Open source voting is, per se, not the answer to our huge election problems, as Rebecca argues with her usual acuity.

MCM

Mark,

I don’t know if there’s been much follow-up on the DC voting system hack. I thought your readers would be interested in some recent developments. Please pass
this along if you can.

Thanks,
Rebecca Mercuri.

———–

I was shocked to read on the DCBOEE’s website (at
<http://www.dcboee.us/DVM/default.asp>)
that they had decided to proceed with the use of the voting system
they obtained from OSDV to collect Internet ballots in the November
2, 2010 general election, despite it having been proven to
be highly flawed in terms of both security and integrity. I have
become increasingly concerned that the recent wave of “voting hack
exhibitions” are having the reverse effect. I’m not saying that these
experiments shouldn’t continue, but by somehow validating that the
systems have been subjected to “testing” (even when this testing
exposes massive vulnerabilities), the vendors and election officials
seem to feel that it is appropriate to go ahead with deployment of
these products. “At least we know [some of] the problems” is no way
to run elections.

A lengthy October 22nd posting by Gregory Miller at the OSDV’s
TrustTheVote Project blog (at
<http://www.trustthevote.org/d-c-reality-check—the-opportunities-and-challenges-of-transparency/
comment-page-1#comment-9463>) underscores this “head in the sand”
attitude by lauding the fact that “the District owns 100% of the
source code, which is fully transparent and open source” as somehow a
good thing. Actually this “ownership” means that the DC Election
Officials had the freedom to deploy it, and they apparently did do
so, despite knowing that it was vulnerable to international attack.

Does the DCBOEE really think that their website admonishment about
the paltry $10,000 fine and possible imprisonment is going to stop
anyone, especially foreign hackers (who may not be subject
to US laws), from using proxy servers to avoid detection? Does the
OSDV truly believe that the DCBOEE has the ability to detect
tampering if it occurs? And if they discover that the system was
hacked during the actual election, do they have a plan to allow the
affected voters to recast their ballots in a secure way? Heck, when
consumer electronics or automobiles are discovered to have systemic
problems, they are RECALLED! Shouldn’t the OSDV folks be ashamed of
themselves
for not including a clause in their distribution that IMMEDIATELY
RECALLS THIS PRODUCT and ENSURES IT WOULD NOT BE USED IN ANY ACTUAL
GOVERNMENT ELECTION, if any vulnerabilities test or subsequent data
exposes it as insecure and/or unreliable?

Even more disconcerting is the cavalier attitude by the DCBOEE, in
deciding to go ahead with this moronic experiment, knowing that the
system was so massively flawed. This proves EXACTLY WHAT I (and
others) HAVE ALWAYS SAID ABOUT OPEN SOURCE VOTING — even if OSDV had
been able to provide an update to remedy all of the KNOWN problems,
there would
be no time to adequately test it, and there would be no way for the
voters to ensure that the CORRECTED version (and not a flawed or
hacked one) is being used at the time of the election.

Open source voting thus provides a false sense of security about
electronic elections, which this sad experience has vividly
demonstrated. As Ken Thompson said in 1984: “You can’t trust code that
you did not totally create yourself. No amount of source-level
verification or scrutiny will protect
you from using untrusted code.” This is still true, whether the
election community, seemingly well-intentioned developers, and
security experts want to believe it or not. Transparency is NOT
equivalent to Trust, especially in voting systems.

Don’t get me wrong, of course I believe that open source is a good
thing for many types of applications — voting (especially over the
Internet or in fully electronic systems) just is NOT one
of these. Sure, all aspects of voting systems must be open to
thorough review. But the voting
problem CANNOT BE SOLVED using open source. (If this sounds like a
contradiction, it is, as
I described in my doctoral dissertation, downlodable at
<www.notablesoftware.com/evote.html>, because there is an inherent
conflict in the ability to create a trusted system that also provides
full anonymity.)  Our election integrity colleagues must ensure that
these points are made whenever they demonstrate vulnerabilities.
Anyone who allows voters, election officials, and members of the
press to think otherwise is contributing to this outright fraud.
Perhaps if the VENDORS are fined $10,000 and threatened with jail
sentences, this charade will finally end.

Rebecca Mercuri.



Post comment

Forbidden Bookshelf

Forbidden Bookshelf




“While We Were Sleeping”

While We Were Sleeping is an urgent call to save Greenwich Village from New York University's uncontrolled expansion.

Click here to donate to NYUFASP and receive a copy of "While We Were Sleeping: NYU and the Destruction of New York" (minimum donation to receive a book is $10 plus $8 shipping).

Orwell Rolls In His Grave, featuring MCM – Buy the DVD



About News From Underground

News From Underground is a daily e-news service run by Mark Crispin Miller, a Professor of Culture and Communication at NYU. It is based on his belief that academics, like reporters, have a civic obligation to help keep the people well-informed, so that American democracy might finally work.

If you'd like to receive updates delivered to your inbox daily, sign up for News From Underground Alerts:

Help News From Underground!





Message from Mark: "I am a one-man operation, although assisted greatly by some volunteers, and, now and then, by people paid by others for one-time projects. There is no shortage of skilled, dedicated folks out there who want to help me. There is, however, nothing I can pay them with, unless you decide you can contribute something."

Please donate via the PayPal button above or via PayPal by email to: markcrispinmiller@gmail.com

Recent Posts

Recent Comments

Popular Posts

Blogroll

Need a bigger font size?




Sponsored Links



  • Your link could be here too, contact us for pricing details.