Proprietary Software statement from Essex County Task Force on E-voting

Why proprietary SW environments should be rejected in voting machines

Proprietary applications packages and operating systems have long been extremely expensive ways to use information technology. It’s obvious why: the supplier has legal ownership of and all information about the vital tools that handle the customer’s data and operations. You, the customer, are powerless and have to pay whatever the supplier asks for small changes, maintenance, upgrading, fixing the inevitable bugs, tracking down system SW and bundled system HW failures, and on and on, whenever the supplier can accommodate your needs. When a system is built on open interfaces and/or open source code, on the other hand, third parties usually become available to help. Many customers of proprietary, closed systems lose vital data and business functions, lose credibility with their own customers, and have often been forced out of business when system vendors provide poor support, cut off support to further their own business, or themselves abandon the business. So proprietary systems and interfaces imply higher expense, shorter system lifetime, and poorer ability to improve usability. Suppliers of closed systems argue that they have better control and can therefore provide better quality, but they seldom actually deliver on that promise.

Election systems are much more vulnerable than ordinary businesses to the perils of closed software;
credibility and honesty in rendering election results outweigh even the cost issues. Unless the code is open to inspection by honest non-partisan brokers, there is no way to guarantee that election results can not be altered by breakdowns (the benign case), or by intentional tampering by insiders or hackers. There might be mistakes in the code, or more ominously hidden subroutines that bias the results to the advantage certain candidates or political groups.

A small number of people can incorporate dishonest features into closed-source programs;
they might be employees of the manufacturer actinbg on their own or on the instructions of management who are politically or ideologically connected or simply selling corrupt access. Such features might be triggered by network connections known only to a few at any time before or during elections. Or they may be permanently coded, loaded in along with periodic software updates, and triggered autmatically on election day.

All these forms of tampering would be difficult to detect, as they need not affect a large fraction of the votes cast to shift electoral outcomes. If a paper trail is available, it can be used to catch some but not all tampering occurrences.

No amount of advance testing can guarantee systems free of these hazards. But open source code, together with an open mechanism for binding and installing it can give reasonable assurance that votes cast equal votes and outcomes reported.

What’s wrong specifically with Sequioa software:

The considerations above are particularly pertinent to Sequoia, a manufacturere known to have a particular idelogical allegiance. Equipment used for vote counting must be above any appearance of impropriety, irrespective of whether there is actual wrongdoing. When there is no way to detect tampering (closed systems) there is no way to mainain that assurance.

---------------------
this is a draft any comments?

Hmmm... You talk about "Proprietary", but I think what you really mean is something like "open" or "reviewable".

Imagine that a company had a proprietary voting system, that was protected by copyright and patents, but that they published all the source code and made it available for review (but not modification). Would that work?

I don't think we should rule out any solution that has ownership rights attached, I think we should rule out any solution that we can't strip down to the nuts and bolts.

A more interesting question to me is; how do you verify that the source code you reviewed is actually embodied in the executables installed? It doesn't do any good to verify the source if someone can much up the binary. That's a problem whether it is proprietary or open source.

Good start though.

another 9 or 10 to come ------

3Members of the NJ Att. Gen. Office were there to answer the Freeholders questions---

I took notes on what the AG staff was & was not saying.
Which I then used as talking points when we were allowed to later speak to the Freeholders.
When the AG staff exited the meeting romm we--Frances, Trina, and I followed them and engaged them together and individually on many different topics.
Going by Memory:
Frances asked aboout opscans and paper ballots--Donna Kellys responce was interesting. Her behavoir changed--she verbally quipped--rolled her eyes-and seemed physically agitated, as she spoke. and really didnt answer the question.
I asked about the certification process in NJ specifically as it involves the Avante Trakker full scareen DRE. Marcus seemed to be more familiar so we ended up talking to the side --
He said he has seen the Avante demo and he liked the Avante coting its full face 30" csreen and easy to read ballot---where the "line" went staright across. He mentioned that it may be certified in NJ before the Sept, 1 dealine. At that point I directly asked him---"What can I do to help". he froze and changed the subject--which then became--we would be willing to have a forum with your groups--if you can get enough people--and they were informed that the groups we represent nave something over 4000 (IIRC) members.

Of course what would a forum do to speed up the certification process?

Another thing I found interesting was Donna Kelly refering to the BLACK BOX while speaking to the Freeholders---she meant the VVPT law compliant Pinter. I feel that when a lawyer wishes to be specific, a lawyer can be--in this case I maight assume that she wished in infer some ambiguiity. The BLock box comment I addressed later with the Freeholders.

Here are my above mentioned talking points --

--Avante full face trakker, DRE, --has 30 " screen and the "line" is intact.

--lets be clear, you are buying not just a DRE but an entire system--PC-- Workstation Smart cards -- software---etc----

----I went over prices for machines--making it clear that Sequoia sells the Veri Vote printer for the Edge DRE for $500 when a printer for the Advantage is ----$2000----if you ever see it ?

--Small face DRe can be brought into the car of a handicapped person

--VVPT is a Sample audit of IIRC 2%

--HAVA doesnt mandate all machines to be replaced--it mandates one HAVA compliant, per polling place

--Sequoia charges a 15% lisencing fee for software--the clerk later came up with these #s--150k 1st yr and then 30k thereafter, possible 10% increase in years 2-5.

--The Advantage is old--released in "86 NJ cert in "87

--And why did the state just buy 3000 audio devices for the Advantage? Which Fransis gave to me-- credit her.