New York legislators keep e-voting software in public hands
Voter activists had fought changes to e-voting software escrow laws
Computerworld - With this year's New York Senate and Assembly session now ended, local voting activists are chalking up a victory for the public at the expense of Microsoft Corp. and the e-voting industry.
The activists had feared that Microsoft and a handful of e-voting device vendors would quietly weaken the state's strict e-voting software escrow law before the current legislative session ended on Friday. Approved two years ago by the legislature (download PDF), the law requires voting system vendors to place all source code and other related software in escrow for the New York State Board of Elections so it can be examined as needed. The law also dictates that a voting system vendor waives all intellectual property and trade right secret rights should the software need to be reviewed in court.
Microsoft, whose Windows software is used in some of the vendors' devices, sought to amend the law to avoid the strict escrow provisions. That move riled Empire State voting activists such as Bo Lipari, executive director of New Yorkers for Verified Voting, who publicized Microsoft's efforts in his blog the week before the session ended. By focusing on Microsoft's plans, concerned citizens created a groundswell of support in the legislature to ensure the law remained untouched, Lipari said.
"We won for a change," he said on Friday. He estimated that about 3,000 constituent calls had been placed with the legislature about the issue. "There was a huge outpouring of support and the legislature noticed this. It was a forceful way to remind them to reaffirm their commitment to these strong laws."
New York State Assemblywoman Barbara Lifton, a Democrat from the 125th Assembly District, echoed that sentiment. "The voting machine vendors have known for two years what our laws said," Lifton said Thursday. "Now they're saying that those parts of their systems using Microsoft software have to be proprietary? It's just wrong. We're holding firm on our current state law which calls for open source code."
But Lipari had his worries before the matter was resolved. Earlier this month, in his blog, he called Microsoft the "800-pound gorilla of software development" as he called attention to its plans. Microsoft, he said, had been steadily lobbying legislators and circulating an unsigned document that would redefine the law (download PDF).
"These changes would gut the source code escrow and review provisions provided in our current law, which were fought for and won by election integrity activists around the state and adopted by the legislature in June 2005," he warned at the time. He noted that the amendment would have redefined the escrow law to apply only to "election-dedicated voting system technology." Any piece of code that hadn't been specifically designed for use in a voting system would be exempt from the requirement.
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Confront consumerization with convergence Virtualization expert Elias Khnaser spotlights the security, compliance, and governance issues that arise when enterprise users "consumerize" with shadow IT and public cloud...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Gov't Legislation/Regulation White Papers | Webcasts