Wednesday, January 19, 2005

Open source and e-voting.

Charlie Calvert has an interesing bit on CodeFez about electronic voting machine failure.  I haven't really formed any opinion regarding all the bruhaha surrounding proprietary vs. open source e-voting solutions.  I think both sides have very valid arguments.  However, I do take some issue with the assumptions that Charlie has taken in this editorial piece.  I had to read the following quote several times to believe that it had just been said.  Especially that last sentence!

 What do they mean the machine could only handle 3,005 votes? In this day of 32 bit operating systems, where the standard limit for an Integer value is over 2 billion, exactly how did they manage to create a limit of 3,005 votes? A failure on this magnitude takes real work to achieve! It is something only a proprietary software company, intentionally trying to cripple their software, would be likely to achieve. [emphasis mine]

Wow.  Unless I totally misinterpreted this, it certainly looks like Charlie has flat accused the voting machine vendor of intentional voter fraud!  There are way too many variables to simply make that kind of judgement.  For instance, according to Charlie, the vendor stated that the machine “had the capacity to record 10,000 votes.”  What if that machine could be configured in various ways to store more or less verification data with each vote? Each different configuration would affect the total vote storage capacity.  Voting machines are more than simple counters that accumulate a tally.  They have to store transactional data, timestamps, and other bits of verification data (obviously short of associating a particular voter with a specific vote!).  I would imagine that each precinct would be able to dial up or down the level of verification data stored depending upong their state or precinct's rules regarding election verification. 

I would be more quick to pin this problem on the sales and support teams, rather than the programmers!  Either the salesman didn't properly convey that as they dial up the verification data, the total vote storage capacity will decrease or the folks charged with setting up the machines didn't RTFM!  Open source would not fix that problem one bit! 

What about the software that runs the Space Shuttle?  Should that be “Open Sourced“ as well.  It would have made little difference to the Columbia crew.  In fact, all the reports I read or heard, talk about how the Shuttle kept correcting the yaw introduced by the extra drag created on by that gaping hole in the RCC panel.  Even to the point of firing attitude thrusters.  The software that runs the flight control systems has been through rigorous testing and performed flawlessly.  It is proprietary.  Sure, you can argue that that software is running on mission critical systems.  What about the software that runs the resporation machine that is helping keep your relative alive while the doctors are performing a triple bypass?  Yep.  Proprietary.  Sure, no-one died when the voting machines failed, but it *does* attack the very core foundation of what this country was built on.  I just don't see how open-source would have been the “magic-bullet“ to solve all these problems?  You can apply that same argument to all the other cases where software is a cricital component, but I don't see an outcry from the “open-source“ proponents to have GE Medical Systems open source their defibrillator firmware.  I admit that is a bit of a hyperbole, but I just want to point out that closed-source systems do work and do provide significant value to our society.

Regarding Charlie's statement about intentionally crippling the software, I have to wonder what that company's motivation would be?  Have criminal charges been filed against the voting machine company?  A company is in business to make money, not make a few quick bucks by defrauding the voters in some North Carolina county, then go to jail for voting fraud.  Some grand conspiricy is a little far-fetched.  Almost to the level of Roswell cover-ups and alien autopsies. 

According to all the articles I've read regarding the machine failure, I find nothing about the failure being software or hardware.  They simply state that it was a “voter machine failure.“  It very well could have been a bad bank of flash memory where the software thought it was writing the proper tracking data, but it just flew out the bit-bucket.  Sure, the software should properly verifiy that it was writing the data correctly, and if an error is detected it should block all futher voting and alert the poling place staff.  I'd be interested in seeing a reference to some article that outlines the specifics of the machine failure.  I couldn't find any in Charlie's piece.

Finally, I like Charlie.  I have a lot of respect for him.  He's certainly a better writer than I'll ever be.  But, we don't have to agree on everything ;-)...  Besides, it appears that the courts have finally decided the race.



  1. Not fraud. I think he meant it was a way to sell licenses based on the number of votes to tally. example: For $100 the machine well count 3005 votes. For $200 it will count 6500 votes.


  2. OK.. then that is too a failing of the sales team and *not* of the software. Again, Open source would not fix that problem at all.

  3. I'm skeptical of software-driven voting "solutions" in general. My understanding of history suggests that any avenue for abuse of power will eventually be taken by someone - that the desire for power corrupts some people, and that any system which is not designed around that knowledge is doomed to be abused.

    <p>Electronic voting systems without paper trails terrify me; they <em>can</em> be rigged, so it is axiomatic that somewhere they will be - and, when they are, it will prove impossible to detect.

    <p>Electronic <em>counting</em> systems terrify me slightly less, as it is at least theoretically possible to detect fraudulent counting; but I'd still prefer for it to be done by bipartisan boards, by hand.

  4. I think Charlie's point is that if the voting machine firmware was open-source, then there wouldn't *be* any license-crippling to mess up.

    As for Space Shuttle software, see

    As for medical software, how much realistic testing do voting machines get? Does a robot vote 10,000 times on multiple machines?

  5. In this case, as with so many, Hanlon's razor applies: "Never attribute to malice that which can be adequately explained by stupidity."

    Worth noting, however, that stupidity in the case of designing software for voting machines has serious consequences.

    A related note from my blog:

  6. Conspiracies is misspelled in the teaser displayed on the BDN Blog site.

  7. Craig,

    That is a great way to characterize this. I agree that in this case, stupidity probably prevailed. Either on the part of the programmers , with the sales and support staff, or the precinct workers charged with acquiring the voting systems. I was simply taken aback by the presumption of malice on the part of the vendor.

  8. Mr. Deprived,

    Of course medical systems software get more rigorous testing than other types of software. They also must be FDA approved before they are allowed to be sold and marketed outside of clinical trials.

    However, that has nothing to do with the general feeling among some that open source would solve all these problems. One thing I see lacking in a lot of open source development is a marked lack of a solid testing plan. Sure some do unit-testing and have some level of automated testing, but in general, all testing is ad-hoc and somewhat haphazard.

  9. Hey Robert!

    I should have known that you'd weigh in on this one. I'd certainly take your opinions over many others since you actually *do* regularly volunteer as a poling place worker and have seen all the kinds of crazy and whacky things that can go on behind the scenes.

    Yet, I don't necessarily agree that because of the potential for abuse, we should remain stuck with the old system paper system. I don't see that being any more or less immune to tampering. Simpler, yes, but not less immune. Howabout some of that legislation that is currently being floated around that places criminal liability on *programmers* if there is some way their software could be used for nefarious purposes?

  10. What Caffiene Deprived said. It is a failing of the program that is didn't just record the votes and print a report to bill the state later.


  11. Most of the people here seem to have it right. I didn't accuse the company of fraud. My point was quite different. I replied to you here:


Please keep your comments related to the post on which you are commenting. No spam, personal attacks, or general nastiness. I will be watching and will delete comments I find irrelevant, offensive and unnecessary.