Washblog || Response to BryceM: Why Open Source Makes Sense for Voting in King County and the Country

Response to BryceM: Why Open Source Makes Sense for Voting in King County and the Country

By Richard Johnson
Thu Oct 04, 2007 at 08:00:25 AM PST
Section: Diary Topic: Election Integrity

[Front paged: NM. Here's a link to the California Top-to-Bottom Study. King County's Council in their Proposed Ordinance 2007-0402 this past July (the ordinance that recommended against adopting the "Reckless Plan" of King County Elections), cited the top-to-bottom review in several places: "Recognizing the important findings of the California "top-to-bottom" review 38 of voting systems, the elections section shall incorporate third party security experts in 39 the testing of any new equipment and software...." etc.]

BryceM makes the point that it is possible to have secure systems built around closed source and that experts may contribute to such systems. I, on the other hand, defend the idea that King County would be better off using the equipment it has now and then, after the 2008 election, evaluate Open Source with its other options for a new voting system to to be deployed before the 2012 elections.

Technically Bryce has a point. It is logically possible to have the small group of people who know and care about security, computing and voting review the offerings of vendors' requirements, design, code, test, etc., on a practical level this not going to happen in real life.

With four large vendors and a bunch of small ones, many of whom have shown very little interest in improved security or motivation to invest in security, the vendors are simply not going to hire real independent experts. On the other hand, if a team like ours were funded by someone like King County, experts such as those who worked on the California Top to Bottom Review would likely volunteer to help. Partly, this is because counties all over the country will likely end up using this technology as it would cost so much less than buying proprietary election equipment. Those experts who volunteer services do not have the added burden of pleasing the client who is paying them; rather, they are more likely to serve the public interest. Independence from the vendor is critical to election security and Open Source permits that far better than the vendor lock-in tactic that proprietary systems foster.

Bryce, have you studied the California Top to Bottom Review? I think that after you do, you might also come to the conclusion that closed source has simply failed in the world of voting and we should throw in the towel and build Open Source solutions that election authorities can share with one another nationwide, even worldwide. It was not that the California experts could break into one voting system. They were able to compromise all of them. If this does not call for a change, what would?

Only Open Source allows an election official to be in a appropriate power relationship with regard to a vendor. It is critically important that a county be able to fire their support vendor, if circumstances warrant. King County has been victimized by poor service from a vendor in the past, but King County election officials still argue, after giving that vendor a score of only 5 out of 10, that they must buy from the vendor. They argue that, because otherwise past investments in equipment and skills acquisition would be discarded, changing vendors would be too expensive. This is a perfect example of why closed source solutions in voting are unacceptable. They lead to lock in and a drug addiction-ike dependence that does not inspire public confidence in voting systems or elections..

Only Open Source provides transparency, i.e., that we are not trusting a few hired experts under Non-Disclosure Agreements but that every knowledgably person who wants to examine the code can and is invited provide a review and recommendations for improvement and that such results are freely publishable.

The King County situation cries out for, at the very least, a detailed evaluation of the comparative costs of building an Open Source voting system of its own. The Open Source unbundled solution will allow best of breed in each category and will allow King County its proper role as master of its own elections.

Sincerely,

Richard Johnson
CEO
Open Voting Solutions, Inc.

< History Warns Us | Political Graphics 101: 34th LD lit deconstructed >

Response to BryceM: Why Open Source Makes Sense for Voting in King County and the Country | 12 comments (12 topical)

Muddy

(I'm sorry I've been a no show on these issues. Work, family, exhaustion, etc...)

Fellas, please. To use open source election administration solutions, or not, is not the issue in King County.

The immediate issue is whether or not we should change everything about our elections right before a presidential election.

The secondary issues are whether or not we should use new technologies, such as automatic signature verification, cryptography, ballot image scanners, etc. in our elections. In brief, the answer is an unqualified "No.", just in case anyone was wondering.

Until there is a viable open source alternative, can we please stop insisting that this is something King County (and elsewhere) should be doing?

How to fund, develop, test, and certify an open source solution is a completely separate topic. Frankly, any open source alternative is still years away. And then timing is a serious concern, because all change, no matter how virtuous, is disruptive.

by zappini on Fri Oct 05, 2007 at 11:00:52 AM PST

* 1 none 0 *

What precisely is your proposal?

I'm a big fan of Open Source, especially Free Open Source when done well - It can be a wonderful development methodology with lots of benefits. I'm also a big fan of closed source models when done well, and have intimate knowledge of many wonderful solutions that have been created under this model as that is how I earn my livelihood. That said, I don't have a horse in this race, whereas you apparently do.

As Zappini points out however, the Proprietary/OSS debate is largely a side-show: The only point that is at issue here is what should King County do? Personally I think that we should double-down on our current mail-in balloting system and make it work in as reliable and secure a manner as possible for a few years to recoup our investment in the system, and wait for alternatives to mature.

I believe that if we take what's been learned about the strengths and weaknesses of our current solution, we can operate it responsibly with our eyes wide-open and limp by until a better solution is available.

I sincerely hope that your firm is able to develop a compelling offering in this space, but I do not believe that King County is set up to go around playing Angel Investor with county funds if that's what you're looking for...

-Bryce

by BryceM on Fri Oct 05, 2007 at 12:14:25 PM PST

* 2 none 0 *

Proposal by zappini, 10/05/2007 12:40:25 PM PST (none / 0)

au rebord

... that's what VoteHere started out with, to the best of my recollection: a system which anyone could implement, but upon which they held the business process patents. It relied heavily on cryptography which only policy wonks, mathematicians and cypherpunks (and as a member of at least one of those cohorts, I understood that theoretically their system worked, and yet as a practical person I saw no way that it would work practically, because nobody outside of the 'leet) had a hope of truly understanding... Therefore, no real hope of establishing public trust... other than, of course, by you know, blind faith in Bob, Jesus, the American Way and so forth.

Then they morphed into some secret ballot veil piercing tOOl taken to court by some guys who lived where this thing was test driven and a major investor apparently had a second (or third or fourth home) and who noticed huge disconglobberations in the ahhhh interface to the fabricated public trust... Or maybe it was just plain wrong or made up... but as far as I know nobody would ever say, nor has that been determined.

Now they're out of business.

by m3047 on Fri Oct 05, 2007 at 11:36:41 PM PST

* 4 none 0 *

Open source is great, but first things first

As Zappini points out, going with a new system in a presidential year is the height of stupidity, open source or not. You try out new systems in the off years. Is Sims deliberately TRYING to get Gregoire unelected, or what?

Also, putting serious auditing requirements in place is far more important than open source software.

A laboratory scale is not all that complicated, even one of the new digital models. They are very reliable, but it doesn't matter in the slightest that the ones in my lab have only flunked their daily test twice in 15 years--we check them every morning with a set of standard weights anyway.

Now, in order to insure consistently reliable weight measurments, what is more useful--having schematics of the innards of the scales, or having a set of standard weights? The latter obviously, though the schematics are useful.

by eridani on Sat Oct 06, 2007 at 01:05:23 PM PST

* 5 none 0 *

random times of the day by m3047, 10/10/2007 10:00:02 PM PST (none / 0)

Software Project Management - Some thoughts

1995 was when I first really really really got interested in software, and that was in part due to this internet thingy. I saw millions and millions of worthless managers and bureaucrats, public and private, fired. Maybe, maybe, they'd re-tool their petty Machiavellian brains and figure out how to make processes work to serve customers, instead of their petty empires.

as I was finishing my math degree at the u.w. in 1996, the technology job market was hotter than hot. I figured out how to b.s. my way into interviews (I skimmed a LOT of the '...for dummies' books outside recruiter's offices) and in interviews they'd ask me what I was passionate about and I'd say

"USING SOFTWARE TO FIRE BUREAUCRATS AND NITWIT EMPIRE BUILDERS"

After a few interviews I could see that line wasn't stirring passions, so I dropped it.

(after having worked as a chef for most of 15 years, I was more concerned with getting my feet in the door than with how perfect the fit would be)

By my first year of working in email server support in Building 11 in redmond ... I realized that computer people were the absolute worst of the worst when it came to building empires of nitwits twiddling away with no freaking clue how real humans worked AND no freaking clue about making sure stuff ran well -

it is work to carry 100 pounds of onions on your head around the exterior of the building, it is also a waste of time for making onion soup, chowder ...

then I worked for 2.5 years supporting about 25 intranet sites for various internal business processes.

It AMAZED me how hard it was for so many to come up with a rough order of magnitude of time and money costs for proposed tools and tasks.

The place was permeated with big company big government defense department / boeing kind of infinite puttering ...

frankly, when they were outsourcing us in 2002 to across the western pond to people who make 12 bucks a day, um

the only complaint I had is that they weren't firing all the nitwits with 6 and 7 figure paychecks who had managed this rot for decades.

So, in closing - let's say you work at catering / banquent place with quality people. Potential customers come in, and of course you say

'we do what the customer wants'

and, believe me, every customer wants THE BEST!

you do NOT say

"I don't understand your questions",
"I don't understand your requirements",
"I'll get back to you in 1 month with an estimate, after you pay me 10 grand to do the estimate"

you figure out what kind of stuff they think they want, (and everyone wants filet mignon and copper river salmon and caviar for 4 bucks a person)

AND, you estimate what they're willing to pay / what they can pay

AND you try to make it work with their budget / needs & what you can make a living on

THEN you educate them on how YOUR stuff is going to serve THEIR needs.

For some people, it is more important to be at the Ritz, even if they are eating chicken (OOOPS, I mean Range Raised Game Poulet) than it is too be eating the latest greatest culinary whatever.

Some people would rather eat Dungeness crab and fresh lamb off of paper plates next to a beach bonfire.

only a few people can afford the Four Seasons catering Lobster and Veal Medallions, then the $300 night rooms for 100 guests. (125 bucks a person, for food ONLY, in 1986!)

oh, btw, the ritz or the four seasons ain't gonna do kool aid and hot dogs so you can say your party is at the ritz.

Here is my rule of thumb for software projects:

1. if people can't help me, in 60 mins., define a rough scope* of the project, then don't hire them.

*scope = proposed features, rough timelines, rough manpower reqs, rough costs.

(oops, you can hire them if boeing or microsoft is going to pay for whatever happens )

open source,
evil empire,
BIG evil of oracle / IBM / SAP ...

I don't trust none of it!

Software should be about making organizations work better for customers, NOT about making paychecks for software nitwits.

(some of ya I know and I like - this ain't about you the person I know. )

rmm.

http://www.liemail.com/BambooGrassroots.html

by rmdSeaBos on Sat Oct 06, 2007 at 03:41:46 PM PST

* 6 none 0 *

When it comes to software by gibney, 10/06/2007 06:59:55 PM PST (none / 0)

An elephant in room?

With real respect for good thinking but there is this underlying problem.

1. Whatever the system, it can be hacked. E.g.: Ballot Definition Files or equivalent aren't optional; you have to have them. Who creates them? Who scans them? etc...Besides which, how can you be sure, if something has been twisted, that you can spot it?

Given a software package - open source or not - there is no screening process that can ensure that there is no lurking malware. And, of course, such can be planted long before an election...

Nor does a digital signature guarantee that the code under scrutiny is the same as the code originaly written. 1, such signatures can be cracked, tweaked, and the tweaked version fitted with the original signature. 2, how conduct a test of a signature? Can't use anything that is in the code itself; if its been hacked, confirming the signature does not fix the hacked code. Also: where is the mechanism - software and hardware - which holds a purported valid signature to be used in testing the code at hand? Are we delivering a test device to every place with an e-voting machine? How do we know these devices are valid? And can everyday people at the machine sites conduct the test correctly and respond appropriately?

2. We should not rely on experts to write and validate code. SoS Bowen's TTB review shows how experts can do really great things: they can spot many - if not defnitively all -serious flaws. And other people can confirm their discoveries given access to the code.

But to accept code just on the grounds that experts have passed it - no...

This is the elitist game again: "trust me." Public should not have to rely on an assertion that code is effective and hack-free.

Also, however well-recommended the reviewers are,
the public should not have to rely on faith that they were not blackmailed or bought...

Quote: SRI Professor Peter Neumann, one of the
world's leading computer scientists:
"Even if you can look at the source code, you can't guarantee that there's not a Trojan horse embedded somewhere in the code. Any self-respecting system programmer can hack the innards of the system to defeat encryption techniques or any password protection, or anything like that. All this stuff is trivial to break, for the most part. In most computer systems out there, it is child's play. Given the fact that the underlying systems are so penetrable, it is relatively easy to fudge data-for example, to start out with three thousand votes for one guy and zero for the other before the counting even starts, even though the counter shows zero. Essentially a Trojan horse in the coding. I can do it in the operating system. I can do it in the application program. Or I can do it in the compiler. I can rig it so that all test decks work perfectly well...."

http://www.csl.sri.com/users/neumann/dugger.html

Finally: the defense always loses...always.

And there are politicians who want to rule, not govern, and have no inhibitions about how they do it. And some of them have influence with government agencies with galactic-scale computing power...Bear in mind that SecDef Gates was at CIA, was on the board of Vote Here, the proposer of a cryptographic voting system and with an officer who was ex-Washington SoS chief of elections..

Hence the subject line above: to me it seems that the elephant is here - there just is not any way to build a secure voting system based on software.

You know where this ends: HCPB :-)

Regards

by bltfsk on Mon Oct 08, 2007 at 02:46:14 PM PST

* 8 none 0 *

Pink by zappini, 10/08/2007 03:37:17 PM PST (none / 0)

Hand count by bltfsk, 10/11/2007 04:14:31 PM PST (none / 0)

Open Source does not solve security problems

Open source or closed source, the concept of making software secure is ludicrous. Security is a combination of software, hardware, procedures and audit conducted by humans. In short, it's extremely complex and it only takes 1 small error to make a huge security breach.

Take for instance the one of many cases of employees at Boeing and other large companies who exposed the personal data of the entire company merely by taking a laptop home... and then it was stolen.

Putting software between the voter and his ballot is being shown to be a really bad idea. There are simply too many loopholes that can be exposed. Maybe that's why it was introduced.

by RichardBorkowski on Thu Oct 11, 2007 at 11:02:57 PM PST

* 12 none 0 *

Response to BryceM: Why Open Source Makes Sense for Voting in King County and the Country | 12 comments (12 topical)

PNW TOPIC HOTLIST

WELCOME AND FAQ
ABOUT

Login


Make a new account
Username:
Password:

HELP

Recommended Diaries

Federal judge calls 3-strikes "cruel and unusual"
[Front paged: NM]As seen in a DailyKos diary posted yesterday, a Ninth Circuit federal appeals court struck down a 28-years-to-life sentence
By N in Seattle (4 comments)
Michael Connell, Rove's IT Consultant, Dies In Plane Crash
On the national election integrity front, one of the big stories all summer long pertained to Stephen Spoonamore, a Republican computer
By raincity calling (7 comments)
Dorsol Plants to run for City Council
Dorsol Plants, Chair of Highland Park Action Committee, has announced that he "feels called" to run for Seattle CityCouncil, continuing
By dinazina (5 comments)
Dwight Pelz is running
Got this in my inbox today: -- Forwarded message -- From: Dwight Pelz <dwight@wa-democrats.org> Date: Wed, Dec 3, 2008 at 4:58
By chadlupkes (11 comments)
Inadequate coverage
Do something about it!
By eridani (2 comments)
Highland Park in the News again; heard about Nickelsville?
My little neighborhood in West Seattle, near the city line, is the mouse that got up and roared when the City
By dinazina (30 comments)