Fw: AB852 - commentary on subsection (i)

From: Alan Dechert <dechert_at_gmail_dot_com>
Date: Wed Mar 21 2007 - 06:39:13 CDT

Dear Matt and Bob,

Matt recently questioned me about how germane subsection ( i ) of SEC 2 is to this bill. I am forwarding this comment from Jim March about that. As you probably know, Deputy Secretary Lowell Finley was the attorney in a lawsuit against Diebold brought about by Jim March and Bev Harris on behalf of California Citizens. Subsection ( i ) addresses transparency needs based, in part, from that experience in CA as well as experience in other states.

AB 852 is somewhat broader in scope than AB 2097 from last year. It is not simply an "open source" bill, and the name reflects that. The core concept of the bill -- and open voting -- is captured in page 2, lines 10 - 13: "All details of election administration must be made freely available to the entire public in a regular and systematic way." Subsection ( i ) is an extension of this idea.

Matt pointed out that that the rest of the bill pertains to systems up for certification, while existing systems are grandfathered. However, grandfathered systems are only grandfathered for a limited time (until 2012), and we want public access to information throughout the election system. We shouldn't have to do special records requests. This information should be available to the public routinely, and in a timely manner.

As written, the bill would require some extra work for the Secretary of State while no extra money is being allocated to accomplish this extra work. Some resistance is reasonable and expected.

As I understand it, Secretary Bowen does not want to be the public repository for the technical information, and she does not want the potential exemption from federal certification for open source systems described in subsection ( h ). I recommend that we amend the bill to remove the SoS responsibility for public access to the vendor's technology disclosure package. We should then require that the vendor be responsible for making it available. However, I strongly recommend against removing subsection ( h ) from the bill at this time. I have recommended a correction of a typo there where we want "except" inserted, so page 4 line 30 would read "open source except for all unmodified COTS components."

There is a powerful argument for true open source software for elections -- not just disclosed source. Disclosed source is tactical. Open Source is strategic. Subsection ( h ) is strategically important. There is a powerful case to be made for it: The Legislature and the public deserve to hear the case in favor of this strategy. We can and should air this out in the Assembly elections committee hearing. If it becomes apparent that we need to take it out, let's do it then -- not now. This is much too important to simply drop. Part of the reason can be seen in Brian Behlendorf's testimony before Congress last Thursday.

So, the bill text should be changed in SEC 1 (b) line 16 -- strike "Secretary of State shall manage a process whereby the public can obtain" and insert "vendors shall make available on the Internet...." Strike SEC 2 (f) 1-3 (pg 4, lines, 17-22)


Alan Dechert

----- Original Message -----
From: Jim March
To: Alan Dechert ; Bev Harris
Sent: Tuesday, March 20, 2007 12:06 AM
Subject: AB852 - commentary on subsection (i)


I can make this more formal if you want (stick it in PDF in something resembling "letterhead") and citing BBV but I'd need Bev's permission...shouldn't be a problem. Let me know ASAP tomorrow AM if this is an issue, pref. before 9:00am when I go into depositions. For that matter, I'll speed things up by CCing Bev - Bev, Alan has asked me to write some commentary for the last section of AB852 in California, which is fairly technical and is getting some hairy eyeballs from confused legislative staffers. This is a draft of my commentary on the section of bill involved.

Original bill text is at:
I'm quoting in bold just the last section:
"(i) Any member of the public shall have access to other elections
information, including:
(1) All information necessary to validate elections must be 
produced by the voting system and its accompanying elections
Put simply, this forces the vendor to ensure that accurate information on the processing of elections is produced by the system.  The main effect is to cause accurate audit logs to be created, along with detailed tracking of "who, what, where, how and when" election processing occurred. 
The most dramatic failure of this occurs daily in the Diebold central tabulators where every person in the elections office (and often vendor staff onsite assisting) logs in as username "admin" - and they all share the same password.  Most Diebold customer counties do business in this fashion in violation of basic computer security principles. 
Deposition testimony taken this month in Pima County Arizona shows county elections officials claiming a specific Diebold employee told them that everyone should use the "admin" account.  The Diebold staffer in question was Rob Chen, a field support specialist known to have installed uncertified Diebold software in Alameda County in 2002 per Diebold's internal memos. 
"(2) When information to validate the election is requested, it
must be provided before recount and contest periods have expired." 
This forces fast public records access in elections cases, so that accurate decisions on which races to challenge can be made without the cost (to the county or anyone else) of a challenge lawsuit.  California's rate of compliance with public records requests is unfortunately low and at least where election-related data is concerned, this is a start.  
(Assemblyman Leno is planning to re-introduce his "cash penalties for failure to produce public records law" that narrowly failed last year and has been highly effective in other states.  Leno's staff are in contact with Mr. Terry Franke of Cal-Aware and the California First Amendment Coalition on this broader public records issue.) 
"(3) The information must be provided in a usable and
cost-effective manner."
This is in large part a response to Sequoia's system of creating audit trails on paper but not simultaneously in electronic form.  Essentially, we end up with thousands of pages of dead trees in continuous form tractor paper with no way to index or search the material.  Arizona activist and former state legislator Ted Downing made a request to Maricopa County for audit log records and was presented with a $1,200 bill.  The same information in Pima County on Diebold systems were produced in about 15 minutes on a single 29 cent blank CD in electronic, readily searchable form. 
California fully understands the value of electronic data, and pushed for electronic access to the legislature at www.leginfo.ca.gov via a bill by Debra Bowen many years ago. 
Sequoia and others should still do paper records at the same time, as those are printed as actions occur and are harder to manipulate after the fact.  The best situation allows ready access to the electronic record and then anything "odd" can be reviewed on paper as final confirmation. 
"(4) There will be no restrictions imposed by proprietary claims,
nor shall access to information be exclusively placed outside of 
governmental custody."
The first clause simply states that "we the people" own the election process, not the vendors.  They can be paid good money to assist in the process, but they cannot be allowed to own it and control our vote or the process that tallies it. 
The second clause says that the copies of electronic programming, specifications, source code and the like should be available online from a source other than the vendor.  If a serious concern with the code is raised, there should be no suspicion that the vendor quietly updated their own website's contents to obscure the issue. 
"(5) Validating information must include proof that hardware and
software certified for use is the same claimed to have been used." 
In computer science, there is a simple way to ensure that a given file is "authentic".
It's called a "hash".
Any file consists of a string of numbers.  It is possible to apply a math formula to the file, do a calculation based on the contents and then display the resulting fairly short product of the calculation.  Should the file change, the resulting "hash code" will be different from the number that the vendor and/or certification process says is correct. 
This process is commonly used when distributing important files to allow the end user to confirm authenticity.  Online distributions of various forms of the Linux operating system commonly include hash data and instructions on how to use that data to confirm that the code you're using hasn't been tampered with.  A very user-friendly description of this process in which the popular MD5 hash process is used can be seen at: 
If a free consumer-grade operating system such as Ubuntu Linux can be distributed in this fashion, it is fully reasonable to expect the same level of care in voting systems.  Better yet: once a hash procedure is in place, onsite inspections under California Election Code 15004 can do "verification of known good and certified code" as a quick and easy part of the onsite inspection process. 
The need for such a process has been demonstrated on multiple occasions by Diebold.
Internal memos show that in one case, code that was changed enough to warrant re-certification was released into the field without revising the version number.  The flippant comment "rules are made to be broken" among Diebold staffers discussing this raised significant alarm when the memo was later leaked. 
When Harri Hursti and Black Box Voting examined Diebold TSx voting machines in Emery County Utah in early 2006, they found differences in the way different machines handled macros suggestive that they were running different code sets.  Also of note: 41 machines all shipped from Diebold to this county, all displaying the same versions and all reputed to be brand new had amounts of free memory reported as anywhere between four and twenty six megabytes, an enormous discrepancy - yet it was impossible to get the installed code copied off of the system so that code from the various machines could be compared and/or hash-analyzed. 
One of the most important aspects of AB852 is that it requires applying to voting machines the same standard of professionalism and transparancy now found among free consumer-grade operating systems such as Ubuntu - surely not an unreasonable request. 

OVC-discuss mailing list

= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Sat Mar 31 23:17:07 2007

This archive was generated by hypermail 2.1.8 : Sat Mar 31 2007 - 23:17:09 CDT