machines and compare the paper trail to the electronic tally. If Diebold had been confident of its machines then they would have insisted that this be the last step in any election.



回答6:

Security Through Obscurity!



回答7:

the problem is opensourcing the software would be a no-op.

They don't have any decent cryptography, and there has been demonstrated and relatively easy ways to contravene them simply by hot-swapping a ROM chip in the voting booth, or Having a device that augments the records in the record cartridge.

  • Youtube: Sequoia Part 1 Those with access can hack with programmed ROM chip
  • Youtube: Sequoia Part 2 Logic and Accuracy Test vs Election Mode with vote-stealing firmware
  • Youtube: Sequoia Part 5 Manipulating Sequoia Voting Results Cartridges from Precincts

@Mnementh The bad cryptography and the possibility to swap the ROM-chip has nothing to do with open-sourcing the code? So there is the point?

There are only 3 logical reasons for opensourcing this code:

  1. To put under scrutiny how the votes are counted to be certain its doing it right.
  2. For somebody to be able to modify that code for their own needs.
  3. To put the software into public domain so public committers can improve on it.

Points 1 and 3 are blown out of the water in terms of usefulness and "proving your vote counts" because you have no assurance that the code you are seeing/improving runs on these devices.

So that leaves only condition 2 being useful, and as you are not going to own your own voting machine, and have no need for one for anything more than nefarious causes or to simply prove their vulnerability.

For the majority of cases all it would mean is that there would be more information publically available on how to contravene these machines, so you would no longer need physical access to one in order to attempt reverse engineer their software and develop compromised ROM chips for use in said devices, grossly reducing the barrier to entry for the compromise of the voting system.

Granted, even in a non-opensource state this information can still leak, and you just have a false sense of security because you assume "theres no leak, I am safe", but on the contrary, if you open source it people will assume "hundreds of people have looked at the source code, I am safe" which is an equally bad false sense of security.

People are looking for a silver bullet safe way of voting, and sadly, there is none. Not without growing a race of purified peoples whom are brought up by non-committal monks in isolationist shrines to have a breed of people simply for the task of witnessing and counting votes accurately, whom are trained to be amoral and can't be bribed to switch the vote.

( It would sort of be like the 'dark angel' series except with voting agents instead of assassins, and we all know how that show works out, one of them would go rouge, we'd trust them, and they'd screw us all )



回答8:

Because politicians buy them. Anything politicians get their hands in goes to shit, because 99% of the time they're only experience is in running for office, not doing things like adequately vetting hardware and software.

Also, kickbacks.


The truth hurts, doesn't it?



回答9:

There is no specific reason not to open-source the software (and even opening the hardware-layout) of voting machines. It has no security impact, as some try to state, because if closed or open source, the ROM can be switched. The machine need some sort of verifier to check, if the code loaded is really the one certified for the election. Open-Sourcing would make no difference.



回答10:

Because if they were they would not be able to blame inaccurate votes on calibration-errors on the touchscreen.



回答11:

  • The people responsible have a "security by obscurity" bad meme stuck somewhere
  • The people building the software don't want to help competitors
  • The people building the software fear embarrassment
  • There are not enough people in the legislative process who understand the flaws in all of the above


回答12:

So far, most replies have been technical in nature, but most likely, voting machines are not open source because the company under contract to develop them has no incentive to make them open source.

If a company develops an open source voting system, anyone came come around later to support that system. And, quite honestly, I doubt the government would accept the equivalent of a SourceForge project as the basis for an entire election.

Perhaps there should be an honest-broker authority that oversees the development of an open-source voting system, and contributors to that system should be vetted before they can view or commit source code.