Open source technology has come onto the scene in a big way, with California's Child Welfare Digital Services project using it to create new systems and the California Department of Technology publishing a letter justifying its use in appropriate projects. Now, it has become a big part of the conversation around secure voting.
The Little Hoover Commission held a public hearing on Voting Equipment Security in Sacramento on July 26, and free software was widely discussed.
"When your voting system doesn't let you look under the hood, when the software is proprietary, in many instances you don't own it, you only lease it, you're at the mercy of those who developed it," Pamela Smith, a senior adviser with the nonprofit Verified Voting, told the Little Hoover Commission at the hearing. The commission is a state watchdog agency. Verified Voter is a nonpartisan organization that "advocates for legislation and regulation that promotes accuracy, transparency and verifiability of elections."
"One of the benefits of transparency in non-proprietary software is that it gives the public a better sense of, you're not trying to hide something, you're more interested in having a system that's open and transparent," Smith said. "A lot of people think that security through obscurity is the way to go, but that doesn't work. Someone will always find a way in."
Free software systems such Linux, GNU, Android, Apache and Open SSO support many government infrastructures, according to John Sebes, CTO of Open Source Election Technology Institute.
And Secretary of State Alex Padilla, while a state senator in 2013, even authored open source voting legislation.
The state pays to have proprietary software tested before certifying the technology for county purchases, according to Deputy Secretary of State Susan Lapsley.
Inyo County Clerk-Recorder Kammi Foote spoke as a witness at the hearing and discussed her experience personally disabling the networking capabilities of each voting machine. Most of the witnesses agreed that most election workers do not have deep cybersecurity knowledge, so relying on vendors is necessary.
However, vendors need long contracts, according to Foote — sometimes as long as eight years.
"What 'vendor lock-in' is, customers are dependent on a single supplier for a product and cannot move to another vendor without substantial cost and inconvenience," Foote told the Little Hoover Commission. "Lock-in tends to raise costs substantially, reduce long-term value including functionality, innovation and reliability, and can become a serious security problem since the supplier has little incentive to provide a secure product in a regulatory environment that does not allow vendors to quickly fix problems."
Foote said that getting all technology secured at the front end would avoid many problems.
"When we talk about security, it has to be at the certification level, and that's the Secretary of State," Foote said. "Those standards have to be built in so that any voting system that comes onto the market for us to purchase already has the cybersecurity and whatever other system needed in there."
Having uniform security standards, like NIST, could allow counties to choose their own systems without worrying about security.
"Secretary Padilla also respects each county’s authority to select the voting system that best serves their voters," Padilla's press secretary Sam Mahood wrote to Techwire in an email. "Whether counties develop open source technology or purchase proprietary systems, the Secretary of State’s top priority is that investment in new voting systems is done with an eye towards election integrity and modernizing the voting experience."
"I think open source is a really good idea but not necessarily from the security side," Philip Stark, associate dean of mathematical and physical sciences at UC Berkeley, said at the hearing. "Having an open source system would accomplish a number of things. One, I think it would completely change the economics of voting. Jurisdictions could start saving an enormous of taxpayer money immediately and have more auditable systems and have a competitive market for maintenance and support of those systems.
"It's not likely that the state could mandate open source because clearly there's proprietary systems that counties have gone out and purchased, but maybe the state could offer incentives to get more open source being used at the county level," Commissioner Don Perata said at the meeting.
LHC Chairman Pedro Nava echoed that concern.
"What I meant was the value of proprietary software (and why it has investors) is in part the fact that the vendors' technical support is what that counties rely upon because they lack the ability to operate the systems and fix any problems themselves," Nava told Techwire in an email. "It's the supporting infrastructure that seems particularly valuable."
Stark argued that the state would not need to mandate the use of open software, but that it would "will sell itself" with financial incentives that encouraged entrepreneurship.
"In order to make open source work well, you really need a robust market for support services, and that's some place that the state could intervene," Stark said. "But that kind of support infrastructure needs to be in place or nobody's going to do it, even if it's free."
Nava echoed that point.
"I think that for open source to be competitive, it would have to have the same sort of infrastructure to make it attractive to the end purchaser," Nava wrote. "So a vendor (investor) would have to be nimble enough to package the open source in such a way that it was part of an entire package for sale."
Sebes discussed the strengths and weaknesses of different business models for voting technology.
"Existing commercial vendors are in the business of selling legacy technology that was not designed for cybersecurity, and it's wholly unsuitable for critical infrastructure. These vendors do not have the wherewithal to go back to the drawing board and create a wholly new generation of election technology that's designed for the current threat environment," Sebes told the commission. "The strength of non-commercial organizations is the lack of a profit motive, and hence the ability to develop technology that meets the needs that the market doesn't currently address."
Sebes said California could innovate in certifying individual voting components and leading security protocols.
"It is also important to note that California has a rigorous certification process for all voting systems," Mahood wrote. "Any new voting systems applying for certification in California go through months of testing, including functional testing, source code review, red team security testing that involves experts trying to 'break into' the voting system, and accessibility and volume testing as well."
So far Los Angeles and San Francisco have both begun working with open software to develop voting systems.
