Hacker News new | ask | show | jobs
by rapind 1516 days ago
I think the problem is who builds it. I wouldn’t trust election software that wasn’t open source with a lot of eyeballs on it. Diebold wasn’t exactly a shining example to set. Preferably a non profit organization backing it and then having it adopted as a standard. I just don’t see that happening in the US where voter obstruction is part of at least one party’s strategy.
2 comments
vlovich123 1516 days ago
Open source doesn’t actually matter here. A closed source electronic system should work just as well. Why?

The way it should work is the machine should just print out a scantron AND a human legible copy (probably with a bar code linking the two). The person submits both by hand. You get early results by counting the scantron. Before certification, there is a statistically significant manual counting of the human legible ballots. For tighter races you recount all. The linked barcode lets you also statistically cross-validate in case there was a discrepancy between the machine readable copy printed and the hand ballot (you sample randomly).

Open source means absolutely 0 here. There are too many vectors of attack (eg physically compromising a machine, chain of custody, malware etc). Better to assume the machine is compromised and build a system that doesn’t care.

link
rapind 1516 days ago
Back in 2004, “Official federal voting system standards require audit logs to record all normal and abnormal events that occur on the system.”

And yet at that time Diebold had a system that did NOT do that deployed all across the US. Someone was deleting votes, and it wasn’t being logged.

Here’s lawmakers saying “should” do something, and an opaque reality where that didn’t happen. It was also running windows…

This is an attack vector. I prefer transparency. Open source would help.

link
maccard 1516 days ago
> Open source would help.

How does open source help? If I place a device in front of you and tell you it's open source, there is no guarantee that it is running what you can download from github.

link
rat9988 1516 days ago
> It was also running windows…

Nothing wrong with this choice. The rest of your point still stands though.

link
rapind 1515 days ago
It’s just that windows is quite a bit more complex and vulnerable compared to much simpler and security focused OSs like a BSD back then or maybe Alpine Linux these days.
link
vlovich123 1515 days ago
That's the point of the system I described. Vulnerabilities of the automated system don't matter. You verify the manual result and the digital result are the same.
link
IshKebab 1516 days ago
The only output of the machine could be a bit of paper that you can view through a window and verify. Doesn't really matter if it's closed source.
link
rapind 1516 days ago
So we don’t have to trust that the company wrote it correctly. https://www.wired.com/2009/08/diebold-audit-logs
link
IshKebab 1515 days ago
Correct.

Not sure why you linked that?

link