Fwd: [IP] Sequoia To Publish Source Code
R.A. Hettinga
rah at shipwright.com
Wed Oct 28 15:17:39 PDT 2009
Begin forwarded message:
> From: Dave Farber <dave at farber.net>
> Date: October 28, 2009 6:10:07 PM GMT-04:00
> To: "ip" <ip at v2.listbox.com>
> Subject: [IP] Sequoia To Publish Source Code
>
>
>
>
> Begin forwarded message:
>
>> From: David Bolduc <bolduc at austin.rr.com>
>> Date: October 28, 2009 5:46:23 PM EDT
>> To: johnmacsgroup at yahoogroups.com, Dave Farber <dave at farber.net>
>> Subject: Sequoia To Publish Source Code
>>
>
>> <http://www.wired.com/threatlevel/2009/10/sequoia/>
>>
>> In Industry First, Voting Machine Company to Publish Source Code
>> By Kim Zetter <envelope.gif> October 27, 2009 | 4:53 pm |
>> Categories: E-Voting, Elections
>>
>>
>> Sequoia Voting Systems plans to publicly release the source code
>> for its new optical scan voting system, the company announced
>> Tuesday � a remarkable reversal for a voting machine maker long
>> criticized for resisting public examination of its proprietary
>> systems.
>>
>> The company�s new public source optical-scan voting system, called
>> Frontier Election System, will be submitted for federal
>> certification and testing in the first quarter of next year. The
>> code will be released for public review in November, the company
>> said, on its web site. Sequoia�s proprietary, closed systems are
>> currently used in 16 states and the District of Columbia.
>>
>> The announcement comes five days after a non-profit foundation
>> announced the release of its open-source election software for
>> public review. Sequoia spokeswoman Michelle Shafer says the timing
>> of its release is unrelated to the foundation�s announcement.
>>
>> Open-source software allows the public to participate in the actual
>> development of the software. Whereas Sequoia�s public source, or
>> disclosed-source, software only allows the public to see software
>> that its developers have already created.
>>
>> In the press release announcing the public-source system, a Sequoia
>> vice president is quoted saying that �Security through obfuscation
>> and secrecy is not security.�
>>
>> �Fully disclosed source code is the path to true transparency and
>> confidence in the voting process for all involved,� said Eric
>> Coomer, vice president of research and product development for
>> Sequoia, in the press release. �Sequoia is proud to be the leader
>> in providing the first publicly disclosed source code for a
>> complete end-to-end election system from a leading supplier of
>> voting systems and software.�
>>
>> Sequoia in fact has been a champion of security through obscurity
>> since it�s been selling voting systems.
>>
>> The company has long had a reputation for vigorously fighting any
>> efforts by academics, voting activists and others to examine the
>> source code in its proprietary systems, and even threatened to sue
>> Princeton University computer scientists if they disclosed anything
>> learned from a court-ordered review of its software.
>>
>> Princeton University computer scientist Ed Felten, one of the
>> targets of Sequoia�s legal threats, said he was pleasantly
>> surprised to see the company opening its new system to examination
>> after vehemently resisting it in the past.
>>
>> �I think Sequoia is recognizing that it won�t do anymore to just
>> urge people to trust them,� Felten said, �and that people want to
>> know that the code that controls these machines is open and that
>> experts have had a full chance to look at it.�
>>
>> Given that Sequoia is now acknowledging the value of code
>> disclosure as something that can lead to better security rather
>> than worse security, as it has claimed in the past, Felten said �it
>> seems that it should follow that they would now be willing to
>> release code for all of their other products as well.�
>>
>> Last year, a judge ordered New Jersey election officials to give
>> source code for the state�s Sequoia AVC Advantage touch-screen
>> machines to Princeton University computer scientist Andrew Appel
>> and others for a lawsuit that challenged the integrity of Sequoia�s
>> paperless machines. Voting activists had sued the state to
>> decommission the units out of security and reliability concerns.
>> Appel�s team found several vulnerabilities with the system, but
>> wasn�t able to discuss them publicly.
>>
>> Appel, in a separate issue, also found a discrepancy between
>> summary tapes printed from Sequoia touch-screen machines during New
>> Jersey�s primary election and totals that were recorded on the
>> machine�s memory cards. Summary tapes from machines in one district
>> showed a phantom vote for then-presidential-candidate Barack Obama
>> that didn�t appear in the memory card totals.
>>
>> The Sequoia machines deployed to Union County, New Jersey, also
>> showed that Republican presidential candidates received 61 votes
>> when only 60 ballots had been cast in the Republican primary. About
>> 60 machines showed such discrepancies. When Union County election
>> officials announced that they planned to have Princeton academics
>> examine the machines to determine what went wrong, Sequoia
>> threatened a lawsuit.
>>
>> Sequoia initially blamed the problem on election officials for
>> pushing the wrong buttons, but later claimed it uncovered a problem
>> in its software that was creating the vote errors and announced
>> that it had fixed the issue.
>>
>> Earlier this year, in a separate case, Sequoia agreed, after a
>> concerted battle, to hand over its source code to election
>> officials in Washington, DC, to investigate why, during the city�s
>> September 2008 primary election, Sequoia�s optical-scan machines
>> added about 1,500 �phantom� votes to races on ballots cast in one
>> precinct.
>>
>> Sequoia blamed the problem on �static discharge� or human error.
>>
>> After the city demanded to look at the source code to determine the
>> problem, Sequoia in turn demanded a $20 million bond from officials
>> guaranteeing they wouldn�t disclose information about the system.
>> Sequoia finally relented to provide the code without a bond, though
>> only after the city agreed to keep the company�s trade secrets
>> confidential.
>>
>> The election integrity group Voters Unite has compiled a partial
>> list of reported problems (.pdf) with Sequoia voting machines.
>>
>> Spokeswoman Michelle Shafer said Sequoia�s public source system has
>> been in the works for months, and that the announcement this week
>> was timed for a National Institute of Standards and Technology
>> workshop discussing a common data format for voting systems.
>>
>> She said the firmware on the company�s new Frontier optical-scan
>> machines is written in C# programming language and runs on Linux.
>> The election management software � which sits on a computer at the
>> election office and is used to create ballots and tabulate votes �
>> runs on Microsoft Windows XP and uses a Microsoft SQL database.
>>
>> Pamela Smith, president of Verified Voting, a group that has long
>> lobbied for fully auditable voting systems, applauded Sequoia�s
>> efforts.
>>
>> �It�s good to know the vendors are developing a new transparent
>> optical-scan system,� she said. �That is probably the biggest
>> recognition of the direction that the voting public wants to see
>> the market going.�
>>
>> Asked if Sequoia�s history of hiding behind its proprietary code
>> taints the sincerity of its public source effort, Smith said, �It�s
>> never too late. If you�re making a step toward a more transparent
>> system, good for you. That�s a good thing.�
>
>
>
> -------------------------------------------
> Archives: https://www.listbox.com/member/archive/247/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/247/
> Powered by Listbox: http://www.listbox.com
More information about the cypherpunks-legacy
mailing list