San Francisco

Voting Vulnerability: Could Open Source Computer Code Thwart Threat from Hackers?

While President Barack Obama and the FBI have both warned that this year’s election could be compromised by hackers, some Silicon Valley tech thinkers say a solution to hacking vulnerability lies in taking secret computer codes public for open inspection, meaning anyone can view the computer code that runs the systems.

It might seem counter-intuitive, but a half-dozen computer security experts tell NBC Bay Area Investigative Unit that by making the computer code that runs voting systems public and open for inspection it would increase security and reduce vulnerability.

And the timing for a change in systems is good. Experts say the proprietary systems used today are at the end of their lifespan and need to be replaced.

“Depending on the county in California, you’re looking at a system that’s maybe 15 years old, based on 20-year-old technology or even older,” says California Secretary of State Alex Padilla.

So seize the moment urge proponents of open source computer software in new voting systems.

“Transparency is your friend when it comes to security,” says Brent Turner, current Secretary at CAVO, California Association of Voting Officials. “I refer people to the Department of Defense and the Air Force (as examples). They both utilize open source systems.”

Chances are if you’re an election official anywhere in the United States, you’ve heard from Turner.  

A community and civil rights activist and former rock singer, Turner has spent the last decade spreading the gospel of open source voting systems — as a member of the California Association of Voting Officials. Turner was also instrumental in creating San Francisco County’s Voting Systems Task Force which recently convinced officials to allocate money towards developing, testing and adopting open source systems for future elections in the county.

Turner says by allowing the public to see and test open source computer code, it actually makes the systems safer and more secure.

“The idea is to take all corporate code out of the system so that the general public can be aware of what’s going on and inspect the code,” Turner says. “The fact is by creating transparency within the system, you could spot any bugs that a wise guy might put into the system.”

In previous stories, experts demonstrated for NBC Bay Area’s Investigative Unit just how vulnerable some of these current voting systems are to attack from outside interests.

Those systems date back to the 2000 presidential election and the infamous hanging chad debacle in Florida; voting machines that rely on PC computer technology to cast and tally votes. Those machines and that technology are still in use in nearly every election precinct in America today.

“It’s well known that the types of voting machines that we have today are pretty vulnerable,” says John Sebes, co-founder and Chief Technology Officer at the Silicon Valley based OSET Institute.

In the immediate aftermath of the 2000 Presidential election “we didn’t have the threat environment that we have today,” says Sebes. “Nobody said, ‘oh by the way, it would be a bad idea to run this super-important software on a regular old PC that can be hacked the same as your grandma’s.”

Sebes said the OSET Institute was founded in order to develop secure, transparent modern-day voting systems embarked. That’s why OSET launched its “Trust the Vote” Initiative.

As part of that effort Sebes says OSET is developing free and publicly-owned elections software around the concept of open source.

“We don’t have to run this very important software on some regular, generic thing that can’t protect itself. We can do better,” says Sebes.

The idea of public, open source software in voting systems is a major departure from the proprietary voting systems currently in use around much of the country.

Right now 87 percent of the voting systems are produced and maintained by just three private corporations.

Critics call them “black box” systems because the source code is kept private.

They say open source, or “glass box” systems, are more secure and transparent because their code can be scrutinized by anyone looking to hack it or find bugs.

“The idea is you want to know what’s going on inside the black box, and in the current systems, you cannot,” says Brent Turner.

California Secretary of State Padilla wants counties to modernize their voting systems. He says his office would approve an open source system if it passes the certification process. But he says also says the ultimate decision about which systems to use will always remain up to individual counties.

“Open source is the ultimate in transparency and accountability for all. But at the end of the day, that’s a decision for each community to make for themselves,” says Secretary Padilla.

Everyone agrees any change in systems will take time and won’t be ready for this November.

Cybersecurity experts are bracing for what might happen given how vulnerable these old systems are and holding their breath with the uncertainty of what could happen.

“We’re going to have that we’ll get through it, but we don’t need every other election to be conducted in that environment of fear, uncertainty and doubt,” Sebes says.

Elections officials around California may just be starting to listen. Los Angeles and San Francisco are the first two California counties to set aside money to try out open source systems in two to four years.

"Elections are the core of our democracy, so it's really important to have a lot of transparency around the voting systems that citizens use to vote," said Vice President of the San Francisco Elections Commission Chris Jerdonek.

San Francisco recently allocated $300,000 to begin the planning phase of the city's open source voting project. Jerdonek said San Francisco is embracing open source because it's more transparent and potentially more secure than the current proprietary systems on the market being sold by vendors.

"So the systems in use today are known as "black box" systems, these systems you buy from a private compnay," Jerdonek said. " You don't know what's going on inside those machines."

But Jerdonek also sees significant cost savings for San Francisco and other counties who choose to pursue an open source voting system because they can avoid costly licensing fees and maintenance fees.

"Currently we're paying $200,000 a year for software that doesn't even change each year and we spent $1.2 million up front," Jerdonek said. "So with open source, the software would be completely free to San Francisco."

If all goes smoothly, Jerdonek anticipates voters being able to test an open source voting system by 2018 or 2019. He hopes the final system will be in place by the 2020 Presidential Election.

But Turner wants other elections supervisors to adopt open source systems as well. 

“I will not rest until we see the systems deployed nationally because all the votes have to count. So we’re not resting, we’re watch dogging every moment,” Turner says.

Contact Us