Hacker News new | past | comments | ask | show | jobs | submit login

I'm getting voted down for mentioning this in another section of this discussion, but, is this not the perfect use case for open source? The certification is anyone and everyone can double check the source code. If this is a bad idea, I would appreciate the feedback, because, it is my understanding that a big draw of using OSS is transparency.



"Open source" has a couple different related meanings, and it's not clear exactly which aspect you mean, or how it would help here.

- A license which allows the source code to be redistributed under the same terms as it was received? The problem with these boxes isn't that people can't redistribute it.

- A collaborative model for creating software? Possibly -- though there have been some high-profile cases of security issues sneaking into these, too. Modern voting machines also seem to have a huge stack of dependencies, which mean the surface area for exploit is much larger than the voting software itself. Would you require a fully open-source stack, and how far down?

OSS is great for transparency for the person receiving the software (in this case, the jurisdictions operating the machines), but if those people don't care to audit it (or redistribute it to others who wish to), that doesn't buy them anything.

I'd much rather see a rule requiring voting software to be publicly viewable by any voter in the jurisdiction, regardless of the software license it's sold under.


What I mean is a variation of all of the above.

Transparency, an open license, collaboration, distribution, best practices and more.

Clearly I do not expect districts to independently inspect and verify source code any more that we are inspecting and verifying the web server running this website.

Computers (or at a minimum binaries) could be distributed and have self checking as the boot. They could simply be used to tally paper ballots (as others have mentioned) or to transmit votes.

The overarching point is if we can do 5 trillion dollars of electronic money transfers worldwide per DAY certainly we can use open source to accurately, securely and transparently count and tally votes.

Do we need even more governmental oversight? I would like to see a bulletproof technological solution that I personally can verify if I choose to.


How would you know that they actually deployed that repo to production as-is?


If you control your phone you can control the software.

https://f-droid.org/en/docs/Verification_Server/


>This is still pretty raw, so expect some tinkering. It also will likely only work on Debian, Ubuntu and other Debian-derivatives.

Not there yet, but it's one possibility as long as the company running this server has appropriate levels of security


For something like public voting I agree. But it would be a hard sell to get a lot of companies to pay for software development and release the source because their competitors would get it for free.


I could be wrong, but, I have to believe that there are developers who would donate their time to something as fundamental to democracy as voting. Grassroots, not corporate funded. A corporate funded voting system feels like what we already have.


You are not wrong. I've had this discussion with other devs but it always ends in a crypto rant of some kind.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: