Vendors Attack Open Source with Obfuscation, Inaccuracy, Doubt

The Election Technology Council released a white paper: Open Source: Understanding Its Application In The Voting Industry <read>

Professor Dan Wallach explains the flaws in their arguments and understanding of open source: On open source vs. disclosed source voting systems <read>

As Dan suggests we need to rely on experts to understand complex issues.  But not just any expert.  Transparency provides access to all experts.

Nobody has ever suggested that election transparency requires the layperson to be able to understand the source code. Rather, it requires the layperson to be able to trust their newspaper, or political party, or Consumer Reports, or the League of Women Voters, to be able to retain their own experts and reach their own conclusions.

I would suggest that the indsstry paper is aimed at  laypersons, especially election officials and legislators.

Here is an example of a strawman from the industry paper, refuted by Wallach:

… taking a software product that was once proprietary and disclosing its full source code to the general public will result in a complete forfeiture of the software’s security … Although computer scientists chafe at the thought of “security through obscurity,” there remains some underlying truths to the idea that software does maintain a level of security through the lack of available public knowledge of the inner workings of a software program.

Really? No. Disclosing the source code only results in a complete forfeiture of the software’s security if there was never any security there in the first place. If the product is well-engineered, then disclosing the software will cause no additional security problems. If the product is poorly-engineered, then the lack of disclosure only serves the purpose of delaying the inevitable.

In general the industry completely turns everything around.  In Wallach’s words:

As to the “principles of intellectual property”, the ETC paper conflates and confuses copyright, patent, and trade secrets. Any sober analysis must consider these distinctly. As to the “viability of the current marketplace”, the market demands products that are meaningfully secure, usable, reliable, and affordable. So long as the present vendors fail on one or more of these counts, their markets will suffer.

This is just a taste.  There are many more details refuted and a great case made for open source in Wallach’s post <read>

Finally, we point out that CTVotersCount is made possible and more robust by open source software, WordPress.  WordPress has proven quite secure, with a community of  developers ready to quickly address security flaws.  It is also much more robust than proprietary alternatives due to a huge community of developers competing to create valuable add-one features at the rate of several a day.


Leave a Reply

You must be logged in to post a comment.