From: Dave Farber <dave@farber.net>
Date: October 28, 2009 6:10:07 PM GMT-04:00
To: "ip" <ip@v2.listbox.com>
Subject: [IP] Sequoia To Publish Source Code
<http://www.wired.com/threatlevel/2009/10/sequoia/>
In Industry First, Voting Machine Company to Publish Source Code
By Kim Zetter <envelope.gif> October 27, 2009 | 4:53 pm |
Categories: E-Voting, Elections
Sequoia Voting Systems plans to publicly release the source code
for its new optical scan voting system, the company announced
Tuesday � a remarkable reversal for a voting machine maker long
criticized for resisting public examination of its proprietary
systems.
The company�s new public source optical-scan voting system, called
Frontier Election System, will be submitted for federal
certification and testing in the first quarter of next year. The
code will be released for public review in November, the company
said, on its web site. Sequoia�s proprietary, closed systems are
currently used in 16 states and the District of Columbia.
The announcement comes five days after a non-profit foundation
announced the release of its open-source election software for
public review. Sequoia spokeswoman Michelle Shafer says the timing
of its release is unrelated to the foundation�s announcement.
Open-source software allows the public to participate in the actual
development of the software. Whereas Sequoia�s public source, or
disclosed-source, software only allows the public to see software
that its developers have already created.
In the press release announcing the public-source system, a Sequoia
vice president is quoted saying that �Security through obfuscation
and secrecy is not security.�
�Fully disclosed source code is the path to true transparency and
confidence in the voting process for all involved,� said Eric
Coomer, vice president of research and product development for
Sequoia, in the press release. �Sequoia is proud to be the leader
in providing the first publicly disclosed source code for a
complete end-to-end election system from a leading supplier of
voting systems and software.�
Sequoia in fact has been a champion of security through obscurity
since it�s been selling voting systems.
The company has long had a reputation for vigorously fighting any
efforts by academics, voting activists and others to examine the
source code in its proprietary systems, and even threatened to sue
Princeton University computer scientists if they disclosed anything
learned from a court-ordered review of its software.
Princeton University computer scientist Ed Felten, one of the
targets of Sequoia�s legal threats, said he was pleasantly
surprised to see the company opening its new system to examination
after vehemently resisting it in the past.
�I think Sequoia is recognizing that it won�t do anymore to just
urge people to trust them,� Felten said, �and that people want to
know that the code that controls these machines is open and that
experts have had a full chance to look at it.�
Given that Sequoia is now acknowledging the value of code
disclosure as something that can lead to better security rather
than worse security, as it has claimed in the past, Felten said �it
seems that it should follow that they would now be willing to
release code for all of their other products as well.�
Last year, a judge ordered New Jersey election officials to give
source code for the state�s Sequoia AVC Advantage touch-screen
machines to Princeton University computer scientist Andrew Appel
and others for a lawsuit that challenged the integrity of Sequoia�s
paperless machines. Voting activists had sued the state to
decommission the units out of security and reliability concerns.
Appel�s team found several vulnerabilities with the system, but
wasn�t able to discuss them publicly.
Appel, in a separate issue, also found a discrepancy between
summary tapes printed from Sequoia touch-screen machines during New
Jersey�s primary election and totals that were recorded on the
machine�s memory cards. Summary tapes from machines in one district
showed a phantom vote for then-presidential-candidate Barack Obama
that didn�t appear in the memory card totals.
The Sequoia machines deployed to Union County, New Jersey, also
showed that Republican presidential candidates received 61 votes
when only 60 ballots had been cast in the Republican primary. About
60 machines showed such discrepancies. When Union County election
officials announced that they planned to have Princeton academics
examine the machines to determine what went wrong, Sequoia
threatened a lawsuit.
Sequoia initially blamed the problem on election officials for
pushing the wrong buttons, but later claimed it uncovered a problem
in its software that was creating the vote errors and announced
that it had fixed the issue.
Earlier this year, in a separate case, Sequoia agreed, after a
concerted battle, to hand over its source code to election
officials in Washington, DC, to investigate why, during the city�s
September 2008 primary election, Sequoia�s optical-scan machines
added about 1,500 �phantom� votes to races on ballots cast in one
precinct.
Sequoia blamed the problem on �static discharge� or human error.
After the city demanded to look at the source code to determine the
problem, Sequoia in turn demanded a $20 million bond from officials
guaranteeing they wouldn�t disclose information about the system.
Sequoia finally relented to provide the code without a bond, though
only after the city agreed to keep the company�s trade secrets
confidential.
The election integrity group Voters Unite has compiled a partial
list of reported problems (.pdf) with Sequoia voting machines.
Spokeswoman Michelle Shafer said Sequoia�s public source system has
been in the works for months, and that the announcement this week
was timed for a National Institute of Standards and Technology
workshop discussing a common data format for voting systems.
She said the firmware on the company�s new Frontier optical-scan
machines is written in C# programming language and runs on Linux.
The election management software � which sits on a computer at the
election office and is used to create ballots and tabulate votes �
runs on Microsoft Windows XP and uses a Microsoft SQL database.
Pamela Smith, president of Verified Voting, a group that has long
lobbied for fully auditable voting systems, applauded Sequoia�s
efforts.
�It�s good to know the vendors are developing a new transparent
optical-scan system,� she said. �That is probably the biggest
recognition of the direction that the voting public wants to see
the market going.�
Asked if Sequoia�s history of hiding behind its proprietary code
taints the sincerity of its public source effort, Smith said, �It�s
never too late. If you�re making a step toward a more transparent
system, good for you. That�s a good thing.�
R.A. Hettinga