E-Voting Company Agrees To Let California See Its Source Code... But Includes Angry Threats

from the how-nice-of-them dept

In the ongoing effort to make sure that electronic voting machines used in public elections actually have some sort of real scrutiny, we've never had anyone convincingly explain why the source code for these voting machines shouldn't be made public. You may recall that a while back, in a post about some of the limitations being put on security experts trying to examine some of the machines, a representative from the firm Election Systems & Software Inc. (ES&S) showed up in our comments and responded to our questions not with any good reasons, but with insults to everyone here saying we couldn't possibly understand. When asked, point blank, about why he wouldn't let experts like Ed Felten and Avi Rubin test the machines, he responded by claiming that such experts are misleading in their reports and are publishing things solely for a profit motive (which is pretty laughable, if you've ever read either's writings and analysis -- which come across as exceptionally even-handed on these issues). The same guy also claimed that the e-voting companies have always willingly handed over source code to gov't agencies. Specifically he stated: "The companies have always complied with legitimate requests to test and inspect the software. They handed over their source code for review on multiple occasions and have never denied the request of any U.S. government authority to review the code or test the equipment." Of course, he didn't say they did so happily. When California came asking for the source code, ES&S certainly wasn't happy about it.

You may recall that back in March, California's Secretary of State decided that anyone providing e-voting machines in California had to withstand independent testing from a group of security experts. This seems perfectly reasonable, and it's hard to come up with any reason not to do this... unless you're a company like ES&S whose machines have been caught counting votes in triplicate, among other things. Despite the claim that they "never denied the request of any U.S. government authority," ES&S certainly resisted the requests and only handed in the code three months late, along with an angry, petulant, threatening letter to the Secretary of State warning her that the company will hold the Secretary of State personally responsible "for any prohibited disclosure or use of ES&S' trade secrets and related confidential and proprietary information." Frankly, this should be reason enough to ban the company from having its e-voting machines used in elections. If the company is so worried about having its machines tested by security experts, then it shouldn't be in the business. Furthermore, for a free and fair election, there's simply no reason that the company shouldn't be required to make the core of its system freely available so that the voters of this country can actually trust that their votes are being accurately counted. It's not a crazy request. It's about protecting our fundamental right to vote. Apparently, ES&S doesn't respect that enough to prove to anyone that it can actually build a safe and secure machine that counts votes accurately.

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Java, 29 Jun 2007 @ 12:05pm

    Re: Re: Re: Voting Machines

    You are significantly trivializing the issue. Counting the votes is a very simplistic way of looking at this issue.

    I don't have any experience with these machines to know what all is involved, but I have been involved in other s/w projects that were essentially DB applications and that provided reasonably simple functions such as counting. However, these applications were much more than a simple adding machine. Releasing the source code to the public would have put these vendors out of business. I am sure that is what ESS is concerned about. The amount of market data gathered by these machines would be exceptionally valuable. They could easily determine voting tendancies of specific districts. They could determine how long a person took to vote on a topic or candidate. They could use data to determine effectiveness of campaign efforts.

    Release source code would expose all their functions/features that competitors could copy. This would put them at a competitive disadvantage. Therefore, yes, they have the right to protect their IP. Mandating that a private company release their IP is completely wrong and goes against a free market society.

    Now, again, I believe that because they are providing a service to a population via Govt. Contracts, the Govt. has the right and obligation to the public to ensure that these machines operate correctly and with accuracy. Having independent experts review the code and ensure the correct operation is completely within the Govt. right to do so. However, I believe the Govt. also has the responsiblity to ensure that the IP is completely secure and not open to the public. If the code does get out and is traced back to the experts, then the govt. should be held accountable.

    Furthermore, opening the code to the public only adds risk that the system security.

    Burning the code to a prom and locking it down is good, but from a support perspective is inefficient. This limits the ability to update code as improvements are made. This would consume more resources and drive up costs. This would be a bad business model.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Show Now: Takedown
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.