Documente Academic
Documente Profesional
Documente Cultură
Source:
Understanding
Its Application
in the Voting
Industry
The Election Technology Council (ETC) is a 501(c)6 trade association consisting of voting technology providers
in the United States. The current membership of the Council represents the voting system platforms for over 90%
of the registered voters in the U.S. and providers of other technology platforms such as electronic pollbooks and
voter registration/election management software.
The mission of the ETC is to promote the common interests of the election industry vendor community. The
goal of the ETC is to support policies that help voters exercise their right to vote and have their votes accurately
recorded, verified and counted.
• Educate and inform the public, regulatory authorities and customer interest groups of possible
implications and outcomes of public policy and regulatory requirements, as anticipated by the
vendor community. The efforts of the ETC will be focused upon the following organizations:
-Federal Regulatory authorities, including the EAC, TGDC, and NIST
-Federal Legislative authorities, including Congress and relevant committees
-Customer interest groups, including such organizations as NASED, NASS,
The Election Center, IACREOT, and NACRC.
-State level chief election officers
-Academia
-State level legislative bodies
It is important to understand what the ETC does not do. The ETC does NOT:
Executive Summary should be recognized as a potential product substitute
In recent years, the potential for “open for proprietary software systems. Articles entitled
source” software has been proposed for use in “Microsoft vs. Open Source: Who Will Win?”
voting systems. All too often, this proposal has help to illustrate the conflicting dynamic between
not clarified the term open source for the benefit those who embrace the supremacy of open source
of policymakers or the elections community. For over proprietary platforms. However, rather than a
the elections community, the frequent use of this conflict model for these two product offerings, further
term, without an appropriate clarifying definition, research should be done to explore the challenges
has resulted in confusion about its meaning of offering an open source product in a regulated
and viability for voting. In reality, many of the environment. It is the current regulatory environment
proposals for open source are more appropriately which represents the most significant hurdle for the
characterized as calls for software disclosure. use of open source software in the voting industry.
No individual effort has examined the practical By understanding open source as a market
challenges of implementing open source software alternative to proprietary systems, it will become
in the current election administration environment evident that efforts to mandate its use without
since the implementation of the Help America Vote sufficient product offerings would be unwise and
Act of 2002 which created a federal certification premature. Given the economic dynamics of the
process for voting systems. marketplace, state and federal governments should
It is clear that open source software plays a not adopt unfair competitive practices which show
role in the software industry marketplace, but the preferential treatment towards open source platforms
potential benefits, as put forth by its proponents, over proprietary ones. Legislators who adopt policies
fail to capture the nuances associated with the that require open source products, or offer incentives
voting industry which differ significantly from the to open source providers, will likely fall victim to
standard commercial software marketplace. All a perception of instituting unfair market practices.
of the products offered for voting purposes must At worst, policymakers may find themselves
be of sufficient quality to pass federal and/or state encouraging the use of products that do not exist and
certification requirements prior to their acceptance market conditions that cannot support competition.
and use in an election. In a pure open source Market dynamics should remain the ultimate
software development model, active testing of the arbiter over whether an open source platform or
product by the end-user (i.e., election officials) a proprietary product offering is the best solution
during its deployment is a critical facet of the to fit the needs of an election jurisdiction. In an
software’s development. In a proprietary model, effort to further educate those who are responsible
significant time and resources are spent in the for providing oversight on the operation of voting
initial design of the software and hardware prior to systems (i.e., federal, state, and local election
pursuing product certification and deployment. officials), it is important to identify the challenges
Underlying this argument over open associated with an open source product offering and
source is the attempt to establish the principle how both open and proprietary systems differ in their
of transparency for products that are involved approaches and abilities to support state and local
in the American voting experience. Dr. Joseph election officials.
Hall (2007) describes a transparent system as one Without a better understanding of open
that supports “accountability, public oversight, source, those who advocate it as a policy movement,
comprehension and access to the entire process.” rather than a separate and distinct product offering,
(p. 2) These characteristics of a transparent process may find themselves doing more harm than good.
represent a valuable foundation for discussions
over the viability of an open source model versus David Beirne
a proprietary model. Unfortunately, the discussion Executive Director
has too often focused on an “either/or approach” April 2009
rather than recognizing the separate challenges
associated with each environment. “Microsoft vs. Open Source: Who Will Win?”, HBS
Make no mistake, it is clear that open source Working Knowledge. Harvard Business School, June 6, 2005.
http://hbswk.hbs.edu/item/4834.html.
I. What is Open Source? products have been offered and represent a
Open source software can be defined as clearly identified alternative to product platforms
“software that is made available freely to all.” that are governed by traditional proprietary
(Hippel, 2003, p. 209) However, open source claims. Products such as Apache software
development models, which produce open source for servers, the Linux operating system, and
software, are defined as a process for software various file sharing/communication software
developers who “voluntarily collaborate to platforms represent some of the more successful
develop software that they or their organizations open source projects to date (Woods, 2005).
need.” (Hippel, 2003, p. 209) In an effort to All of these platforms benefit from the lack
reconcile these definitions, the term “open of a regulated environment and possess an
source” will be used to refer to an environment established community of contributors who
in which the software source code is available are users of the products and benefit from its
for inspection, analysis, and programming operation.
enhancements through a communal effort. One voting system provider that is
The Open Source Initiative outlines often used as an illustration of the viability
various criteria governing licensing that must of open source in voting products, is from a
be present for software to be considered open company named Software Improvements. In
source (see inset on page 5). Fundamental to 2001, the electronic voting software (referred
its criteria, open source is software that must to as eVACS) used by the Australian Capital
be freely exchanged and permits user generated Territory Electoral Commission was made
adjustments (OSI, 2009). Given the licensing publicly available under the GNU general
parameters outlined by the Open Source public license (GPL), one of two popular
Initiative, it is clear that open source is typically licenses available for open source platforms.
used to describe a specific product offering and While Software Improvements was lauded for
its governing licensing terms. It does not refer its open source licensing, it decided to begin
to simply disclosing software source code to the restricting access to its source code in an effort
general public. to protect its intellectual property investment.
For software that is generated through Carol Boughton, Software Improvements’
private investment and subject to copyright and Managing Director at the time, was quoted as
intellectual property restrictions, but is then saying, “We need to find a way that still ensures
made freely available for public review, the term transparency and access, but protects our
“disclosed software” is more appropriate. This intellectual property.” (Deare, 2004, p. 1) Under
definition for disclosed software is also more its revised licensing, Software Improvements’
indicative of the intent behind advocacy groups software would be available to only authorized
and legislation calling for open source software persons. While the eVACS software was
in voting systems. The involvement of the not developed in an open source model, its
government in requiring the willful disclosure licensing did incorporate an initial open source
of all proprietary software to the general public approach towards its disclosure (Deare, 2004).
calls into view the specter of intellectual property The example of Software Improvements
rights and the potential for a government taking illustrates the conflicting nature of transparency
in violation of the United States Constitution and marketability, but it also illustrates how
(Hall, 2007). Based on the lack of currently the attempt to disclose software has been
viable open source developed voting technology, misconstrued as open source. While lauded as a
it is clear that advocacy groups are encouraging a pioneer for its licensing and software disclosure,
disclosed software model rather than a true open the company had to examine its long-term
source requirement. viability. The resulting decision of Software
Over the last twenty years, open source Improvements to restrict access to its software
is a rational approach to a problem and points to
Open Voting Consortium, draft legislation for the need for an examination of the characteristics
State of California, www.openvotingconsortium.org/legis-
lation/draft., retrieved 2/20/2009.
Open Source Criteria 7. Distribution of License: The
rights attached to the program must apply to all
The following is a list of criteria associated with to whom the program is redistributed without
open source software: the need for execution of an additional license
by those parties.
1. Free Redistribution: The license
shall not restrict any party from selling or 8. License Must Not Be Specific to a
giving away the software as a component of Product: The rights attached to the program
an aggregate software distribution containing must not depend on the program’s being part of
programs from several different sources. The a particular software distribution.
license shall not require a royalty or other fee
for such sale. 9. License Must Not Restrict
Other Software: The license must not place
2. Source Code: The program must restrictions on other software that is distributed
include source code, and must allow distribution along with the license software. For example,
in source code as well as compiled form. the license must not insist that all other
Where some form of a product is not distributed programs distributed on the same medium must
with source code, there must be a well- be open-source software.
publicized means of obtaining the source code
for no more than a reasonable reproduction cost 10. License Must Be Technology-
preferably, downloading via the Internet without Neutral: No provision of the license may be
charge. predicated on any individual technology or style
of interface.
3. Derived Works: The license
must allow modifications and derived works, (Source: Open Source Initiative, www.opensource.org/
docs/osd, retrieved on March 4, 2008.)
and must allow them to be distributed under
the same terms as the license of the original
software.
for both open source and disclosed source
4. Integrity of the Author’s Source
software models and their impact on a company’s
Code: The license may restrict source code
viability. In fact, there remains a multitude
from being distributed in modified form only
of licensing options available for open source
if the license allows the distribution of “patch
platforms, but some are characterized as being
files” with the source code for the purpose
less than true open source if they do not adhere
of modifying the program at build time. The
to the licensing terms embraced by the Open
license must explicitly permit distribution of
Source Initiative (Woods, 2005).
software built from modified source code. The
It is the dueling nature of transparency
license may require derived works to carry
and marketability which continues to cause
a different name or version number from the
debate within the open source community and
original software.
those who attempt to use open source products
as a foundation for future software enterprises
5. No Discrimination Against Persons
(Woods, 2005). Much of this internal conflict
or Groups: The license must not discriminate
within the open source community can be traced
against any person or group of persons.
to its beginning and the ideas embraced which
are more indicative of a social movement rather
6. No Discrimination Against Fields
than a series of product offerings.
of Endeavor: The license must not restrict
anyone from making use of the program in a
specific field of endeavor.
Disclosed vs. Open: Clarifying Mulligan and Joseph Hall illustrated the
Misconceptions difficulties surrounding the use of an open source
The issue of transparency and security model in a regulated industry such as voting:
of voting system software are foremost on the “Given the fact that any modified voting system
minds of advocates when it comes to a policy software must be recertified at both the federal and
discussion on what is characterized as “open state level, it would also be difficult for a company
source.” It is conceded that a pure open source to optimize or customize open source voting
development model may yield comparable software for their customers when they would
benefits in the long-term. However, taking a have to have the resulting product certified.” (p.
software product that was once proprietary and 8) In a subsequent article entitled “Transparency
disclosing its full source code to the general and Access to Source Code in Electronic Voting,”
public will result in a complete forfeiture Dr. Hall also acknowledges the danger associated
of the software’s security. The subsequent with opening proprietary software to full public
disclosure of software to the general public disclosure. “Since computer scientists have yet to
will become dependent on the existence of a find a method for writing bug-free software, public
robust improvement process to address any disclosure of the system source code will inevitably
identifiable shortcomings within the software. result in disclosing vulnerabilities…In the case of
The subsequent improvements will also become voting systems, disclosing information on known
entirely dependent on the quality of the software vulnerabilities arguably helps would-be attackers
source code reviewers in whether or not all more than system defenders.” (Hall 2007)
potential bugs have been identified. Although Dan Wheeler, computer scientist and
computer scientists chafe at the thought of author, summarizes the challenge of transparency
“security through obscurity,” there remains and security best with the following observation:
some underlying truths to the idea that software “When a program began as closed source and
does maintain a level of security through the is then first made open source, it often starts
lack of available public knowledge on the inner less secure for any users (through exposure of
workings of a software program (Wheeler, vulnerabilities), and over time (say a few years)
2005). However, if proprietary software is it has the potential to be much more secure than
ripped open through legislative fiat, whatever a closed program.....Just making a program
security features exist are completely lost until open source doesn’t suddently make a program
such time that the process improvement model secure, and just because a program is open
envisioned by the open source community has source does not guarantee security.” (Wheeler,
an opportunity to take place (Hall, 2007). 2005) This observation perfectly describes the
If we apply this approach to the use of hazards associated with disclosing proprietary
voting systems and the desire to maintain the software without consideration for an appropriate
utmost security, the difficulty of transitioning transition. It also underscores the need to pursue
to an open source or disclosed software an appropriate balance of respecting the role of
environment is revealed. Elections occur intellectual property and transparency when it
each year, not every two to four. By forcing comes to voting system software. Given the critical
the openness of proprietary software to the nature of voting system software to our nation’s
general public, all security is sacrificed for the institutions, it is possible to protect intellectual
sake of transparency. While laudable based on property while instituting government controls for
perception, the pursuit of widespread public the deposit and subsequent investigation of voting
disclosure of proprietary software without system software should the need arise in close
consideration of a product improvement model election contests.
would have a significant negative impact
on market conditions. In a statement before
the California legislature in 2006, Deirdre
History of Open Source Popularity of Current Open
In the 1960s and 1970s, much of the Source Projects
software used in computers was a result of Given the needs of an open source project
collaborative work within academic institutions to garner a sufficient number of contributors, further
(Hippel, 2003). This communal approach to examination needs to be done on the most popular
software development was seen as an expression open source projects available and how voting system
of the university culture and the free exchange of software offerings might be able to garner such a robust
ideas. This all changed when the Massachusetts support system and project leadership.
Institute of Technology (MIT) licensed the SourceForge.net is an online portal of current
fruit of these labors to a commercial firm who open source projects. Below is a listing of the most
subsequently restricted access to the software. popular open source projects (based on total number of
In response, Richard Stallman from MIT’s downloads since the project’s inception) available on
sourceforge.net:
Artificial Intelligence Laboratory founded the
Free Software Foundation in 1985. The Free Software Name (total # of downloads)
Software Foundation was meant to protect these 1. eMule (479,794,489)
communal software development efforts from 2. Azureus (333,971,772)
future commercialization and ensure continued 3. Ares Galaxy (188,730,107)
free access to software products (Hippel, 2003). 4. 7-Zip (61,424,644)
The General Public License (GPL) was 5. FileZilla (56,675,227)
developed by Stallman as a means of protecting 6. GTK+ and The GIMP installers for Windows
the future work of software developers. The (55,814,803)
GPL ensured that source code would remain 7. Audacity (55,378,880)
publicly available and all subsequent software 8. DC++ (54,733,104)
9. BitTorrent (51,974,805)
improvements would also remain open for
10. Shareaza (46,805,022)
contributions. The initial “free software”
movement was recast in 1998 as “open Source: http://sourceforge.net as retrieved on 2/20/2009.
source” in an effort to make this new software
development environment more palatable to the Below is a listing of current open source voting software
private sector. Open source was now a reference efforts currently underway and the number of downloads
not just to source code and its availability, but for each:
the actual licensing and distribution of the 1. OpenSTV (8,184)
software product itself (Perens, 2005). 2. FREE e-democracy project (2,446)
From the initial pursuit of the “Free 3. evm (2,434)
Software Foundation” to its General Public 4. EML Voting Project (916)
5. Verifyable Electronic Voting (688)
License and now the Open Source Initiative,
6. SOLON-free election program (323)
which attempts to balance the need for 7. electronic voting platform (155)
commercialization of open source products, the 8. osdv-sharp (0)
issue of licensing remains a point of contention 9. Open Source Democracy (0)
for those involved in the software community. 10. Secure Electronic Voting System (0)
The initial evolution to open source began more
as a social movement and has now morphed Source: http://sourceforge.net as retrieved on 4/8/2009.
into a potential business approach and series of
alternative product offerings. Based on the current lack of popularity for the open
The remaining core difference between source voting applications, the recruitment and viability
contributors to a voting system project will remain a
existing open source software offerings and the
significant challenge. At a minimum, this points to a
voting systems industry is the strict external need for other incentives to assist with recruitment and
regulation of voting system products. It is retention of open source contributors.
the contrast in upfront design requirements
associated with a commercial voting system
product offering versus the continuous software
Open Source Life Cycle
OpenSourceLifeCycle
Figure 1: The Open Source Life Cycle
Idea/Need
Experiment/Proofof
Concept
PublicPrototype
CommunityFormation
Incremental evolution
Incrementalevolution
throughareleasecycle
Release1.0(orhigher)
( g )
Stagnation/
Evolution/stability abandonment
Source: Woods, D. (2005) Open Source for the Enterprise, p. 17, Figure 1-1.
Open source projects rely on a Through time, the initial prototype is opened
core set of contributors in order to remain for review and contributions are made by
active and mature as a process building others within the community. Each subsequent
towards a functioning product. Each project addition to the software program is released
begins with the initial determination of an reflecting an incremental evolution in the
idea or need which can originate from any product development. After this initial core
one person or community. The next step development, the project will either become
in the process is the initial development stagnant or will continue to evolve and mature.
for a proof of concept to determine the Stagnation or abandonment of open source
feasibility of the project, leading directly projects may occur through a perception
into the initial public prototype. The of completion for the project, poor project
public prototype’s development is the core leadership which removes incentives for future
infrastructure surrounding the project and contributors, or simply through lack of interest
consists of the initial steps at programming (Woods, 2005).
for the new software program. The intent
of the public prototype is to assist in
the creation of a community around the
prototype with a clear understanding of
the original project’s proof of concept.
improvement cycle indicative of an open source 2. The amount of effort exhibited by the
model that provides the most significant point of contributor must be recognized;
divergence in comparing the two models (Woods, 3. The performance of the contributor
2005). must be seen as a signal of the
contributor’s talent.
(Lerner, 2003, p. 114)
II. Accountability in an Open These three conditions point to the need for
Source Model a pure open source platform to recognize
An open source model relies upon a series contributors for their talent and skills in lieu
of contributors as part of its communal approach of the financial incentives associated with
for reviewing software and building toward a full a proprietary undertaking. Robert Hahn
product offering (Reid, 2004). Since open source (2002) provides a succinct examination on the
arguably diminishes the monetary incentive for personality characteristics of an open-source
contributing to an open source software project, contributor:
what are the motivating factors for those who “Programmers often flourish as part
wish to contribute? Forrest Cavalier divided of communities that prize cooperation and
contributors into three different types: openness. Status within the community is
1. Need-driven consumer: has self- largely derived from showing how good one is
interest, no technical knowledge, at programming--which requires showing off
but reports defects the source code-- and how committed one is to
2. User-developer: capable and furthering the collective effort--which requires
genuinely interested in product, providing source code for others to work from.”
motivation comes from a specific need or (p.2)
for pursuit of recognition Due to the volunteer nature of an open
3. Core developer: active in source model, the issue of accountability in this
development, has ability to environment provides a stark contrast to the
foster credibility for project within accountability within a traditional proprietary
community. (Siedlok, 2001, p.36-37) offering. In commercial product offering, the
In a publication from Eric von Hippel and Georg individual company is held accountable for
von Krogh (2003), the characteristics of open delivering a product that meets all applicable
source contributors were further examined. standards and for meeting project milestones.
Hippel and Krogh found that most of those users Contract requirements are often used to establish
who downloaded open source software are “free performance milestones and clearly delineate
riders” in that they do not actively contribute to a the responsibilities of a provider. Within a
project. Of those who do contribute, most do so corporate structure, liability is clearly delineated
from a personal motivation that is tied towards to the company. In an open source environment,
learning and pure enjoyment from programming. a volunteer group of collaborators will not be
Open source contributions typically come so clearly subject to financial liability or have
from users of the software rather than software a clear line of accountability. It is possible
manufacturers (Hippel, 2003). that a hybrid approach could be undertaken for
The obvious question surrounding the an open source project which is launched in
initial viability of an open source platform is partnership with a private company, but the issue
“How do you recruit and maintain an initial core of intellectual property investment and concerns
set of contributors?” In the report, “Dynamics over the long-term viability of the company’s
of Open-Source Contributors,” three conditions product will likely trigger a need to adopt a
were outlined for the successful recruitment of more restrictive licensing approach, one more
contributors to an open source project: indicative of a traditional proprietary model.
1. The contributor’s performance must be
visible;
Figure 2: Contrasting Commercial Project and Open Source Project
Development Cycles
Commercial/Proprietary Development
Define Field
Design Implementation Integration Support
Requirements Testing
Define
Design FieldTesting Support
Requirements
ParallelDevelopment Integration
Source: Siedlok (2001), “Characteristics and applicability of Open Source-based Product Development Model in Other
than Software Industries.” p. 39. obtained from, Lighthouse Case Studies, 1999, Open Source Software. A Grassroots
Development Model, Alliance for Converging Technologies.
13
Current ETC Board Member Companies
(Listed Alphabetically)
ES&S voting systems represent the latest in next-generation technology, including paper ballot-based
solutions, such as the ES&S AutoMARK - an accessible ballot marking device - and the intElect DS200
which combines the very best attributes of a paper-based system with the flexibility and efficiency of a digital
environment.
14
This Page Intentionally Left Blank
15
Working Together for Secure and Accurate Elections
16