Why isn't voting software open source?

[quakefiend420]

Title says it all. Seems to me that this would make it much easier to trust the software and easier to secure due to crowdsourcing your QA.

What am I missing here?

 

[IronWing]

The voting machine manufacturer just happens to make large political contributions.

 

[Schmide]

Don't worry we're leading the world in this.

Oh wait

http://arstechnica.com/features/2012/11/internet-based-and-open-source-how-e-voting-is-working-around-the-globe/

Around the world though, these percentages don't hold. An increasing number of countries are beginning to tackle e-voting with gusto. Estonia, Switzerland, Spain, Brazil, Australia, India, Canada, and a handful of other countries have all held elections through the use of electronic voting machines in recent years.

 

[PhatoseAlpha]

Because installing a modified version of the software, rigged to support your favored candidate is infinitely easier if you have the source code, maybe?

Or maybe because the eyes looking at the code for weak points would likely been as numerous as those who look for security, but with far better motivation?

Or maybe because it's the kind of thing that really needs constant upgrading, while the crowdsourcing drops off massively due to disinterest for 3 out of 4 years?

Or maybe because open source is largely made up of technocrats, and the non-technocrats aren't going to take the word of it without some kind of non-techie management?


Mostly though, it's because there aren't enough techies who care enough to make crowdsourcing via volunteers really viable or more secure the proprietary stuff, nor are there any corporations with a need for polling software and a willingness to pay devs then give away the code.

 

[quakefiend420]

Because installing a modified version of the software, rigged to support your favored candidate is infinitely easier if you have the source code, maybe?

Or maybe because the eyes looking at the code for weak points would likely been as numerous as those who look for security, but with far better motivation?

Or maybe because it's the kind of thing that really needs constant upgrading, while the crowdsourcing drops off massively due to disinterest for 3 out of 4 years?

Or maybe because open source is largely made up of technocrats, and the non-technocrats aren't going to take the word of it without some kind of non-techie management?


Mostly though, it's because there aren't enough techies who care enough to make crowdsourcing via volunteers really viable or more secure the proprietary stuff, nor are there any corporations with a need for polling software and a willingness to pay devs then give away the code.

I would believe some of that, but the thing is, this is not a complicated problem to solve. I bet the entire thing could be written in <1K lines. In fact, perhaps I'll write my own...

 

[PhatoseAlpha]

Just remember, you're not solving it to your satisfaction, you're solving it to be secure against all attacks, and to pass all relevant government testing.

Easy in principle, sure. Security is going to be a huge worry, and well, if you're going to volunteer to put up with government testing and certification, then you really, really need a hobby.

 

[Jeff7]

Title says it all. Seems to me that this would make it much easier to trust the software and easier to secure due to crowdsourcing your QA.

What am I missing here?

I think that most of the population doesn't have any idea what "open source software" even is.


"Source?" Isn't that that thing for downloading games? I'm pretty sure that's open 24 hours, and I don't think you can vote with it."

 

[Bowfinger]

Title says it all. Seems to me that this would make it much easier to trust the software and easier to secure due to crowdsourcing your QA.

What am I missing here?

Because America is a capitalist country, which means we don't do it for free if someone can profit it from it instead. Open source is hard to exploit for profit, though there are notable exceptions.


By the way, re. PhatoseAlpha's comment about security, I'm afraid that's wishful thinking. The original Diebold (now Election Systems, IIRC) electronic voting machines were horrifically insecure. They were build on Access, and votes could be readily altered without leaving any sort of a trail. They wouldn't even pass a Freshman class in IT security. They were so transparently poorly designed, it seemed legitimate to ask if they were, in fact, intentionally designed to be manipulated.

I don't know if the current generation of e-voting machines are better. I hope so. Certainly open source can be used to produce highly secure systems.

 

[Jhhnn]

Just remember, you're not solving it to your satisfaction, you're solving it to be secure against all attacks, and to pass all relevant government testing.

Ohio's Secretary of State didn't bother with testing & certification when installing experimental proprietary software just before the election, so why should anybody?

 

[bononos]

.....
By the way, re. PhatoseAlpha's comment about security, I'm afraid that's wishful thinking. The original Diebold (now Election Systems, IIRC) electronic voting machines were horrifically insecure. They were build on Access, and votes could be readily altered without leaving any sort of a trail. They wouldn't even pass a Freshman class in IT security. They were so transparently poorly designed, it seemed legitimate to ask if they were, in fact, intentionally designed to be manipulated.
.....

You're right the Diebolds were just awful. There just seem to be a never ending stream of news on how shoddy those machines are- $10 hack, remote control hack...

I can't seem to find the links but wasn't there some news about Diebold machines giving the same vote counts in several areas (in 04 or 08) which were subsequently challenged by manual recounts. The manual recounts overturned the wrong machine results which were all in favour of Republicans.