[Media] [LACTTE] Fw: Re: [Linux-aus] Grant request: Contribution to Senate voting source code FOI request review.

Paul Gardner-Stephen paul at servalproject.org
Thu Jul 31 10:55:34 EST 2014 

Also if of interest, here is what I sent to the special minister of state
about all this recently.  Feel free to make use of any thing there, or to
ignore it as appropriate:

To:
senator.ronaldson at aph.gov.au;
Cc:
senator.rhiannon at aph.gov.au;
Bcc:
Andrew Bettison;
jeremy at servalproject.org;
Greetings Hon. Mr. Ronaldson, Special Minister of State,

I have been following with considerable civic interest the attempts to have
the AEC reveal source code for their electoral software that is used to
count senate voting.

My interest stems from the necessity for the democratic process to be
transparent in the handling of votes so that there is no possibility for
any person or conspiracy to undermine the integrity of the system.

I was greatly disappointed when I read your response to Senator Rhiannon,
as it appears that the AEC or another party has provided you with incorrect
information in an attempt to keep the source code from public scrutiny.  I
have CCd your fellow senator, Senator Rhiannon, since the matters here
relate directly to her request and your response.

I note in your response to the senate's request that the relevant source
code be tabled (see
http://lee-rhiannon.greensmps.org.au/sites/default/files/ronaldson_response.pdf)
that you cite the following reasons for refusing to table the source code,
which I respond to below.

1. That publication of the source code could leave the voting system open
to hacking or manipulation.

I wish to begin by saying that by not publishing the source code these
dangers are actually much greater.

Without the source code, the voting public and government of the day have
no way to be sure that the software is as it was when it was audited, and
has not been tampered with.

Without the source code, the voting public has no way to be sure that the
software actually performs correctly.

Further, as no substantial software is completely free from defects, there
is no way for the voting public or the government of the day to be sure
that the software counts precisely in accordance with the appropriate
legislation and/or regulations.

Thus there exist very real threats to the integrity of the electoral system
and the democratic systems of this country while the source code remains
secret.

Let us now consider the potential impacts on the integrity of the voting
system were the source code made public.

The danger you refer to as hacking involves the subversion of software by
manipulating inputs to the software in question, with the objective of
coercing some sort of behaviour that deviates from the intended.

This requires the ability to provide malicious input to the software that
breaches the defences of the software in some way.

Let us now consider the input that vote counting software accepts, who it
accepts it from, what forms the input can take, and therefore what
potential it has to manipulate or subvert the software.

The only input to the voting software that the public can provide are their
votes.

One must assume that by the time the votes provided as input to the
software that they are in the form of the numeric values placed into the
plurality of boxes on a senate ballot.

There are no opportunities for the public to provide arbitrary binary input
to the software.

This input is extremely limited in nature and volume.

Therefore the only risks that can be introduced to are if someone, by
reading the source code, discovers that a particular vote, that is capable
of causing the software to behave incorrectly.  Such a vote must retain
this potency even after being subjected to whatever data input validation
processes the AEC employs.

If the software contains such defects, then it does not correctly implement
the algorithms described in the legislation.
​
To suggest that entering of specially crafted votes into the software could
cause it to incorrectly tally the votes of others or otherwise compromise
the system must be correctly understood as being equivalent to a claim that
the software in question is not fit for purpose.

Therefore the only danger that can arise from the publication of the source
code is that the software is shown to contain a defect that causes it to
incorrectly tally votes, and was never fit for purpose.

That is, the only danger is that the software be revealed to be unfit for
purpose.

The alternative is much more dangerous, that the software is unfit for
purpose, but this fact is not known to the government and people of
Australia.

2. That the AEC considers the software to be commercial-in-confidence

I have read the AEC's previous correspondence in regard to the FoI request.

In that correspondence they claim that even the names of the source code
files would endanger their commercial position.

This must be seen for the complete absurdity that it is.  How can the name
of source code files relating to the counting of the senate voting in
Australia constitute information so commercially sensitive that it could
impact on the business of the AEC?

As regards the source code itself, it implements algorithms prescribed by
legislation.  Therefore it embodies public information, and cannot contain
any trade secret.  However, even in the case where the AEC may wish to
claim some trade secret, for example a more efficient algorithm that has
equivalent effect to the legislated algorithms, then surely the AEC's
obligation to uphold the integrity of the electoral system of Australia
overrides any side-business it may undertake.

To suggest otherwise is to say that the incidental commercial activities of
a statutory body of government is more important than the proper
maintenance of our democracy.

Indeed, the clear point throughout this current debate is that the AEC does
seem to consider its incidental commercial activities to be more important
than its obligations to uphold the integrity of our democratic system.

I therefore beseech you and the government to not be party to the
side-lining of our democracy in this way, and appeal to you to show
leadership in this matter by calling for the immediate release of the
source code.

If you differ in view on any of the points I have raised in this letter, I
would appreciate it if you would provide your perspective on each so that
we may advance our conversation in a constructive and mutually educational
manner.

Yours sincerely,

Dr. Paul Gardner-Stephen,
Lecturer in Software Engineering,
Shuttleworth Telecommunications Fellow.
10 Minchinbury Terrace, Marion, 5043. Phone 0427 679 796.


On Thu, Jul 31, 2014 at 10:07 AM, Paul Gardner-Stephen <
paul at servalproject.org> wrote:

> Sorry, a corollary to what I have said above is that we should launch a
> project to write a suite of open-source electoral counting software (if it
> doesn't already exist).
>
> I'd be happy to stand up and talk about this at LCA with a view to
> launching a community effort to create such software if we thought it
> useful.  I am also totally happy if someone else wishes to take the lead,
> rather than add something extra to my plate.
>
> Paul.
>
>
> On Thu, Jul 31, 2014 at 10:05 AM, Paul Gardner-Stephen <
> paul at servalproject.org> wrote:
>
>> Hello,
>>
>> A related thing we may wish to consider is if the AEC don't wish to
>> reveal their source code, that they offer some mechanism for 3rd party
>> systems to be feed the votes that the AEC receives to allow verification of
>> counting.  That way they can have their precious source code, but democracy
>> is still upheld.
>>
>> Of course, a problem that seems to be indirectly revealed in this is that
>> the AEC don't seem to have separated the network elements, i.e., the
>> electronic transmission of votes to the AEC counting system, from the
>> system that does the counting.  It may well be that this is what they are
>> trying to hide -- that a buffer overrun in their network code could
>> compromise the counting software.
>>
>> Paul.
>>
>>
>> On Wed, Jul 30, 2014 at 10:16 PM, Linux Australia Secretary <
>> secretary at linux.org.au> wrote:
>>
>>>  So, coming at this from a Media and Subcommittee Team perspective
>>> (CC'd) this may be a very good opportunity for Linux Australia to write a
>>> Press Release around the issue, with the following messaging;
>>>
>>> - we support the release of the source code for transparency and deeper
>>> scrutiny
>>> - drawing the conclusion that if we can't see the mechanisms of
>>> government, how can we trust them?
>>> - denouncing the treatment of Michael Cordover as inappropriate and
>>> massive over-reaction
>>>
>>> Thoughts?
>>>
>>>
>>> On 18/07/2014 11:43 PM, Joshua Hesketh wrote:
>>>
>>> I absolutely agree :-).
>>>
>>> Nobody specific in security comes to mind. We could perhaps reach out to
>>> the RuxCon community. Otherwise just somebody like Tridge or Rusty may
>>> be able to weigh in?
>>>
>>> Cheers,
>>> Josh
>>>
>>> On 16/07/14 12:21, Josh Stewart wrote:
>>>
>>>  On 16 July 2014 at 11:56:56 am, Daniel Jitnah
>>> (djitnah at greenwareit.com.au <mailto:djitnah at greenwareit.com.au> <djitnah at greenwareit.com.au>) wrote:
>>>
>>>
>>>  Perhaps the Open Source Community should provide "Expert Independent
>>> advice" that opening software to scrutiny does not open system to
>>> hacking etc., but much to the contrary.
>>>
>>> Most likely many expert opinion can be obtained to counter the position
>>> taken by the AEC.
>>>
>>> LA could be well placed to facilitate the process of obtaining such
>>> advice.
>>>
>>>  Personally I think this suggestion from Daniel is an excellent one!
>>>
>>> Do we know any experts in the community who can comment on the merits of
>>> being open source when it comes to security?
>>>
>>>
>>> --
>>> Josh Stewart
>>>
>>>
>>>   _______________________________________________
>>> committee mailing listcommittee at lists.linux.org.auhttp://lists.linux.org.au/listinfo/committee
>>>
>>>
>>>
>>> _______________________________________________
>>> committee mailing listcommittee at lists.linux.org.auhttp://lists.linux.org.au/listinfo/committee
>>>
>>>
>>>
>>> --
>>> Kathy Reid
>>> Secretary
>>> Linux Australia
>>> secretary at linux.org.auhttp://linux.org.au
>>>
>>>
>>>
>>> Linux Australia Inc
>>> GPO Box 4788
>>> Sydney NSW 2001
>>> Australia
>>>
>>> ABN 56 987 117 479
>>>
>>>
>>> _______________________________________________
>>> Media mailing list
>>> Media at lists.linux.org.au
>>> http://lists.linux.org.au/listinfo/media
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.linux.org.au/pipermail/media/attachments/20140731/be84340b/attachment-0001.htm

More information about the Media mailing list