Opening the Vote

by Rich

Wednesday, October 28, 2009 at 04:07 PM EDT

Maybe there’s something in the air. After the recent news that Microsoft is going to publish the documentation of the PST file format used by Outlook, there is now an article in Wired reporting that Sequoia Voting Systems will publish the source code for their new optical-scan voting system. This is, in its own way, as noteworthy as the announcements of Microsoft’s new openness; Sequoia historically has fought tooth and nail to keep its source code and other details of its systems secret. (Prof. Andrew Appel, of Princeton University, has commentary on the Center for Information Technology Policy’s [CI”Freedom to TInker” blog on various aspects of the Gusciora v. Corzine trial in New Jersey, which turned on the accuracy of one of Sequoia’s earlier products.) They have threatened to sue researchers if they revealed any of the company’s “proprietary information”, even when the examination was ordered by the court:

The company has long had a reputation for vigorously fighting any efforts by academics, voting activists and others to examine the source code in its proprietary systems, and even threatened to sue Princeton University computer scientists if they disclosed anything learned from a court-ordered review of its software.

There is some speculation that the forthcoming release of the code for the new device was prompted by the recent news that the first release of an open-source voting system had been made by the Open Source Digital Voting Foundation. The company says the timing of the two events is a coincidence:

Sequoia spokeswoman Michelle Shafer says the timing of its release is unrelated to the foundation’s announcement.

Regardless of the timing, this has to be regarded as good news. Prof. Ed Felten, Director of the CITP, said as much:

Princeton University computer scientist Ed Felten, one of the targets of Sequoia’s legal threats, said he was pleasantly surprised to see the company opening its new system to examination after vehemently resisting it in the past.

“I think Sequoia is recognizing that it won’t do anymore to just urge people to trust them,” Felten said, “and that people want to know that the code that controls these machines is open and that experts have had a full chance to look at it.”

This is really an important step forward. Trusting voting machines that use secret software, never seen by anyone but the vendor, is hardly a way to build confidence in the election process. I doubt whether most people would think it reasonable to have all the paper ballots from an election counted in secret by an unidentified cabal of vote counters. Yet, in a way, the situation with secret voting machine code is even worse. A normally intelligent person can probably understand the security requirements of paper ballots without too much difficulty: you can only put one ballot in the box, you can’t take any out, and each ballot only counts once. The average election judge is probably more or less clueless about what is important for E-voting security.

As in the case of cryptography, getting security right is hard. The best method we know is to publish the details of the “mechanism”, so that they can be inspected by many eyes.