Comments on: Counting Votes is Pointless When Voting Machines Are Closed-Source http://www.chrisbrunner.com/2008/03/02/counting-votes-is-pointless-when-voting-machines-are-closed-source/ Random comments and thoughts of Chris Brunner Fri, 17 Jun 2011 06:40:02 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Andy http://www.chrisbrunner.com/2008/03/02/counting-votes-is-pointless-when-voting-machines-are-closed-source/#comment-45136 Andy Thu, 06 Mar 2008 01:53:38 +0000 http://www.chrisbrunner.com/2008/03/02/counting-votes-is-pointless-when-voting-machines-are-closed-source/#comment-45136 In response to Logan: How can you, the public, trust the closed source program to include proper cryptography or even proper numerical checking? In Hamburg, Germany an electronic pen voting system was approved for use without being sufficiently reviewed by the security oversight committee. This system was defeated in two different ways by outsiders before the first widescale use of the tech. One method involved manipulating the dot pattern used by to pen to track where it is on the paper; the other was via a "trojan pen" which carried a payload that gave the attacker unrestricted access to the Windows based docking system that stored/tallied the results. These hacks were performed by a few geeks (the security experts in this article: http://news.monstersandcritics.com/europe/news/article_1373725.php/Germans_abandon_plan_for_2008_electronic_voting) in their spare time. For anyone who speaks german, here is the link to the presentation at 24c3: http://events.ccc.de/congress/2007/Fahrplan/events/2371.en.html Security through obscurity (proprietary/closed technology) is not real security at all. Even the US government underwent several years of open review when choosing the cypher for the AES encryption standard. The latent benefit of open review was that the government had the entire cryptographic community freely contributing to the decision process. In response to Logan: How can you, the public, trust the closed source program to include proper cryptography or even proper numerical checking?
In Hamburg, Germany an electronic pen voting system was approved for use without being sufficiently reviewed by the security oversight committee. This system was defeated in two different ways by outsiders before the first widescale use of the tech. One method involved manipulating the dot pattern used by to pen to track where it is on the paper; the other was via a “trojan pen” which carried a payload that gave the attacker unrestricted access to the Windows based docking system that stored/tallied the results. These hacks were performed by a few geeks (the security experts in this article: http://news.monstersandcritics.com/europe/news/article_1373725.php/Germans_abandon_plan_for_2008_electronic_voting) in their spare time. For anyone who speaks german, here is the link to the presentation at 24c3: http://events.ccc.de/congress/2007/Fahrplan/events/2371.en.html

Security through obscurity (proprietary/closed technology) is not real security at all. Even the US government underwent several years of open review when choosing the cypher for the AES encryption standard. The latent benefit of open review was that the government had the entire cryptographic community freely contributing to the decision process.

]]> By: Henno http://www.chrisbrunner.com/2008/03/02/counting-votes-is-pointless-when-voting-machines-are-closed-source/#comment-45133 Henno Thu, 06 Mar 2008 01:27:15 +0000 http://www.chrisbrunner.com/2008/03/02/counting-votes-is-pointless-when-voting-machines-are-closed-source/#comment-45133 Logan, I think history has shown that security-through-obscurity simply does not work. 'Proper cryptography' and 'proper numerical checking' is not a true representaion when comparing both open source and closed source on their merits. If everything was done 'properly' there would not be a problem in the first place. The issue here is with regard to 'improper' actions and situations where the solution fails. Using your logic, the same could be said that 'proper' code autiting of an open source solution would circumvent any security hole as well. What is not clear is what you qualify as 'proper' security. You are correct in saying that all it takes is one person smarter than the collective group of developers can find a hole - I agree. However, this is true regardless of whether the software is open source or not. The real issue here is whether or not these holes would be proactively sought, discovered and fixed, or would they be kept secret due to the closed nature of the code. I for one have more confidence in a larger collective body of developers auditting the code trasparently, than to entrust this on a closed system and a restricted and reduced development team. You admit yourself that all it takes is one person to be smarter than the development team, so how does having a smaller pool of developers and a closed system of code autiting mitigate these risks at all? It is simple. They do not. It is the myth of closed source software that somehow not being able to see the source adds another layer of security to the overall solution. As I have already stated, history has cleary shown this is simply untrue. Logan, I think history has shown that security-through-obscurity simply does not work. ‘Proper cryptography’ and ‘proper numerical checking’ is not a true representaion when comparing both open source and closed source on their merits. If everything was done ‘properly’ there would not be a problem in the first place. The issue here is with regard to ‘improper’ actions and situations where the solution fails.

Using your logic, the same could be said that ‘proper’ code autiting of an open source solution would circumvent any security hole as well. What is not clear is what you qualify as ‘proper’ security. You are correct in saying that all it takes is one person smarter than the collective group of developers can find a hole – I agree. However, this is true regardless of whether the software is open source or not. The real issue here is whether or not these holes would be proactively sought, discovered and fixed, or would they be kept secret due to the closed nature of the code.

I for one have more confidence in a larger collective body of developers auditting the code trasparently, than to entrust this on a closed system and a restricted and reduced development team.

You admit yourself that all it takes is one person to be smarter than the development team, so how does having a smaller pool of developers and a closed system of code autiting mitigate these risks at all?

It is simple. They do not. It is the myth of closed source software that somehow not being able to see the source adds another layer of security to the overall solution. As I have already stated, history has cleary shown this is simply untrue.

]]> By: Chris Brunner http://www.chrisbrunner.com/2008/03/02/counting-votes-is-pointless-when-voting-machines-are-closed-source/#comment-45132 Chris Brunner Thu, 06 Mar 2008 01:13:14 +0000 http://www.chrisbrunner.com/2008/03/02/counting-votes-is-pointless-when-voting-machines-are-closed-source/#comment-45132 Logan, Thank you for your comment! The problem with closed source is that said "person smarter then those that coded it" exists regardless of whether the code is open for world-wide peer review or kept secret. Said malicious person can "locate a hole and go through it" as things are right now. The difference is that with closed source voting machines, only the people with malicious intent will be looking for these holes, and the holes they find will also be kept secret, whereas if you were to make the source code open for peer-review, every programmer on the planet can look for the holes - and point them out before the software is used for voting. Luckily, history is on my side in this regard. You need only examine the security track record of Closed Source operating systems or encryption algorithms and compare them to their Open Source counterparts to be convinced. Logan,

Thank you for your comment!

The problem with closed source is that said “person smarter then those that coded it” exists regardless of whether the code is open for world-wide peer review or kept secret. Said malicious person can “locate a hole and go through it” as things are right now. The difference is that with closed source voting machines, only the people with malicious intent will be looking for these holes, and the holes they find will also be kept secret, whereas if you were to make the source code open for peer-review, every programmer on the planet can look for the holes – and point them out before the software is used for voting.

Luckily, history is on my side in this regard. You need only examine the security track record of Closed Source operating systems or encryption algorithms and compare them to their Open Source counterparts to be convinced.

]]> By: Logan http://www.chrisbrunner.com/2008/03/02/counting-votes-is-pointless-when-voting-machines-are-closed-source/#comment-45127 Logan Thu, 06 Mar 2008 00:30:08 +0000 http://www.chrisbrunner.com/2008/03/02/counting-votes-is-pointless-when-voting-machines-are-closed-source/#comment-45127 I strongly disagree with you. The problems with open source, is all it would take would be one person smarter then those that coded it to locate a hole and go through it. With proper cryptography and proper numerical checking a closed source program would be far safer. I strongly disagree with you. The problems with open source, is all it would take would be one person smarter then those that coded it to locate a hole and go through it. With proper cryptography and proper numerical checking a closed source program would be far safer.

]]>