Sequoia Voting Systems plans to publicly release the source code for its new optical scan voting system, the company announced Tuesday – a remarkable reversal for a voting machine maker long criticized for resisting public examination of its proprietary systems.

The company's new public source optical-scan voting system, called Frontier Election System, will be submitted for federal certification and testing in the first quarter of next year. The code will be released for public review in November, the company said, on its web site. Sequoia’s proprietary, closed systems are currently used in 16 states and the District of Columbia.

The announcement comes five days after a non-profit foundation announced the release of its open-source election software for public review. Sequoia spokeswoman Michelle Shafer says the timing of its release is unrelated to the foundation's announcement.

Open-source software allows the public to participate in the actual development of the software. Whereas Sequoia's public source, or disclosed-source, software only allows the public to see software that its developers have already created.

In the press release announcing the public-source system, a Sequoia vice president is quoted saying that "Security through obfuscation and secrecy is not security."

"Fully disclosed source code is the path to true transparency and confidence in the voting process for all involved," said Eric Coomer, vice president of research and product development for Sequoia, in the press release. "Sequoia is proud to be the leader in providing the first publicly disclosed source code for a complete end-to-end election system from a leading supplier of voting systems and software."

Sequoia in fact has been a champion of security through obscurity since it's been selling voting systems.

The company has long had a reputation for vigorously fighting any efforts by academics, voting activists and others to examine the source code in its proprietary systems, and even threatened to sue Princeton University computer scientists if they disclosed anything learned from a court-ordered review of its software.

Princeton University computer scientist Ed Felten, one of the targets of Sequoia's legal threats, said he was pleasantly surprised to see the company opening its new system to examination after vehemently resisting it in the past.

"I think Sequoia is recognizing that it won't do anymore to just urge people to trust them," Felten said, "and that people want to know that the code that controls these machines is open and that experts have had a full chance to look at it."

Given that Sequoia is now acknowledging the value of code disclosure as something that can lead to better security rather than worse security, as it has claimed in the past, Felten said "it seems that it should follow that they would now be willing to release code for all of their other products as well."

Last year, a judge ordered New Jersey election officials to give source code for the state’s Sequoia AVC Advantage touch-screen machines to Princeton University computer scientist Andrew Appel and others for a lawsuit that challenged the integrity of Sequoia’s paperless machines. Voting activists had sued the state to decommission the units out of security and reliability concerns. Appel’s team found several vulnerabilities with the system, but wasn't able to discuss them publicly.

Appel, in a separate issue, also found a discrepancy between summary tapes printed from Sequoia touch-screen machines during New Jersey's primary election and totals that were recorded on the machine’s memory cards. Summary tapes from machines in one district showed a phantom vote for then-presidential-candidate Barack Obama that didn’t appear in the memory card totals.

The Sequoia machines deployed to Union County, New Jersey, also showed that Republican presidential candidates received 61 votes when only 60 ballots had been cast in the Republican primary. About 60 machines showed such discrepancies. When Union County election officials announced that they planned to have Princeton academics examine the machines to determine what went wrong, Sequoia threatened a lawsuit.

Sequoia initially blamed the problem on election officials for pushing the wrong buttons, but later claimed it uncovered a problem in its software that was creating the vote errors and announced that it had fixed the issue.

Earlier this year, in a separate case, Sequoia agreed, after a concerted battle, to hand over its source code to election officials in Washington, DC, to investigate why, during the city’s September 2008 primary election, Sequoia’s optical-scan machines added about 1,500 "phantom" votes to races on ballots cast in one precinct.

Sequoia blamed the problem on “static discharge” or human error.

After the city demanded to look at the source code to determine the problem, Sequoia in turn demanded a $20 million bond from officials guaranteeing they wouldn’t disclose information about the system. Sequoia finally relented to provide the code without a bond, though only after the city agreed to keep the company’s trade secrets confidential.

The election integrity group Voters Unite has compiled a partial list of reported problems (.pdf) with Sequoia voting machines.

Spokeswoman Michelle Shafer said Sequoia's public source system has been in the works for months, and that the announcement this week was timed for a National Institute of Standards and Technology workshop discussing a common data format for voting systems.

She said the firmware on the company's new Frontier optical-scan machines is written in C# programming language and runs on Linux. The election management software – which sits on a computer at the election office and is used to create ballots and tabulate votes – runs on Microsoft Windows XP and uses a Microsoft SQL database.

Pamela Smith, president of Verified Voting, a group that has long lobbied for fully auditable voting systems, applauded Sequoia's efforts.

"It's good to know the vendors are developing a new transparent optical-scan system," she said. "That is probably the biggest recognition of the direction that the voting public wants to see the market going."

Asked if Sequoia's history of hiding behind its proprietary code taints the sincerity of its public source effort, Smith said, "It's never too late. If you're making a step toward a more transparent system, good for you. That's a good thing."

See also: