Election officials in Los Angeles County are touting the state’s approval of a new system of tallying absentee votes, one they say will allow the county to distribute redesigned mail-in ballots in time for the Nov. 6 general election. The system runs on technology owned by the county, rather than a private vendor, and in what officials say is a first for California, it’s an open source platform.
“With security on the minds of elections officials and the public, open source technology has the potential to further modernize election administration, security, and transparency,” California Secretary of State Alex Padilla, who certified the new system on Tuesday, said in a press release .
The one catch? The new system might not count as “open source” just yet, as the agency that created it hasn’t shared the underlying code with the wider programming community.
“My takeaway is that their intention is to make it freely available to other organizations, but today it’s not,” said John Sebes, the chief technology officer of the Open Source Election Technology Institute, a nonprofit that develops publicly available voting software. “It’s open source in the sense that it was paid for by public funds and the intent is to share it.”
Conditional praise from election security experts
Open source software, which allows outside programmers to download code and tinker with it for the purpose of offering improvements or adapting it to their own use, actually has support in the often skittish community of election-security advocates. In particular, supporters point to how an open source model can free election authorities from relying too heavily on equipment and software manufactured by private corporations that are motivated by earnings, rather than service to voters.
“California recently has found ways to smooth the path for development of new systems that are both non-proprietary and voter-centric, including through enabling legislation … that changed how we test and certify systems for adoption, and through provision of funding for nonproprietary systems,” Pamela Smith, a former president of Verified Voting, recently told California’s Little Hoover Commission, a state board that reviews government operations and policy. “Open source systems still require the essential safeguards of a paper ballot and robust post-election audits, but as such systems are successfully developed and deployed, they can provide substantial cost-savings to counties, freeing resources for ongoing security improvements.”
LA County’s new tabulation system is part of its “Voting Solutions for All People” initiative, an ongoing project aimed at making it more convenient for the county’s 5.1 million registered voters to cast their ballots. The initiative is reviewing every step of the voting process, from the technology used to cast ballots to the availability of polling places. One of the first products will be a fresh spin on mail-in ballots, to be used this year in conjunction with the new tallying software.
Starting Oct. 9, county residents who wish to vote by mail will receive packets containing a ballot, a secrecy sleeve, a postage-free return envelope and an “I voted” sticker. Ballots sent back will be counted on the new system.
Padilla’s letter certifying LA County’s new system says officials tested the county-developed software and scanning devices built by Imaging Business Machines, an Alabama firm.
The letter also lays out security requirements for the county to follow as it implements the new system, including isolating the machines that record ballots from the machines that report the actual results, also known as air-gapping. After ballots are read, removable memory devices will be detached from the machines that scan votes and plugged into the machines that show the actual count. Election officials will also be required to operate an additional computer to reformat the memory devices after each use. The letter also prohibits any networked connections to devices not directly involved in the voting system. And any proposed revisions to the process must be approved by the secretary of state.
The first step on a journey
LA County won’t be the first voting jurisdiction to try an open source system. In 2016 , New Hampshire introduced a vote-casting and -tabulation system for blind voters called called “one4all,” which is based on software first created by researchers at the University of Florida. That system, called Prime III by the Florida developers, is also being reviewed by officials in Ohio .
For a system to be truly open source, though, the code has to be accessible to other developers, as Prime III is by being on GitHub , the popular code-sharing website. The LA County system isn’t publicly available, and even though Padilla hailed the concept in the press release, his certification letter makes no mention of how an open source platform might relate to state regulations.
Even though the VSAP source code isn’t public yet, Sebes is optimistic about LA County’s new vote-tabulation platform, especially in how it moves the county away from relying entirely on private vendors for its voting system.
“That is really good,” he said. “This is the first time ever a state has certified just a couple parts of a complete voting system. We can’t have our elections be publicly trusted if they’re run by black-box computers. You can’t say ‘Trust this machine. It’s mine, I’ll never let you look at it and I sold it to the government for money.'”
That doesn’t mean a voting system that’s built entirely by a public agency isn’t automatically trustworthy, especially if its components are hidden from the public, Sebes continued. “What’s best is for everyone to be able to build their own version of it and determine whether the system as certified meets the claim that when it’s used, it can’t be tampered with or modified,” he said.
The emergence of open source voting systems isn’t without caution, though. When LA County’s election officials do release their source code, they should be wary of who offers to help develop it, said Tim Mackey, of the security software firm Synopsys.
“Unlike proprietary software where a vendor relationship exists in the software supply chain, proper open source management requires the consumer, in this case LA County, to become engaged with the development communities they depend upon,” Mackey told StateScoop. “Without that engagement, there is no mechanism for an open source development community to be aware of who their ‘customer’ might be.”
Mackey added that the global open source community has made about 11,400 security disclosures in 2018.
LA County’s Board of Elections did not respond to questions about when it plans to share its source code or review potential collaborators. But Sebes pointed out the board is just making the first steps toward running an open source system.
“If we’re going to split hairs, they’re on a journey, and good for them,” he said. “This is the first step. I want to see the next 10 steps.”