Proprietary Software And Our Hackable Elections

Bloomberg reports that:

Russia’s cyberattack on the U.S. electoral system before Donald Trump’s election was far more widespread than has been publicly revealed, including incursions into voter databases and software systems in almost twice as many states as previously reported. In Illinois, investigators found evidence that cyber intruders tried to delete or alter voter data. The hackers accessed software designed to be used by poll workers on Election Day, and in at least one state accessed a campaign finance database….the Russian hackers hit systems in a total of 39 states

In Decoding Liberation: The Promise of Free and Open Source Software, Scott Dexter and I wrote:

Oversight of elections, considered by many to be the cornerstone of modern representational democracies, is a governmental function; election commissions are responsible for generating ballots; designing, implementing, and maintaining the voting infrastructure; coordinating the voting process; and generally insuring the integrity and transparency of the election. But modern voting technology, specifically that of the computerized electronic voting machine that utilizes closed software, is not inherently in accord with these norms. In elections supported by these machines, a great mystery takes place. A citizen walks into the booth and “casts a vote.” Later, the machine announces the results. The magical transformation from a sequence of votes to an electoral decision is a process obscure to all but the manufacturers of the software. The technical efficiency of the electronic voting process becomes part of a package that includes opacity and the partial relinquishing of citizens’ autonomy.

This “opacity” has always meant that the software used to, quite literally, keep our democracy running has its quality and operational reliability vetted, not by the people, or their chosen representatives, but only by the vendor selling the code to the government. There is no possibility of say, a fleet of ‘white-hat’ hackers–concerned citizens–putting the voting software through its paces, checking for security vulnerabilities and points of failure. The kinds that hostile ‘black-hat’ hackers, working for a foreign entity like, say, Russia, could exploit. These concerns are not new.

Dexter and I continue:

The plethora of problems attributed to the closed nature of electronic voting machines in the 2004 U.S. presidential election illustrates the ramifications of tolerating such an opaque process. For example, 30 percent of the total votes were cast on machines that lacked ballot-based audit trails, making accurate recounts impossible….these machines are vulnerable to security hacks, as they rely in part on obscurity….Analyses of code very similar to that found in these machines reported that the voting system should not be used in elections as it failed to meet even the most minimal of security standards.

There is a fundamental political problem here:

The opaqueness of these machines’ design is a secret compact between governments and manufacturers of electronic voting machines, who alone are privy to the details of the voting process.

The solution, unsurprisingly, is one that calls for greater transparency; the use of free and open source software–which can be copied, modified, shared, distributed by anyone–emerges as an essential requirement for electronic voting machines.

The voting process and its infrastructure should be a public enterprise, run by a non-partisan Electoral Commission with its operational procedures and functioning transparent to the citizenry. Citizens’ forums demand open code in electoral technology…that vendors “provide election officials with access to their source code.” Access to this source code provides the polity an explanation of how voting results are reached, just as publicly available transcripts of congressional sessions illustrate governmental decision-making. The use of FOSS would ensure that, at minimum, technology is held to the same standards of openness.

So long as our voting machines run secret, proprietary software, our electoral process remains hackable–not just by Russian hackers but also by anyone that wishes to subvert the process to help realize their own political ends.

Leaking Furore Par For The Course For Nation That Over-Classifies

America over-classifies information. The designations ‘secret,’ ‘top secret,’ ‘for your eyes only,’ and many others like them are thrown around too freely; too many folders and dossiers receive the dreaded stenciled stamp that indicates their contents may not be perused by the wrong people. The consequences of this bingeing on classification are predictable: all around us, ‘leaks’ and ‘unauthorized disclosures’ take place; many stand accused of dangerous ‘whistleblowing,’ of ‘criminal activity,’ of espionage. When all is secret, violating secrecy restrictions is easy–as is posturing as a protector of ‘secrecy vital to the national interest’; and the penalties for such ‘violations’ can be ratcheted up arbitrarily. (Just ask Chelsea Manning, who is due for early release tomorrow from a three-decade prison sentence–thanks to a presidential commutation.)

In this national context, the furore over the alleged disclosure by Donald Trump of supposedly top-secret information to visiting Russian dignitaries looks ever so precious. Unsurprisingly, no one is quite clear–or can be–about what was leaked, and what its significance was; what we do know, or are offered words of reassurance to that effect is Something Very Very Secret was disclosed. We cannot find out how secret or how important, or indeed, any other relevant details, because those, of course, are a Secret. I do not doubt for a second that Donald Trump is a bumbling incompetent, a buffoon who should not be allowed within a mile of the Oval Office, that his foreign policy blunders may yet be the death of us all. But I’m afraid the mere reporting that Something Very Very Secret is now no longer so fails to move me when it is quite evident from many other contexts that very often, such classification is a case of bureaucratic overkill. Especially when the reassurances that such a disclosure should be considered an actionable problem are forthcoming from the very people who simultaneously over-classify while demanding ever more cover, legal and otherwise, for their activities.

The reaction to Donald Trump’s ‘leaking’ has been predictable: impeachment! These dreams of impeachment, in response to ‘unauthorized disclosures of classified information’ are not just a political fantasy; they also perpetuate a long-running fraud on the American polity–that when the government and the administration decides to get into a tizzy about some supposed ‘violation of secrecy’ it gets the citizenry worked up in response. At that moment, all questioning of the unhealthy layers of classification and secrecy that continue to build up around our rulers’ activities is suspended, and we all chime in with syncopated chorus of outrage: How dare you disclose?

It has been a depressing feature of ‘liberal’ responses to the Trump administration that so many unsavory political alliances have now become increasingly respectable: among them, none will be more surprising than the willingness of so-called ‘liberal and ‘progressive’ factions to find, in the Deep State and its national security agencies, the ones that have done so much to abrogate the civil liberties of so many Americans, their best political allies.