Home
Site Map
Reports
Voting News
Info
Donate
Contact Us
About Us

VotersUnite.Org
is NOT!
associated with
votersunite.com

E-vote kit makers go 'shared source'
By Thomas C Greene
Published Thursday 28th October 2004 The Register

Several of the largest makers of touch screen ballot machines are submitting at least some of their source code to the National Software Reference Library, the Associated Press reports.

This is so that election officials can compare hashes of the original software to hashes of the software they've got, and detect tampering.
 

 
The publicity stunt is meant to engender public confidence in the design of the machines, but it actually raises more suspicions than it eases.

"Voting machine makers said Tuesday they would not submit their most valuable data their proprietary source code. And they might not provide the library with copies of software patches, s and upgrades," the wire service says.

Code withheld does imply that the companies have something to hide, like slack work, for example. And since the potential for last-minute patching is quite real, omitting patches from the library makes it impossible for officials to verify ones they are issued, perhaps only days before an election.

It's clear that negative press has worried the vendors about public confidence in their kit, and they would do just about anything to address it, short of opening their source code, libraries, and compilers to rigorous third-party examination. No doubt this would reveal numerous snafus, which is why it's not happening.

Similarly, their apparent desire to patch at will, without pre-certification and verification mechanisms, itself implies that there is a lot wrong with their software, and raises questions of tampering, by making it too easy for 'unofficial' software to be installed.

So this 'library' approach addresses one problem, that of verifying the software one has been issued, but doesn't actually solve it. One might verify one's software with the official checksums three months before an election, then find, after two or three patches have been installed, that (of course) the checksums no longer match. It then becomes impossible to determine whether or not this situation indicates a problem. All you can say with confidence is, you had the right software installed three months earlier.

This development will remain a meaningless publicity stunt until security protocols are developed, and mandated by law, requiring that all software be tested and approved by a government body, and that no untested, un-approved software can be installed. This must include all source code, compilers, libraries, and patches. And it is not enough merely to make the checksums available; it must be illegal to deploy a machine unless all have been verified.

Touchy screens In related news, briefly, there have been anecdotal reports of touch screen machines registering the wrong choices. Because there are so many different types of screens, and because some use discrete and others continuous touch areas, it is impossible to guess the particular problem here. But we are, no doubt, going to hear a lot more such complaints on election day. We can hardly wait. ®



Previous Page
 
Favorites

Election Problem Log image
2004 to 2009



Previous
Features


Accessibility Issues
Accessibility Issues


Cost Comparisons
Cost Comparisons


Flyers & Handouts
Handouts


VotersUnite News Exclusives


Search by

Copyright © 2004-2010 VotersUnite!