Washblog

Response to BryceM: Why Open Source Makes Sense for Voting in King County and the Country

By Richard Johnson
Thu Oct 04, 2007 at 08:00:25 AM PST
Section: Diary Topic: Election Integrity

[Front paged: NM. Here's a link to the California Top-to-Bottom Study. King County's Council in their Proposed Ordinance 2007-0402 this past July (the ordinance that recommended against adopting the "Reckless Plan" of King County Elections), cited the top-to-bottom review in several places: "Recognizing the important findings of the California "top-to-bottom" review 38 of voting systems, the elections section shall incorporate third party security experts in 39 the testing of any new equipment and software...." etc.]

BryceM makes the point that it is possible to have secure systems built around closed source and that experts may contribute to such systems. I, on the other hand, defend the idea that King County would be better off using the equipment it has now and then, after the 2008 election, evaluate Open Source with its other options for a new voting system to to be deployed before the 2012 elections.

Technically Bryce has a point. It is logically possible to have the small group of people who know and care about security, computing and voting review the offerings of vendors' requirements, design, code, test, etc., on a practical level this not going to happen in real life.  

With four large vendors and a bunch of small ones, many of whom have shown very little interest in improved security or motivation to invest in security, the vendors are simply not going to hire real independent experts. On the other hand, if a team like ours were funded by someone like King County, experts such as those who worked on the California Top to Bottom Review would likely volunteer to help.  Partly, this is because counties all over the country will likely end up using this technology as it would cost so much less than buying proprietary election equipment.  Those experts who volunteer services do not have the added burden of pleasing the client who is paying them; rather, they are more likely to serve the public interest. Independence from the vendor is critical to election security and Open Source permits that far better than the vendor lock-in tactic that proprietary systems foster.

Bryce, have you studied the California Top to Bottom Review? I think that after you do, you might also come to the conclusion that closed source has simply failed in the world of voting and we should throw in the towel and build Open Source solutions that election authorities can share with one another nationwide, even worldwide. It was not that the California experts could break into one voting system. They were able to compromise all of them. If this does not call for a change, what would?

Only Open Source allows an election official to be in a appropriate power relationship with regard to a vendor. It is critically important that a county be able to fire their support vendor, if circumstances warrant.  King County has been victimized by poor service from a vendor in the past, but  King County election officials still argue, after giving that vendor a score of only 5 out of 10, that they must buy from the vendor.  They argue that, because otherwise past investments in equipment and skills acquisition would be discarded, changing vendors would be too expensive. This is a perfect example of why closed source solutions in voting are unacceptable. They lead to lock in and a drug addiction-ike dependence that does not inspire public confidence in voting systems or elections..

Only Open Source provides transparency, i.e., that we are not trusting a few hired experts under Non-Disclosure Agreements but that every knowledgably person who wants to examine the code can and is invited provide a review and recommendations for improvement and that such results are freely publishable.

The King County situation cries out for, at the very least, a detailed evaluation of the comparative costs of building an Open Source voting system of its own.  The Open Source unbundled solution will allow best of breed in each category and will allow King County its proper role as master of its own elections.

Sincerely,

Richard Johnson
CEO
Open Voting Solutions, Inc.

< History Warns Us | Political Graphics 101: 34th LD lit deconstructed >
Display: Sort:
Response to BryceM: Why Open Source Makes Sense for Voting in King County and the Country | 12 comments (12 topical)
Muddy
(I'm sorry I've been a no show on these issues. Work, family, exhaustion, etc...)

Fellas, please. To use open source election administration solutions, or not, is not the issue in King County.

The immediate issue is whether or not we should change everything about our elections right before a presidential election.

The secondary issues are whether or not we should use new technologies, such as automatic signature verification, cryptography, ballot image scanners, etc. in our elections. In brief, the answer is an unqualified "No.", just in case anyone was wondering.

Until there is a viable open source alternative, can we please stop insisting that this is something King County (and elsewhere) should be doing?

How to fund, develop, test, and certify an open source solution is a completely separate topic. Frankly, any open source alternative is still years away. And then timing is a serious concern, because all change, no matter how virtuous, is disruptive.

by zappini on Fri Oct 05, 2007 at 11:00:52 AM PST

* 1 none 0 *

What precisely is your proposal?
I'm a big fan of Open Source, especially Free Open Source when done well - It can be a wonderful development methodology with lots of benefits.  I'm also a big fan of closed source models when done well, and have intimate knowledge of many wonderful solutions that have been created under this model as that is how I earn my livelihood.  That said, I don't have a horse in this race, whereas you apparently do.

As Zappini points out however, the Proprietary/OSS debate is largely a side-show:  The only point that is at issue here is what should King County do?  Personally I think that we should double-down on our current mail-in balloting system and make it work in as reliable and secure a manner as possible for a few years to recoup our investment in the system, and wait for alternatives to mature.  

I believe that if we take what's been learned about the strengths and weaknesses of our current solution, we can operate it responsibly with our eyes wide-open and limp by until a better solution is available.

I sincerely hope that your firm is able to develop a compelling offering in this space, but I do not believe that King County is set up to go around playing Angel Investor with county funds if that's what you're looking for...

-Bryce

by BryceM on Fri Oct 05, 2007 at 12:14:25 PM PST

* 2 none 0 *

  • Proposal by zappini, 10/05/2007 12:40:25 PM PST (none / 0)
au rebord
... that's what VoteHere started out with, to the best of my recollection: a system which anyone could implement, but upon which they held the business process patents. It relied heavily on cryptography which only policy wonks, mathematicians and cypherpunks (and as a member of at least one of those cohorts, I understood that theoretically their system worked, and yet as a practical person I saw no way that it would work practically, because nobody outside of the 'leet) had a hope of truly understanding... Therefore, no real hope of establishing public trust... other than, of course, by you know, blind faith in Bob, Jesus, the American Way and so forth.

Then they morphed into some secret ballot veil piercing tOOl taken to court by some guys who lived where this thing was test driven and a major investor apparently had a second (or third or fourth home) and who noticed huge disconglobberations in the ahhhh interface to the fabricated public trust... Or maybe it was just plain wrong or made up... but as far as I know nobody would ever say, nor has that been determined.

Now they're out of business.

by m3047 on Fri Oct 05, 2007 at 11:36:41 PM PST

* 4 none 0 *

Open source is great, but first things first
As Zappini points out, going with a new system in a presidential year is the height of stupidity, open source or not.  You try out new systems in the off years.  Is Sims deliberately TRYING to get Gregoire unelected, or what?

Also, putting serious auditing requirements in place is far more important than open source software.

A laboratory scale is not all that complicated, even one of the new digital models.  They are very reliable, but it doesn't matter in the slightest that the ones in my lab have only flunked their daily test twice in 15 years--we check them every morning with a set of standard weights anyway.

Now, in order to insure consistently reliable weight measurments, what is more useful--having schematics of the innards of the scales, or having a set of standard weights?  The latter obviously, though the schematics are useful.

by eridani on Sat Oct 06, 2007 at 01:05:23 PM PST

* 5 none 0 *

Software Project Management - Some thoughts
1995 was when I first really really really got interested in software, and that was in part due to this internet thingy. I saw millions and millions of worthless managers and bureaucrats, public and private, fired. Maybe, maybe, they'd re-tool their petty Machiavellian brains and figure out how to make processes work to serve customers, instead of their petty empires.

as I was finishing my math degree at the u.w. in 1996, the technology job market was hotter than hot.  I figured out how to b.s. my way into interviews (I skimmed a LOT of the '...for dummies' books outside recruiter's offices) and in interviews they'd ask me what I was passionate about and I'd say

"USING SOFTWARE TO FIRE BUREAUCRATS AND NITWIT EMPIRE BUILDERS"

After a few interviews I could see that line wasn't stirring passions, so I dropped it.

(after having worked as a chef for most of 15 years, I was more concerned with getting my feet in the door than with how perfect the fit would be)

By my first year of working in email server support in Building 11 in redmond ... I realized that computer people were the absolute worst of the worst when it came to building empires of nitwits twiddling away with no freaking clue how real humans worked AND no freaking clue about making sure stuff ran well -

it is work to carry 100 pounds of onions on your head around the exterior of the building, it is also a waste of time for making onion soup, chowder ...

then I worked for 2.5 years supporting about 25 intranet sites for various internal business processes.

It AMAZED me how hard it was for so many to come up with a rough order of magnitude of time and money costs for proposed tools and tasks.

The place was permeated with big company big government defense department / boeing kind of infinite puttering ...

frankly, when they were outsourcing us in 2002 to across the western pond to people who make 12 bucks a day, um

the only complaint I had is that they weren't firing all the nitwits with 6 and 7 figure paychecks who had managed this rot for decades.

So, in closing - let's say you work at catering / banquent place with quality people.  Potential customers come in, and of course you say

'we do what the customer wants'

and, believe me, every customer wants THE BEST!

you do NOT say

"I don't understand your questions",
"I don't understand your requirements",
"I'll get back to you in 1 month with an estimate, after you pay me 10 grand to do the estimate"

you figure out what kind of stuff they think they want, (and everyone wants filet mignon and copper river salmon and caviar for 4 bucks a person)

AND, you estimate what they're will