Is Open Source Enough?

From: Arthur Keller <voting_at_kellers_dot_org>
Date: Mon Sep 03 2007 - 16:19:53 CDT

I've been thinking about the role of open source in electronic voting
systems. Here are some sketchy thoughts I'd like to share.

1. One of the crucial reasons for open source in voting systems is
the ability for the public to inspect the machinery of voting
systems. This concept is related to sunshine laws, public records
acts, or the Freedom of Information Act. However, "published" source
is sufficient for many of these purposes.

2. One key side benefit of published source is that systems
*designed* to be open are designed with better inherent security than
systems designed to be trade secrets.

3. While it would be useful for anyone to be able to publicly inspect
voting system software, there are valid objections to publicly
releasing software not designed to be published while it is in active
use for public elections. If the currently trade-secret voting
system software is replaced (by open source, published source, or
even new trade-secret software), then security reasons to keep such
software secret not longer applies, and the software should then be
disclosed for public analysis. However, because of various patches
and versions, it is still possible that some version may have
contained a Trojan Horse, and not be able to detect that from the
version being disclosed.

4. If we are to go through the trouble of replacing old electronic
voting systems with new electronic voting systems run on open source,
unless the new systems are designed to be secure based on a threat
analysis model, the new systems may still have security

5. I would like to see ACCURATE develop threat analysis models in
conjunction with a new voting system design team. Preferably, the
system developed would be open source, or at least disclosed source.

Let us clearly understand what vulnerabilities are handled with open
source voting systems and what vulnerabilities are NOT
vulnerabilities are NOT handled with open source voting systems. Let
us also understand what new vulnerabilities are potentially
introduced by open source voting systems, particularly when
disclosing existing systems not designed to be disclosed. I ask the
last question because I think we need to understand the arguments
against openness in order to counter them. In that regard, let us
separate out disclosure of source code from disclosure of data
formats and data itself.

Best regards,

Arthur M. Keller, Ph.D., 3881 Corina Way, Palo Alto, CA  94303-4507
tel +1(650)424-0202, fax +1(650)424-0424
OVC-discuss mailing list
By sending email to the OVC-discuss  list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
Received on Sun Sep 30 23:17:04 2007

This archive was generated by hypermail 2.1.8 : Sun Sep 30 2007 - 23:17:20 CDT