Source Code Disclosure
Would open-sourcing all code that goes into e-voting hardware and software help to avoid security holes? Sequoias Shafer argues that code is already reviewed, if not open-sourced. "Current voting systems undergo certification, inspection and review processes which provide authorized reviewers with access to software source code and reports on system performance, in a form of disclosed source," she wrote in a report from the Election Technology Council as a response to amendments to the Help America Vote Act. But whos testing the code testers? The largest tester of the countrys voting machines, a company called Ciber Inc., last summer was temporarily barred from approving new machines after feds found it wasnt following its own quality-control procedures and couldnt document whether it was actually conducting all required tests, according to a January 2007 article in The New York Times (requires free registration to view articles)."Whats scary is that weve been using systems in elections that Ciber had certified, and this calls into question those systems that they tested," Aviel D. Rubin, a computer science professor at Johns Hopkins, was quoted as saying in the Times article. Source code for e-voting systems is now "disclosed" in a number of ways. It is supplied to the Voting System testing Laboratories, which is accredited by the Election Assistance Commission (EAC) for use in testing and certifying voting systems. Many states also require manufacturer source code to be kept in escrow. Executable software also is required to be submitted to the National Institute of Standards and Technology (NIST) in order to produce hash codes, which can then be used to determine that a jurisdiction has the right version of certified software. As far as open-sourcing the code goes, though, Shafer suggests that full, unfettered public access could actually result in providing a potential criminal with the tools to rig an election. "Recently, someone claimed to have created a key to a Diebold voting units compartment by simply printing a picture of the key from a Web site and subsequently created a key made from the design. Many of those who are adamantly calling for full disclosure, to any person, are the very same people who called the release of this key a security flaw," Shafer said. "The key is just one layer of the defense provided on the devices, just as keeping the source code confidential is a layer of defense. Providing the source code to the public removes that layer of security and could make it easier for someone to attempt to defraud an election." Another aspect to the open-source debate thats often overlooked, Shafer said, is that current legislative proposals to open-source e-voting code makes no distinction between e-voting system manufacturers and third-party software makers such as Microsoft, which markets the Windows CE program used as an operating system for some parts of some voting systems. Read more here why the impact of e-voting glitches in the 2006 election was less than anticipated. "These third-party packages are useful in designing robust products, as the manufacturers dont have to re-invent a wheel that has been tried and trued by other developers," Shafer said. "Legally, manufacturers cannot provide source code for these third-party software programs or provide the names of the programmers involved in the creation of the third-party software." Meanwhile, DeForest Soaries, former chairman of the EAC, in June 2004 came out with a series of nonbinding suggestions for how to open-source e-voting code. First, he said, the EAC should ask that e-voting systems makers release source code to states under nondisclosure agreements. The code would then be made accessible to computer scientists in each state who would be asked to sign the NDA before reviewing the code. After that, Soaries said, an existing National Software Reference Library run by the Department of Commerce should be used as a repository in which to store the source code. States could then check their machines firmware to ensure theyre running the version theyre supposed to be running. Soaries final suggestion is for states to undertake enhanced security measures, such as cryptography, come November. Finally, problems with e-voting systems should be compiled and analyzed. At this point, theres no central federal database that lists all the problems known to exist in current e-voting systems. Open-source e-voting code was easier in Australia. The country seems to be doing just fine with its Linux-based systems, which are called eVACS (Electronic Voting and Counting System) and made by a company called Software Improvements. But thats Australia. At this point, its not looking like the 2008 U.S. elections will see a significantly improved e-voting scene in this country. Editors Note: This story was updated to include a reference to The New York Times article. Also, DeForest Soaries status as former EAC chairman was corrected, as was the date of when he gave his recommendations to fix e-voting security.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.
As the Times pointed out, if the reliability of Cibers tests have been called into question, that calls into question everything the company tested, including vote-counting software and security on many machines now in use.