I'm not sure we need open-source code in the machines so much as we need a system overall where we don't need to trust the machines to determine whether the results are accurate. We didn't see many problems in the 2004 elections, true, but that just means we didn't see many problems, not that there weren't problems. We can't tell whether there were any problems, really, because all of the cross-checks depend on trusting that the raw data coming out of the voting machines is correct and true. If you start with "I don't know whether the data reported by the voting machine is right.", there's no way to find out whether it's right or not and your whole system fails catastrophically.

At a minimum, a voting system should be set up so that for any component you can say "I don't know whether it's right or not." and still at least be able to, through cross-checks, determine the results are correct or not (if the results aren't correct you may not be able to determine what the right results are, but at least you should know the ones you've got aren't them).

For an example, see optical-scan ballots. If someone things the optical scanners are wrong, we can re-count the physical ballots by a different method. We never have to assume the optical scanners are correct, we can verify their correctness even after the fact. If we can't do at least that with an electronic voting system, it shouldn't be adopted.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11336/32574#32574