37
« on: November 16, 2020, 11:23:59 AM »
open source voting might provide security for the actual voting software, but that isn't the only security hole that would exist in such a system. what is the voting software running on? its running on an operating system, which is a massive suite of software that has to be 100% secure for the voting software to work. how do we store votes? we store it on a database, which is a massive suite of software that has to be 100% secure for the voting software to work. at every single point where you use a library or other software for your open source voting, you have to ensure that the library or other software is 100% secure. we can even throw this problem onto the hardware itself. the hardware also has to be 100% secure, which exploits like meltdown and spectre have proven that even hardware isn't secure. ensuring all this security is not possible at the moment. you might say that the OS and the database are bloated and we could make a cut-down version for open source voting needs, but this would be a massive undertaking. that sort of software is complicated for a reason -- the OS is complicated so that it is massively portable (what doesn't linux run on?), and the database is complicated just to perform normal tasks without taking hours (without insane levels of optimization, doing basic operations like counting votes and joining votes to voter registration records could take literal days instead of seconds). building things from scratch also introduces all sorts of new security flaws. it would be very easy to miss out on some security standard that every other suite of software has when you're creating stuff from scratch.
imo electronic voting machines shouldn't be anything more than just a fancy typewriter. press a button and it fills out a paper ballot for you, and displays it to the voter before it goes into the collection bin.
it should be noted that automatic vote collection software is a little different because vote counting areas operate under different security protocols. one big one is that they're restricted to the public. some rando can't figure out a hardware flaw and flip an election on the open source voting machines. if they tried doing that in a vote counting area, it would be under strict recording and security and it is probably not possible to do at all. additionally, if a flaw is found with the software, you have a paper backup if you're doing vote collection properly. you can always go back to hand counting.
the reason why open source voting is so insecure is because there are so many security flaws since voting has to be accessible to everyone, necessitating polling locations to be in every precinct. that means there has to be a team of personnel per polling location setting up each electronic voting machine. it would be way easier to compromise one of these teams instead of trying to compromise the vote counting area.