WE ARE NEW YORKERS FOR VERIFIED VOTING
www.wheresthepaper.org/waNYvv.htm
May 24, 2004
Why New York should require
open-source software for all electronic voting systems (DREs) and optical
scanners, including their source code and compilers.
1. SEE ALSO "Disclosure of Software for Voting
Systems"
http://bcn.boulder.co.us/~neal/elections/disclosure.html (attached)
2. DEFINITIONS
a.
"Open-source" means that the code is posted on the internet and
ANYONE can look at it.
b.
"Source code" is the relatively-human-readable source programming
from which the final software is created.
c.
"Compiler." To create the
final software, the source code is translated by another program called a
compiler to produce the actual machine language (the ones and zeros that the
computer uses to do the work).
d. "Software." For simplicity, we use
the term "software" to mean all programming in the electronic
equipment, whether regarded technically as software or firmware, etc.
3. REASONS
a.
Secure software should not have any security holes. Thus, revealing its source
code to the public should NOT make it vulnerable to attack. If there are
security holes, they will be found by hackers whether or not the source code is
open.
b.
The public has a right to know what software is in voting systems, because that
software is running the election. For a
trustworthy, transparent election, the public needs to be able to observe those
processes. If the public can't view the source code, that's like letting the
vendor's software engineers take the ballots into the back room and count them
in secret. As long as the source code is a trade secret, vendors are
controlling the election processes.
Currently,
only vendors know what source code is in their systems, and courts have upheld
trade secret agreements in purchase contracts.
----Analogy:
Secret source code is like having the election administrators write up the
procedures they use to count absentee ballots and then refuse to show anyone
what the procedures are. Then the election officials go into a locked room and
carry out the secret procedures. When they are done, they come out and announce
the final numbers.
----Open
source code is like the administrators showing everyone the procedures they
wrote up and then going into a locked room to carry out those procedures
without anyone watching, and then announcing the final numbers.
c.
If vendors don't have to open their source code to the public, they can get
away with sloppy programming practices. If they have to disclose it, they will
be more careful.
d.
Large software products always have errors. Disclosing source code will allow
technologists to examine it and detect errors that could impact an
election. Few election officials or
legislators can read and understand source code, so disclosing the software
only to them will not achieve the same result.
Moreover, since voting systems have thousands (sometimes millions) of
lines of code, election officials and legislators would not have the time to
scrutinize it even if they could. By having technologists worldwide look at it,
the errors will quickly be found and can be corrected.
e.
Source code for compilers that translate source code for DREs and optical
scanners should also be open. Compilers
have errors too, which can cause the compiler to translate incorrectly and
introduce errors into the final software to be used in DREs and optical
scanners. Vendors should be required to
disclose version information about the compiler they use, and the compiler code
should be open to public scrutiny.