“What we learned from the California Top-to-Bottom Review and
the Ohio EVEREST study was that, indeed, these systems are
unquestionably and unconscionably insecure. The authors of those
reports (including yours truly) read the source code, which
certainly made it easier to identify just how bad these systems
were, but it’s fallacious to assume that a prospective attacker,
lacking the source code and even lacking our reports, is somehow
any less able to identify and exploit the flaws. The wide diversity
of security flaws exploited on a regular basis in Microsoft Windows
completely undercuts the ETC paper’s argument. The bad guys who
build these attacks have no access to Windows’s source code, but
they don’t need it. With common debugging tools (as well as
customized attacking tools), they can tease apart the operation of
the compiled, executable binary applications and engineer all sorts
of malware.“Voting systems, in this regard, are just like Microsoft
Windows. We have to assume, since voting machines are widely
dispersed around the country, that attackers will have the
opportunity to tear them apart and extract the machine code.
Therefore, it’s fair to argue that source disclosure, or the lack
thereof, has no meaningful impact on the operational security of
our electronic voting machines. They’re broken. They need to be
repaired.”
On open source vs. disclosed source voting systems
By
Get the Free Newsletter!
Subscribe to Developer Insider for top news, trends, & analysis