San Francisco is considering “upgrading” their voting systems to use Sequoia machines. They are demanding that the company publicly disclose their software source code for all to see. It’s called transparency. That’s a good thing.
But Sequoia is refusing. Yesterday, there was another discussion/debate on the topic at an SF Board of Supes hearing. The San Francisco Examiner reported this laugh line from the Sequoia spokeshole:
For those just joining the fun, who may be unfamiliar with guffaw-worthiness of Bennet’s claim about concern for the security of his company’s shitty voting systems, we’ll refer you to this small sampling of previous relevant BRAD BLOG articles:
- Pro E-Vote Professor Accidentally Hacks Sequoia Voting System
- Sequoia’s ‘Yellow Button’ Allows Voters to Vote As Many Times as They Want
- Sequoia Spokesperson Against Hack Testing of Touch-Screen Machines in Riverside County, CA
- Princeton Prof. Buys Sequoia System on Internet, Hacks It in 10 Seconds
…Along with a heads up that we’ll have more — much more — on Sequoia’s “concerns” about the security of their voting systems (or lack thereof) in a detailed investigative report in the very near future…
To be fair, any commercial producer of voting machines has a legitimate interest in preventing competitors (or potential competitors) from gaining access to their source code. Thus public disclosure of the source code isn’t something that can be expected from the companies.
However, there are well-established methods for non-public disclosure and review of source code by experts under NDA, which are entirely appropriate here.
Moreover, it’s notoriously difficult to decipher source code in any fashion that will provide reasonable confidence in the security of the result. Rather, an inspection of the source code has some chance of catching glaring problems, or fundamental design problems (like the execution of code stored on the voting card).
To be fair, any user of voting machines has a legitimate interest in knowing what the hell the voting machine is doing while it purports to count their vote. Thus public disclosure of the source code is something that is appropriate.
Since citizens actually own their government, well-established that citizens have the right to view information in order to exercise oversight over their government — so “non-public” review of what the voting machine is actually doing, restricted only to “experts” under NONDISCLOSURE, is hardly appropriate here.
Moreover, it’s notoriously difficult to decipher whether our votes are being counted accurately in any fashion that will provide reasonable confidence in the accuracy of the result. Rather, an inspection of ALL election-related information by ANY person gives us the best chance of catching glaring problems, or fundamental design problems.
And by the way: Experts under nondisclosure did not discover the code stored on the voting card. That only happened because ordinary citizens got hold of it.
Bev Harris
Black Box Voting
I’m happy to associate myself with Bev’s comments in reply to “NoName” above.
I’ll add one more point, however, in reply to this comment from “NoName”:
Nonsense. The “business” of democracy is not a “commercial interest”. If these companies wish to receive BILLIONS of our tax dollars in order to perform this service to democracy, they will just have to get used to the idea that they’ll have to publicly disclose the source code.
If they want to be in a different line of work, it’s up to them.
And, btw, I made my living as a programmer for 10 years. I don’t relish the idea of giving away my work either (though I’d do it for BILLIONS of dollars, maybe that’s just me).
As a programmer, as well, I know that NONE of this is rocket science, and there are NO actual “trade secrets” to any of this stuff that any of the other “competitors” of these companies even NEEDS to “steal.”
It’s a specious argument on their behalf. Of course, they know it.
So here’s the deal: The companies will get to make BILLIONS of our dollars and we’ll get to see what the hell it is they are doing every step of the way in exchange. Fair enough? I think so.
With all due respect, “Spokeshole” is a bit over the edge, in my opinion. Of course, this is your blog (er, The Brad Blog) and you can, of course, say what you want. You can disagree with their arguments without getting personal. I don’t think insults add much to your point.
Thanks, Joe. I appreciate your opinion. Mine is that I consider disingenuous, specious arguments — known lies, in other words — made by folks in order to continue making money off of our democracy, and undermining it in the bargain, at an exceedingly tenuous moment in the nation’s history, while we are at war, to be very ugly indeed.
It’s not personal. I understand he may just be doing “his job”. But if that’s his line of work, he should find something more respectable to do with his time, and less destructive to the world in which we all live.
I find lies that undermine democracy to be as reprehensible as dealing drugs to children. And I don’t see receiving a paycheck for it to be any excuse.
Hope that clarifies my opinion and I appreciate yours to boot.
“Princeton Prof. Buys Sequoia System on Internet, Hacks It in 10 Seconds”
Isn’t it ironic that any vender would make the “security” argument while their voting systems are sold to whoever wants them, as surplus. Can’t see this going away, as counties find themselves in need of getting rid of a Trojan horse.
Joe:
I’ve been following this issue since early 2003 and was confident that the leaders in my state would listen to honest people, none of whom were getting paid a red cent, when they testified before the committees who were charged with choosing a system we could all be comfortable with insuring our democracy.
Hearing an obvious lie once is maddening enough, but hearing the same lie, literally hundreds of times, is infuriating, especially when it negatively effects the future of your country in a demoralizing and hope-killing way.
Did you even read comments #2, and #3? If Brad has to use a term like “spokesholes” to bring a little comedy relief to those of us who are terrified as hell, would you take that from us? Do you think the despicable people who tell these lies, feelings are hurt by such a nickname? They are laughing all the way to the bank.
I don’t know how long you’ve been following this fight, but with all due respect, you are naive as hell.
I have a problem with any company who is best at customer service so long as everything remains secret.
Sounds way too much like Cheney’s office.
“Program testing can be a very effective way to show the presence of bugs, but is hopelessly inadequate for showing their absence.”
“Simplicity is prerequisite for reliability.”
– Edsger Dijkstra
I understand that it’s easy for people to poke and prod the voting machine manufacturers about things like source code publication, but the fact is that public availability of the source code is no guarantee that the system is safe or reliable. (There are plenty of examples of security problems in open source software.) Source code publication is a red herring vis-a-vis election integrity.
Bev, I agree with you when you say, “any user of voting machines has a legitimate interest in knowing what the hell the voting machine is doing while it purports to count their vote.” But, having access to the source code does very little, at best, to provide someone with that when they vote (even if I had the all of the requisite expertise). It is impossible for a voter to verify that the stipulated code is actually what’s running on the voting machine unless the voter has access to the internals of the machine in a way that compromises said machine. Thus, even with an oracular comprehension of the source code, reviewing the source code only provides voters with knowledge of what the voting machine is purported to be doing while it purports to count their vote.
It’s mathematically impossible for an election process to be simultaneously verifiable and anonymous. As a consequence the integrity of the election is blindly reliant on the election process. Hence, the only way to ensure that is simplicity and transparency.
To make matters more interesting, the human element of the process (or the interface with it) isn’t all that reliable to begin with. (This was famously illustrated in 2000 with the butterfly ballot and the hanging chads.)
Of course, it is in the interest of election integrity to hassle electronic voting machine vendors because said machines obfuscate, and hence compromise, the election process. Similarly, it is advisable to have expert review of the source code since that can identify problems, but, just like testing, it is not adequate to insure a reliable election process.
{Ed Note: Post deleted. Disinformation. “Mort,” while you are welcome to use an alias here, you are not welcome to offer disinformation about who you are and what your agenda is here. Consider this a warning, and that I’m being very kind in not naming who you are. Suffice to say, knock it off. Misleading folks is no better when done by someone on “our side” than it is when it’s done by Voting Machine Companies or “bad guy” Election Officials. That is one of the (very few) rules for commenting here at BRAD BLOG. Thank you. And you’re welcome. — BF}
“One in customer testing” means that there is one person in the testing department, as we all know here.
Since forever there has been one electronic voting machine tester, kinda like the Maytag Repairman, and he is Shawn Whitworth.
Vendors worried about competitors stealing their code need only copyright it. It’s not as though the task of counting something (votes or anything else) is going to require cutting-edge programming. Seriously, what sort of trade secrets could lurk in such a mundane task?
This is how we know it’s not vote-counting routines that they are protecting.
I want to weigh in on the “spokeshole” designation.
Amongst those of us who have spent years investigating and working to bring to light the travesties of the e-voting system, I think we think little of such a characteriztion.
HOWERVER, that said, I am now working with a “blue ribbon” Election Review Committee comprised of retired judges and other highly respected community leaders who have little background in the EI issues, and we are trying mightily to educate them.
When someone from the outside reads a term like that, they tend to be offended, perhaps not read further on, and perhaps assigne a lesser degree of credibility to the source when the name calling comes into play.
Brad is a very good friend of mine and I support him in every way I can, including providing a different prespective when I believe it is important to do so. We can still get the exact same message across without the namecalling, and we are then perceived as taking the higher road.
Just MHO.
TC
leftisbest:
Civil dialog is a great way to arrive at compromise, but the people who are stealing our elections are never going to compromise. They are proud of their ruthlessness, and laugh at our sensible approach. At some point you have to take off the gloves. I feel if we don’t attack them with words sometimes when they deserve it, a much larger explosion is imminent.
Judges are humans beings too. They will be just as angry as we are, when they get the information we have. Dan Rather was on television this morning opining on why Al Gore lost the election. Al Gore did not lose the election. Ralph Nader didn’t lose it for him. The Republicans were going to take it, hook or crook!
We have given them every opportunity to be civil. It’s not working!