I remember the CEO of Information Services JSC (the de-facto Bulgarian monopolist in governement software procurement), prof. Mihail Konstantinov, making the ridiculous claim on TV that "We can't release the source code of the elections counting software. Anyone who has the source can hack into the system, even children know that. If you don't understand that, you should tear your diploma". Glad to see that morons such as him will no longer have the final say.
If it makes you feel better, the Australian government said the same thing:
"Ronaldson refused to table any documents relating to the case, stating that publishing the source code could lead to the EasyCount software being hacked. "In relation to the source code for the Senate counting system, I am advised that publication of the software could leave the voting system open to hacking or manipulation," he said. "In addition, I am advised that the AEC classifies the relevant software as commercial-in-confidence as it also underpins the industrial and fee-for-service election counting systems."" [1]
Australia's federal senate vote count software is a Visual Basic application. It was developed when an upgrade to Windows 2000 broke the previous COBOL application. [2]
These politicians are right - simply opening the existing source, with all it's flaws, bugs, and security holes, would be dangerous. It would be a huge help to any malicious party. I don't think they're suggesting open source is worse from a security point of view; they're saying that you can't open up an existing product without doing a lot of work first.
Where they are wrong is in the assumption that keeping the source closed makes them safe from an attack.
To some extent yes, but this is only good if you can make sure that not a single malicious adversary has access to the source code. My assumption would be that in the voting case, the ones in power do have access to the code, which is actually worse than open sourcing it.
Offtopic: IMHO, the only way to fix the voting software issue is to deanonymize the voting process to some extent, which is a hard problem by itself too.
I don't see the huge issue with using VB. You can engineer a solution in a modern language terribly, and similarly engineer a VB application well.
However I do suspect that they engineered the VB application terribly. But them using VB should not automatically disqualify them from writing good code.
Actually, we made sure that the e-voting provisions in the new electoral code explicitly require the whole software to be open source. Especially for voting this is mandatory, otherwise there is no trust.
From the electoral code, rough translation: "Independent observers are allowed to verify whether the digital fingerprint of the system in the data centers matches the publicly announced one"
The more people insist such verification is possible, the less you should trust them, they don't understand the issues[1]. It might be possible to come up with some provably verifiable scheme but they are very sophisticated and revised often because people still come up with ways to skew them[2].
While I love Tom Scott's videos, Andrew Appel (CS Prof. at Princeton) has a much better explanation[1] of the history of voting and why electronic voting is a terrible idea.
We have hundreds of years of experience learning how to secure paper ballots. Complexity creates attack surface, and usually fails to provide all of the security features provided by a simple paper ballot that is hand counted in view of all parties.
A couple of examples from the first minute of the video:
- A ridiculous example of "electronic voting" is presented - voters download ballot papers, fill them, then email or fax them back. This obviously sucks in multiple ways. Therefore, all kinds of "electronic voting" must be broken.
- Physical voting is very old, therefore it must have become solid and tamper-proof by now. This is not true. Physical voting is vulnerable to all kinds of manipulations, and they do happen on large scales.
The wrong claims continue forward. Just because that dude sounds smart doesn't mean his clip has any value.
This "ridiculous" example is very real and famously practised to this day MASSIVELY in many countries [1]. It is the prime example of what most people understand as e-voting. He does address other types of voting as well later, including the "open-source bullet-proof machines".
The guy explicitly says physical voting can be compromised easily too, but it requires much more people and it will exhibit patterns such as location stats, violence or outbursts of whistleblowers and it is more or less contained unless the whole country is on it in which case - good for them anyway. While with e-voting, you could technically be a very small group of people and you can model your fake results to be statistically plausible much better with no patterns.
This video is a highly cited source on the issue, admittedly aimed at less educated viewers, but quite accurate. There have been no rebuttals since it was posted and there are serious computer scientists putting their name on it. If you want to write a substantial rebuttal, I am sure it will be huge news in the community.
Even the simplest verifiable voting system is so complicated normal people will be confused how to use it and take advantage of it.
Well this article throws a bunch of different things out there suggesting that, first, Bulgaria will adopt verified electronic voting, and second, that electronic voting is sound enough and ready for deployment. Both of these points are false or unclear at best. Then the blog seems to suggest there is some sort of middle ground between verified voting and non-verified voting and it's OK to make some half-assed step in this direction, which is exactly what the video warns against.
When people talk about electronic voting, typically this means the US-type of voting. And when someone talks about verifiable electronic voting, then they should start by making it clear that this is orders of magnitude more ambitious, it hasn't been deployed anywhere and Bulgaria will be the first country in the world to do it. This is a project of historical scale including the known practical difficulties with the current methods. It should not be advertised like a proven system working in EU and US like it is now. And like I said even if Bulgaria really adopts any sort of verifiable voting there will be so many confused people due to the nature of the process it will skew the results.
Finally, again as the video explains paper vote counting may not be perfect, but it does require more people to involved in the fraud. This is a very important point. Results are available per area and each party makes sure the sum makes sense at least from a small sample.
I would assume that the primary method is the same method that police use to match evidence gathered at a crime and evidence provided at a trial, ie trust. Independent observers is more of a safeguard, there to increase trust and make it riskier for a malicious actor to tamper with an election.
I don't see a way. However this would work:
The government machine counts, and prints coupons. These coupons are scanned on a second machine installed from GitHub. At the end of the day both machines print their total count on paper (otherwise we cannot grantee anonymity.) These 2 results are compared and passed along.
And then the only guaranteed way to ensure anonymity is to destroy the government machine. Less drastic would be wiping the HDD, but who says there is no hidden ROM ?
Unlike private companies, the CEO of Information Services is a political position rather than an actual management position. The decision-making power within the company rests in the hands of the regional chapter executives, who devise and negotiate the projects their chapter will take on. Coordination between the chapters is usually done by the Sofia head chapter's executive(who is not the CEO). The likelihood of prof Konstantinov actually being involved in a decision made by the company is pretty low.
The election counting software is as open as it can be, without having open source. There is a clear specification that is published online on the actual mechanics of the voting process(e.g. how votes are translated into representatives). Records detailing the actual paper vote tallies, signed off by regional vote organizers and managers, are accessible in electronic and paper format. The committee handling the voting process encourages independent verification of the software's calculations.
It's far more likely(and often documented by journalists) that a party would commit voting fraud by purchasing votes or bribing vote organizers, rather than hacking the election software.
The quote was slightly off, apologies. I was quoting from memory, this was 3 years ago, and I can no longer edit the parent post. What he actually said was more like (translation): "Only someone who does not know how to turn on the computer, can suggest that the election counting software's source should be made public" [1].
All Bulgarian TV shows invite the same bunch of around 50 self-proclaimed experts (supposed historians, economists, national security experts, sociologists). These people spread tons of lies and misconceptions to the wider public which is generally badly informed and uncaring. Mixing in a little bit of obvious truth with the rest of the garbage makes them look like a credible authority.
