Diebold's ballot bollocks (and a very very vunny video)

Vote for IT Blogwatch, in which more Diebold e-voting software leaks. Not to mention the funniest And Finally for ages...

Robert McMillan brings us this:

Source code to Diebold Election Systems Inc. voting machines has been leaked once again. On Wednesday, former Maryland state legislator Cheryl C. Kagan was anonymously given disks containing source code to Diebold's BallotStation and GEMS (Global Election Management System) tabulation software used in the 2004 elections. Kagan, a well-known critic of electronic voting, is Executive Director of the Carl M. Freeman Foundation, a philanthropic organization based in Olney, Maryland.

The disks were created and distributed by two federal voting machine testing labs run by Ciber Inc. and Wyle Laboratories Inc. They had been testing systems on behalf of the state of Maryland, Diebold said in a statement. This is not the first time that Diebold source code has been leaked. In early 2003, Diebold critic Bev Harris uncovered similar source code

...

the fact that the company's sensitive source code has again leaked out is not a good sign, according to Avi Rubin, a computer science professor with Johns Hopkins ... The disks came with a letter that was highly critical of Maryland State Administrator of Elections Linda Lamone ... Rubin believes the disks were given to Kagan because of her past criticism of electronic voting machines.

Avi Rubin (for it is he) adds:

The disks contained source code for the BallotStation software, which is the software on the voting machine, and what was labeled as GEMS, which is the back end tabulation system ... If the software leaked out of Diebold, then they obviously have not learned any lessons about securing their proprietary information. If, as I suspect (due to the labels on the disks), the software leaked out of the testing labs, then that is a serious problem that has to be addressed. Don't get me wrong - I think that voting system software should be available to the public, but that is a different issue from whether or not testing labs are competent at protecting things that they are trusted with and that they believe they are supposed to protect.

This is [redacted]! So what if it’s an old version. If Diebold and anyone who legitimately has a copy can’t strictly control access, then they might as well publish the software on their website. The people who would do wrong with it will get it somehow anyway. Just one more nail in our coffins as voters in fair elections.

If you want democracy with electronic voting, you have to have open voting. It’s that simple. No more secret ballots. But what is worse, is telling people that they have secret elections while they actually don’t. You don’t. With electronic voting machines, they can find out how you voted anyhow.

The problem is that the public doesn’t know, and there is no way for the public to be sure that the elections were fairly conducted and the votes fairly counted. So open the whole thing up, put it online, let everyone see everything so that we will all know what the result was. If you want secret ballots, only paper ballots work. And elections conducted with paper ballots are not immune to tampering either, so if people prefer to vote by paper then the results of each ballot box should be counted in the open and posted immediately to the net.

Brit Paul Robinson worries:

After my little rant yesterday, this is timely. Diebold are not keen on coders people like me seeing the source code to their machines because they’re worried we’ll find the smoking gun all the evidence points to: their machines are perfectly designed for the engineering of a massive election fraud. If we ever do go for e-Voting in the UK, I think it’s critical we only allow open source systems into the game.

Martin McKeay agrees:

I'm glad to see I'm not the only one reading Brave New Ballot ... How can a company that can't even secure it's own software repositories be expected to safeguard our elections? In any case, the code needs to be throroughly examined to see exactly what's in there.

In the case of elections, paranoia is simply rational. History tells us that the people running an election will cheat if given the slightest opportunity. Secret code makes cheating very easy, and the assumption should always be that secrecy like this is to hide what's going on. The only practical way to get honest elections with computerized equipment is to require that all the code be open and visible to the public. Anything less is a guarantee of dishonest elections. (Guaranteeing that the published code is actually what's running inside the machine is another issue. We need a way to do that, too.)

Sven Tuerpe reveals his favorite conspiracy theory:

If you were in a position to tamper with election results by manipulating the code of voting machines, what would be the most obvious cover-up? Exactly. You would make sure that a clean version of the code "leaks", which shows no evidence of any tampering whatsoever.