Sequoia To Publish Source Code

[Dave Farber <dave () farber net>]

Begin forwarded message:

> From: David Bolduc <bolduc () austin rr com>
> Date: October 28, 2009 5:46:23 PM EDT
> To: johnmacsgroup () yahoogroups com, Dave Farber <dave () farber net>
> Subject: Sequoia To Publish Source Code

> <http://www.wired.com/threatlevel/2009/10/sequoia/>
>
> In Industry First, Voting Machine Company to Publish Source Code
> By Kim Zetter <envelope.gif> October 27, 2009  |  4:53 pm  |   
> Categories: E-Voting, Elections
>
>
> Sequoia Voting Systems plans to publicly release the source code for  
> its new optical scan voting system, the company announced Tuesday —  
> a remarkable reversal for a voting machine maker long criticized for 
>  resisting public examination of its proprietary systems.
>
> The company’s new public source optical-scan voting system, called F 
> rontier Election System, will be submitted for federal certification 
>  and testing in the first quarter of next year. The code will be rel 
> eased for public review in November, the company said, on its web si 
> te. Sequoia’s proprietary, closed systems are currently used in 16 s 
> tates and the District of Columbia.
>
> The announcement comes five days after a non-profit foundation  
> announced the release of its open-source election software for  
> public review. Sequoia spokeswoman Michelle Shafer says the timing  
> of its release is unrelated to the foundation’s announcement.
>
> Open-source software allows the public to participate in the actual  
> development of the software. Whereas Sequoia’s public source, or dis 
> closed-source, software only allows the public to see software that  
> its developers have already created.
>
> In the press release announcing the public-source system, a Sequoia  
> vice president is quoted saying that “Security through obfuscation a 
> nd secrecy is not security.”
>
> “Fully disclosed source code is the path to true transparency and co 
> nfidence in the voting process for all involved,” said Eric Coomer,  
> vice president of research and product development for Sequoia, in t 
> he press release. “Sequoia is proud to be the leader in providing th 
> e first publicly disclosed source code for a complete end-to-end ele 
> ction system from a leading supplier of voting systems and software 
> .”
>
> Sequoia in fact has been a champion of security through obscurity  
> since it’s been selling voting systems.
>
> The company has long had a reputation for vigorously fighting any  
> efforts by academics, voting activists and others to examine the  
> source code in its proprietary systems, and even threatened to sue  
> Princeton University computer scientists if they disclosed anything  
> learned from a court-ordered review of its software.
>
> Princeton University computer scientist Ed Felten, one of the  
> targets of Sequoia’s legal threats, said he was pleasantly surprised 
>  to see the company opening its new system to examination after vehe 
> mently resisting it in the past.
>
> “I think Sequoia is recognizing that it won’t do anymore to just  
> urge people to trust them,” Felten said, “and that people want to  
> know that the code that controls these machines is open and that exp 
> erts have had a full chance to look at it.”
>
> Given that Sequoia is now acknowledging the value of code disclosure  
> as something that can lead to better security rather than worse  
> security, as it has claimed in the past, Felten said “it seems that  
> it should follow that they would now be willing to release code for  
> all of their other products as well.”
>
> Last year, a judge ordered New Jersey election officials to give  
> source code for the state’s Sequoia AVC Advantage touch-screen machi 
> nes to Princeton University computer scientist Andrew Appel and othe 
> rs for a lawsuit that challenged the integrity of Sequoia’s paperles 
> s machines. Voting activists had sued the state to decommission the  
> units out of security and reliability concerns. Appel’s team found s 
> everal vulnerabilities with the system, but wasn’t able to discuss t 
> hem publicly.
>
> Appel, in a separate issue, also found a discrepancy between summary  
> tapes printed from Sequoia touch-screen machines during New Jersey’s 
>  primary election and totals that were recorded on the machine’s mem 
> ory cards. Summary tapes from machines in one district showed a phan 
> tom vote for then-presidential-candidate Barack Obama that didn’t ap 
> pear in the memory card totals.
>
> The Sequoia machines deployed to Union County, New Jersey, also  
> showed that Republican presidential candidates received 61 votes  
> when only 60 ballots had been cast in the Republican primary. About  
> 60 machines showed such discrepancies. When Union County election  
> officials announced that they planned to have Princeton academics  
> examine the machines to determine what went wrong, Sequoia  
> threatened a lawsuit.
>
> Sequoia initially blamed the problem on election officials for  
> pushing the wrong buttons, but later claimed it uncovered a problem  
> in its software that was creating the vote errors and announced that  
> it had fixed the issue.
>
> Earlier this year, in a separate case, Sequoia agreed, after a  
> concerted battle, to hand over its source code to election officials  
> in Washington, DC, to investigate why, during the city’s September 2 
> 008 primary election, Sequoia’s optical-scan machines added about 1, 
> 500 “phantom” votes to races on ballots cast in one precinct.
>
> Sequoia blamed the problem on “static discharge” or human error.
>
> After the city demanded to look at the source code to determine the  
> problem, Sequoia in turn demanded a $20 million bond from officials  
> guaranteeing they wouldn’t disclose information about the system. Se 
> quoia finally relented to provide the code without a bond, though on 
> ly after the city agreed to keep the company’s trade secrets confide 
> ntial.
>
> The election integrity group Voters Unite has compiled a partial  
> list of reported problems (.pdf) with Sequoia voting machines.
>
> Spokeswoman Michelle Shafer said Sequoia’s public source system has  
> been in the works for months, and that the announcement this week wa 
> s timed for a National Institute of Standards and Technology worksho 
> p discussing a common data format for voting systems.
>
> She said the firmware on the company’s new Frontier optical-scan mac 
> hines is written in C# programming language and runs on Linux. The e 
> lection management software — which sits on a computer at the electi 
> on office and is used to create ballots and tabulate votes — runs on 
>  Microsoft Windows XP and uses a Microsoft SQL database.
>
> Pamela Smith, president of Verified Voting, a group that has long  
> lobbied for fully auditable voting systems, applauded Sequoia’s effo 
> rts.
>
> “It’s good to know the vendors are developing a new transparent  
> optical-scan system,” she said. “That is probably the biggest  
> recognition of the direction that the voting public wants to see the 
>  market going.”
>
> Asked if Sequoia’s history of hiding behind its proprietary code tai 
> nts the sincerity of its public source effort, Smith said, “It’s  
> never too late. If you’re making a step toward a more transparent sy 
> stem, good for you. That’s a good thing.”



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com