[alkoumpa]

to protect voting, audit your software/system extensively. Openssh is open-source and we all know the story..

[fredley]

But how can I (a voter), audit it in the voting booth? How can I verify that the extensively audited software is actually running on the machine in front of me?

[mtgx]

You can't. And even if the software is open source, it doesn't guarantee that state or election officials will set aside budgets to deploy such patches swiftly, or even care to deploy them.

[Sholmesy]

You can't. Especially at scale (every person validating the software before voting). Paper ballots with a anonymised ledger of votes placed is, in my opinion, the best method.

[Findeton]

You can audit your ballot in some systems. For example https://nvotes.com (open source software here https://github.com/agoravoting/).

You could even create your ballot offline, even by hand.

[fredley]

Paper doesn't scale well, attacks on paper are extremely difficult to scale well, which is why paper is a good system for voting.

[Sholmesy]

It scales "well enough", in that we currently do it, and pay for people to verify the results.

In Australia a lot of this work is done by volunteers from the major parties.

Edit: I agree, its difficult to scale an attack on paper :)

[alkoumpa]

do you think these questions are addressed by open-source software? I mean, if you only have a few buttons in front of you, how can you verify/audit the software it's running?

[alkoumpa]

plus, I might add, you can create secure software, that can't be penetrated from outside, but what about the hardware? Unless you write this (software) too, how can you trust the underlying hardware? e.g.: broadpwn. Yes, open source makes it easier to audit/collaborate/patch but it's not enough.