I see stories about how election is rigged or that there are security vulnerabilities and lots of people don’t believe the outcome. Why don’t they just open source everything so that anyone can look at the code and be sure the votes are tallied correctly?
How do you know that what’s open sourced is what’s installed and running? Someone should verify it and then you’ll have to trust that person as well.
Both open and closed source software share this problem, so this doesn’t really answer the question.
I meant to say that open sourcing doesn’t make it immediately trustworthy. You have to place the trust somewhere. If you can’t trust that the open sourced code is what’s running, it is effectively the same as running closed source software.
That’s a very easily solved problem. You generate a code-signing certificate (already used all over the place, and why Windows occasionally tells you that software “isn’t trusted”).
You then verify that certificate in the presence of observers from all parties. At the same time that you verify the anti-tamper tags on the ballot boxes.
The parties only have to trust the person they assigned as an observer.
And if the tampered machine only outputs the correct signature,‘regardless of that it’s actually doing?
What if there is a rogue hardware device making changes? What if the legit OS gets swapped out like Hyperspace OS used to do?
There are a lot of problems in this space and a LOT of bad actors who would go to the greatest lengths to manipulate this.
I’m the kind of guy who likes digital everything, but we should be voting on paper with a scantron to allow for quick tabulation with a very difficult to tamper with verification. Physical evidence.
There is all manner of digital trickery that can be done between when your finger contacts a button and a vote total is updated, and there are too many fucking Roger Stones in the world. No thanks.
The tampered machine can be fed challenges before and after the election that reveal if it’s lying about it’s self-verification system. It’s not perfect, but it beats closed source “trust us” machines outright.
We actually have a lot of this tech in less important areas already. It’s interesting and worrisome that our refusal to use it in voting seems to be political, not practical.
This still adds another moving part to duping people. It’s much, much easier to independently verify the software if it’s open source.