Feeds

Sequoia opens kimono with e-voting code handout

'Completely reversed'

Remote control for virtualized desktops

Sequoia Voting Systems has become the first electronic voting machine maker to publish the source code used in one of its systems, a move that computer scientists have praised.

On Monday, the Denver, Colorado company released the first batch of code for Frontier, an end-to-end e-voting system that it plans to begin selling in the near future. Sequoia has promised to release the blueprints for 100 per cent of its system software, including firmware, before the system is submitted for federal certification in June.

To be sure, the initial installment is fairly mundane: code written in Microsoft's C# programming language that acts as a desktop publishing program of sorts for controlling the layout of a ballot. But the move represents a seismic shift in strategy for Sequoia, which in the past has gone to great lengths to keep third parties from reviewing the inner workings of its machines.

"They completely reversed their viewpoint from a viewpoint that was very much closed source to a viewpoint that is very much disclosed source," said Jeremy Epstein, a senior computer scientist at SRI International and an e-voting consultant.

Until now, makers of e-voting machines, such as Premier Election Solutions (formerly Diebold), Hart InterCivic, and Election Systems & Software (ES&S), have generally insisted that making their source code public would violate their proprietary rights and could make it easier to tamper with their machines. For the most part, their blueprints have been available only through inadvertent disclosures or to inspectors who sign non-disclosure agreements.

This refusal to open up has prompted criticism that e-voting machines lack the transparency needed to convince the electorate that their ballots are being counted fairly and accurately. Last year's e-voting glitches in at least seven states were only the latest to shake voter confidence.

Based on Epstein's initial review, "the code is better than what we've seen in many cases," he said. The number of comments are adequate, and he's pleased that it's written in a modern language that's widely regarded as secure.

Not that Epstein is fully satisfied with Sequoia's disclosure. Reading the company's license, it remains unclear if reviewers are permitted to compile the source code so they can run the resulting binaries in their own laboratories. Simply reading the source code makes it hard to know how the various pieces work together.

Epstein is still waiting to see the code for more crucial parts of the Frontier system, such as those that tally votes and report them to election officials.

"I don't really expect to get an awful lot out of this part of the source release," he said, "other than to learn how they're doing things and to provide feedback to Sequoia" about how future releases can be more helpful.

The Freedom to Tinker blog provides more info here. ®

Bootnote

As one Reg commentator has already pointed out, there's no way to guarantee that Frontier systems will run unmodified versions of the disclosed source. That means the usual safeguards - manual audits, voter-verified paper trails, and election transparency - will still be necessary.

Said David Dill, a Stanford University computer science professor and a critic of electronic voting machines: "This [source disclosure] is not a substitute for those priorities, but I do think Sequoia's efforts will lead to higher quality software in the long run and a greater level of confidence in their systems."

Remote control for virtualized desktops

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
prev story

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.