May 29, 2017

California to Require Open-Source in Voting Software?

Donna Wentworth at Copyfight points to the fine print in the recent e-voting edict from California Secretary of State Kevin Shelley, which says this:

Any electronic verification method must have open source code in order to be certified for use in a voting system in California.

Many computer scientists have argued that e-voting systems should be required to have open source code, because of the special circumstances surrounding voting. Is that what Mr. Shelley is requiring?

I’m not sure. His requirement applies to “electronic verification method[s]” and not explicitly to all e-voting systems. What exactly is an “electronic verification method”? Mr. Shelley’s directive uses this term in reference to the report of a previous task force on e-voting.

So what does the task force’s report say? Surprisingly, the report refers to “electronic verification” methods at several points, but I couldn’t find any specific mention of what those methods might be. This is particularly odd considering that the task force members included computer scientists (including David Dill and David Jefferson) who are more than qualified to understand and write about any “electronic verification” methods, even if only to summarize them or give examples.

It looks as if there might be a hidden layer to this story, but I can’t figure out what it could be. Can anybody help out?

[Correction (1:50 PM): corrected the spelling of Kevin Shelley’s last name.]


  1. I believe he is referring to the software that connects the DRE (direct record… votes on a hard drive, basically) to what is printed out for voter-verification. So, it seems that the entirety of e-voting software doesn’t have to be open source… just the part that interfaces with the electronic recording of votes and the printing out of the official, paper-based ballot to be placed in a ballot box…

    and it’s “Kevin Shelley” as the CA Sec. of State.


  2. I figured this out… it’s not an open source for e-vote software mandate… I’ve blogged it here [ ] (links and emphasis removed):

    Open source e-vote software? Unfortunately, I think not…

    Donna and Ed Felten blog this quote from the recent Secretary of State’s (Kevin Shelley) position paper requiring VVPAT (voter-verified paper audit trail):

    Any electronic verification method must have open source code in order to be certified for use in a voting system in California.

    Actually, looking back over the report, this open source requirement has nothing to do with the VVPAT (voter verified paper audit trail). The open source requirement has to do with electronic verification mechanisms. That is, the task force looked at other options (other than paper-based) for voter-verification and also explored the idea of electronic verification. From page 5 of the SoS’s report [emphasis mine]:

    When I directed the Task Force to examine paper verification and attempt to arrive at a consensus, I was impressed that they tried to look at the issue from other perspectives. Instead of seeing paper as the only possible solution, the Task Force looked for other ways to approach the verification issue to see if any other solutions are possible to address the confidence and security concerns of touch screen systems. The consensus recommendation to implement electronic verification is a creative approach to pursue a long-term solution to this issue

    I am therefore requiring:

    # Electronic Verification Required to Assure Accessibility- All DREs must include electronic verification, as described by in the Task Force’s report, in order to assure that the information provided for verification to disabled voters through some form of non-visual method accurately reflects what is recorded by the machine and what is printed on the VVPAT paper record. Any electronic verification method must have open source code in order to be certified for use in a voting system in California. The timeline for implementation is the same timeline for implementation of accessible VVPAT.

  3. The hidden layer is but a small mention that they will see to everything by 2006. The presidential election in 2004 is going to be carried off just as the neoconservatives want. California voters, along with Nevada voters, and voters in every key state in the upcoming election will lose their right to vote, and the best part is, by 2006, these thugs will have forced Internet voting to the forefront, and never to look back, so Shelly and all the other SOS’s will never be held accountable.

    How’s that for conspiratorial illustration?