Hacker News new | ask | show | jobs
by harkyns_castle 4352 days ago
"I am advised that publication of the software could leave the voting system open to hacking or manipulation".

Well, if the problems are there, opening up the source to more eyes strikes me as the obvious thing to do; or should those with the knowledge of how to manipulate it as it stands be kept to the bare minimum? :)

But in any case, at least the meat of the implementation of the algorithm should be OK to release I would've thought - surely that isn't someone's intellectual property?

This is software we paid for and strikes me as pretty important to the democratic process, I'd like to have a bit of a look at it.
2 comments
raving-richard 4352 days ago
A smart cookie could vote in such a manner as that when the information is entered into the system, it crashes it? Maybe that's what they mean by manipulation...

Or, is it available online without any authentication other than knowing where it is? So if you know where it is, you could enter votes and then manipulate the election with those fake votes...

link
jacques_chester 4352 days ago
> A smart cookie could vote in such a manner as that when the information is entered into the system, it crashes it?

"Informal" votes -- ballots where the voter does not correctly fill out the ballot paper -- are rejected from the tally by the counters under supervision from scrutineers.

If you use hexadecimal, it will be rejected. If you use a very large number, it will be rejected. If you use weird unicode characters, it will be rejected. If it's anything other than a) a single [1] "above the line" or a fully filled-out ballot "below the line" comprised of numbers from 1-n where n is the number of candidates-1, it will be rejected.

If it's crashing on properly filled-out votes, there's a bigger problem.

link
XaspR8d 4352 days ago
> "I am advised that publication of the software could leave the voting system open to hacking or manipulation".

Certainly reminds me of this xkcd: https://xkcd.com/463/ It sounds like security...

link
harkyns_castle 4352 days ago
I hadn't seen that one :) Someone above mentions its VB6 with embedded SQL Server upgraded from COBOL [1]. Can sort of see how they don't want anyone looking at it now.

1. https://news.ycombinator.com/item?id=8039958

link
evolve2k 4349 days ago
It seems to be an ongoing misconception in the public, that part of good security is obstification. Know of any simple clear articles I could point people to when they make these sort of ("because Hackers might see") claims?
link