What is open source software and how does it relate to elections?
Open source software (OSS) is computer software whose source code is made freely available to anyone who wants to use, study, enhance or re-distribute it for any reason. The Open Source Definition, maintained by Open Source Initiative (OSI), is a detailed set of guidelines for open source software.
Open source elections software is software that is readily available to jurisdictions to deploy at very low cost, and is open to security experts and the general public to verify its transparency, security and reliability.
Is open source applicable to critical systems?
Yes, OSS can be used in mission-critical systems. OSS can be developed through many methods, including methods used for mission-critical national security applications, as long as the resulting source code is made freely available. Well-curated, rigorously engineered OSS can harness the collaborative expertise of worldwide developers to achieve a polished, correct and secure product.
What are some examples of mission-critical open source systems currently in use?
Open source systems are currently used for many mission-critical applications, including financial systems, medical devices, terrestrial aeronautics and avionics, extraterrestrial satellites and probes, national critical infrastructure such as regional water and power systems, and defense. Much of the secure software used by the U.S federal government, retailers like Amazon, and mobile platforms like Good, is OSS.
One of the most prominent examples of OSS is the Linux operating system (OS). Linux is completely free and open source, and is the most widely used general purpose OS in the world. It also is the leading OS on servers and supercomputers, and it sees wide usage across the Department of Defense. Other organizations that use mission-critical OSS include:
- The Polarsys collaboration, which includes Airbus, Astrium Satellites, ATOS, Ericsson, and Thales, and is one initiative around OSS used in mission- and safety-critical systems.
- The Jet Propulsion Laboratory, responsible for several Mars missions, which regularly uses and contributes to open source systems. Their Object Oriented Data Technology (OODT) architecture is now a top-level project within the Apache Software Foundation.
- The energy industry and public utilities, who in recent years have begun to move to open source Supervisory Control and Data Acquisition (SCADA) platforms for security and cost reasons.
Why should elections be conducted using open source systems?
Elections should be conducted using well-designed open source systems because the security and correctness of such systems can be verified by security experts and the general public. They are also more flexible in response to changes in election law. In addition, open source election software on COTS hardware is cost effective.
Today, the insistence on black box election systems has everything to do with profits and nothing to do with fundamental security issues or a desire to empower voters. We at Free & Fair maintain that elections should not be influenced at any stage by a profit motive, and strongly believe in the power of open source to make elections more secure and more affordable.
Why are open source election systems considered more flexible than closed source?
Legislators make and change election laws in response to public and media pressure and do not always consult election officials in advance. As a result, election systems must sometimes be modified, and such modification requires understanding the source code. In proprietary or CSS systems access to the source code is limited, often to the vendor that produced the software in the first place. If a modification is required, the pricing and timing of the modifications required by law are completely dependent on the vendor.In contrast, because the source code for OSS is freely available, software developers can compete for the business of making modifications.
Similarly, a variety of vendors can compete for contracts to maintain open source systems. Because the source code is freely available, working with the original vendor is not required.
Is open source software more, or less, secure than closed source software?
When properly designed and supported by an adequate base of developers, OSS can be far more secure than closed source software (CSS), Vulnerabilities in OSS systems, whether accidental or purposeful, are more likely to be discovered than those in CSS systems. If security flaws are revealed in audits by independent organizations, they cannot be glossed over and must be addressed in a straightforward and public fashion.
CSS, sometimes called ‘black box software’, relies on ‘security through obscurity’—meaning that the lack of access to the source code is a primary defense mechanism against manipulation or attacks. Assessing the security of CSS requires that the creators provide access to the source code. This creates a potential conflict of interest: while critical software should be secure, sales and reputation can be affected if security holes are discovered and made public. This is partly why vendors that keep their source code hidden strongly resist security audits of their systems.
Clever and determined hackers will always find a way to invade a system if vulnerabilities exist. Most vulnerabilities are due to poor program design or human error in the source code. The more experts review the code, the more likely it is that flaws will be found and corrected. CSS is, by its nature, developed by a team of limited size, and it is unlikely that small team will find every flaw in the source code. Properly supported OSS, especially in a domain of wide public interest like elections, can benefit from review from a huge team of security experts without adding any costs.
The Department of Defense and the Department of Homeland Security have both released reports in the past few years emphasizing the importance of using OSS in systems that need high security. The National Institute of Standards and Technology (NIST), the federal agency responsible for national standards and certification of secure systems, facilitates several open source products, datasets, and studies that focus on the quality and cost impact of OSS in our nation’s critical systems. Even the National Security Agency (NSA) is not only publishing reports about the advantages of OSS over CSS in secure systems in their The Next Wave magazine, but also releasing a large amount of open source software themselves.
How can open source be secure if the bad guys can ‘see into the machine’?
High assurance software systems created with security as a first principle cannot be exploited via holes, weaknesses, or backdoors in the source code. While it is theoretically possible that a clever bad guy could find an as-yet-undiscovered weakness in an OSS system, the openness of OSS makes this far less likely to happen for OSS than CSS.
The core idea behind transparent secure systems is this: For a system to be secure, it must be secure even if bad actors…
- know how the system works and how it was implemented,
- work as administrators at the company in which the software is deployed, and
- have unlimited amounts of time, computers, and funds to craft an attack on the system.
Small software teams developing CSS rarely have the resources to develop transparent secure systems.
Have any public elections been conducted using open source systems?
Several existing election systems are built on top of the Linux OS. In addition, several local and national elections have been conducted using entirely open source systems.
Elections in the Australian Capital Territory use an open source tabulator, and recent elections in the state of Victoria have used the open source vVote verifiable Internet voting system. In Europe, open source tabulation software was used in European elections in The Netherlands as early as 2004, and the Norwegian Internet voting system, used in several national elections over the past several years, is open source. The United States’s first verifiable election took place on an open source voting system called Scantegrity II in 2011. More recently, election officials in New Hampshire have used the Prime III open source electronic voting system. Finally, it is critical to note that the cryptographic software libraries on these and other election systems depend—such as OpenSSL, BouncyCastle, and Verificatum—are all open source.
Do the terms ‘closed source’ and ‘proprietary’ mean the same thing?
No. Closed source simply means the source code is not made available to anyone. Moreover, it is typically a violation of licensing agreements, and in some cases may even be illegal, to examine how closed source systems operate. Proprietary software is software owned by an individual or company that has legal restrictions placed on its use. Much of the software that you use in your day-to-day life is both closed source and proprietary.
Does open source mean free of charge?
Not always. OSS is not software that is free in terms of cost, but rather free in the sense that it can be freely examined, modified, distributed, etc. OSS is often, but not always, free of charge. It is completely permissible to sell OSS, and in fact many products in widespread use are both commercial and open source.
How does licensing work with open source software?
An OSS license is nothing more than a simple contract between a software’s creators and its users. There are a number of different approaches to licensing OSS. Open source licenses come in as many flavors as ice cream. Each product, team, and client needs to find their favorite flavor. OSI has a review process for OSS licenses and maintains a list of approved OSS licenses.
One type of OSS license gives permission to anyone to modify the source code or include it in their products, so long as they extend the same permission with respect to those modifications and products.
Another type of OSS license lets people do anything they want with the source code, so long as they provide attribution back to the creator and do not hold the creator liable.
A form of license that is not OSI-approved, but still makes the source code publicly available, is commonly seen in software shared by industry. Licenses of this form typically permit researchers, academics, and non-commercial entities to use the code with no restrictions so long as they provide attribution. Commercial entities, however, cannot use the code without contacting the owner of the code and executing a separate, typically commercial, license.