E-Voting Company Agrees To Let California See Its Source Code... But Includes Angry Threats

from the how-nice-of-them dept

In the ongoing effort to make sure that electronic voting machines used in public elections actually have some sort of real scrutiny, we've never had anyone convincingly explain why the source code for these voting machines shouldn't be made public. You may recall that a while back, in a post about some of the limitations being put on security experts trying to examine some of the machines, a representative from the firm Election Systems & Software Inc. (ES&S) showed up in our comments and responded to our questions not with any good reasons, but with insults to everyone here saying we couldn't possibly understand. When asked, point blank, about why he wouldn't let experts like Ed Felten and Avi Rubin test the machines, he responded by claiming that such experts are misleading in their reports and are publishing things solely for a profit motive (which is pretty laughable, if you've ever read either's writings and analysis -- which come across as exceptionally even-handed on these issues). The same guy also claimed that the e-voting companies have always willingly handed over source code to gov't agencies. Specifically he stated: "The companies have always complied with legitimate requests to test and inspect the software. They handed over their source code for review on multiple occasions and have never denied the request of any U.S. government authority to review the code or test the equipment." Of course, he didn't say they did so happily. When California came asking for the source code, ES&S certainly wasn't happy about it.

You may recall that back in March, California's Secretary of State decided that anyone providing e-voting machines in California had to withstand independent testing from a group of security experts. This seems perfectly reasonable, and it's hard to come up with any reason not to do this... unless you're a company like ES&S whose machines have been caught counting votes in triplicate, among other things. Despite the claim that they "never denied the request of any U.S. government authority," ES&S certainly resisted the requests and only handed in the code three months late, along with an angry, petulant, threatening letter to the Secretary of State warning her that the company will hold the Secretary of State personally responsible "for any prohibited disclosure or use of ES&S' trade secrets and related confidential and proprietary information." Frankly, this should be reason enough to ban the company from having its e-voting machines used in elections. If the company is so worried about having its machines tested by security experts, then it shouldn't be in the business. Furthermore, for a free and fair election, there's simply no reason that the company shouldn't be required to make the core of its system freely available so that the voters of this country can actually trust that their votes are being accurately counted. It's not a crazy request. It's about protecting our fundamental right to vote. Apparently, ES&S doesn't respect that enough to prove to anyone that it can actually build a safe and secure machine that counts votes accurately.

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Brian, 29 Jun 2007 @ 2:03pm

    Re: Re: Re: Re: Voting Machines

    "market data gathered by these machines would be exceptionally valuable. They could easily determine voting tendancies of specific districts. They could determine how long a person took to vote on a topic or candidate. They could use data to determine effectiveness of campaign efforts."

    Already freely available! Voter registration, and how often you vote are available for 2.5 cents per name at voterlistsonline.com

    If you want to harvest WHOM I voted for, then I suggest you have a good lawyer. Voting Rights section of Civil Rights Bill (among many many others) if I remember correctly.

    "Furthermore, opening the code to the public only adds risk that the system security."

    Again, a fundamental misconception. Security through obscurity is dangerous. Ever hear of peer review? Science mags do it. Imagine a scientist claiming he achieved cold-fusion but couldn't say how because of the security risk to his idea. Wait, that happens and those guys get laughed at...

    "Releasing the source code to the public would have put these vendors out of business"

    How??? These ppl shouldn't be selling the SOFTWARE! The value they bring is in their HARDWARE: nice touchscreens with a tape-roll. Competition should depend on ease-of-use, reliability, ergonomics, life-span, etc. Again, how many different ways can you count 1+1+1+1? Maybe the interfacing with components might be proprietary but if this ia vased on GNU Linux in the first place they ARE BREAKING THE LAW by not sharing the derivative code.

    Of all the arguments for free software, the code THAT COUNTS OUR VOTES should be free and open to ANYONE to inspect. You want to sell the State a fancy box that runs the code, go for it!

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.