
Oh my god, this is the source code review for a certified voting machine - BerislavLopac
https://twitter.com/EmilyGorcenski/status/802148854875439104
======
pmoriarty
As outrageous as this is, it's missing the forest for the trees.

For voting machines to be "secure", not only would there have to be a serious
software audit, but also a serious hardware audit (as hardware could otherwise
override software). Then you'd have to somehow make sure that it was the said
software and no other that was actually running on the hardware. Then you'd
have to make sure that the machines were tamper-proof. All of this would have
to be done by multiple auditors from each political party.

You'd have to do this for each of the thousand or tens of thousands of voting
machines out there. Then you'd have to do the same for the vote counting
machines, which are as if not more important than the individual voting
machines.

All of this complexity is ridiculous, and taken together I'm sure there'll
still be plenty of zero-day vulnerabilities after even serious audits of all
of the above.

Just use pen and paper instead.

~~~
Emily_G
I just focused on the software side of the certification process in this
discussion. The hardware analysis is actually not horrible. But there's no
discussion about physical break-ins to alter ballots, whereas there's plenty
of discussion about hacking and malfeasance.

Agree with paper ballots. Validation should be default part of process.

------
marten-de-vries
The workings of voting computers are opaque to a large part of the voting
population. The sad thing here is that this certification process actually
sounds quite good if you do not understand the technical details. In my
opinion, voting machines are more trouble than they are worth, simply because
of the loss of understanding of the workings of the voting process.

That said, it is always interesting to read analyses like this.

------
nunez
I don't know why people insist on capitalizing words that shouldn't be
capitalized, like JAVA.

------
munin
If this skeeves you out, wait until you see the verification process that (US)
aerospace and industrial programs have to go through. talk to one in a bar and
they'll bluff and bluster about the "verification" and "intense testing" their
systems go through but as far as the software goes, at the end of the day, it
comes down to basically this.

------
gmuslera
This brings me memories [https://xkcd.com/463/](https://xkcd.com/463/)

------
revelation
They turned what should be a build step into a multi-million business. Kudos
to them.

