Sequoia Voting Systems has become the first electronic voting machine maker to publish the source code used in one of its systems, a move that computer scientists have praised. On Monday, the Denver, Colorado company released the first batch of code for Frontier, an end-to-end e-voting system that it plans to begin selling in …
The source code is ueless
How do we know that this is the source that was compiled (without being modified) and then run on voting machines? Oh that's right, we don't. This is why a piece of paper and marking an "X" in the circle next to the candidates name is still the best. You can trivially verify that you voted correctly (and the blind/disabled get assistance), and the count is trivial to verify by a human being (watching people count isn't rocket science, and with people from opposing parties and independent scrutineers you can be reasonably sure there is no collusion going on).
Not strictly true
Although you're right that I can trivially verify my vote at the point that I cast it, how can I guarantee that *my* vote was cast as written? Certainly in the UK there's no way to guarantee this whatsoever. Furthermore, can I trust human observers that all votes were counted correctly, as cast? I can't - errors could be introduced at any stage. With end-to-end electronic protocols, the user is offered some guarantee that their vote (and all votes) were counted correctly.
That said, you have a point that we've got no proof of the code actually used. The best solution to that is to allow users to verify the code being run (there are a number of ways to do that), or to use their choice of voting software, but of course that's a pie-in-the-sky idea for most users.
Gentoo Returning Officer
Adopt the principle that the e-voting machine is supplied with *source code only*. Returning Officers check the source code md5sum (or something more secure if you must) and compile the code if it checks out. Then we can have confidence in the binary. Oh, if you trust the compiler, of course. See Ken Thompson at http://cm.bell-labs.com/who/ken/trust.html
Maybe pencil and paper is less trouble, after all.
"a modern language that's widely regarded as secure"
A programming language doesn't make your product "secure." Using that language **properly**, by:
-- sanitizing input before passing it to a parser
-- destroying no-longer-needed object instances
-- checking for NULL pointers before performing a dereference
-- writing graceful exception handlers
-- avoiding deprecated features/methods
-- coding to the Principal of Least Privilege
(just a general list, some may not apply to C#) is what makes your product "secure."
Many of your example vulnerabilities aren't possible in C# hence making the language more secure.
First Open-Source e-Voting software
Actually Australian company 'Software Improvements' open-sourced their e-Voting software in 2001.
"Aussies Do It Right: E-Voting" - http://www.wired.com/techbiz/media/news/2003/11/61045
Hopefully this will encourage other manufacturers to do the same. States will probably go with the system they have the most confidence in, so there's an incentive for companies to prove that their machines will work correctly.
Stick to pen and paper.
The security comes from the whole process, from the fact that there are representatives of the opposing parties watching over all stages of it, from the delivery of the empty ballot boxes through the polling and delivery of the filled boxes to the count, no single part of it takes place out of the eyes of a bunch of people *with opposing interests*.
No electronic system can ever compare to that level of security. Imagine if inside the ballot boxes they turned out to be full of mechanics and pencils and paper and all the necessary bits for forging ballots indistinguishably? Why on earth would we ever choose to use those over plain old metal boxes that are infinitely cheaper and simpler and more secure? The whole of electronic voting is a massive white elephant.
I still don't understand why we would want electronic voting machines. Surely democracy is part people electing their representatives, and largely being seen to elect their representatives? Assuming you still need to turn up at the voting station and verify your ID, then this seems to be a non-solution to a non-problem.
It's more expensive, more opaque, not increase turn-outs, not significantly faster (who cares if the results come in in 2 hours or 6 hours when the results are for 5 years of representation?). Part of the electoral process is, to my mind, the process itself.
Solving the wrong problem
This is solving the wrong problem.
Even ignoring the fact that only a tiny minority of the population can make sense of this, the voter still cannot be certain that the software the machine is running is the same software they inspected.
Stick to pencil and paper and manual counting. The adversarial relationship between counting staff ensures that the result will be correct; people with no reason to trust one another can only ever agree on the truth.
Ok lets over engineer it!
Place your cross on a piece of paper (sequentially numbered from a pad so you can account for them all).
Take them to a central location and pop them through an OCR reader (cheap piece of kit which you can use for other things) with a simple counting program that any school kid could write.
If there is a dispute or you want to verify the program you always have the paper. If the kit breaks down or you have no power you can still count the votes.
No need for expensive specialist kit that gets used once every 5 years.
This is good use of public funds to develop a resilient and accountable system ...... chances of it happening ?
Time for a pint