I see stories about how election is rigged or that there are security vulnerabilities and lots of people don’t believe the outcome. Why don’t they just open source everything so that anyone can look at the code and be sure the votes are tallied correctly?

  • @MrGeekman
    link
    631 year ago

    A lot of folks unfortunately think open-source software is much more vulnerable than closed-source software because anyone can inspect it. The great irony of it, as everyone here knows, the opposite is actually often true.

    • wagesj45
      link
      fedilink
      121 year ago

      unfortunately people are in general only smart about one or two subjects, and morons about everything else. i include myself in this assessment.

      • @MrGeekman
        link
        91 year ago

        This is true. It’s also why nuclear power plants aren’t a lot more common.

    • @Freesoftwareenjoyer
      link
      101 year ago

      Our society is not able to understand modern technology. Most people haven’t even heard of concepts such as Open Source or Free Software. They have only been around for over 30 years, but ok.

      I see people here are cheering for some proprietary app for Lemmy called Sync. It just makes me sad. I guess they don’t want security on their devices.

      Everything made by the government should be Free Software. Public money, public code: https://publiccode.eu

      • @gundog48
        link
        101 year ago

        I don’t think there’s a problem with people using Sync, I access Lemmy mostly through Windows!

        People are happy about sync because they’re going to be able to use a UI they like, are familiar with, and has been refined over a really long period of time. It’s just a frontend, I think it’s way more important that the foundation you choose to build a platform on is open-source and can’t be pulled out from under you. If people prefer accessing through Sync, Chrome, or whatever else, it’s not really an issue as there’s always other options if any of them go sour.

        I fucking love open source, seeing the rapid advancements in 3D printing, robotics, prosthetics and a host of other technologies as people build on each others’ ideas is amazing. The fact that a dude can use a brain-computer interface and machine learning to control a fucking exoskeleton he built in his residential house in his free time is like witnessing the future. But at the same time, also using closed-source software is not inherently a problem, and is often unavoidable.

        And yes, it’s insane that people have to pay for access to information that they paid for. The fact that I have to pay money to see the standards of how to wire my home safely, that was drawn up with public money, is pure insanity!

        • @Freesoftwareenjoyer
          link
          -21 year ago

          The post was about voting machines and that we should be able to verify they are secure and that their software doesn’t have any malicious functionality. So why wouldn’t you want the same on your own devices? Shouldn’t our computers be secure too? Don’t we deserve to be able to control our devices and the software that runs on them? I think we do. I think computers should be secure and that we deserve privacy. But you can’t have any of those things with proprietary software. When using it, you are at the mercy of the person/company who developed it and they might not have your best interest in mind. Very often they only care about their interests and add things like spyware and DRM.

          Only with Libre Software users have the freedom to control their devices (because of the 4 essential freedoms). Proprietary software is unethical, because it takes away those freedoms from us. It gives developers power over their users, which they often abuse. Developers should know better and give their users the freedom they deserve. That’s partially what makes me sad about Sync. Its developer is making a proprietary app for a Libre platform, probably because they just don’t know any better.

          Another sad thing is that there are Libre apps for Lemmy. But some people still choose proprietary ones. They choose to not have freedom, security and privacy. Most of them do that, because they just don’t know any better.

          Open Source is similar to Free/Libre Software, but it’s a corporate term that doesn’t mention those ethical issues.

          You mentioned some of the amazing things people do with Free Software. But most software is proprietary. Imagine what we could achieve if i wasn’t.

    • @sumofchemicals
      link
      271 year ago

      Electronic voting could use open source software, but so can a machine that scans a marked ballot. The best practice is to have voters mark a physical ballot, then have them put it in a machine (running open source software) that scans and tabulates the results. If there’s a question about the integrity of the results, we can go back and count physical ballots.

      • @cavalierfrix
        link
        141 year ago

        Mail in voting baby! I want every U.S. citizen to have this right.

      • @NewEnglandRedshirt
        link
        131 year ago

        I absolutely agree. Vote counting & tallying machines are fine, but you always want that paper trail.

      • Trebach
        link
        fedilink
        21 year ago

        That’s how it works in my state except you fill in the printed ballot by hand.

    • Virkkunen
      link
      fedilink
      121 year ago

      Brazil has changed to electronic voting since 1996 and faces none of these issues.

        • Virkkunen
          link
          fedilink
          51 year ago

          Exactly. Every election you see a handful of right wingers claiming that the machines and/or code is unsafe and can be easily tampered with, but have absolutely nothing to back that up, and yet another election passes without anyone anywhere proving that our system is unsafe/a bad idea.

          This Tom Scott video is terrible, should be renamed "why electronic voting is a bad idea (for fascists)

    • dhdds
      link
      fedilink
      41 year ago

      this video has 3 years.

      3 years is a lot to somethings to be mature. He tells about Trust & Anonymity. You can’t trust anonymity 'coz you can trace the vote and bla bla bla. Well, you can trace the regular method too. Trust, you can’t trust the way the vote leaves the booth to the central. You know the Hash initiative? Even a small number change will be shown to everyone.

      • xNIBx
        link
        fedilink
        7
        edit-2
        1 year ago

        Well, you can trace the regular method too.

        Not as efficiently and in mass. It’s like saying “you could gather personal data before the internet/social media”. Sure, there were mailing lists and some companies had personal data manually gathered but that was 0.00001% of what you can gather today for like 5$.

        When it comes to data, scale and efficiency matter. As someone from a low trust country(Greece), any electronic voting is literally a threat to democracy, society and pretty much opens the window for a civil war. Which is why no political party even dares suggesting it.

        And it doesnt take much for a society to become low trust, you only need 1 bad actor(game theory). Though Greece was never not a low trust society. But i think all countries would benefit from an electoral system like the greek one, where all political parties can have representatives on every ballot, there is tight control for ballot envelopes, everything is opened and counted in front of everyone, basically all political parties keep their own tallies, at a local and national level.

        So if there is something fucky with the official results, it will be easily tracked and noticed. At least as long as you can have party representatives on every ballot. Obviously smaller parties cant do that. There have been conspiracy theories about neonazi votes not being counted, because literally all other parties despise them. And when i say neonazi, i dont mean “neonazi”, i mean literally a parliamentary party that had this as their symbol

        https://en.wikipedia.org/wiki/Golden_Dawn_(Greece)#/media/File:Meandros_flag.svg

        And their second in command has a huge swastika tattoo, etc. At least their party became illegal and its leaders spent some time in prison but that only happened after they murdered a greek. As long as they were beating and killing immigrants, they were fine.

      • Adama
        link
        fedilink
        41 year ago

        The issue isn’t trust. It’s the same as anything else electronic such as having a backdoor to encryption.

        Anything physical requires a certain amount of effort to break in such a way that is widespread and without making it obvious.

        But purely digital/online means that any bad faith actor with enough resources (such as nation states) can scale up the means and methods to manipulate it or break it.

        I’m all for electronic voting for tallying with physical paper trails that can be used to verify the integrity of the digital results.

        • HubertManne
          link
          fedilink
          31 year ago

          yeah this is how my state does it. You have a little clear window that prints out to a reciept type of roll and you can see it made your choices for each section. Still would like the system to be open source. Really though I can do it by mail now and that is the bomb.

        • smac
          link
          fedilink
          21 year ago

          The funny thing about this is that the way conservatives seem to want to verify is by hand counting the ballots, which is PROVEN to be less accurate than electronic counts.

      • Virkkunen
        link
        fedilink
        31 year ago

        This video is 3 years old, Brazil’s electronic voting system is 27 years old and there hasn’t been anyone proving that it is a bad idea, unsafe, tamperable or anything of the sort.

        I like Tom but this video really irritates me. It just seems like he’s pulling generic arguments out of his ass without any actual research.

    • @[email protected]
      link
      fedilink
      11 year ago

      Importantly, Open Source is not feasible as a safeguard because there would be no way of verifying that the voting machine is running a build from the public source.

      • @stewsters
        link
        3
        edit-2
        1 year ago

        Even if it was the same source, you would have to also verify the compiler was not compromised. There are a lot of steps that need to be done.

        That being said, open source would reveal the big easy to implement bugs and design flaws, as well as boost trust in the system. They should open up the source and allow audits.

      • @MajorHavoc
        link
        21 year ago

        This is a solveable problem, actually. It involves trusted computing platforms where various unrelated parties commit to various audit standards.

        It could still, in theory, be compromised, but it would be a a lot harder to rig than anything at have today, since one would need a deep backdoor into multiple separate entities - the hosting company, and the source code repository, and the voting machine manufacturer, etc.

  • @BeldarWadsworth
    link
    431 year ago

    Do you think most of the people in government know what open source means? The concept of facebook confuses them lol

      • @Katana314
        link
        31 year ago

        i am on the webpage, but i cant see the internet

    • John Richard
      link
      -11 year ago

      I don’t know about most, but I think the number of people in government willing to accept bribes and kickbacks for picking a particular overpriced vendor is probably greater.

  • @cerevant
    link
    401 year ago

    Because there is too much money to be made in the business. Vendors are selected through a political process which is decided by what politicians benefit from the selection.

    Don’t kid yourself - the people screaming about rigged elections don’t actually care about solving the problem. They know they lost and they are happy for the excuse to continue grandstanding.

    • Dick Justice
      link
      121 year ago

      Heck, they even complain about riggory when they win. It’s literal rabble-rousing.

      • 1chemistdown
        link
        fedilink
        41 year ago

        Always say it is all rigged, never let the people think anything different than what you want them to think.

    • @sumofchemicals
      link
      31 year ago

      I think this is closer to the real answer than the comments about “so and so will still complain.” That said, does anyone know if there is any companies making open source machines? Cause if not, there’s our primary reason why elections don’t use them.

    • @deafboy
      link
      61 year ago

      I know it’s supposed to be a joke, but all I feel when I stumble upon this one is guilt. I mean… if a doctor did what we’re doing in IT on a daily basis, it would be classified as a criminal ofense.

  • @puppy
    link
    241 year ago

    How do you know that what’s open sourced is what’s installed and running? Someone should verify it and then you’ll have to trust that person as well.

    • @[email protected]
      link
      fedilink
      151 year ago

      Both open and closed source software share this problem, so this doesn’t really answer the question.

      • @puppy
        link
        14
        edit-2
        1 year ago

        I meant to say that open sourcing doesn’t make it immediately trustworthy. You have to place the trust somewhere. If you can’t trust that the open sourced code is what’s running, it is effectively the same as running closed source software.

    • rockslice
      link
      fedilink
      101 year ago

      That’s a very easily solved problem. You generate a code-signing certificate (already used all over the place, and why Windows occasionally tells you that software “isn’t trusted”).

      You then verify that certificate in the presence of observers from all parties. At the same time that you verify the anti-tamper tags on the ballot boxes.

      The parties only have to trust the person they assigned as an observer.

      • deejay4am
        link
        21 year ago

        And if the tampered machine only outputs the correct signature,‘regardless of that it’s actually doing?

        What if there is a rogue hardware device making changes? What if the legit OS gets swapped out like Hyperspace OS used to do?

        There are a lot of problems in this space and a LOT of bad actors who would go to the greatest lengths to manipulate this.

        I’m the kind of guy who likes digital everything, but we should be voting on paper with a scantron to allow for quick tabulation with a very difficult to tamper with verification. Physical evidence.

        There is all manner of digital trickery that can be done between when your finger contacts a button and a vote total is updated, and there are too many fucking Roger Stones in the world. No thanks.

        • @MajorHavoc
          link
          11 year ago

          The tampered machine can be fed challenges before and after the election that reveal if it’s lying about it’s self-verification system. It’s not perfect, but it beats closed source “trust us” machines outright.

          We actually have a lot of this tech in less important areas already. It’s interesting and worrisome that our refusal to use it in voting seems to be political, not practical.

    • socialjusticewizard
      link
      fedilink
      61 year ago

      This still adds another moving part to duping people. It’s much, much easier to independently verify the software if it’s open source.

  • Hari Seldon
    link
    fedilink
    20
    edit-2
    1 year ago

    Voting machines are the most utterly stupid thing ever created. Why don’t you use paper ballots as other countries do?

    • @local_taxi_fix
      link
      171 year ago

      We do, there are very few counties in the US that are actually fully digital (stupid idea IMHO). The majority are paper ballots which are scanned into the machine for fast counting. The original paper the voter filled out is then stored in case it needs to be checked against the machine count for accuracy.

      • lol3droflxp
        link
        fedilink
        51 year ago

        Interesting that it takes so ridiculously long to count then, in Germany the votes are counted on paper by hand and they’re down within maximum 3 days.

        • Ender2k
          link
          fedilink
          61 year ago

          In Washington we have all early voting results and some of the early results from that day by the time polls close on election day. Then an update each day with those processed that day with the remainder that trickle in over the next couple of weeks (e.g., mail in ballots from overseas, challenged ballots that need to be “cured”) until the election is certified.

          Most places where there is a delay, it is intentional and written into law/regs–like, that each ballot and its signature has to has to be verified by a human before it can be scanned. And, if, hypothetically, a party wanted to cast doubt on an election, they could send representatives to challenge each and every ballot and slow the process down–and simultaneously cry foul that the process is taking so long. But no one would do that, right? /s

        • @[email protected]
          link
          fedilink
          61 year ago

          …does it take ridiculously long? I’ll admit I’m not usually on the edge of my seat waiting for election results, but it’s usually just a couple days after voting closes I think. Some places accept mail-in voting way after the election technically closes so they technically take longer to count votes, but that’s more the exception than the rule.

        • @Dandroid
          link
          21 year ago

          It only started taking more than one day recently. My conspiracy theory is that it is so we have to watch the news for three days instead, which makes them a ton of money.

    • Aer
      link
      15
      edit-2
      1 year ago

      I’m with you, The Tom Scott Video @puppy linked is amazing, goes over good reasons against electronic voting machines. Paper Ballots are great because the counts are done in the presence of all parties and by multiple people. It takes a while, but it’s a good example of technology not always being a viable option for everything.

      As said in the video, not everyone would understand code. The only reason why people vote is because they trust in the system. If they don’t trust in the system they don’t vote. They could open the code up and show people, but it wouldn’t dispell fears of those who aren’t knowledgeable about computers.

      • @philz
        link
        31 year ago

        Completely agree and loved the Tom Scott video.

        But I will say, people “trust” technology for their money/banking without issue, and I think the average person worries about that a little more than voting.

        But yes I agree, at least until better technology is available, we should just stick with paper ballots and old fashioned counting.

    • UltimoGato
      link
      fedilink
      31 year ago

      My state only does paper ballots and voting by mail. I completely agree that voting machines are completely unnecessary.

    • AttackBunny
      link
      fedilink
      11 year ago

      My county/state does paper mail-in ballots by default (they look like this ) As someone else said, a machine does scan them (like the standardized test forms in school), but the paper ballot is saved, for review, if necessary.

      There are plenty of people that take issue with mail-in ballots too. People are just never happy, and seemingly want someone to feel “in the know” about (eg conspiracies)

      • @MajorHavoc
        link
        11 year ago

        We should start by having open source software and hardware verify our paper ballots. Maybe we stop there.

        It feels dishonest (political) to treat this as an all-or-nothing proposal.

    • Virkkunen
      link
      fedilink
      1
      edit-2
      1 year ago

      They have been working perfectly fine with pretty much no downsides or security issues here in Brazil for over 20 years. Generally any “issues” making rounds in the news are a right winger mad that they weren’t elected so they claim the machines are unsafe and can be tampered with, with absolutely nothing to back their claims. Paper ballots are considered unsafe and retrograde.

  • @Daniikk1012
    link
    121 year ago

    How do you prove that the software installed is the same software the source code of which is available to the public?

    • @sumofchemicals
      link
      111 year ago

      @rockslice addressed this in another comment - you use signing certificates to verify it’s the correct code, which is a widely accepted method.

      • moop
        link
        fedilink
        21 year ago

        How can a voter verify this though without spending 10 minutes inside the booth?

        • @sumofchemicals
          link
          21 year ago

          You’re right, they can’t. That said, how can they verify some local official hasn’t taken a pay off to fudge some numbers? The public believing election results requires multiple processes each being as transparent as possible, and even then, it comes down to trust, and some people just won’t believe the results. We should design systems that are as robust and transparent as possible, and an open source machine that counts physically marked ballots is only one component.

        • @MajorHavoc
          link
          11 year ago

          Remote verification is possible and desirable.

          Ideally news companies and hobbyists have access to do this verification before after and during the elections. Also, most local governments could and should pay an auditor company periodically to do the same audit and publish the results.

          These processes exist for closed source infrastructure. They’re just better and more effective on open source solutions.

  • @ritswd
    link
    61 year ago

    I don’t know that that’s the reason, but I have an intuition from having been an election judge here in Illinois.

    A voting machine is a closed-circuit system that just counts votes and prints the tally. It is not connected to any network, and getting its software upgraded requires a key that only the voting machine company has, and a seal that is unique and that can only be replaced by that voting machine company.

    To make it clear with an example: a judge ruled in Illinois that ballots that would be in either English or Spanish were now void, they all had to be in both language at the same time. Because that didn’t use to be the case, the election judge has to choose for each person between “English”, or “Spanish”, or both in the UI, and if they don’t choose both, the ballot is void. It’d be a trivial UI fix, and critical enough that you’d think it would be a priority. And yet the past elections still had the old UI, because updating the software on there is that hard.

    So my intuition: if a CVE was found in one of the open-source solutions on there right before the election, the voting company would have to patch it, except it couldn’t realistically be done in time, so the election would be canceled until there is enough time without a CVE. Which of course doesn’t typically happen for very long. But if it’s all closed-source and the voting machine company is on the line for it, therefore that problem doesn’t exist.

    • rakudave
      link
      fedilink
      71 year ago

      security through obscurity is a terrible idea - the problem is still there, and a determined attacker will find it anyway

      • @ritswd
        link
        2
        edit-2
        1 year ago

        I don’t disagree. The point here being that the choice that was made was to keep the machines off any network to mitigate a bunch of attack vectors, and that’s having consequences on which unusual compromises had to be found. In other words: I can see how the obscurity is probably not the goal, only a consequence of other goals.

      • @thebestaquaman
        link
        21 year ago

        In general I agree, but these voting machines are in the quite uncommon position where potential attackers not only don’t have access to the source code, but in general don’t even have access to the program for any significant amount of time, and has no way of knowing if the software has been updated since they last interacted with it. That makes it very hard to even start developing an attack that could maybe work.

        I guess my major concern with voting machines is this.

    • @MajorHavoc
      link
      11 year ago

      Thanks for your insights.

      A high profile CVE on voting machines released right before an election would almost certainly be solved by air-gapping the machines during the election.

      Also, a high profile CVE released right before an election is almost guaranteed to happen, thanks to the motives of potential attackers, so it would be important to have a plan in place.

  • exohuman
    link
    fedilink
    61 year ago

    It’s because the government likes to corporatize everything. It should be open source and supported by several companies who all update the software and keep it bug free.

    • npastaSyn
      link
      fedilink
      41 year ago

      They can say that anyways with poll stations stuffing ballots. How is that different?

    • popshabang
      link
      fedilink
      21 year ago

      Didn’t Fox News literally just do that with Dominion? Open sourced software is at least verifiable by independent parties and wouldn’t require a long $800 million lawsuit to work through.

    • @sumofchemicals
      link
      11 year ago

      Open source voting machines (that scan marked physical ballots) have an actual benefit to real people, they’re not just a talking point in a tv debate. Whether or not qanon people squawk (they will) it’s important that our votes are actually counted correctly, and that we can explain/prove how to reasonable people.

    • Virkkunen
      link
      fedilink
      11 year ago

      This is exactly what happened here in Brazil when a right winger wrote some bullshit code and claimed he leaked the voting machines code.

  • AnonTwo
    link
    fedilink
    31 year ago

    Just to be clear: People will argue bad actors whether it’s paper or electronic. I have not seen a single election since I became able to vote where the votes were not disputed.

    • MisterMoo
      link
      fedilink
      61 year ago

      Assuming you’re talking about America, before 2000 votes were never closely scrutinized or thought of as fraudulent. In Florida there was the hanging chads thing in 2000, and a fringe clings to the idea that there was chicanery in 2004, perhaps in Ohio. But the 2008, 2012, and 2016 elections weren’t seized on as needing to be “investigated,” although the Republican candidate in 2016 declared that if he didn’t win the forthcoming election, it’d be due to widespread fraud and he might not accept the result. In 2020, that came to pass, with a clear and validated loss and he didn’t accept the result, infusing his supporters with the idea that there was massive fraud despite the lack of any evidence or verifiable documentation of it. Now, of course, we do have one party that seems perpetually trapped in a cycle of questioning all election outcomes that don’t align with their political goals, and it seems likely to only get worse.

  • Hairyblue
    link
    fedilink
    21 year ago

    We use paper ballots that are scanned by machines and then kept if needed to check or recount.

    • @lynny
      link
      English
      11 year ago

      Not every state does this, and it’s ultimately up to each state how votes are done. The federal government actually has very little say in how states handle elections.