Fwd: [IP] Sequoia To Publish Source Code

R.A. Hettinga rah at shipwright.com
Wed Oct 28 15:17:39 PDT 2009

Begin forwarded message:

> From: Dave Farber <dave at farber.net>
> Date: October 28, 2009 6:10:07 PM GMT-04:00
> To: "ip" <ip at v2.listbox.com>
> Subject: [IP] Sequoia To Publish Source Code
> Begin forwarded message:
>> From: David Bolduc <bolduc at austin.rr.com>
>> Date: October 28, 2009 5:46:23 PM EDT
>> To: johnmacsgroup at yahoogroups.com, Dave Farber <dave at farber.net>
>> Subject: Sequoia To Publish Source Code
>> <http://www.wired.com/threatlevel/2009/10/sequoia/>
>> In Industry First, Voting Machine Company to Publish Source Code
>> By Kim Zetter <envelope.gif> October 27, 2009  |  4:53 pm  |
>> Categories: E-Voting, Elections
>> Sequoia Voting Systems plans to publicly release the source code
>> for its new optical scan voting system, the company announced
>> Tuesday  a remarkable reversal for a voting machine maker long
>> criticized for resisting public examination of its proprietary
>> systems.
>> The companys new public source optical-scan voting system, called
>> Frontier Election System, will be submitted for federal
>> certification and testing in the first quarter of next year. The
>> code will be released for public review in November, the company
>> said, on its web site. Sequoias proprietary, closed systems are
>> currently used in 16 states and the District of Columbia.
>> The announcement comes five days after a non-profit foundation
>> announced the release of its open-source election software for
>> public review. Sequoia spokeswoman Michelle Shafer says the timing
>> of its release is unrelated to the foundations announcement.
>> Open-source software allows the public to participate in the actual
>> development of the software. Whereas Sequoias public source, or
>> disclosed-source, software only allows the public to see software
>> that its developers have already created.
>> In the press release announcing the public-source system, a Sequoia
>> vice president is quoted saying that Security through obfuscation
>> and secrecy is not security.
>> Fully disclosed source code is the path to true transparency and
>> confidence in the voting process for all involved, said Eric
>> Coomer, vice president of research and product development for
>> Sequoia, in the press release. Sequoia is proud to be the leader
>> in providing the first publicly disclosed source code for a
>> complete end-to-end election system from a leading supplier of
>> voting systems and software.
>> Sequoia in fact has been a champion of security through obscurity
>> since its been selling voting systems.
>> The company has long had a reputation for vigorously fighting any
>> efforts by academics, voting activists and others to examine the
>> source code in its proprietary systems, and even threatened to sue
>> Princeton University computer scientists if they disclosed anything
>> learned from a court-ordered review of its software.
>> Princeton University computer scientist Ed Felten, one of the
>> targets of Sequoias legal threats, said he was pleasantly
>> surprised to see the company opening its new system to examination
>> after vehemently resisting it in the past.
>> I think Sequoia is recognizing that it wont do anymore to just
>> urge people to trust them, Felten said, and that people want to
>> know that the code that controls these machines is open and that
>> experts have had a full chance to look at it.
>> Given that Sequoia is now acknowledging the value of code
>> disclosure as something that can lead to better security rather
>> than worse security, as it has claimed in the past, Felten said it
>> seems that it should follow that they would now be willing to
>> release code for all of their other products as well.
>> Last year, a judge ordered New Jersey election officials to give
>> source code for the states Sequoia AVC Advantage touch-screen
>> machines to Princeton University computer scientist Andrew Appel
>> and others for a lawsuit that challenged the integrity of Sequoias
>> paperless machines. Voting activists had sued the state to
>> decommission the units out of security and reliability concerns.
>> Appels team found several vulnerabilities with the system, but
>> wasnt able to discuss them publicly.
>> Appel, in a separate issue, also found a discrepancy between
>> summary tapes printed from Sequoia touch-screen machines during New
>> Jerseys primary election and totals that were recorded on the
>> machines memory cards. Summary tapes from machines in one district
>> showed a phantom vote for then-presidential-candidate Barack Obama
>> that didnt appear in the memory card totals.
>> The Sequoia machines deployed to Union County, New Jersey, also
>> showed that Republican presidential candidates received 61 votes
>> when only 60 ballots had been cast in the Republican primary. About
>> 60 machines showed such discrepancies. When Union County election
>> officials announced that they planned to have Princeton academics
>> examine the machines to determine what went wrong, Sequoia
>> threatened a lawsuit.
>> Sequoia initially blamed the problem on election officials for
>> pushing the wrong buttons, but later claimed it uncovered a problem
>> in its software that was creating the vote errors and announced
>> that it had fixed the issue.
>> Earlier this year, in a separate case, Sequoia agreed, after a
>> concerted battle, to hand over its source code to election
>> officials in Washington, DC, to investigate why, during the citys
>> September 2008 primary election, Sequoias optical-scan machines
>> added about 1,500 phantom votes to races on ballots cast in one
>> precinct.
>> Sequoia blamed the problem on static discharge or human error.
>> After the city demanded to look at the source code to determine the
>> problem, Sequoia in turn demanded a $20 million bond from officials
>> guaranteeing they wouldnt disclose information about the system.
>> Sequoia finally relented to provide the code without a bond, though
>> only after the city agreed to keep the companys trade secrets
>> confidential.
>> The election integrity group Voters Unite has compiled a partial
>> list of reported problems (.pdf) with Sequoia voting machines.
>> Spokeswoman Michelle Shafer said Sequoias public source system has
>> been in the works for months, and that the announcement this week
>> was timed for a National Institute of Standards and Technology
>> workshop discussing a common data format for voting systems.
>> She said the firmware on the companys new Frontier optical-scan
>> machines is written in C# programming language and runs on Linux.
>> The election management software  which sits on a computer at the
>> election office and is used to create ballots and tabulate votes 
>> runs on Microsoft Windows XP and uses a Microsoft SQL database.
>> Pamela Smith, president of Verified Voting, a group that has long
>> lobbied for fully auditable voting systems, applauded Sequoias
>> efforts.
>> Its good to know the vendors are developing a new transparent
>> optical-scan system, she said. That is probably the biggest
>> recognition of the direction that the voting public wants to see
>> the market going.
>> Asked if Sequoias history of hiding behind its proprietary code
>> taints the sincerity of its public source effort, Smith said, Its
>> never too late. If youre making a step toward a more transparent
>> system, good for you. Thats a good thing.
> -------------------------------------------
> Archives: https://www.listbox.com/member/archive/247/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/247/
> Powered by Listbox: http://www.listbox.com

More information about the cypherpunks-legacy mailing list