Software Disclosure Requirements in Representative Holt and Senator Nelson's bills (HR811 and S559) both say:
“(9) PROHIBITION OF USE OF UNDISCLOSED SOFTWARE IN VOTING SYSTEMS- No voting system used in an election for Federal office shall at any time contain or use any software not certified by the State for use in the election or any software undisclosed to the State in the certification process. The appropriate election official shall disclose, in electronic form, the source code, object code, and executable representation of the voting system software and firmware to the Commission, including ballot programming files, and the Commission shall make that source code, object code, executable representation, and ballot programming files available for inspection promptly upon request to any person.”
Both bills seem to require disclosure of all software including commercial off-the-shelf (COTS) software including MS Windows operating system and all the drivers for all the hardware including the hard-drive, motherboard, and so on, but this isn’t likely because Microsoft and other vendors typically will not publicly release their source code, hence this requirement essentially requires that that COTS software be either dropped from voting systems (a great idea, but in an unrealistic time frame that does not provide sufficient time for the development cycle).
Alternatively, if COTS software were exempted from the disclosure requirements, then over 90% of the software that can hide vote rigging software is exempted. The complex and expensive enforcement provisions for software disclosure in this bill could waste time and resources and do little to make voting systems more trustworthy or secure.
There is a critical need to educate Congress on the complex difficulties of enforcing such software disclosure provisions in the short time frame that they are specifying, and what a mess it could make if time is not permitted for setting new standards and for the development and implementation cycle.
Here is a paper which explains the problems of trying to verify the software integrity of voting machines. Please contact US Senators and US Representative and ask their staff who work on election integrity legislation to read http://electionarchive.net/docs_other/dopp/VotingSystemSoftwareDisclosure.pdf
Acknowledgements
This above paper on voting system software disclosure was written with input from dozens of computer scientists and technicians, including information from Joseph Hall, Arthur Keller, Jim Soper, Bruce O’Dell, Alan Dechert, Danny Swarzman, Nelson Beebe, members of the Salt Lake Linux Users Group and many other technologists whom I have not properly acknowledged here because they were contributors to an on-line article that I wrote in 2003 without attributions. Bill Bucolo provided editing help.
Summary
Current voting system software disclosure provisions of proposed federal legislation are unenforceable and need to be dropped and rewritten in separate legislation in consultation with experts with diverse technical backgrounds.
It might be wiser to pass simpler legislation that could be implemented by 2008 requiring sufficient manual audits (and auditable voting systems for all states by providing funds to replace paperless DRE voting systems and replace them with optical scan paper ballot voting systems[ii]) and require states to provide public access to election records that are necessary to verify election outcomes; and to defer to another bill the requirements for long-term improvement of voting equipment to be publicly disclosed that would require significant time for development cycles.
Sample Letter to Congress that you can revise and send:
http://senate.gov/ and http://www.house.gov/
Dear Congressional Staffer Who Works on Election Integrity:
Please be so kind as to read this paper which was written with the help of dozens of skilled technologists, because it explains for the lay person, the complexities of voting system software disclosure and shows why the current software disclosure proposals by Representative Holt and Senator Nelson (HR811 and S559) must be rewritten.
"Avoid Another HAVA Train Wreck: Software Disclosure Requirements are a Good Long Term Goal But Need to Be Redrafted in Federal Election Integrity Legislation" http://electionarchive.net/docs_other/dopp/VotingSystemSoftwareDisclosure.pdf
(Note: You can view every article as one long page if you sign up as an Advocate Member, or higher).
