Sequoia Voting Systems plans to publicly release the source code for its new optical scan voting system, the company announced Tuesday — a remarkable reversal for a voting machine maker long criticized for resisting public examination of its proprietary systems. The company’s new public source optical-scan voting system, called Frontier Election System, will be submitted for federal certification and testing in the first quarter of next year. The code will be released for public review in November, the company said, on its web site. Sequoia’s proprietary, closed systems are currently used in 16 states and the District of Columbia. The announcement comes five days after a non-profit foundation announced the release of its open-source election software for public review. Sequoia spokeswoman Michelle Shafer says the timing of its release is unrelated to the foundation’s announcement. … Sequoia in fact has been a champion of security through obscurity since it’s been selling voting systems. The company has long had a reputation for vigorously fighting any efforts by academics, voting activists and others to examine the source code in its proprietary systems, and even threatened to sue Princeton University computer scientists if they disclosed anything learned from a court-ordered review of its software.
Princeton University computer scientist Ed Felten, one of the targets of Sequoia’s legal threats, said he was pleasantly surprised to see the company opening its new system to examination after vehemently resisting it in the past. “I think Sequoia is recognizing that it won’t do anymore to just urge people to trust them,” Felten said, “and that people want to know that the code that controls these machines is open and that experts have had a full chance to look at it.”
Given that Sequoia is now acknowledging the value of code disclosure as something that can lead to better security rather than worse security, as it has claimed in the past, Felten said “it seems that it should follow that they would now be willing to release code for all of their other products as well.”
Last year, a judge ordered New Jersey election officials to give source code for the state’s Sequoia AVC Advantage touch-screen machines to Princeton University computer scientist Andrew Appel and others for a lawsuit that challenged the integrity of Sequoia’s paperless machines. Voting activists had sued the state to decommission the units out of security and reliability concerns. Appel’s team found several vulnerabilities with the system, but wasn’t able to discuss them publicly.
Appel, in a separate issue, also found a discrepancy between summary tapes printed from Sequoia touch-screen machines during New Jersey’s primary election and totals that were recorded on the machine’s memory cards. Summary tapes from machines in one district showed a phantom vote for then-presidential-candidate Barack Obama that didn’t appear in the memory card totals.
… Pamela Smith, president of Verified Voting, a group that has long lobbied for fully auditable voting systems, applauded Sequoia’s efforts. “It’s good to know the vendors are developing a new transparent optical-scan system,” she said. “That is probably the biggest recognition of the direction that the voting public wants to see the market going.”
Asked if Sequoia’s history of hiding behind its proprietary code taints the sincerity of its public source effort, Smith said, “It’s never too late. If you’re making a step toward a more transparent system, good for you. That’s a good thing.”