This highlights a big problem. Why the fuck do we have shadowy companies providing voting machines? A proper voting machine should be 100% open source, log everything in a plaint text format, produce the same output given the same input, be completely air gapped from the internet, use simple physical security (metal panels with physical lock and keys) to prevent access to any data ports, and require multiple parties present before any administrative functions are performed.
It should be secure and transparent by default. Not some black box that no one understands or can inspect. Until we have something that performs this, we are better off sticking with hard paper ballots, hand counting with observers, inking fingers.
Third world SHITHOLES have more secure elections than we do in the USA. This is an absolute disgrace.
I don't necessarily think it should be open source. I don't know a ton about software and programming.
Wouldn't making the code publicly accessible make the software easier to be attacked, if the machines are connected to the internet, because more people have seen the code?
Machines should not be connected to the internet. Also, hiding source code or keeping it proprietary does not make it more secure. That is called "security through obscurity" and look how that worked out for Microsoft Windows (riddled with malware)
Our most secure systems all have PUBLIC standards - RSA, SSL, etc.
If the security of a system requires secrecy of the implementation, then it is not secure - it is just a secret. Whoever knows the secret is now very prone to bribes, blackmail, etc.
P.S. not sure who is down voting you but it wasn't me. You are asking reasonable questions. And really, there are different perspectives on this. Some people do think the proper way of handling this type of thing is to have companies provide "super secret programs" which only they know how work. In my view, you just moved the problem to another level - who gets the contract and how.
This highlights a big problem. Why the fuck do we have shadowy companies providing voting machines? A proper voting machine should be 100% open source, log everything in a plaint text format, produce the same output given the same input, be completely air gapped from the internet, use simple physical security (metal panels with physical lock and keys) to prevent access to any data ports, and require multiple parties present before any administrative functions are performed.
It should be secure and transparent by default. Not some black box that no one understands or can inspect. Until we have something that performs this, we are better off sticking with hard paper ballots, hand counting with observers, inking fingers.
Third world SHITHOLES have more secure elections than we do in the USA. This is an absolute disgrace.
I don't necessarily think it should be open source. I don't know a ton about software and programming.
Wouldn't making the code publicly accessible make the software easier to be attacked, if the machines are connected to the internet, because more people have seen the code?
Machines should not be connected to the internet. Also, hiding source code or keeping it proprietary does not make it more secure. That is called "security through obscurity" and look how that worked out for Microsoft Windows (riddled with malware)
Our most secure systems all have PUBLIC standards - RSA, SSL, etc. If the security of a system requires secrecy of the implementation, then it is not secure - it is just a secret. Whoever knows the secret is now very prone to bribes, blackmail, etc.
By open source he means anyone can go over it. A million pairs of eyes looking for "WTF is that?".
Yes, but my point was that in theory this also means a million pairs of eyes could look at it ahead of time for flaws.
Yes, that's exactly the point. You have enough people looking at code and finding problems. Works all the time in the open source community.
P.S. not sure who is down voting you but it wasn't me. You are asking reasonable questions. And really, there are different perspectives on this. Some people do think the proper way of handling this type of thing is to have companies provide "super secret programs" which only they know how work. In my view, you just moved the problem to another level - who gets the contract and how.