[E-voting] Source Code

Fergal Daly fergal at esatclear.ie
Sun Mar 21 22:26:05 GMT 2004


On Sunday 21 March 2004 21:35, Éibhear wrote:
> Apologies for not continuing this discussion from last Friday.
> 
> Aengus Lawlor wrote:
> > You see, that's part of your problem - I haven't said  that we shouldn't
> > release the source code. I said that it doesn't make any difference
> > whether it's released or not, because it won't add to the ability of the
> > average voter to trust the system either way.
> 
> And here is where I believe there is a problem with the argument. I *am* 
> an average voter, who also is technically qualified -- through training 
> and experience -- to examine the source code of an electronic voting 
> system.

So in what sense are you are actually an average voter? If you are average 
plus something else that the vast majority of voter don't have then you are 
definitely not average.

> I have many acquaintances who are equally interested in politics 
> and equally or more qualified to examine the source code. My parents, 
> brothers, sisters and non-technical friends would all be able to benefit 
> from my examination of the source code in order to gain an understanding 
> of the system. If each of them knows some one else who has examined the 
> code, they can get independent opinions. The more opinions they get from 
> people whose judgments they trust (through experience or knowledge of 
> their credentials), the greater their ability to trust the voting 
> system. Not all average voters completely understand the old system, but 
> they *can* ask people they believe do understand it.

Their belief will almost certainly be false. There is noone who can really 
understand the source code, they may understand pieces, they may even have 
understood every piece at one time or another but there is no one who can 
understand it well enough that anyone should take their word for it's 
correctness.

> With the proposed system, we have to rely on the vendor of the software, 
> one consultancy company and a government whose preference is to railroad 
> the system into place against all informed and considered objections.

The point that Aengus is making is that if we add VVAT then nobody needs to  
relying on experts of any kind, the openness or closedness of software is 
irrelevant. The software is no longer part of the process. Just as the engine 
in the car that transports the ballot boxes helps the election organisers to 
move things quickly and easily, the software helps the voters produce 
unspoiled votes.

> > As I said, the only arguements that you have presented can be boiled
> > down to the ideological argument "open source good, non open source
> > bad".
> 
> I am truly baffled as to why, in light of the scenarios described 
> throughout the whole of this thread, the ideological argument causes you 
> concern. We *are* talking of a system that has enormous consequences on 
> the day-to-day lives of everyone in the country. The more the system is 
> transparent and open to rigourous examination by people and 
> organisations outside the control and behest of the country's 
> government, the better, surely? I own an apartment in an estate that has 
> a locked gate on it. The main door to the block has a 5-lever mortice 
> lock. The door to the apartment itself has a lock that requires a key. 
> None of that is a reason for me not to put a Chubb lock onto the 
> apartment's door. I want the apartment to be secured more. Similarly, 
> once VVAT is implemented in Ireland, I still want the country's voting 
> system to be *more* accessible to examination by average voters and all 
> comers.

I don't buy this argument. Compare an open source VVAT solution and a closed 
source VVAT solution. What attack is the closed one vulnerable to that the 
open one is not? Or more extremely, assume the closed source one has been 
hacked and is under control of the bad guys, how can they influence the 
result?

F





More information about the E-voting mailing list