The Election Technology Council (ETC), a trade group comprised of the most prominent electronic voting machine vendors, has published a paper that argues against mandating source disclosure for electronic voting machine systems. The paper (PDF), which broadly conflates source disclosure and open source software licensing, dubiously contends that enabling public scrutiny of voting technology would lead to compromised security.

The ETC's position is viewed with skepticism by both election transparency advocates and computer security experts. Dan Wallach—a Rice University computer science professor who has testified about voting security issues before various government bodies—wrote a rebuttal, which was published last week on the Freedom to Tinker blog. He laments the "distinctive cluelessness" of the ETC report and accuses the organization of misrepresenting the voting machine security studies that are cited in the document.

The ETC attempts to argue that mandatory source disclosure for voting technology would be abusive to vendors and detrimental to the soundness of the election process. The most controversial aspect of the report is its assessment of the potential security risks associated with disclosure. The ETC argues that the potential long-term security benefits of source disclosure are not applicable to electronic voting software.

In an open source software project, the availability of source code makes it possible for contributors to detect and repair vulnerabilities through a collaborative process of incremental improvement. The ETC, however, argues that election software development is not entirely conducive to participatory incrementalism, because major voting machine software updates have to go through the Election Assistance Commission's certification process.

According to the ETC, the regulatory process would make it difficult to rapidly deploy fixes when members of the public detect vulnerabilities. The ETC also argues that the machines would be vulnerable to malicious attackers until the software reaches the point where it has attracted enough well-intentioned scrutiny that the holes are collaboratively found and patched. Open source communities do not emerge overnight, the ETC says, so it's unclear that disclosure would immediately lead to improvements.

"It is conceded that a pure open source development model may yield comparable benefits in the long-term. However, taking a software product that was once proprietary and disclosing its full source code to the general public will result in complete forfeiture of the software's security," the report says.

Wallach doesn't buy the argument. The consensus in the security community is that obscuring vulnerabilities doesn't insulate software from being exploited. "Disclosing the source code only results in a complete forfeiture of the software's security if there was never any security there in the first place," he insists. He points out that vulnerabilities are regularly found and exploited in proprietary software, even without access to the source code. All that is needed to compromise the security of any opaque software system is access to the executables and a few common debugging tools.

As we have reported on several previous occasions, the physical security of voting machines is not especially robust. There are many reported incidents, for example, where machines have been left entirely unattended. Security studies have also determined that standard voting machine physical security mechanisms—such as "tamper-proof" locks and seals—are extremely easy to circumvent without leaving a trace. This means that attackers could have ample access with which to devise exploits regardless of source code availability.

Researchers have consistently been able to detect vulnerabilities in commercial voting machines and generally contend that the lack of source code availability hasn't made the process a whole lot more challenging.

It's also worth noting that proprietary source code can be leaked to malicious parties without the knowledge or authorization of the vendor. On the basis of that alone, it seems like depending on secrecy to protect the integrity of voting machine systems is utter folly. Diebold—now called Premier Election Solutions—has suffered several public source code leaks over the years.

The ETC paper also makes some highly questionable claims about intellectual property. The authors contend that mandatory source disclosure could potentially be unconstitutional, an assertion that is deeply misleading. "If policymakers attempt to strip the intellectual property from voting system software," the report says, "[it raises] the issue of property takings without due process and compensation, which is prohibited under the United States Constitution."

There is little basis for including such a statement in a paper about the implications of code disclosure and voting transparency. Nobody is suggesting that the government should forcibly seize the code of electronic voting machines so it can be distributed under an open source license. Legislative mandates for code disclosure would never take that form. Instead, the government could potentially require code disclosure as a preqrequisite for consideration in the voting machine procurement process. There is absolutely nothing unconstitutional or unethical about that.

Further, it is disingenuous to suggest that disclosure would necessarily require intellectual property rights to be ceded. As Wallach points out in his blog entry, you can have mandatory source disclosure without requiring distribution under open source licenses—meaning that vendors could open their code to public scrutiny but still retain possession of the copyrights and patents that would allow them to protect their investment.

Even if all voting machine vendors did use a common open source code base, it would not eliminate the financial incentive to build voting machines. The major voting machine vendors are fundamentally selling hardware appliances, not software. Their business model would continue to be sustainable even if all of the software on the machines was broadly available under an open source license.

In light of the countless technical problems that have been uncovered by expert studies of voting machines, it's possible that the ETC's opposition to code disclosure is motivated chiefly by embarrassment about the poor quality of the source code in commercial voting machines—and by a desire to obscure other failings, such as alleged intellectual property misappropriations. Public scrutiny could expose a large number of technical problems that the vendors want to keep hidden, despite the risk to election integrity that these pose.

Listing image by Flickr CC