Need for Open Source Voting and Tabulation Software

My goal with this post is not to promote a political position, even though it discusses politics. For those who hate President Trump, pretend that the scenarios discussed below happen a few years from now, to your favorite politician. I was recently shocked as I read reports about the Proprietary Voting machine software and associated non-disclosure agreements that go with them, and their affects on the freedom of my country. For today, it it’s the ‘Dominion’ company that we’re trusting with the fate of our Democracy to here in the USA. It looks to me like secret un-audited Dominion software is being used to destroy democracy itself.

Here in the US, Donald Trump is near to the end of his term and officially lost the recent Presidential election to Joe Biden. The Democrats are happy and the Republicans are outraged. Trump can fill large stadiums with tens of thousands of people both inside of the stadium and also outside of the stadium, for those who couldn’t get in, several days per week for weeks on end as he campaigns. Joe Biden did almost no campaigning and was known to have from just a few dozen to a few hundred people in attendance at his campaign rallies.

The Dominion voting machines come with a user’s manual that instructs the users how to program the machine to rig elections. These same kind of machines were used in Venezuela by the CIA to cheat their elections there. We can watch hidden security camera footage that shows a woman in Georgia running the same stack of ballots through the machine three times in a ‘batch mode’ setting. Many lawsuits over Trump’s recent loss have little to no evidence involving these machines because the states can not allow forensic audits of these machines due to their having signed non-disclosure agreements with the Dominion company. One forensic audit of these machines that was allowed in one Michigan county shows that these machines were designed to perpetrate poll fraud. The so-called ‘errors’ were only discovered and forensic audit allowed because of a county that was small and clearly is known to have a majority of Trump supporters that live there. So when Biden won there, the locals all scratched their heads and asked themselves how a Biden win could have happened there. Biden didn’t win there. The Dominion machine cheated and gave a few thousand Trump votes to Biden. That was proven and those cheated votes in that county were reversed. The forensic audit there as of just this morning shows not only fraud but that the machines were made to accommodate fraudulent tabulations. In some cities, the day before the election, technicians showed up with thumb drives to do firmware upgrades.

So with non-disclosure (protected by lawful contracts) software and firmware controlling the fate of free peoples, is anyone else worried about the potential for fraud? I think that only open-source software can save us from tyranny here. Anyone else agree here?

Proprietary software should be assumed to be malware.

While I disagree with your conclusion regarding current events I do agree with your overall point. It’s incomprehensible that we allow our government to use proprietary software for voting. Voting should allow us to use whatever provides the most transparency and scrutiny possible which anyone here knows when it comes to software is FLOSS all the way. Too bad a lot of the country keeps voting in these dinosaurs to “lead” that were born in the 40’s. Lots of work to do in this country

Agreed, closed source software is an unacceptable security vulnerability in such a critical system. There needs to be stronger lobbying for open source software in government. Too many people believe in security through obscurity.

While I’m not even going to touch commentary regarding current events (this isn’t Round Table) :-), I do agree with the overall point.

Democracy must be done and it must be seen to be done. That means that all aspects of the process must be able to be audited by anyone with an interest in the outcome. That means that if parts of the process are “computers” (almost a given in the 21st century) then those computers must be open source. As, apparently, votes are being moved around on flash drives (¿¿¿), that auditing of the process applies to use of flash drives.

That applies to voting. That applies to counting.

There should be no place for NDAs. There should be no place for black boxes. There should be no place for closed source.

Robustness of democracy is more important than the commercial or proprietary interests of a company.

This subject has been on my mind for for years. Current events are only bringing the matter to critical mass. Things MUST change! And things are changing, although not in this specific area and maybe not fast enough.

For example, the USAF has traditionally bought the avionics software that makes their jets fly from the aircraft manufacturers as a proprietary black box into which they cannot peer. Recently, however, they have been demonstrating their own avionics written using agile development techniques and Linux containers. A few months ago, they deployed new functions to both the B-2 and the F-16 in only a few weeks time, something that would have taken Lockheed and Northrop many months, if not years. The success was such that new programs will require manufacturers to develop avionics using an accredited USAF development stack and process. The service will retain full ownership of the code.

At a minimum, this needs to happen with voting machines.

Um, did I get it right? The vote counting in the US is performed by a private company, which cannot, by law, be audited?

Dominion is not the only company that produces voting machines, but it is huge. According to this site 28 states and Puerto Rico use Dominion.

Like others, I’ll avoid the politics of the current election. The fact that these machines are closed source is outrageous. I cannot think of anything that is more of interest to the public, and the results of an election affects everyone in the country.

It is ridiculous that we should even have to ask if the software is rigged. Everyone should be able to check it/audit it.

Using computer or complex electronic machines to ease the voting events, is the worst thing to do.

I personnaly made a PoC 2 years ago, where I made a graphical voting software with ~1800 lines of C code
I put in place several tricks to change 3 lines of code in the final executable which made me able to change the results in realtime with no traces
I had several other angles to attack, but too complexe and lazyness, my point was already made.

But let’s say the compilation process from the code to the executable is correct and you end up with the legit executable
Even is your software is open-source,
what garantee I have that the day of voting, a modified version is not runnig ?
what garantee I have that the day after voting, the modified version has not been replaced by a legit version ?
Same questions about hardware.
The answer is ‘There is none’, anyone who claims differently is ignorant in this domain, a scammer, or a voting system seller

Because the intergrity of this automated system is in the hand of a human, which can be bias, corrupt or incompetent
I personnaly don’t want any of my political opposant to have that power.

A system of voting should be able to be verified by everyone… EVERYONE, even by your 10 years old child or your 99 years old grandma (assuming she had not lost her mind)
Else ? it means I have to trust a awful lots of people I don’t even know exist to be sure my vote has been counted with no modifications. That’s not what anyone should want in a democratic event.

If there is a thing that Germans did right, is that they forbid by law any complex system for voting (last time I checked)

USA is strugguling with computer/electronic voting for at least 20 years (I remember the -16000 votes for Gore in 2000, due to a faulty RAM)
That’s insane to me how they continue into that path (or very understandable if you put corruption in it)

Democracy is not a game and some people are working in this world to destroy this social system
If you want a real democratic voting system, do NOT prioritise ease-of-use over security because they will use every possible way to corrupt it, open-source is better, but far from enough

If you don’t trust my competences here (you absolutely should not)

Make your own research about what are thinking publicly recognized people on that matter :

• Bruce Schneier
• Ron Rivest
• David Dill
• Alex Halderman
• Lee Bollinger
• Michael McRobbie
• Andrew Appel
• Jason Kitcat
• groups like the EFF, Telecomix, Chaos Computer Club
  And there are many many more, list is at the bottom

They all have something to say about it

I do not like how you composed your post.
Between the lines you are saying that Trump won the election besides a full hand recount in Georgia.

I do not like that you are stating things here as facts that you just cannot know a 100%. E.g. you are stating a some county in Michigan. Could you be more vague?
Another thing about the election in Venezuela. How would you of all people know that. Are you best buddy with the CIA director?
Another thing “Trump can fill stadiums”. From there to conclude that he won is just ridiculous. Did you see his inauguration compared to Obama?! Obviusly he is able to fill stadiums in Rep. strongholds but what about Democratic strongholds. If you are a Republican just accept that there are people that do not like Trump or have a different political mindset and voted for Biden.

In the end I am urging you to provide sources for your statements. In court you could not win that way and that is why Trump lost all proceedings. He and some people just think they are smarter than the rest of the world and especially than highly skilled people that e.g. have studied all their life pandemics.
The problem of these people is that even if the software would be FOSS they would not have the ability to check it since they are not skilled in IT. They would just need to rely on other people to do that.
And exactly that is the issue at hand. There are so many people that do not trust the skilled people. Go to school watch youtube videos become a programmer and then you can check the software and only then somebody should trust what you are saying but I do not trust someone who did not prove that either he is highly skilled or has good sources.
That is the so called burden of proof.

The other topic: FOSS voting machines is very interesting. I do not know if you would need complete FOSS but at least a plenum of the best experts in the cyber security field that test it which are e.g. picked by a bipartisan senate commission.
Nothing is impenetrable no closed source no FOSS.
Everybody should live with that.

And please if you do not provide sources at least post the link to the video in which you can see the worker scanning the same ballots three times and where you can see that they were COUNTED three times and the worker just did not do it because the machine threw an error. I really would like to see that.
By the way that statement is far from your headline. It has nothing to do with FOSS and voting machines.

Otherwise excuse my english. I am not a US citizen and therefore also do not have so much information on the US election but you could provide me with your sources so I may be wiser tomorrow morning.

Ps: No election is a 100% accurate. When there are people there are mistakes. (Machines, elections, democracy. Everything relies on people and there is that).

Hey ! I’m the one in the middle in the last 3 frames !

“Bury it in the desert” I’ll keep that one !

Just a word about block chain, the most advanced block chain voting system I saw is belenios (under gnu license), very good stuff here
But still not enough, to quote Véronique Cortier (a member of the team behind this project) “This system is not perfect”
Yes, there are still ways to get around, and are in reach for a very powerful and motivated attacker

@DOnotSELLyourFREEDOM : I think every technical person interested in voting system has heard about what happened in Antrim county MI
Maybe you don’t like how he presented the subject, which is about strengthen the computer voting systems, and that’s your right, but if you want to talk about “who won and why ? or why not ?”, you should open your own post.
IMO, it will get nothing good responding or bringing up a so divisive subject on this forum

Everything relies on people and there is that

Everything relies on some people and that’s a problem, that’s why less complex will bring more “regular” people to be able to verify everything went smooth

I wouldn’t trust voting machines unless the source code of everything including the compiler can be bootstrapped reproducibly. The Guix developers are making good progress with this.

I did not make this thread political.
StevenR did.

Let me quote:“Here in the US, Donald Trump is near to the end of his term and officially lost the recent Presidential election to Joe Biden. The Democrats are happy and the Republicans are outraged. Trump can fill large stadiums with tens of thousands of people both inside of the stadium and also outside of the stadium, for those who couldn’t get in, several days per week for weeks on end as he campaigns. Joe Biden did almost no campaigning and was known to have from just a few dozen to a few hundred people in attendance at his campaign rallies.”

What has that to do with voting machines? Especially the last line is a clear indication of the presumption of the author. It is a political statement hidden in a technical threat and I am not going to tolerate that by standing idly by. He is concluding between the lines that Trump won or that there is at least a high probability due to voting machine manipulation and due to unfaithfull poll workers. However there are no sources and no facts supporting that more than 5 millionen votes were illegal.
That has to be said.

The funny thing is neither way everybody would be satisfied. If it’s closed source people are attacking it because of that. If it is FOSS and after an election a coding mistake is found than people will say the election is rigged because of that. If you count by hand there will be people saying “counting by hand is more prone to mistakes than counting by machine”.

In my opinion a board of highly skilled and reliable tester would be sufficient. Some software should be closed source because you prevent an attack vector. For someone who has no accees to the source code it is more difficult to hack that software.
FOSS software is not safer than closed software. E.g. Linux is in its pure form (without apparmor and other software) actually easier to penetrate than windows. Another example is: Microsoft as well as Linux developers cannot fix all security holes instantly and in both software there are security bugs that are not fixed for some time.

And Sentences like “I wouldn’t trust voting machines unless the source code can bee bootstrapped reproducibly” are correct. However regarding elections the overall question is whether you trust the system, the people in charge and democracy.
Either way even without voting systems if the election was rigged it would have been rigged without the voting systems. Someone or a group of people with the power to rigg an election could in my opinion have done that even in the case of people counting by hand.
I do not think it is necessarily easier due to the closed source voting machines. Hypothetically yes, practically I do not think so.

And even if it was rigged what could we do against that?
If people are saying the “election was rigged” they cannot say who did it. Biden, anonymous, Bill Gates, illuminati?! So there is no one we can blame and our anger go’s at each other. Nicely done!

Regarding that; “Everything relies on some people and that’s a problem, that’s why less complex will bring more “regular” people to be able to verify everything went smooth.”
Correct, however representative democracy relies per definition on some people. However, even Trump had to recognize democracy relies on more than some, on all the election workers and officials. That way he was not able to pressure everyone to obey him. In the US a lot relies on one Guy the president who has soooooo much power.

Sorry, I stopped reading at the third line
You are the only one here responding on the political side, so yes YOU are the one making this thread political.
I’ll stop answering here, I have the feeling that you will keep pushing, and pushing, and pushing even tho ‘I am not a US citizen’

Not interested.

So much technical info in this thread here. Just people screaming Voting system must be FOSS.

Lets discuss that. I already stated my opinion and why I’d prefer closed source in this special circumstance. I am not a fan of closed source myself. I would not be here if I were. However, there might be some cases in which closed source is the safer choice.

By the way I read up about Antrim County. There is a lot of scepsis regarding the report. The author - Ramsland - does no seem to be the most trustworthy person. Also almost all mistakes were made by humans, e.g. not updating the software which caused the 6.000 vote glitch.

I could not “respond” on the political side if there was nothing to respond to

Interesting point in the xkcd item.

Generally speaking noone has an interest in passenger planes falling out of the sky or elevators crashing to the ground and everyone has an interest in safety.

Conversely, it is fairly obvious that a significant proportion of the population (e.g. those who bother to vote) have an interest in rigging the voting system - although I am not suggesting that anything more than a tiny minority would endorse actually doing so or seek to do so.

This illustrates two competing desirable outcomes.

On the one hand, it is desirable (very much only in my opinion) that all states use the same voting system, with the same voting rules, and the same or similar processes designed to ensure that there is uniformly end-to-end integrity in the vote.

On the other hand, it is desirable to have diversity in the ecosystem of whatever technological assists are used. Whether it’s a key person in Dominion with a political bias or a foreign state actor or a domestic actor, having everyone use the same hardware and software means that there is a single point of failure - if it is compromised. On the third hand, if there are too many players then it will be too hard to audit everyone’s hardware and software (presuming that everything is ‘open’ in the first place). This applies even if a fully open platform were used. (Hence: what is the optimal number of voting platforms? Should states be obliged to go to tender and use more than one?)

Please, if anyone wants to argue the politics of the present election, please fork off to Round Table, in the nicest possible way. That’s what this icon at the top left of the reply box is for.

That is absolutely the case. Others here will largely disagree with me (and have disagreed with me here) on the politics because of their own partison political beliefs about our current president (a Republican) and Liberal the mainstream media narrative against him (despite his unprecedented popularity here). But putting aside who does or does not agree about the given politics, roughly half of the population of the United States believes that our recent election was in fact stolen. And the biggest mechanism of the poll fraud is because the voting machines are private and under non-disclosure agreements that are currently preventing most (almost all) auditing. That unauditable part about the machines is an established fact as our sitting president has been unable to have these machines audited, despite his presidential powers. For the first time in my 58 year old life, I am seriously wondering if I live in a free and democratic country or if the talk of freedom and democracy in the US is all a scam (for real and not just me having a tantrum). We need to audit those machines in Georgia and in the other three swing states where our experts are claiming changed the election results because of fraud. Do a Google search on “Dominion voting machines”. A right leaning judge in Antrim County allowed a forensic audit of the machines anyway and is the exception here in the US when it comes to Dominion. See the link below.

https://www.newsmax.com/t/newsmax/article/1001505?section=us&keywords=antrim-county-michigan-forensic&year=2020&month=12&date=14&id=1001505&oref=duckduckgo.com

The findings in Antrim County, where the error rate was a mind-blowing 68%, the ballot rejection rate was 82%, and software security records and adjudication files were missing [emphasis mine], in violation of state and federal laws, are nothing short of mind-blowing,

• security records were missing. That alone screams intentional fraud to me.

Open Source voting software is only a part of a puzzle. Looks like honest people are nowhere to be seen as well. In my country it’s no better.