Whether this "controlled open source" approach can be technically implemented, it can be enforced legally and the spirit of the approach is clear to any potential scrutineers. It is the spirit that I am most worried about.
As far as I know the Austalian eVACS systems was not "open development"; it was developed internally by enterprises under contract and fragments of the system sources were released for the purposes of public scrutiny, and it is in this sense the source code was "open", i.e. it was publicly available. The vote collecting and vote counting system runs as a closed system, making potential security threats very difficult with just the knowledge of the code. Surely not making the code public can be seen as hedging ones bets against problems with the overall security model, e.g. the "trusted path": Is this a good thing? Should we be satisfied with a security model in which we need to hedge our bets and be forced to sacrifice transparency? By making code public it is far more likely that problems with the system would be found, as we did as part of an investigation into the formalisation of vote counting mechanisms: http://web.rsise.anu.edu.au/~rpg/EVoting/.
It is my opinion that government processes, especially the democratic process of voting, should be as accessible and transparent as possible. The proposed "controlled open source" system, though I am not completely familiar with it, appears as if it would hinder or exclude public access to a public process, and would deny independent attempts of testing or machine based verification.
Slashdot Mirror
As far as I know the Austalian eVACS systems was not "open development"; it was developed internally by enterprises under contract and fragments of the system sources were released for the purposes of public scrutiny, and it is in this sense the source code was "open", i.e. it was publicly available. The vote collecting and vote counting system runs as a closed system, making potential security threats very difficult with just the knowledge of the code. Surely not making the code public can be seen as hedging ones bets against problems with the overall security model, e.g. the "trusted path": Is this a good thing? Should we be satisfied with a security model in which we need to hedge our bets and be forced to sacrifice transparency? By making code public it is far more likely that problems with the system would be found, as we did as part of an investigation into the formalisation of vote counting mechanisms: http://web.rsise.anu.edu.au/~rpg/EVoting/.
It is my opinion that government processes, especially the democratic process of voting, should be as accessible and transparent as possible. The proposed "controlled open source" system, though I am not completely familiar with it, appears as if it would hinder or exclude public access to a public process, and would deny independent attempts of testing or machine based verification.
a