• t3rmit3@beehaw.org
    link
    fedilink
    arrow-up
    34
    ·
    edit-2
    8 months ago

    I was part of the public testing program for the Swiss Post’s voting software (in Switzerland, the Post Office administers the elections). It was open-source in part, and people were able to find (and fix) TONS of issues prior to the elections, including critical attack chains that allowed changing or fabricating votes. The use of proprietary, closed-source systems is purely for the financial benefit of the companies who make voting machines, never for security. Obscurity is not security.

    • P03 Locke@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      14
      ·
      8 months ago

      The use of proprietary, closed-source systems is purely for the financial benefit of the companies who make voting machines, never for security.

      Not just the financial benefit. Security flaws can become open secrets that only one party abuses.

  • Barry Zuckerkorn@beehaw.org
    link
    fedilink
    arrow-up
    2
    ·
    8 months ago

    Open and auditable source code is a laudable goal, and one I generally endorse.

    But the more important issue is an open audit trail.

    The implementations I’ve seen that make the most sense are electronic machines that validate and mark ballots that are both human readable and machine readable. The input validation can prevent overvotes (accidentally voting for more than one candidate) and add a verification step for undervotes (choosing to leave a particular choice blank), while the voter gets a verifiable visual feedback that their ballot has been properly created. Then they drop it in the box.

    At the end of the night, the paper ballots are fed into tallying/counting systems, which should entirely distinct from the input validation systems. That way they get a machine count that night, but still have an auditable paper trail.

    Given the choice between a direct voting machine that’s open source, or a closed source machine that creates the paper trail in that way, I’d choose the auditable process.