Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

True, the average voter is not inclined to hire a computer expert to do an analysis, but if there is widespread suspicion, they will at least have the ability to vent their collective outrage into an actual audit of the code. This transparency can provide some assurance.


> audit of the code

The OP is talking about the inability to audit the code actually running at the time of voting. You can audit the code in the repo all you like but if the hardware of the voting machine is compromised, or the code you audit is modified or replaced sometime before execution, or there is other malicious code running on the machine interfering with the voting then your audit is useless.


Require (by law) that the actual machines be available for potential inspection for X weeks/months after each election. If there is suspicion of fraud/issues, inspection happens on the machines that have been stored since the election. Since the machines are offline the entire time (by design it seems), manipulation doesn't seem that easy, granted the machines are stored in a secure location in the meantime.


The problem is that "audits" of those machines is itself a threat model.

The auditing needs to be controlled such that a malicious auditor doesn't compromise the machine.

State couldn't prove that the machines audited by a private group in Arizona weren't compromised so they had to replace them [0] to a tune of $2.8M.

[0] https://www.businessinsider.com/arizona-audit-maricopa-count...


> manipulation doesn't seem that easy

I wasn’t suggesting manipulation was easy. But for a sufficiently motivated and resourced actor with direct or indirect physical access to the machine all bets are off.


Volkswagen cheated on emissions tests by creating software that did the expected results only during an audit. Doing the same for voting software would be much easier.

There's no way for a computer to completely prove it has the right software for a job.


Can it though? If the audit is called for after the election how do we determine the code that the auditor is inspecting is what was run on election day?

It's still a black box on election day - it's just got detailed instructions written on it claiming that's what is inside.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: