WE ARE NEW YORKERS FOR VERIFIED VOTING
May 24, 2004
Why New York should require open-source software for all electronic voting systems (DREs) and optical scanners, including their source code and compilers.
1. SEE ALSO "Disclosure of Software for Voting Systems" http://bcn.boulder.co.us/~neal/elections/disclosure.html (attached)
a. "Open-source" means that the code is posted on the internet and ANYONE can look at it.
b. "Source code" is the relatively-human-readable source programming from which the final software is created.
c. "Compiler." To create the final software, the source code is translated by another program called a compiler to produce the actual machine language (the ones and zeros that the computer uses to do the work).
d. "Software." For simplicity, we use the term "software" to mean all programming in the electronic equipment, whether regarded technically as software or firmware, etc.
a. Secure software should not have any security holes. Thus, revealing its source code to the public should NOT make it vulnerable to attack. If there are security holes, they will be found by hackers whether or not the source code is open.
b. The public has a right to know what software is in voting systems, because that software is running the election. For a trustworthy, transparent election, the public needs to be able to observe those processes. If the public can't view the source code, that's like letting the vendor's software engineers take the ballots into the back room and count them in secret. As long as the source code is a trade secret, vendors are controlling the election processes.
Currently, only vendors know what source code is in their systems, and courts have upheld trade secret agreements in purchase contracts.
----Analogy: Secret source code is like having the election administrators write up the procedures they use to count absentee ballots and then refuse to show anyone what the procedures are. Then the election officials go into a locked room and carry out the secret procedures. When they are done, they come out and announce the final numbers.
----Open source code is like the administrators showing everyone the procedures they wrote up and then going into a locked room to carry out those procedures without anyone watching, and then announcing the final numbers.
c. If vendors don't have to open their source code to the public, they can get away with sloppy programming practices. If they have to disclose it, they will be more careful.
d. Large software products always have errors. Disclosing source code will allow technologists to examine it and detect errors that could impact an election. Few election officials or legislators can read and understand source code, so disclosing the software only to them will not achieve the same result. Moreover, since voting systems have thousands (sometimes millions) of lines of code, election officials and legislators would not have the time to scrutinize it even if they could. By having technologists worldwide look at it, the errors will quickly be found and can be corrected.
e. Source code for compilers that translate source code for DREs and optical scanners should also be open. Compilers have errors too, which can cause the compiler to translate incorrectly and introduce errors into the final software to be used in DREs and optical scanners. Vendors should be required to disclose version information about the compiler they use, and the compiler code should be open to public scrutiny.