By Gregory Miller

David Plouffe’s View of the Future of Voting — We Agree and Disagree

David Plouffe, President Obama’s top political and campaign strategist and the mastermind behind the winning 2008 and 2012 campaigns, wrote a forward-looking op-ed [paywall] in the Wall Street Journal recently about the politics of the future and how they might look.

He touched on how technology will continue to change the way campaigns are conducted – more use of mobile devices, even holograms, and more micro-targeting at individuals. But he also mentioned how people might cast their votes in the future, and that is what caught our eye here at the TrustTheVote Project.

Here’s what Plouffe wrote: “More states will inevitably move to online voter registration and perhaps digital voting. There will be resistance…but our voting system won’t remain disconnected forever from the way we are leading the rest of our lives.

His last statement – that the voting system will come to resemble more our mobile-device-dependent world – is probably true in the long run.  But it’s going to take time, probably more time than we all would like.  Even though we can bank, buy coffee, and get a boarding pass for an airplane via our smart phones, voting by smart phone is more complicated—hugely more complicated.

When you’re banking online, the financial institution has to be able, absolutely, to identify and verify it is you who authorized (or didn’t authorize) a particular transaction (such as a purchase with your bank card at Amazon.com).  But in the world of elections, the election administrator has to be sure, absolutely, that they can never identify you as the person who cast a particular ballot. It’s completely opposite of online banking because of the sacred assurances of voter anonymity and the secret ballot.

Sure, elections officials should verify you as the individual who is checking in to cast a ballot, but once you have been authenticated, the connection with a particular ballot must cease to exist.  And doing that by your smart phone (or any other digital device connected to the Internet) is beyond non-trivial; it’s downright near impossible.

So, there’s a privacy and technology challenge there.  In other words, we need security of the ballot, but we also need privacy of the voter.  And in the digital world there is an opposite (we call it “inverse”) relationship between security and privacy.

Think about an airport and TSA check points.  If you want absolute privacy, you should be able to walk straight to your gate uninhibited.  If you want absolute security, you should not be able to do so until everything about you has been identified and verified as that exact person with an authorized ticket  to board a plane.

If you think about how awful it would be if your online bank account got hacked, imagine if your state’s online voting system was compromised. Not only could the result be suspect, the fact that an election was hacked would undermine voters’ confidence in our democracy.

So smartphone voting might be a ways off. But in the here and now and very near future, the TrustTheVote Project is already delivering on some of Plouffe’s other visions.

Online voter registration, for example, is already being implemented in many states and through third party organizations. The TrustTheVote Project helped Rock The Vote develop its “Rocky” core software, which operates that group’s nationwide online registration. TrustTheVote helped Virginia implement its online voter registration and our technology powers the search part of the Virginia site, which lets you know if you’re already registered, are at the right polling place, and that your address is up to date. This was all developed with TrustTheVote Project open-source technology that all states and localities can adopt and adapt.

And we’re underway on other innovations—like apps to help you figure out the best time to go to your polling place and apps to help you “check in” to vote, just like the ones you use to get  like you download and print a boarding pass for your flight.

So to David Plouffe, yes elections and campaigns will change in the future.  But it will come step by step and not by a big bang of smartphone voting.

Expanding Our Leadership Assures Our Potential

So, by now you may have seen the news.  We were stoked on Tuesday to announce former Facebook executive Chris Kelly has joined our Foundation’s Board of Directors while the former U.S. CTO Aneesh Chopra has joined as a strategic adviser.  Today, I want to share some more about what this means for us, and for the TrustTheVote Project.

In short, this is a big deal.  In many ways.

chris-kellyLet’s start with Chris Kelly.  I’ve had the pleasure of knowing and working with Chris for years.  Chris is a technocrat for the people.  He understands not just the potential of technology innovation in the digital age, but he “gets” what that can mean — the good, the bad, and yes even the ugly — for all citizens across a range of socioeconomic conditions.  Chris understands the challenges of data privacy and security.  Chris has endeavored to run for public office in the past and may one day do so again.  He intimately understands the process of elections from the viewpoint of a candidate as well as a voter.  But Chris has put his political aspirations on hold while he pursues other projects.

Sure, those “projects” include co-ownership of the NBA Sacramento Kings and the building of their new Arena.  But Chris also believes the TrustTheVote Project has great potential to increase confidence in elections and their outcomes, by reinventing how America votes in order to create a more delightful and engaging experience for voters, as well as a far better solution for elections officials.  Backing that belief up, Chris is putting a significant capital commitment behind the Foundation to accelerate its work for the benefit of elections officials nationwide.  In fact, his backing has significantly accelerated our 2014 fund raising campaign.  That means more talent can be hired and more work can be done.

This really is a big deal.

Aneesh_ChopraThen there is Aneesh Chopra.  Aneesh discovered our project a couple of years ago and has remained intrigued.  As he describes in a recent interview on Vox, he well understands the challenges of elections administration today as a former candidate himself and witnessing the mistakes that can happen as they recently did in the Commonwealth of VA and the District of Columbia.  Aneesh is a pragmatic thought leader with a penchant for detail.  Aneesh has joined our Strategic Advisory Board, joining other government IT, technology policy, and open source visionaries including Bryan Sivak, Joe Hall, and Debra Bryant.

Aneesh will bring significant value to the Foundation with his deep understanding of government IT, public policy, the intersection of technology and government, and many related issues.  His experience as President Obama’s first Chief Technology Officer brings a wealth of practical experience in this regard.  Similarly, since his moving on from the office of U.S. CTO to return to the private sector to work with some exciting commercial technology start-ups, Aneesh appreciates the realities of technology development life cycles.  While we are a non-profit technology project, we bring our own wealth of software industry experience to bear, and Aneesh found the level of professional maturity in our project combined with an unbridled amount of innovative thinking to be attractive and well calibrated to his thinking.  So, we are very stoked to have him on board, and look forward to his advice, insight, and guidance.

This too, is a big deal.

With fresh financial backing plus the thought leadership of these two seasoned executives, we’re maturing our operation and galvanizing a strong management team.  Stay tuned.  We’ll have more announcements coming soon.

A New Name; The Same Mission

Many of you are learning the news, and its true: our Foundation’s name is changing, but the mission remains the same.  Here’s the story.

OSETFoundationI’d like to officially introduce you all to our new name: the Open Source Election Technology Foundation, or as we’re referring to it, the “OSET Foundation” (“Oh-Set”).  And if you haven’t seen our updated Foundation web site, please have a visit and tell us what you think.  But know that what you see there today is an initial site launch to put the Foundation name into circulation, and we’re already hard at work developing an entirely new version of the OSET Foundation site as well as a new home for the TrustTheVote Project and related sites.

I can tell you we’ve selected WordPress as our platform for all of our web sites going forward, thanks to the generous support of Matt Mullenweg, who has generously backed the Foundation before, and is stepping up again, this time with WordPress development resources to help us publish a world class set of sites and resources for our stakeholders (elections officials), supporters, and you.  We deeply appreciate Matt’s support.  But I digress.  Let’s get back to the naming thing.

What’s in a Name?
When we got our start back in late 2006 we chose a name, somewhat intentionally provocative, to reflect what we believed then our mission should be: addressing the pressing need for innovation in machinery used to administer an election.  To us, and many we spoke with in that first year, “digital voting” meant the use of computers in the act(s) of voting.  The cries to rethink DREs (“digital recording electronics”) were reaching a crescendo and we were tired of writing about their woes and decided we should form a team to rethink the machinery… but in a way to bring more transparency at least, and more accuracy, verification and security in the process. So…

“Open Source,” from our experiences in the Silicon Valley (notably the Mozilla Project, as some of us were by then Netscape alumni) was potentially the “jam cracker” to inject innovation into a stagnant industry where there is no business incentive to perform the R&D necessary to address the mandates of verification, accuracy, security and transparency.  Thus we branded ourselves the “Open Source Digital Voting” or “OSDV” Foundation.

Fast forward to 2010 when, during the midst of our battle to earn our tax exempt status, we learned from our PR team that consumer research revealed a startling fact.  In that first 4 years while we were learning the ins and outs of elections administration and related processes, policies, politics, and people, the iPod and iPhone had reshaped popular perception and “digital” now meant “Internet” to many consumers.

Of course, that resulted in a terrible misconception of what we’re doing because our work has nothing to do with Internet Voting — a concept given today’s Internet that is simply not viable by our measure in terms of simultaneously assuring privacy and security of ballot data.

More importantly, our work had progressed to the point that we realized the opportunity to develop an entire elections administration framework, and that to be successful, our cause needs to address the entire voting ecosystem.

So, it became clear that “OSDV” as a name had become obsolete and a new name was required.  That name, a phrase that far more accurately explains what our non-profit mission is about, is the Open Source Election Technology or OSET Foundation.

TTV_400x400Importantly, our flagship effort, the TrustTheVote Project, remains the main thing and vehicle of our mission to bring publicly owned innovation to our Nation’s critical democracy infrastructure.  We have refreshed the TrustTheVote Project brand as you can see to the left here, which can also be seen by visiting either of our Twitter presences @OSET or @TrustTheTheVote.  However, nothing else about the Project has or will change — save a new web site on the way this summer.

In short, we’re pleased to introduce the OSET Foundation with its on-going mission via the TrustTheVote Project to “improve confidence in elections and their outcomes.”

Money Shot: What Does a $40M Bet on Scytl Mean?

…not much we think.

Yesterday’s news of Microsoft co-founder billionaire Paul Allen’s investing $40M in the Spanish election technology company Scytl is validation that elections remain a backwater of innovation in the digital age.

But it is not validation that there is a viable commercial market for voting systems of the size typically attracting venture capitalists; the market is dysfunctional and small and governments continue to be without budget.

And the challenges of building a user-friendly secure online voting system that simultaneously protects the anonymity of the ballot is an interesting problem that only an investor of the stature of Mr. Allen can tackle.

We think this illuminates a larger question:

To what extent should the core technology of the most vital aspect of our Democracy be proprietary and black box, rather than publicly owned and transparent?

To us, that is a threshold public policy question, commercial investment viability issues notwithstanding.

To be sure, it is encouraging to see Vulcan Capital and a visionary like Paul Allen invest in voting technology. The challenges facing a successful elections ecosystem are complex and evolving and we will need the collective genius of the tech industry’s brightest to deliver fundamental innovation.

We at the TrustTheVote Project believe voting is a vital component of our nation’s democracy infrastructure and that American voters expect and deserve a voting experience that’s verifiable, accurate, secure and transparent.  Will Scytl be the way to do so?

The Main Thing

The one thing that stood out to us in the various articles on the investment were Scytl’s comments and assertions of their security with international patents on cryptographic protocols.  We’ve been around the space of INFOSEC for a long time and know a lot of really smart people in the crypto field.  So, we’re curious to learn more about their IP innovations.  And yet that assertion is actually a red herring to us.

Here’s the main thing: transacting ballots over the public packet switched network is not simply about security.   Its also about privacy; that is, the secrecy of the ballot.  Here is an immutable maxim about the digital world of security and privacy: there is an inverse relationship, which holds that as security is increased, privacy must be decreased, and vice-verse.  Just consider any airport security experience.  If you want maximum security then you must surrender a bunch of privacy.  This is the main challenge of transacting ballots across the Internet, and why that transaction is so very different from banking online or looking at your medical record.

And then there is the entire issue of infrastructure.  We continue to harp on this, and still wait for a good answer.  If by their own admissions, the Department of Defense, Google, Target, and dozens of others have challenges securifying their own data centers, how exactly can we be certain that a vendor on a cloud-based service model or an in-house data center of a county or State has any better chance of doing so? Security is an arms race.  Consider the news today about Heartbleed alone.

Oh, and please for the sake of credibility can the marketing machinery stop using the phrase “military grade security?”  There is no such thing.  And it has nothing to do with an increase in the  128-bit encryption standard RSA keys to say, 512 or 1024 bit.  128-bit keys are fine and there is nothing military to it (other than the Military uses it).  Here is an interesting article from some years ago on the sufficiency of current crypto and the related marketing arms race.  Saying “military grade” is meaningless hype.  Besides, the security issues run far beyond the transit of data between machines.

In short, there is much the public should demand to understand from anyone’s security assertions, international patents notwithstanding.  And that goes for us too.

The Bottom Line

While we laud Mr. Allen’s investment in what surely is an interesting problem, no one should think for a moment that this signals some sort of commercial viability or tremendous growth market opportunity.  Nor should anyone assume that throwing money at a problem will necessarily fix it (or deliver us from the backwaters of Government elections I.T.).  Nor should we assume that this somehow validates Scytl’s “model” for “security.”

Perhaps more importantly, while we need lots of attention, research, development and experimentation, the bottom line to us is whether the outcome should be a commercial proprietary black-box result or an open transparent publicly owned result… where the “result” as used here refers to the core technology of casting and counting ballots, and not the viable and necessary commercial business of delivering, deploying and servicing that technology.

The “VoteStream Files” A Summary

The TrustTheVote Project Core Team has been hard at work on the Alpha version of VoteStream, our election results reporting technology. They recently wrapped up a prototype phase funded by the Knight Foundation, and then forged ahead a bit, to incorporate data from additional counties, provided by by participating state or local election officials after the official wrap-up.

DisplayAlong the way, there have been a series of postings here that together tell a story about the VoteStream prototype project. They start with a basic description of the project in Towards Standardized Election Results Data Reporting and Election Results Reload: the Time is Right. Then there was a series of posts about the project’s assumptions about data, about software (part one and part two), and about standards and converters (part one and part two).

Of course, the information wouldn’t be complete without a description of the open-source software prototype itself, provided Not Just Election Night: VoteStream.

Actually the project was as much about data, standards, and tools, as software. On the data front, there is a general introduction to a major part of the project’s work in “data wrangling” in VoteStream: Data-Wrangling of Election Results DataAfter that were more posts on data wrangling, quite deep in the data-head shed — but still important, because each one is about the work required to take real election data and real election result data from disparate counties across the country, and fit into a common data format and common online user experience. The deep data-heads can find quite a bit of detail in three postings about data wrangling, in Ramsey County MN, in Travis County TX, and in Los Angeles County CA.

Today, there is a VoteStream project web site with VoteStream itself and the latest set of multi-county election results, but also with some additional explanatory material, including the election results data for each of these counties.  Of course, you can get that from the VoteStream API or data feed, but there may be some interest in the actual source data.  For more on those developments, stay tuned!

A Northern Exposed iVoting Adventure

NorthernExposureImageAlaska’s extension to its iVoting venture may have raised the interests of at least one journalist for one highly visible publication.  When we were asked for our “take” on this form of iVoting, we thought that we should also comment here on this “northern exposed adventure.” (apologies to those fans of the mid-90s wacky TV series of a similar name.)

Alaska has been among the states that allow military and overseas voters to return marked absentee ballots digitally, starting with fax, then eMail, and then adding a web upload as a 3rd option.  Focusing specifically on the web-upload option, the question was: “How is Alaska doing this, and how do their efforts square with common concerns about security, accessibility, Federal standards, testing, certification, and accreditation?

In most cases, any voting system has to run that whole gauntlet through to accreditation by a state, in order for the voting system to be used in that state. To date, none of the iVoting products have even tried to run that gauntlet.

So, what Alaska is doing, with respect to security, certification, and host of other things is essentially: flying solo.

Their system has not gone through any certification program (State, Federal, or otherwise that we can tell); hasn’t been tested by an accredited voting system test lab; and nobody knows how it does or doesn’t meet  federal requirements for security, accessibility, and other (voluntary) specifications and guidelines for voting systems.

In Alaska, they’ve “rolled their own” system.  It’s their right as a State to do so.

In Alaska, military voters have several options, and only one of them is the ability to go to a web site, indicate their choices for vote, and have their votes recorded electronically — no actual paper ballot involved, no absentee ballot affidavit or signature needed. In contrast to the sign/scan/email method of return of absentee ballot and affidavit (used in Alaska and 20 other states), this is straight-up iVoting.

So what does their experience say about all the often-quoted challenges of iVoting?  Well, of course in Alaska those challenges apply the same as anywhere else, and they are facing them all:

  1. insider threats;
  2. outsider hacking threats;
  3. physical security;
  4. personnel security; and
  5. data integrity (including that of the keys that underlie any use of cryptography)

In short, the Alaska iVoting solution faces all the challenges of digital banking and online commerce that every financial services industry titan and eCommerce giant spends big $ on every year (capital and expense), and yet still routinely suffer attacks and breaches.

Compared to the those technology titans of industry (Banking, Finance, Technology services, or even the Department of Defense), how well are Alaskan election administrators doing on their shoestring (by comparison) budget?

Good question.  It’s not subject to annual review (like banks’ IT operations audit for SAS-70), so we don’t know.  That also is their right as a U.S. state.  However, the  fact that we don’t know, does not debunk any of the common claims about these challenges.  Rather, it simply says that in Alaska they took on the challenges (which are large) and the general public doesn’t know much about how they’re doing.

To get a feeling for risks involved, just consider one point, think about the handful of IT geeks who manage the iVoting servers where the votes are recorded and stored as bits on a disk.  They are not election officials, and they are no more entitled to stick their hands into paper ballots boxes than anybody else outside a
county elections office.  Yet, they have the ability (though not the authorization) to access those bits.

  • Who are they?
  • Does anybody really oversee their actions?
  • Do they have remote access to the voting servers from anywhere on the planet?
  • Using passwords that could be guessed?
  • Who knows?

They’re probably competent responsible people, but we don’t know.  Not knowing any of that, then every vote on those voting servers is actually a question mark — and that’s simply being intellectually honest.

Lastly, to get a feeling for the possible significance of this lack of knowledge, consider a situation in which Alaska’s electoral college votes swing an election, or where Alaska’s Senate race swings control of Congress (not far-fetched given Murkowski‘s close call back in 2010.)

When the margin of victory in Alaska, for an election result that effects the entire nation, is a low 4-digit number of votes, and the number of digital votes cast is similar, what does that mean?

It’s quite possible that those many digital votes could be cast in the next Alaska Senate race.  If the contest is that close again,  think about the scrutiny those IT folks will get.  Will they be evaluated any better than every banking data center investigated after a data breach?  Any better than Target?  Any better than Google or Adobe’s IT management after having trade secrets stolen?  Or any better than the operators of military unclassified systems that for years were penetrated through intrusion from hackers located in China who may likely have been supported by the Chinese Army or Intelligence groups?

Probably not.

Instead, they’ll be lucky (we hope) like the Estonian iVoting administrators, when the OCSE visited back in 2011 to have a look at the Estonian system.  Things didn’t go so well.  OCSE found that one guy could have undermined the whole system.  Good news: it didn’t happenCold comfort: that one guy didn’t seem to have the opportunity — most likely because he and his colleagues were busier than a one-armed paper hanger during the election, worrying about Russian hackers attacking again, after they had previously shut-down the whole country’s Internet-connect government systems.

But so far, the current threat is remote, and it is still early days even for small scale usage of Alaska’s iVoting option.  But while the threat is still remote, it might be good for the public to see some more about what’s “under the hood” and who’s in charge of the engine — that would be our idea of more transparency.

<soapbox>

Wandering off the Main Point for a Few Paragraphs
So, in closing I’m going to run the risk of being a little preachy here (signaled by that faux HTML tag above); again, probably due to the surge in media inquiries recently about how the Millennial generation intends to cast their ballots one day.  Lock and load.

I (and all of us here) are all for advancing the hallmarks of the Millennial mandates of the digital age: ease and convenience.  I am also keenly aware there are wing-nuts looking for their Andy Warhol moment.  And whether enticed by some anarchist rhetoric, their own reality distortion field, or most insidious: the evangelism of a terrorist agenda (domestic or foreign) …said wing nut(s) — perhaps just for grins and giggles — might see an opportunity to derail an election (see my point above about a close race that swings control of Congress or worse).

Here’s the deep concern: I’m one of those who believes that the horrific attacks of 9.11 had little to do with body count or the implosions of western icons of financial might.  The real underlying agenda was to determine whether it might be possible to cause a temblor of sufficient magnitude to take world financial markets seriously off-line, and whether doing so might cause a rippling effect of chaos in world markets, and what disruption and destruction that might wreak.  If we believe that, then consider the opportunity for disruption of the operational continuity of our democracy.

Its not that we are Internet haters: we’re not — several of us came from Netscape and other technology companies that helped pioneer the commercialization of that amazing government and academic experiment we call the Internet.  Its just that THIS Internet and its current architecture simply was not designed to be inherently secure or to ensure anyone’s absolute privacy (and strengthening one necessarily means weakening the other.)

So, while we’re all focused on ease and convenience, and we live in an increasingly distributed democracy, and the Internet cloud is darkening the doorstep of literally every aspect of society (and now government too), great care must be taken as legislatures rush to enact new laws and regulations to enable studies, or build so-called pilots, or simply advance the Millennial agenda to make voting a smartphone experience.  We must be very careful and considerably vigilant, because its not beyond the realm of reality that some wing-nut is watching, cracking their knuckles in front of their screen and keyboard, mumbling, “Oh please. Oh please.”

Alaska has the right to venture down its own path in the northern territory, but it does so exposing an attack surface.  They need not (indeed, cannot) see this enemy from their back porch (I really can’t say of others).  But just because it cannot be identified at the moment, doesn’t mean it isn’t there.

</soapbox>

One other small point:  As a research and education non-profit we’re asked why shouldn’t we be “working on making Internet voting possible?”  Answer: Perhaps in due time.  We do believe that on the horizon responsible research must be undertaken to determine how we can offer an additional alternative by digital means to casting a ballot next to absentee and polling place experiences.  And that “digital means” might be over the public packet-switched network.  Or maybe some other type of network.  We’ll get there.  But candidly, our charge for the next couple of years is to update an outdated architecture of existing voting machinery and elections systems and bring about substantial, but still incremental innovation that jurisdictions can afford to adopt, adapt and deploy.  We’re taking one thing at a time and first things first; or as our former CEO at Netscape used to say, we’re going to “keep the main thing, the main thing.”

Onward
GAM|out

PCEA Report Finally Out: The Real Opportunity for Innovation Inside

PCEACoverThis week the PCEA finally released its long-awaited report to the President.  Its loaded with good recommendations.  Over the next several days or posts we’ll give you our take on some of them.  For the moment, we want to call your attention to a couple of under-pinning elements now that its done.

The Resource Behind the Resources

Early in the formation of what initially was referred to as the “Bauer-Ginsberg Commission” we were asked to visit the co-chairs in Washington D.C. to chat about technology experts and resources.  We have a Board member who knows them both and when asked we were honored to respond.

Early on we advised the Co-Chairs that their research would be incomplete without speaking with several election technology experts, and of course they agreed.  The question was how to create a means to do so and not bog down the progress governed by layers of necessary administrative regulations.

I take a paragraph here to observe that I was very impressed in our initial meeting with Bob Bauer and Ben Ginsberg.  Despite being polar political opposites they demonstrated how Washington should work: they were respectful, collegial, sought compromise to advance the common agenda and seemed to be intent on checking politics at the door in order to get work done.  It was refreshing and restored my faith that somewhere in the District there remains a potential for government to actually work for the people.  I digress.

We advised them that looking to the CalTech-MIT Voting Project would definitely be one resource they could benefit from having.

We offered our own organization, but with our tax exempt status still pending, it would be difficult politically and otherwise to rely on us much in a visible manner.

So the Chairs asked us if we could pull together a list — not an official subcommittee mind you, but a list of the top “go to” minds in the elections technology domain.  We agreed and began a several week process of vetting a list that needed to be winnowed down to about 20 for manageability  These experts would be brought in individually as desired, or collectively  — it was to be figured out later which would be most administratively expedient.  Several of our readers, supporters, and those who know us were aware of this confidential effort.  The challenge was lack of time to run the entire process of public recruiting and selection.  So, they asked us to help expedite that, having determined we could gather the best in short order.

And that was fine because anyone was entitled to contact the Commission, submit letters and comments and come testify or speak at the several public hearings to be held.

So we did that.  And several of that group were in fact utilized.  Not everyone though, and that was kind of disappointing, but a function of the timing constraints.

The next major resource we advised they had to include besides CalTech-MIT and a tech advisory group was Rock The Vote.  And that was because (notwithstanding they being a technology partner of ours) Rock The Vote has its ear to the rails of new and young voters starting with their registration experience and initial opportunity to cast their ballot.

Finally we noted that there were a couple of other resources they really could not afford to over-look including the Verified Voting Foundation, and L.A. County’s VSAP Project and Travis County’s StarVote Project.

The outcome of all of that brings me to the meat of this post about the PCEA Report and our real contribution.  Sure, we had some behind the scenes involvement as I describe above.  No big deal.  We hope it helped.

The Real Opportunity for Innovation

But the real opportunity to contribute came in the creation of the PCEA Web Site and its resource toolkit pages.

On that site, the PCEA took our advice and chose to utilize Rock The Vote’s open source voter registration tools and specifically the foundational elements the TrustTheVote Project has built for a States’ Voter Information Services Portal.

Together, Rock The Vote and the TrustTheVote Project are able to showcase the open source software that any State can adopt, adapt, and deploy–for free (at least the adoption part) and without having to reinvent the wheel by paying for a ground-up custom build of their own online voter registration and information services portal.

We submit that this resource on their PCEA web site represents an important ingredient to injecting innovation into a stagnant technology environment of today’s elections and voting systems world.

For the first time, there is production-ready open source software available for an important part of an elections official’s administrative responsibilities that can lower costs, accelerate deployment and catalyze innovation.

To be sure, its only a start — its lower hanging fruit of an election technology platform that doesn’t require any sort of certification. With our exempt status in place, and lots of things happening we’ll soon share, there is more, much more, to come.  But this is a start.

There is a 112 pages of goodness in the PCEA report.  And there are some elements in there that deserve further discussion.  But we humbly assert its the availability of some open source software on their resource web site that we think represents a quiet breakthrough in elections technology innovation.

The news has been considerable.  So, yep, we admit it.  We’re oozing pride today.
And we owe it to your continued support of our cause.
Thank you!

GAM | out

Comments Prepared for Tonight’s Elections Technology Roundtable

This evening at 5:00pm members of the TrustTheVote Project have been invited to attend an elections technology round table discussion in advance of a public hearing in Sacramento, CA scheduled for tomorrow at 2:00pm PST on new regulations governing Voting System Certification to be contained in Division 7 of Title 2 of the California Code of Regulations.

Due to the level of activity, only our CTO, John Sebes is able to participate.

We were asked if John could be prepared to make some brief remarks regarding our view of the impact of SB-360 and its potential to catalyze innovation in voting systems.  These types of events are always dynamic and fluid, and so we decided to publish our remarks below just in advance of this meeting.

Roundtable Meeting Remarks from the OSDV Foundation | TrustTheVote Project

We appreciate an opportunity to participate in this important discussion.  We want to take about 2 minutes to comment on 3 considerations from our point of view at the TrustTheVote Project.

1. Certification

For SB-360 to succeed, we believe any effort to create a high-integrity certification process requires re-thinking how certification has been done to this point.  Current federal certification, for example, takes a monolithic approach; that is, a voting system is certified based on a complete all-inclusive single closed system model.  This is a very 20th century approach that makes assumptions about software, hardware, and systems that are out of touch with today’s dynamic technology environment, where the lifetime of commodity hardware is months.

We are collaborating with NIST on a way to update this outdated model with a “component-ized” approach; that is, a unit-level testing method, such that if a component needs to be changed, the only re-certification required would be of that discrete element, and not the entire system.  There are enormous potential benefits including lowering costs, speeding certification, and removing a bar to innovation.

We’re glad to talk more about this proposed updated certification model, as it might inform any certification processes to be implemented in California.  Regardless, elections officials should consider that in order to reap the benefits of SB-360, the non-profit TrustTheVote Project believes a new certification process, component-ized as we describe it, is essential.

2. Standards

2nd, there is a prerequisite for component-level certification that until recently wasn’t available: common open data format standards that enable components to communicate with one another; for example, a format for a ballot-counter’s output of vote tally data, that also serves as input to a tabulator component.  Without common data formats elections officials have to acquire a whole integrated product suite that communicates in a proprietary manner.  With common data formats, you can mix and match; and perhaps more importantly, incrementally replace units over time, rather than doing what we like to refer to as “forklift upgrades” or “fleet replacements.”

The good news is the scope for ballot casting and counting is sufficiently focused to avoid distraction from the many other standards elements of the entire elections ecosystem.  And there is more goodness because standards bodies are working on this right now, with participation by several state and local election officials, as well as vendors present today, and non-profit projects like TrustTheVote.  They deserve congratulations for reaching this imperative state of data standards détente.  It’s not finished, but the effort and momentum is there.

So, elections officials should bear in mind that benefits of SB-360 also rest on the existence of common open elections data standards.

3. Commercial Revitalization

Finally, this may be the opportunity to realize a vision we have that open data standards, a new certification process, and lowered bars to innovation through open sourcing, will reinvigorate a stagnant voting technology industry.  Because the passage of SB-360 can fortify these three developments, there can (and should) be renewed commercial enthusiasm for innovation.  Such should bring about new vendors, new solutions, and new empowerment of elections officials themselves to choose how they want to raise their voting systems to a higher grade of performance, reliability, fault tolerance, and integrity.

One compelling example is the potential for commodity commercial off-the-shelf hardware to fully meet the needs of voting and elections machinery.  To that point, let us offer an important clarification and dispel a misconception about rolling your own.  This does not mean that elections officials are about to be left to self-vend.  And by that we mean self-construct and support their open, standard, commodity voting system components.  A few jurisdictions may consider it, but in the vast majority of cases, the Foundation forecasts that this will simply introduce more choice rather than forcing you to become a do-it-yourself type.  Some may choose to contract with a systems integrator to deploy a new system integrating commodity hardware and open source software.  Others may choose vendors who offer out-of-the-box open source solutions in pre-packaged hardware.

Choice is good: it’s an awesome self-correcting market regulator and it ensures opportunity for innovation.  To the latter point, we believe initiatives underway like STAR-vote in Travis County, TX, and the TrustTheVote Project will catalyze that innovation in an open source manner, thereby lowering costs, improving transparency, and ultimately improving the quality of what we consider critical democracy infrastructure.

In short, we think SB-360 can help inject new vitality in voting systems technology (at least in the State of California), so long as we can realize the benefits of open standards and drive the modernization of certification.

 

EDITORIAL NOTES:
There was chatter earlier this Fall about the extent to which SB-360 allegedly makes unverified non-certified voting systems a possibility in California.  We don’t read SB-360 that way at all.  We encourage you to read the text of the legislation as passed into law for yourself, and start with this meeting notice digest.  In fact, to realize the kind of vision that leading jurisdictions imagine, we cannot, nor should not alleviate certification, and we think charges that this is what will happen are misinformed.  We simply need to modernize how certification works to enable this kind of innovation.  We think our comments today bear that out.

Moreover, have a look at the Agenda for tomorrow’s hearing on implementation of SB-360.  In sum and substance the agenda is to discuss:

  1. Establishing the specifications for voting machines, voting devices, vote tabulating devices, and any software used for each, including the programs and procedures for vote tabulating and testing. (The proposed regulations would implement, interpret and make specific Section 19205 of the California Elections Code.);
  2. Clarifying the requirements imposed by recently chaptered Senate Bill 360, Chapter 602, Statutes 2013, which amended California Elections Code Division 19 regarding the certification of voting systems; and
  3. Clarifying the newly defined voting system certification process, as prescribed in Senate Bill 360.

Finally, there has been an additional charge that SB-360 is intended to “empower” LA County, such that what LA County may build they (or someone on their behalf) will sell the resulting voting systems to other jurisdictions.  We think this allegation is also misinformed for two reasons: [1] assuming LA County builds their system on open source, there is a question as to what specifically would/could be offered for sale; and [2] notwithstanding offering open source for sale (which technically can be done… technically) it seems to us that if such a system is built with public dollars, then it is in fact, publicly owned.  From what we understand, a government agency cannot offer for sale their assets developed with public dollars, but they can give it away.  And indeed, this is what we’ve witnessed over the years in other jurisdictions.

Onward.

The Gift Has Arrived: Our Exempt Status After 6 Years

Today is a bit of a historical point for us: we can publicly announce the news of the IRS finally granting our tax exempt status.

The digital age is wreaking havoc, however, on the PR and news processes.  In fact, we knew about this nearly 2 weeks ago, but due to a number of legal and procedural issues and a story we were being interviewed for, we were on hold in making this important announcement.  And we’re still struggling to get this out on the wires (mostly due to a change our of our PR Agency at the most inopportune moment).

The result: WIRED Magazine actually got the jump on us (oh, the power of digital publishing), and now hours after their article posting, we’re finally getting our own press release to the world.

I have to observe, that notwithstanding a paper-chase of near epic proportions with the IRS in granting us what we know our charter deserves to do foster the good work we intend, at the end of the day, 501(c)(3) status is a gift from the government.  And we cannot lose sight of that.

So, for the ultimate outcome we are deeply grateful, please make no mistake about that.  The ways  and means of getting there was exhausting… emotionally, financially, and intellectually.  And I notice that the WIRED article makes a showcase of a remark I made in one of the many  interviews and exchanges leading up to that story about being “angry.”

I am (or was) angry at the process because 6 years to ask and re-ask us many of the same questions, and perform what I humbly believe at some point amounted to intellectual naval gazing, was crazy.  I can’t help but feel like we were being bled.  I fear there are many other valuable public benefit efforts, which involve intangible assets, striving for the ability to raise public funds to do public good, who are caught up in this same struggle.

What’s sad, is that it took the guidance and expertise (and lots of money that could be spent on delivering the on our mission) of high powered Washington D.C. lawyers to negotiate this to successful conclusion.  That’s sad, because the vast majority of projects cannot afford to do that.  Had we not been so resolute in our determination, and willing to risk our own financial stability to see this through, the TrustTheVote Project would have withered and died in prosecution of our tax exempt status over 6 years and 4 months.

Specifically, it took the expertise and experience of Caplin Drysdale lawyers Michael Durham and Marc Owen himself (who actually ran the IRS Tax Exempt Division for 10 years).  If you can find a way to afford them, you can do no better.

There is so much that could be shared about what it took and what we learned from issues of technology licensing, to nuances of what constitutes public benefit in terms of IRS regulations — not just what seems obvious.  Perhaps we’ll do so another time.  I note for instance that attorney Michael Durham was a computer science major and software engineer before becoming a tax lawyer.  I too have a very similar combination background of computer science and intellectual property law, and it turned out to be hugely helpful to have this interdisciplinary view — just odd that such would be critical to a tax exempt determination case.

However, in summary, I was taught at a very young age and through several life lessons that only patience and perseverance empower prevailing.  I guess its just the way I, and all of us on this project are wired.

Cheers
GAM | out

If it Walks Like a Duck, and Quacks Like a Duck…

So in the midst of participating in an amazing conference at MIT’s Media Lab produced in conjunction with the Knight Foundation (thanks Chris Barr you rock!) today, we learned of additional conduct by the IRS with regard to their Exempt Division’s handling of 1023 filings (for 501.c.3 determination).  In particular, this revelation appeared in an NY Times article today:

But groups with no political inclinations were also examined. “Open source software” organizations seeking nonprofit status are usually for-profit business or for-profit support technicians of the software,” a lookout list warns. “If you see a case, elevate it to your manager.”

Please let us go on record once again, here and now:

  1. The OSDV Foundation’s 1023 application (filed in February 2007) states with sworn affidavits under penalties of perjury, that our charter Article II(A), defines the OSDV Foundation as an organization organized as a nonprofit public benefit corporation, not for the private gain of any person, and it is organized under California Nonprofit Public Benefit Corporation Law for public and charitable purposes, with by-laws consistent with that charter.
  2. We are not a “for-profit business,” rather we are a non-profit project, conducting our activities as such, and never intend to be a commercial operation, or convert into a commercial entity.
  3. We are genuinely seeking, through (continued) philanthropic support of larger grantor organizations, as well as through the generous support of individual citizens, to provide education, research, and reference development of blueprints for trustworthy elections technology, on an open source basis for the benefit of elections jurisdictions nationwide because the current commercial market place is woefully falling short of that capability.
  4. We are willing to ensure our reference designs and implementations, some reduced to software source code, remain up-to-date with as-then-published Federal and/or State-specific criteria or specifications, but we will not do so as a commercial venture.
  5. We reiterate here that we are notfor-profit support technicians” for any software that results from the efforts of this California public benefits non-profit corporation.

As you might imagine, these statements have been backed by over 6-years of considerable supporting documentation, sworn to be accurate and correct to the best of our knowledge, under penalties of perjury and backed by sworn, signed affidavits.

And to be sure, we take our sworn signed statements and veracity very seriously.

We remain hopeful that the IRS will ultimately acknowledge these points and grant us our exempt determination.