borktron t1_itslz64 wrote
Reply to comment by PaulSnow in I am the co-author behind ACM’s TechBrief on Election Security: Risk-limiting Audits. Ask me anything about election security! by TheOfficialACM
While I'm generally in favor of well-understood and battle tested open-source hw/sw, it's not really a panacea. How do you know the build of the open-source software hasn't been tampered with? How do you know that the physical machines actually in use conform to the open-source specs and haven't been tampered with?
Of course, you can mitigate some of those risks by allowing stakeholders to inspect, verify hashes of builds, etc. But that's a lot of human-factor stuff on top that you're absolutely relying on.
So even in an open-source hw/sw world, RLAs are still critical.
TheUnweeber t1_itsw9xz wrote
Although open source isn't a panacea, couple it with trustless ledgers, and the more parties distrust each other, the more nodes they (and nonpartisans) will run. ..and that's nearly a panacea.
PaulSnow t1_itudneq wrote
This is exactly the point. Fewer truly independent code bases, increased distribution of knowledge of the code, more tools deployed for automated verification/validation of the code, etc.
Proprietary code usually ends up devolving to the point most of it is treated like a black box. This is because knowledge of the internal code is restricted. And then over time the institutional knowledge is lost as people quit the effort (nobody is immortal).
At least with open source, knowledge can be distributed over larger bodies of people, and more experts can exist for the entire ecosystem to leverage. For applications where no "secret code" or "secret sauce" is required and in fact is nothing but a danger, Open Source is the solution.
PaulSnow t1_ittge4u wrote
I am a big fan of RLAs. Basically we ran the election in 2020 in a way very few statistical tests could be run to compute a confidence level on the ballots.
However, software builds can be hashed and signed, and open source hardware can refuse to load unsigned builds. But how to evaluate the signature? This is where small cryptographic proofs from blockchains provide a distributed ledger.
The hardware and the software can be reviewed by everyone earning money in the voting game, and when disputes arise, there is no excuse to demand access to the voting machines because everyone has access by definition.
Open Source solves both pragmatic transparency issues, and political ones.
Viewing a single comment thread. View all comments