[House Hearing, 110 Congress]
[From the U.S. Government Publishing Office]





                 ELECTION REFORM: MACHINES AND SOFTWARE

=======================================================================

                                HEARING

                               before the

                       SUBCOMMITTEE ON ELECTIONS

                           COMMITTEE ON HOUSE
                             ADMINISTRATION

                        HOUSE OF REPRESENTATIVES

                       ONE HUNDRED TENTH CONGRESS

                             FIRST SESSION

                               __________

             MEETING HELD IN WASHINGTON, DC, MARCH 15, 2007

                               __________

      Printed for the use of the Committee on House Administration


                       Available on the Internet:
   http://www.gpoaccess.gov/congress/house/administration/index.html














                      U.S. GOVERNMENT PRINTING OFFICE
35-805 PDF                    WASHINGTON  :  2007
---------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government
Printing Office Internet:  bookstore.gpo.gov Phone:  toll free (866)
512-1800; DC area (202) 512-1800 Fax: (202)512-2250 Mail: Stop SSOP,
Washington, DC 20402-0001 













                   COMMITTEE ON HOUSE ADMINISTRATION

           JUANITA MILLENDER-McDONALD, California, Chairwoman
ROBERT A. BRADY, Pennsylvania        VERNON J. EHLERS, Michigan
ZOE LOFGREN, California                Ranking Minority Member
MICHAEL E. CAPUANO, Massachusetts    DANIEL E. LUNGREN, California
CHARLES A. GONZALEZ, Texas           KEVIN McCARTHY, California
SUSAN DAVIS, California
                                 ------                                

                       Subcommittee on Elections

                  ZOE LOFGREN, California, Chairwoman
JUANITA MILLENDER-McDONALD,          KEVIN McCARTHY, California
    California                       VERNON J. EHLERS, Michigan
CHARLES A. GONZALEZ, Texas
SUSAN DAVIS, California































 
                 ELECTION REFORM: MACHINES AND SOFTWARE

                        Thursday, March 15, 2007

                  House of Representatives,
                         Subcommittee on Elections,
                         Committee on House Administration,
                                                   Washington, D.C.
    The subcommittee met, pursuant to call, at 2:25 p.m., in 
room 1539, Longworth House Office Building, Hon. Zoe Lofgren 
(chairwoman of the subcommittee) presiding.
    Present: Representatives Lofgren, Millender-McDonald, Davis 
of California and McCarthy.
    Staff Present: Tom Hicks, Counsel; Janelle Hu, Professional 
Staff Member; Matt Pinkus, Professional Staff/Parliamentarian; 
Kristin McCowan, Chief Legislative Clerk; Gineen Beach, 
Minority Counsel; Peter Sloan, Minority Professional Staff; 
Salley Collins, Minority Press Secretary; and Fred Hay, 
Minority General Counsel.
    Ms. Lofgren. Welcome to the first Subcommittee on Elections 
and Election Reform. I am honored to be serving as Chair of 
this subcommittee, and I look forward to working with our 
Ranking Member Mr. McCarthy, my colleague from California, as 
well as the rest of the committee as we look at our election 
systems and make sure that we have the best that we possibly 
can in our country.
    The purpose of this hearing is to begin to look at election 
reform, specifically the tools of voting machines, software, 
and making these tools accessible to all. In accordance with 
the rules of this committee, witnesses will have 5 minutes for 
their testimony and may submit written testimony, and any 
Members wishing to submit opening remarks for the record may do 
so, although, of course, the Ranking Member is welcome to make 
an opening statement.
    [The statement of Ms. Lofgren follows:]


    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    Ms. Lofgren. Our apologies to everyone here. The House has 
had an open vote for a considerable period of time while the 
President was here, and it has really gotten our schedule out 
of whack. So if it is possible for witnesses to make their 
summary even less long, 3 minutes, that would be a good idea, 
because we do have another panel, and I can assure you we will 
read your entire written testimony. That would be very helpful 
in making sure that everyone gets heard.
    We are debating to replace outdated punch-card systems with 
more advanced machines. Unfortunately, the Nation still has not 
fixed the machinery of voting. All systems need better testing, 
maintenance, and independent certification. All certifications 
need to be audited, and besides being audited, these systems 
and software used in them must be open.
    When programs can redistribute and modify the source code, 
the piece of software that is involved can be improved and 
adapted. Numerous reports are calling on the Judiciary 
Committee for this. The secretary of state of California, and 
academics call for greater accountability on voting machines 
and software, and we know that as we do this, we need to make 
sure that our fellow Americans who have disabilities are 
accommodated fully as they also join us in voting at the polls. 
We cannot ignore those with disabilities, and clearly we have 
no intention of doing so.
    I am excited to have these two panels before us, and now I 
would like to recognize my colleague from California, the 
Ranking Member Mr. McCarthy.
    Mr. McCarthy. Well, I want to thank the Chair for having 
this hearing. I think this is something we should do always; 
not wait until we believe there is a problem out there with 
elections, but we should always analyze them, look at what we 
are using, and continue to have America having one of the most 
honest elections throughout this world.
    But in light of time, I will submit my remarks and leave 
more time to listen to you so we can have some questions.
    Thank you.
    [The statement of Mr. McCarthy follows:]


    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    
    Ms. Lofgren. And we have been joined by another 
Californian, my colleague Susan Davis.
    Ms. Lofgren. So we will begin with our witnesses, and if we 
can start with Mr. Pierce and move right along the panel. 
Welcome.

STATEMENTS OF KELLY PIERCE, DISABILITY SPECIALIST, COOK COUNTY, 
  ILLINOIS, STATE'S ATTORNEY OFFICE; ERIC CLARK, SECRETARY OF 
   STATE, STATE OF MISSISSIPPI; DIANE CORDRY GOLDEN, Ph.D., 
DIRECTOR, MISSOURI ASSISTIVE TECHNOLOGY; AND TED SELKER, Ph.D., 
DIRECTOR, VOTING TECHNOLOGY PROJECT, MASSACHUSETTS INSTITUTE OF 
                           TECHNOLOGY

                   STATEMENT OF KELLY PIERCE

    Mr. Pierce. Thank you, and if you could, Madam Chairwoman, 
warn me about a minute before my time is up.
    I am coming here as a disability specialist at the Cook 
County State's Attorney's Office and a member of the 
accessibility committees of the Cook County Clerk's Office and 
the Chicago Board of Election Commissioners.
    I have worked extensively on disability-related technology 
issues since the early 1990s. I have worked specifically on 
systems regarding audio systems, regarding automatic teller 
machines for large financial systems, including J.P. Morgan-
Chase, LaSalle Bank, and American Express, and most recently on 
developing the voting system that Chicago and Cook County 
implemented starting last year.
    I became blind in 1985, and for the past two decades, I 
have used someone to vote for me except for last year. During 
those two decades, I endured different kinds of experiences, 
often humiliating and degrading, poll workers who seemed 
illiterate, who could barely read the ballot or had to spell 
candidates' names to me. Some poll workers had difficulty even 
seeing the ballot. Other times it was friends who would reveal 
my votes to other people that I turned out to be somewhat 
embarrassed about or humiliated about. And once I had a 
confrontation in the voting booth where someone challenged my 
candidate's choice, the choice of the candidate I wanted to 
vote for. Eventually they punched a hole in the ballot card, 
and I trusted that they punched the candidate that I wanted to 
select.
    What I would like to share with the committee is our 
experience working with Sequoia Voting Systems. We selected a 
machine, the only verified paper ballot machine at the time in 
1985 when we worked with Sequoia spending considerable 
resources, and they spent considerable resources. The 
disability resources elected officials, including Cook County 
organizations, spent considerable time, resources, and energy 
working together, as well as Sequoia, including the company 
president, meeting with disability leaders several times, and 
it resulted in significant advantages.
    That access was quite substantial and significant. Dozens 
of changes were made. Two control boxes were produced during 
that time period, one for the primary election and one for the 
most recent general election.
    So I guess my time is up, and I have submitted my written 
testimony.
    Ms. Lofgren. We thank you very much.
    [The statement of Mr. Pierce follows:]


    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    
    Ms. Lofgren. Next I would like to ask Dr. Selker from the 
Voting Technology Project at MIT to share his thoughts with us.

                    STATEMENT OF TED SELKER

    Mr. Selker. Ladies and gentlemen of the committee, thank 
you so much for having me.
    I have been working on voting technology since the 2000 
election problems, and the goal of producing lost votes 
universally requires us to make selection accessibility, and 
you have to think about how the process has gone. It has always 
been that people are going back and forth between ballotless 
and balloted. Voting with ballotless, you are using a 
systematic control of some sort, some mechanism to check for 
problems, and with ballots you are using humans to control for 
problems.
    To the extent that we have humans in the process, which we 
very much do, we have to have performance-based approaches to 
test the quality of every step of the process. And I think that 
during the ballot counting and recording, we are always in 
danger of losing ballots. And today 1 in 30 selections on every 
commercial system that I have tested is for the candidate next 
to the one you meant to vote for. It is worse if you have 
reading disabilities, and it is easy to make improvements with 
that. We have done it in the laboratory with systems that make 
them more readable, and you have better feedback and more 
redundancy.
    The second chance approaches that we all are working 
towards with the Help America Vote Act include using VPACs, and 
what we have discovered in testing various approaches, that if 
you have people with optical scans try to verify, they don't 
find problems. If you have them with VPACs, they have 106 
ballots with errors no one reported. You get a lot more with 
the audio. You get another almost six times more people 
reporting. Not everybody catches the problem, but people get 
more.
    The thing we want to take care of is not to be adding to 
the problems we have. There are improvements that can be made 
to paper trails if we work towards it. But basically I guess 
what I really want to make sure that we are focusing on is that 
in the end, we are making sure that any record that we use is 
reliable enough to improve voting; 1 in 500,000 may be a good 
number for how often you don't want the equipment of the 
machines to stop you from voting.
    What should be the best evidence if you have a problem? If 
you have two records, it should be that we know to look for the 
one that we are sure is good evidence and we can figure it out 
at the time.
    My time is up.
    Ms. Lofgren. We appreciate that. We have your testimony.
    [The statement of Mr. Selker follows:]

    U.S. House Administration Subcommittee on Elections Hearing on 
          Accessibility and Usability--March 15, 2007, 2 p.m.

 Ted Selker, Associate Professor, MIT Media Lab, MIT Director, Caltech/
                     MIT Voting Technology Project

    Thank you for the honor of inviting me to give testimony to the 
House Administration Subcommittee on Elections, hearing on 
accessibility and usability. I want to thank the members of the 
committee for allowing me to testify.
    I'm Ted Selker, Associate Professor of the MIT Media Lab, and co-
director of the Caltech/MIT Voting Technology Project. I invite you to 
email me follow-up questions at [email protected]. I'll be talking 
about reducing lost votes universally. As we are trying to improve 
elections, we must use universal design to make selection accessibility 
possible for all voters. The process must be accurate. Systems have 
been developed which use ballots and have physical records which rely 
on human control. More recently, approaches have been developed with 
systematic ways of counting ballots with computers, or with mechanical 
systems. These systems, such as lever systems and electronic voting 
machines, depend on systematic mechanisms for testing the votes, and 
human control as back up. The process of reducing lost votes 
universally requires humans to use performance based approaches to test 
all parts of the vote. Secondary records might improve auditability but 
only if they are independently verified to be accurate and reliable.
    Selection accessibility is the central problem for everyone, and 
especially for people with reading disabilities. All technologies that 
are used today lose votes. Typically with paper ballots and with 
electronic ballots, we see one mistake in thirty selections in which a 
voter selects the adjacent person, choosing a candidate that they did 
not mean to vote for. It is very easy to reduce these mistakes. We have 
made ballot designs and mechanisms that can reduce the errors of these 
sorts by fifty percent to eighty percent.
    Elizabeth Rosenswieg, Anna Pandolfo and I created experiments which 
have compared voter verified paper trails, contemporaneous paper 
trails, optical scan voting, and audio verification. These experiments 
found that it is very difficult for people to notice mistakes. In 
experiments with over 30 voters, no one found an error. The voters who 
had a paper trail found their errors 30 percent of the time. With 
contemporaneous paper trails, 40 percent of people found their errors. 
However, they had 15 percent more errors than any other group. The act 
of having to pay attention to two things, the paper being printed out, 
and the electronic voting experiments, distracted them enough that they 
made extra errors. When using audio verification, 50 percent of the 
people found errors. In earlier experiments in Sharon Cohen's work, the 
audio found six times as many errors as the voter verified paper trail.
    We are not saying that verification records that are produced with 
audio or paper are the only way to have second chance voting. Certainly 
the review panes can be an excellent possibility for getting people to 
do second chance voting as well. However, these have to be designed in 
a way that helps guide a person to notice when they have under voted.
    In sightless voting we are especially concerned about selection 
accessibility. The audio ballot designs of today takes a sightless 
voter tens of minutes to complete. This has to be improved. The goal is 
access for people who have disabilities, not assistance. Up to 15 
percent of the American public is reading disabled. Alignment 
improvements, simple layout, audio feedback, can all improve voting. 
The sight disabled can be helped with large ballots, large icons, words 
and buttons. High contrast and audio redundancy also helps them. People 
with other cognitive disabilities such as short-term memory problems, 
are helped by memory aids and audio feedback.
    In addition, performance based election administration 
qualification is central to keeping votes from being lost. We cannot 
know that we've trained election administration personnel until they 
demonstrate that they can do the job. At every step in the process, we 
must have people that know how to independently corroborate each 
other's work in ballot counting, and reporting of the votes so that 
there is no change in the votes made by anybody but the voter.
    Serious research has been done in all of these areas. We have made 
the low error voting interface for helping people with reading 
disabilities and with sight disabilities. It uses redundancy with tabs 
that allow a person to see all of the races and the status of all the 
races simultaneously, as sort of a review pane that is always on the 
page. It uses large changes in the contrasting coloring of the race to 
show that it has been made. It shows one race per pane, and it uses the 
idea of simple layout, redundant feedback, and collaborating 
information as principles. We've also worked on audio which replaces 
beeps with words to give redundant confirmation and reduce voting time. 
To aid unbiased selection, the sex of the audio speaker should match 
the sex of the candidate that is being selected. Essentially, to 
improve ballots, the research has to be continued.
    All forms of ballots must be evaluated before they are used. For 
example, we evaluated the ballot style used in Sarasota, Florida in 
2006, and found that where there is an orphaned race on the same pane 
as another race, the residual rates increase substantially. In 
Charlotte County, Florida, the Attorney General race at the top of the 
ballot had a 22 percent under vote. And other races which are adjacent 
to it had less than 1\1/2\ percent under vote.
    The goal is to focus on making legislation based on demonstrated 
systems that helps the system work. Can we make verification records 
that help even blind and disabled people improve their voting? So far 
the paper records have not demonstrated themselves to improve voting 
through verification, and in fact it appears that where they've been 
used, there is somewhere between 5 and 10 percent of them that are 
actually unreadable. Election process must strive to allow everyone to 
cast their intentions without mistakes.
    Things can be improved, and we must use this research. Legislation 
should not determine ahead of time that paper is the official record. 
To keep a record from being a target of fraud one should decide which 
available evidence is valid for what purposes after they've been 
created, not before.
    Records must be reliable, and whatever records we make must be able 
to comply with 2002 voting standards of one in 500,000 errors. We 
should not make legislation for technologies that have not been tested. 
We must specify systems that will improve reliability before we ask 
people to buy new systems. Purchasing equipment that is not tested 
wastes money in a time when we could be improving our elections to be a 
model for the world. I encourage you to consider the Policy piece from 
June 2005 Science Magazine I submitted, and I encourage you to view 
more information at www.votingtechnologyproject.org. Thank you for your 
time, and I submit my testimony to the official record.

    Ms. Lofgren. We are honored to have the secretary of state 
of Mississippi Mr. Clark come all the way up here and give us 
the benefit of his experience and wisdom.

                    STATEMENT OF ERIC CLARK

    Mr. Clark. I am delighted to be here. I appreciate having 
the opportunity to be here.
    There are five points I want to try to make very quickly, 
and I think I can do it in 3 minutes. I am here as secretary of 
state of Mississippi and also as cochair of the Elections 
Committee of the National Association of Secretaries of State.
    First as to the disability issues. Two years ago, I 
appointed a task force in our State to pick a State voting 
machine, and we wound up with 77 out of our 82 counties taking 
that machine, and counties could either opt in or opt out. 
Citizens with disabilities were very active in that task force 
and had an extremely important influence in helping us pick the 
machine. We picked a touch-screen, and they were among the most 
vocal supporters of it, and people have told me for the first 
time they are able to vote a secret ballot. Like a person who 
is not able to see, there is an audio feature that walks that 
person through the ballot. It is extremely successful.
    I will tell you that not only the disability community, but 
generally, the machines are very, very popular in my State. It 
is more than a 98 percent approval rating in the surveys we 
have done. So we are in good shape there.
    I would ask you this: Please don't break something that is 
working; but if you do, please, please, please give the States 
enough money to fix it. Now, where we are is the only bill I 
have seen introduced talks about $300 million. That won't begin 
to do what that bill would mandate on the States. And I say 
that within the context that HAVA was underfunded to $800 
million. So please don't make us do something we can't afford 
to do.
    If I may touch on three other issues.
    We have a paper trail in Mississippi. We bought a printer 
for every one of our DRE machines that is State involved. They 
work very well. They use thermal paper. It has a life of at 
least 5 years. The main--H.R. 81, that is the bill that I read, 
would make us do away with that. I think that it would be 
completely unnecessary, and I think it would be a complete 
waste of a lot of folks' time and money. It says a paper trail 
has to be on durable paper of archival quality capable of 
withstanding multiple counts and recounts, without compromising 
the fundamental integrity of the ballots. If you take out the 
word ``durable,'' because I don't know what a court would say 
that means, and if you take out ``of archival quality,'' our 
paper trail right now meets that test.
    The second point, it says the auditor has to do recounts. 
Please don't give that function to somebody that knows nothing 
about elections, somebody who would simply complicate the 
process and make it impossible for us to certify the elections 
timely. My auditor is very much against it, and there is a 
letter from the National State Auditors Association saying that 
is a bad idea. Please give the folks with the responsible 
authority the opportunity to do their job.
    And the fifth point is please don't make us do that this 
year. That is what the bill says. We have 4 years to implement 
HAVA. There is no way under the sun we can make the kind of 
changes that are contemplated in that bill by next year's 
elections.
    I have gone 12 seconds over. Bless your heart. Thank you 
for listening to me.
    [The statement of Mr. Clark follows:]


    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    
    Ms. Lofgren. I will ask unanimous consent to put the letter 
into the record.
    [The information follows:]


    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    
    Ms. Lofgren. And we also have a letter from a number of 
disability activists that I will also ask unanimous consent to 
put in the record before we call on our next witness.
    [The information follows:]


    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    
    Ms. Lofgren. Our next witness is Diane Golden.
    Dr. Golden, thank you so much for being here.

                STATEMENT OF DIANE CORDRY GOLDEN

    Ms. Golden. Thank you. I am so impressed with how quickly 
somebody from Mississippi talks, because I talk really slowly, 
and I thought that is okay. Somebody before me is going to talk 
slowly. That isn't the case. I will quickly try to summarize my 
comments.
    Thank you for inviting me to testify. I am very pleased to 
be here. First off, I am not here to oppose or endorse any 
voting system. I am here to talk solely about accessibility, 
which is what I know, love, and have done for the last 30 
years.
    Accessibility in voting systems is no different from 
accessibility to computers or telephones or any other types of 
equipment that you provide accessibility to people with 
disabilities. It means you have a set of access standards, and 
the equipment or the device conforms to those standards. That 
is how you judge whether or not something is accessible. If 
indeed the decision is made that one or more of the 
determinative votes of records needs to be paper, then that 
paper needs to be accessible, period. There is just no two ways 
around it. It is not going to work to have an accessible 
electronic vote record or ballot and an inaccessible paper one. 
You just see the problem with that. It is clearly lack of equal 
access.
    So the good news is we have, I think, a very good set of 
access standards in the voluntary voting system standards that 
the EAC adopted. They are fairly robust. They could be 
improved, but they provide a wide range of access features for 
people who are blind, people who have low vision, people with 
motor limitations, et cetera. So it is a cross-disability way 
of delivering access.
    The down side is that when you add paper into that process, 
we currently don't have equipment on the market readily 
available that delivers all of those access features when a 
paper ballot is involved.
    And I will tell you just very quickly the two major access 
problems we have. The DRE systems that are on the market with 
the VVPAT attached, as Mississippi is using, the problem with 
accessing those systems is that the print on the paper is not 
accessible. That print is going to have to be converted into an 
accessible form for people with disabilities to actually be 
able to verify the paper. Currently what they are verifying is 
the electronic ballot.
    The second equipment on the market are ballot-marking 
devices where the vote starts and ends paper, but there is an 
electronic interface that lets the person with the disability 
use large print, audio, switches so that they don't have to 
touch or handle anything. Those systems are fully accessible 
except for the fact that you have this paper ballot that has to 
be sucked in, pulled out and physically manipulated, and for 
someone who is a quadriplegic, who has no use of their hands, 
it is impossible. So again, you have lost independent voting 
ability.
    So those are the two major access barriers we have when you 
reintroduce or mandate paper in the process. Are those two 
issues insurmountable technologically? No. They certainly can 
be addressed and resolved. What will it take? Time and money. 
And I will echo the secretary of state's statement: It is going 
to take us time and money, but it can be done, and if that is 
what needs to be done to make voting secure, so be it. We just 
need to make it accessible at the same time.
    Thank you.
    [The statement of Ms. Golden follows:]


    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    
    Ms. Lofgren. Thank you very much to all of you.
    We have been joined by the Chairwoman of the full 
committee, and we welcome her along with the other Members. 
Because we started so late, through no fault of our own, I am 
going to ask the Members to try to limit themselves to 3 
minutes as well so that we will have time for the second panel. 
And I would like to start, if I can with Dr. Selker.
    I understand that you have been a proponent of a voter-
verified audio audit trail. Next week we are going to deal with 
auditing, but can you explain how that would work?
    Mr. Selker. Today's voting machines, electronic voting 
machines, have audio output, and if you simply had that go into 
a $50 tape recorder that tape records when there is noise 
coming into it, and from there into your ears, you are getting 
a verification record that did not go through a computer. It is 
not produced by--independently of you hearing it. And if it 
happens while you are voting, it actually helps people with 
disabilities because it corroborates the information that you 
are seeing, helping people with reading disabilities, helping 
people with cognitive disabilities of other sorts, and also it 
turns out that people find the errors, and that is what we like 
about it.
    So now you take that tape, and the tape drive is a much 
more reliable drive than any of the printers that we have been 
able to find.
    Ms. Lofgren. Mr. Clark, I was interested in your testimony 
on how satisfied your State has been with the thermal ballots 
and your desire to make sure that what works for you is not 
disturbed, if I can put words in your mouth.
    We had a hearing in the 109th Congress where we got a very 
different point of view from Ohio that has, I think, the same 
system with thermal paper, and they showed us things that were 
all jammed up and that didn't work.
    Do you know--have you been lucky, or have they done 
something wrong, or do you have any idea why there has been 
such a disparate experience between the two States?
    Mr. Clark. No, ma'am, I don't. I can tell you what we have 
done in Mississippi. Last year we rolled them out in the early 
part of the year. We had primaries in June, and we had the 
general election in November. My staff in the Secretary of 
State's Office did more than 1,200 training sessions all over 
the State, in every corner of the State. And then, of course, 
we trained the county election officials, and they went out and 
did hundreds and hundreds of more demonstrations.
    Education is at least 90 percent of the fight. And so we 
had hundreds of folks or actually thousands of folks, 
considering all the poll workers who worked hard to get 
prepared, and our experience was quite good.
    In terms of problems, the first day we had an election, 
which was last June, in our primary, of our 77 counties that 
use the DREs for the very first time, there were problems in 
two counties because a technician set them up incorrectly, and 
it took us a few hours to get that fixed. But other than that, 
it worked quite well.
    And I will tell you that the folks who, in my opinion, 
liked them best are retired citizens, and those are the folks 
who tend to have indigestion, in my experience, because they 
are just a little bit suspicious a lot ahead of time. But after 
they have done it one time, they love them. So I think simply 
education is the key.
    Ms. Lofgren. I am going to set an example and stop 
questioning with 26 seconds to go and ask our Ranking Member 
Mr. McCarthy if he has questions.
    Mr. McCarthy. First of all, I will just go right back to 
the secretary of state, Mr. Eric Clark.
    A couple of things you stated. You talked about time line. 
You talked about the dollar amount not being enough, and you 
are referring to the bill which is now before us. I want to 
make sure that is correct what I was hearing from you. And you 
said you had 77 out of the 80 that used the touch screen, and 
they found it very supportive.
    Mr. Clark. That is right. Our experience has been very 
positive. I don't want to take too much of your time. We have 
82 counties in Mississippi. Two of them had already bought 
touch-screen voting machines with their own money pre-HAVA, and 
those machines don't have a paper trail, a voter-verifiable 
paper audit trail. But then of the remaining 80 counties, our 
legislation said counties can opt in and take the State-
purchased machine, or they can opt out and get their own, buy 
their own machine by their own manner. Seventy-seven of our 
eighty remaining counties opted in. And our experience last 
year, rolling them out first election, was extremely positive.
    Mr. McCarthy. CRS has a new report out this month saying 
most county election officials are happy with the systems they 
have, but are unhappy with the systems they don't have.
    If I could ask Diane, I found your testimony very 
interesting, and I need a little more explanation. Were you 
saying for accessibility, those that use DRE and added on the 
VPAT, the VPAT was not working, the paper for accessibility, 
and when was that? Can you give me a few examples of where it 
is used?
    Ms. Golden. The core DRE system is all electronic. So the 
voter interacts with it electronically, and it is stored 
electronically. All of that can be fully accessible because 
things that are electronic are easy to manipulate. So text can 
go to audio, text can be enlarged, I can use switch input.
    What happened when paper got added onto the end of the 
electronic is then there is print on a piece of paper attached 
to the side of this machine, and no longer can the person with 
the disability see it to verify it.
    Mr. McCarthy. Do you know of any technology that could?
    Ms. Golden. Scan it back in. That is what needs to happen. 
There needs to be some sort of a fixed scanner. The most 
direct, simplest solution--and not to argue with if there are 
better independent verification techniques, there absolutely 
could be, but if you are going to take what is out there now 
and try to add onto it again to make it accessible, there needs 
to be a fixed scanner so that the text that comes off that 
printer can be scanned, sent back to the electronic interface, 
and then however I marked it originally, however I read it 
originally, audio, large print, I am using switches to verify 
it, finally cast it; all of those interfaces are available to 
me.
    Mr. McCarthy. Is that technology out there today?
    Ms. Golden. Sure.
    Mr. McCarthy. Do you have any cost estimates?
    Ms. Golden. Not right now. It is building it into--you have 
a voting system that the printer was added onto. Now you are 
adding onto the add-on. So it is just in a research and 
development perspective. It is not the way you want to go about 
doing something because you are adding onto adding on.
    Mr. McCarthy. Is anyone selling this product?
    Ms. Golden. The only systems out there that use scanners 
are scanning a bar code. So the printer that has been 
attached--or, for example, if you are familiar with the vote by 
phone system, it is an audio interface. I am voting by phone. 
It prints a ballot that also has a bar code on it, and there is 
an eyeball scanner. The vote ballot drops into a basket or box, 
the eyeball scanner scans the bar code, the bar code then comes 
back to me auditorily. So it is reading the bar code on the 
paper. It is not reading the human readable print on the paper.
    Mr. McCarthy. Sorry. Time is up.
    Ms. Lofgren. Madam Chairman.
    The Chairwoman. Thank you. Thank you for convening this 
important hearing today. We welcome you as our new Chairperson, 
but this is a very important hearing. Just this morning we had, 
I guess, about eight vendors demonstrating and displaying their 
wares on voting machines, and there was one who said he had the 
perfect voting machine.
    Ms. Lofgren. Just one?
    The Chairwoman. At least he was arrogant enough to say 
that.
    But getting to voting machines, we know that that is really 
the issue here with reference to voters, knowing that when they 
cast the vote, the vote will count, and it will be accurate and 
secure.
    Ms. Golden, assuming that voter-verified paper ballots will 
be required in 2008, and let me ask each of you, do you think 
that we will be ready for a mandate for paper ballots required, 
verified paper ballots required in 2008, paper trails?
    Ms. Golden. I could answer really quickly in terms of the 
accessibility piece. No. It is just an awfully short time line 
to try to fix the two access problems that we still have in 
existing products related to print.
    Mr. Selker. In my experience, the paper trails have not 
been reliable, and they have not been verifiable nor 
accountable. As soon as we get good equipment that makes better 
records, makes records that actually improve elections, that is 
a great thing to have a better second-chance voting approach.
    Today I watch as, you know, optical scan ballots are taken 
into back rooms to be counted. I watch as paper trails, 
printers are opened up to be fixed during the day. I mean, I 
personally watched these things. And I think that we have to 
first make these things work and show that they actually can 
find the problems that people have.
    The Chairwoman. Let me ask you, you said you do not think 
paper trails are reliable. Is that what you said? And yet how 
do you convince the voter that they are not reliable? They tend 
to think that this is it. If you don't have it, there is no 
point in going to the voting booth because their vote is not 
going to count.
    Mr. Selker. I watched in Nevada when they rolled out the 
first paper trails throughout the State, and one of the first 
polling places I went to, a guy came out of the booth and he 
started stammering, ``But how do I know that my vote counted? 
There is no paper trail.'' and he had just--he had just 
experienced the first paper trail roll-out throughout a State.
    So the advocates have been extremely good at getting people 
to get the rhetoric. The question is when people experience it, 
will they believe they are even experiencing it? You will see 
over and over again people trying to open the paper trail 
printers because the word ``receipt'' used to be used. So they 
think they will get a receipt, when, in fact, there is going to 
be a record that is going to, hopefully, be held safe and sound 
in the balloting.
    The Chairwoman. My time is up already.
    Ms. Lofgren. We have our colleague from California Susan 
Davis.
    Mrs. Davis. Thank you. I appreciate your all being here.
    As we sit and talk about these issues, you feel like you 
are at the grocery store. Paper or plastic. And whether we 
can--and I am just wondering whether you think there is common 
ground on that issue; specifically that we could be or should 
be focusing on that perhaps has not been addressed, because 
people either feel comfortable with scanner ballots or with the 
DRE, and I am wondering where do you think that common ground 
is?
    Mr. Clark. My response would be that in terms of voter 
confidence, and I think that is what you are asking about. My 
experience in Mississippi has been extremely positive. We did 
the roll-outs of the DREs with the voter-verifiable paper trail 
in the middle of the national debate--except ``debate'' is too 
nice of a word--in the middle of the national hoopla about this 
very issue, and the machines worked well. And the fact that we 
had the paper trail gave voters the confidence that their vote 
was being counted.
    If I am--if you would indulge me for just a moment. There 
is a fundamental flaw in the logic of this debate; that is, 
there seems to be a sense that somewhere back in the past, 
there was a system that worked better, and I can guarantee you 
there was not. The machines that we have in Mississippi now are 
by far more accurate than anything that we have ever had before 
or that has ever existed before. And so the election is more 
accurate than elections have ever been. Just a few years ago it 
was not uncommon to have, in some cases, 15, 18 percent 
undervote in some elections, and now these machines have 
essentially ended that problem.
    And so it is way more--the glass is way more than half 
full.
    Mr. Selker. I want to corroborate that and say we now have 
several States that have less than half a percent residual. We 
believed in 2001 the lowest you could go because of protest 
votes was 1 percent. It is just remarkable.
    The fact is that people are comfortable with the voting 
systems that they use. That is what exit polls tell you, and 
what we--I remember talking to this 80-year-old in Nevada, and 
I asked her, how did you find that experience? She had had the 
hardest experience all day. She rolled out of her mouth, 
``Well, those punch cards were terrible. The leverage machines, 
I could never find anything. The optical scans I couldn't read. 
This is so fabulous.'' and I just couldn't believe she put it 
all in one sentence what she felt about that.
    The big print people like high-contrast things. You know, 
if you do one raise per screen, you can get people to have a 
lot less errors. But I think that we are in a fantastic 
position now to improve elections with the technologies that we 
are now starting to get better.
    Mr. Pierce. My experience in Cook County in Chicago are 
people with disabilities are very satisfied and pleased that 
more options are available and more flexibility has happened. 
There is limitations with the machines that are available for 
this paper system, and those have access issues of their own.
    Mrs. Davis. I was going to follow up.
    In the disability community, which individuals have the 
greatest difficulty voting, and is there a way to kind of focus 
in on that particularly?
    Mr. Pierce. It is generally blind persons and those with 
some kind of motor impairments who have difficulty holding a 
pencil or pen in their hand and handling paper and manipulating 
paper would be the--is my observation.
    Mr. Selker. Fifteen percent of Americans have reading 
disabilities. Those people, drawing those eyes across the 
ballot, whatever the ballot is, is a problem. If you take a 
look at the ballots in Massachusetts, we only have the last 
names of the candidates on there, and you have to go across the 
ballots to get to the bubble. I think there are a lot of people 
with problems, and I think the sightless are among them, but 
not at all the largest number.
    Mrs. Davis. Thank you.
    I had an opportunity to go review a number of those 
machines today. I just want to thank the Chairwoman for making 
those accessible to us so that we would have that opportunity. 
And one of them, in particular, I did find that was supposed to 
help the disability, I was having a little difficulty with it.
    So I think we all have to try them out and try and 
understand where some of the problems are. I know the problem I 
was having was--they were talking about having that fixed. But 
it was interesting to me that I was having a little difficulty 
with that hand motor coordination, I think.
    Thank you.
    Ms. Lofgren. And that is from someone who votes a lot, all 
day every day.
    I would like to thank this panel for taking the time to be 
with us today personally, and especially for your written 
testimony which is going to be key to us as we move forward 
looking at this issue. We are really honored by your presence. 
Thank you so much.
    The Chairwoman. Madam Chair, may I just say, I am very 
impressed with this panel, but more so the secretary of state 
of Mississippi. And I am going to--hopefully we get back with 
you at a later date to really look at what you have because it 
seems like a great success story.
    Mr. Clark. Thank you, Madam Chair. You are very kind.
    Ms. Lofgren. Thank you all very much.
    Ms. Lofgren. Let me welcome panel number two.
    This is a great opportunity for the committee to gain 
insight into the technical issues of these machines, and I 
think, as has been mentioned, there is a great anxiety among 
many people in the country about whether or not their vote is 
being counted accurately, not accurately.
    People--since I am from the Silicon Valley, I know you will 
all take this in the right way. This is our Geek Squad here. We 
value you are here to talk a little bit about the technology 
and to give us the benefit of your expertise and your points of 
view.
    So I wonder if we could just start with Mr. Zimmerman here 
from the Electronic Frontier Foundation and move on to Dr. 
Williams.

    STATEMENT OF MATT ZIMMERMAN, STAFF ATTORNEY, ELECTRONIC 
  FRONTIER FOUNDATION; HUGH J. GALLAGHER, MANAGING DIRECTOR, 
  ELECTION SYSTEM ACQUISITION AND MANAGEMENT SERVICES, INC.; 
    BRIAN BEHLENDORF, FOUNDER AND CHIEF TECHNOLOGY OFFICER, 
COLLABNET; DAVID WAGNER, Ph.D., ASSOCIATE PROFESSOR, UNIVERSITY 
OF CALIFORNIA, BERKELEY; AND BRIT WILLIAMS, Ph.D., PROFESSOR OF 
   COMPUTER SCIENCE AND INFORMATION SYSTEMS, KENNESAW STATE 
                           UNIVERSITY

                  STATEMENT OF MATT ZIMMERMAN

    Mr. Zimmerman. Thank you, Madam Chair.
    Good afternoon. Thank you for the opportunity to speak with 
you today on this important topic. I am a staff attorney with 
the Electronic Frontier Foundation, a San Francisco-based 
nonprofit, member-supported civil liberty organization that 
challenges industry, government and the courts to protect 
rights in the emerging digital world.
    This discussion is about many things, but at its heart is 
the real issue of how the current generation of voting systems 
has relegated, in a structural way, real transparency to a 
secondary value. Given the time, my aim here is to touch 
briefly on a number of experiences that we have encountered 
that I think highlights some of the problems that are being 
caused or exacerbated by closed election systems, problems that 
be can be alleviated to a large extent by a move towards an 
open- or closed-source regime.
    First, election monitoring, as a general matter, suffers in 
its ability to uncover and act upon useful information. Despite 
many documented problems through many election-monitoring 
efforts, despite these documented problems which are often not 
documented by election officials themselves, incidents were not 
investigated or investigated in only a limited way by the very 
election officials and vendors whose decisions and actions were 
at issue.
    Second, and more important from my standpoint, postelection 
litigation aimed at investigating such suspect machine 
performance and correcting problems that appear to have 
resulted in incorrect election outcomes have fared little 
better. For example, EFF currently serves as cocounsel in 
Fedder v. Gallagher, a suit questioning the administration of a 
2006 congressional race in Sarasota. This is a different race 
than is right now before the House. Far from accommodating the 
legitimate concerns of the Sarasota voters, the State, the 
county, and the vendors closed ranks here and continued to 
prevent the independent type of inquiry into the source code 
and other relevant materials that we think is necessary.
    Over the past several years, I have had the distinct 
pleasure of working on this and related issues in an ever-
growing community of very passionate people of all stripes who 
sometimes disagree and disagree very passionately about 
tactics. But a common thread that holds us all together is a 
shared belief that whatever the individual technological 
solution turns out to be, secrecy cannot continue to operate as 
a cornerstone of electronic administration. Voters want to be 
able to cast ballots and to have their ballots counted, but 
even more than that, they need to be convinced that the process 
is a fair and accurate one.
    This perpetually increasing interest of the general public 
in the literal mechanics of the electoral process is, to borrow 
a computer programming term, a feature and not a bug. This is a 
good thing, not a bad thing. And I respectfully suggest that 
Congress should not be in the business of trying to dissuade 
the public from prioritizing transparency over a single 
component of the proprietary interest of vendors.
    Thank you.
    Ms. Lofgren. Thank you very much.
    [The statement of Mr. Zimmerman follows:]


    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    
    Ms. Lofgren. We are lucky to have Dr. Williams, a professor 
of computer science from Kennesaw State University.

                   STATEMENT OF BRIT WILLIAMS

    Mr. Williams. Thank you. I want to begin by thanking you, 
Madam Chairwoman, for giving me this opportunity to appear 
before you. I have worked in this area of evaluating voting 
systems for over 20 years. I appreciate the opportunity to 
share this experience with you.
    If you look at the definition of ``open source,'' you will 
find that it talks about making the source code available to 
the public and allowing users to alter them. Nowhere in the 
definition or the literature does it mention that open source 
is a mechanism for testing source scope or establishing the 
validity of source scope. And there seems to be a general 
conception that source scope is unavailable to be reviewed, and 
this is not the case.
    In my experience over the last 20 years, everyone I am 
aware of who has any need to evaluate or any legitimate need to 
evaluate source code has had access to it.
    I have been evaluating voting systems for the State of 
Georgia since 1986, and I have had in my possession the source 
code of every voting system that has been used in the State of 
Georgia during that period. So the source code is available. It 
is not available to the general public. And I have got some 
serious concerns over whether the source code should be 
available to the general public, because the general public 
includes everything from teenage hackers to foreign terrorists, 
and I don't think this is what the committee has in mind.
    So, in my opinion, open source code is not a good idea. But 
should the source code be available for evaluation? Absolutely, 
but under very carefully controlled conditions that, number 
one, protect the proprietary nature of the source code itself, 
but, more important, protect the security of the United States 
and its elections.
    So right now, for example, source code is evaluated at the 
Federal level, and it is archived there. It is evaluated at the 
State level, and it is archived there. So it is available.
    And what I would like to end with is a recommendation for 
evaluating source code, and I am using a model that was just 
used in the State of Florida to evaluate the source code that I 
believe you were involved in that. And I will leave him to talk 
about that.
    But number one, I think the evaluation of a source code 
should be under the auspices of a State election organization; 
that the individuals that would be evaluating that source code 
would be selected by that State; and that the election official 
would then apply to the EAC for a license, if you please, to 
obtain that source code. I believe that the individuals who 
would participate in that should be subject to background 
checks by the Office of Homeland Security, and I believe that 
they should be required to sign a nondisclosure agreement where 
they agree to protect the proprietary nature of the vendor 
software.
    And if I can have about another 10 seconds.
    The final thing I believe is that there should be severe 
penalties for disclosing that software to any unauthorized 
person. And I think that should be spelled out in the code, 
because we have an anecdotal evidence that our patent laws and 
our current laws on protecting proprietary software are not 
adequate to protecting voting system software.
    Ms. Lofgren. Thank you, Dr. Williams.
    [The statement of Mr. Williams follows:]


    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    
    Ms. Lofgren. We also have Dr. David Wagner, who is a 
professor of computer science at California, Berkeley.

                   STATEMENT OF DAVID WAGNER

    Mr. Wagner. Thank you for the opportunity to testify today.
    My name is David Wagner. I am an associate professor of 
computer science at U.C. Berkeley, and I work in computer 
security and electronic voting.
    E-voting was introduced for laudable reasons; however, in 
addressing one problem, we have created several new ones. First 
of all, e-voting brings risk to election security. Over the 
past 4 years, independent researchers have discovered security 
vulnerabilities in voting machines used throughout the country. 
I will point out that our State and Federal certification 
processes designed to evaluate these voting systems failed to 
discover those vulnerabilities.
    Would disclosing voting systems source codes help with the 
security risks? Yes, potentially, but with some very important 
caveats. Access to source code has improved security in other 
areas of computing, and I expect it could have the same effect 
here, too. That said, source code analysis does have important 
limitations. Source code analysis cannot--source code 
disclosure cannot solve the security problem. It cannot 
demonstrate that our voting machines are trustworthy.
    When it comes to security, another path is to reduce our 
reliance upon software by moving to software-independent voting 
systems. For instance, adopting voter-verified paper records 
and routine audits of those records would be one way to achieve 
this. In my opinion, software independence would make source 
code disclosure less urgent from a security point of view.
    A second problem is that the spread of voting machines has 
degraded the transparency of our elections. The secrecy 
surrounding the software makes it difficult for the public to 
observe and exercise meaningful oversight over the 
administration of our elections.
    Let me give you an analogy. How would you feel if your 
taxes were computed for you each year by the IRS using a secret 
formula that you weren't allowed to see? I suspect many people 
would probably be pretty concerned about that, just as they are 
concerned by the fact that their votes are counted using secret 
codes.
    Would source code help improve transparency? It sure would. 
Source code disclosure would help restore some of the 
transparency that was lost when we moved to electronic voting. 
For instance, disclosure would eliminate the vendors' 
information advantage over their customers and over the public. 
Today vendors make claims about their machines, and members of 
the public can't get access to the information they need to 
independently evaluate those claims. Source disclosure would 
enable candidates, political parties and interested members of 
the public to commission independent analysis of the machines 
and get a second opinion, something they cannot do today.
    If we accept that source code disclosure is a good goal in 
the long run, there are, however, some difficult challenges 
about how to get there. Unfortunately, today's voting machines 
are not designed for disclosure, and that creates several 
challenges. One of those challenges is that, based on my 
experience reviewing source code from two of the four major 
vendors, it is my prediction that immediate disclosure of 
source code could easily lead to discovery of serious problems 
in all of the vendors' machines, and that would overwhelm the 
ability of the vendors and the election officials to respond in 
a single election cycle.
    So given these challenges, it might make sense to phase 
disclosure in over time. And in my written testimony, I have 
described several ways one might manage the transition by 
gradually increasing the scope of disclosure over several 
years.
    Ms. Lofgren. Thank you very much.
    [The statement of Mr. Wagner follows:]


    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    
    Ms. Lofgren. Next we have Mr. Hugh Gallagher, who is the 
managing director of Election System Acquisition and Management 
Services.

                 STATEMENT OF HUGH J. GALLAGHER

    Mr. Gallagher. Thank you very much for giving me the 
opportunity to be here today.
    I think you are hearing from this panel relative to this 
topic that there may sound like there is a divergence of 
opinion, when, in fact, I think we all agree that the number 
one thing we want is transparency in the process. We all concur 
on that, that we want the voters on election night to go home, 
go to bed knowing full well that the results of the election 
were fair, accurate and represent the will of the people.
    What I would like to focus on is the concern--I concur with 
my colleagues to my right that open source code is probably 
something that is going to have to be considered, but the 
question is the context in which it is going to be considered. 
And so in keeping with Dr. Williams' thought process, one of 
the things I would like to look at is the common ground between 
all of the various groups that are here.
    I believe, whether it is a third party at the State level 
or the Election Assistance Commission, I think we are needing 
to have an organization established that we might want to call 
the Voting Software Control and Distribution Board; an 
independent, trusted third party that would take possession of 
the source code and ownership of the source codes once that 
code has been approved by the respective ITAs. So once the 
vendor has released it to the ITAs for testing and 
certification, upon certification would go to the trusted third 
party supported by the National Institute of Standards and 
Technology, as an example, the idea being that the public would 
have access to this software under special controlled 
circumstances, probably not too dissimilar to what we see in 
the Library of Congress where there are historical records and 
information that you have to request, petition, go in and 
schedule to go in; a controlled environment in a single 
physical location where it can be monitored--where the 
activities can be monitored.
    The process might look something like this, where the 
vendors, after they are done with their testing and 
certification process, notify the ITAs that once they are done 
and approved, they would go to the independent third party. The 
VSDC, the Voting Software Distribution Control Board, would 
take possession and configuration control. Vendors would be 
notified when clients require the software, and we might look 
at a process where this third party actually distributes the 
software independent of the vendors, and then the vendor has no 
contact with the final code once it leaves the ITAs.
    There are a number of processes and details we would have 
to look at in terms of implementation, but I think what this 
does is start to bridge the concerns that both sides have, 
allows the access people are looking for, but not the free, 
unencumbered access, which I do think poses a risk in the 
public domain.
    Thank you very much.
    Ms. Lofgren. Thank you.
    [The statement of Mr. Gallagher follows:]


    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    
    Ms. Lofgren. And, finally, we have Mr. Brian Behlendorf, 
who is the founder and CTO of CollabNet and also a director for 
Mozilla. So thank you for Firefox.

                 STATEMENT OF BRIAN BEHLENDORF

    Mr. Behlendorf. I want to specifically talk about open 
source software a bit more, give you a background on it, and 
help you understand how it has really become essential to the 
software industry today, and where the issue of security lies 
with it, and how really it can be a big solution to that 
problem.
    The software industry has seen a series of transformations 
throughout its brief history. The first transformation was 
initially called open systems, and this was the idea that we 
could build software that would run on multiple types of 
hardware, a fairly radical notion for its time.
    The second major transformation was called open standards. 
This was the idea that companies could get together and talk 
about common data formats, common protocols to share data and 
build systems that, by talking to each other, build greater 
value for customers and for the industry as a whole.
    Both of these transformations were disruptive 
transformations. Some of these companies grew and benefited 
from them, among them Microsoft, Sun, and Cisco; other 
companies resisted and in some cases perished.
    The third major transformation in this linear series of 
transformations is open source software. Open source software 
is software defined as being licensed under a very generous 
copyright license, licenses that allow many kinds of use at 
zero price, provide access to the underlying source code, allow 
modification and improvement by recipients, and allows those 
recipients the right to share those improvements with others. 
This approach can result in fewer defects, greater flexibility, 
more rapid innovation and a more competitive marketplace than 
the proprietary alternatives.
    Today every major technology vendor releases some portion 
of its intellectual property under an open source license. The 
business models behind this investment are a mixture of support 
services and strategic opportunities for other proprietary 
offerings. Sun, HP, and IBM all have significant revenue 
streams based on open source software. Even Microsoft has 
acknowledged the value on open source by releasing some minor 
software under such a license.
    On the customer side, open source software is used 
everywhere from critical Wall Street financial systems where 
security is paramount, and the teenage hackers and terrorists 
would be just as attracted, to such commodity devices as cell 
phones and TiVos. Within the public sector, we see open source 
used today in the Pentagon, in the Departments of Commerce, 
Energy, and Homeland Security. In all of the above examples, 
open source and transitional proprietary software can 
peacefully coexist.
    Is open software guaranteed to be more secure? No. It is 
challenging for even the most competent engineers to write a 
secure code. The only widely recognized indisputable method to 
designing and building highly secure systems is massive 
developer peer review. The more widely inspected a code is, the 
smaller the chance of undiscovered defects. This extends to the 
development process itself. The larger the development team 
around a given body of code, and the more the deliberations of 
that team are open to the outside world, the more reliable 
their designs are likely to be.
    This community approach is the key ingredient in any 
successful and secure open source project.
    In the interest of time, I will point your attention to the 
open SSL project example that I give in the written testimony.
    Finally, the most useful aspect to choosing an open source 
project is the inherent protection it can give against vendor 
log-in. Customers can switch vendors without surrendering any 
legal rights to use and extend the software. Thus, open source 
is a new kind of relationship between customer and vendor from 
one of dependency to one of cooperation.
    To summarize, open source in the software industry today is 
accepted, it is real, it is probusiness and procustomer, and it 
has a tremendous chance to build trust and security and proper 
operation of voting system software.
    [The statement of Mr. Behlendorf follows:]


    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    
    Ms. Lofgren. Thanks to all of you for excellent and 
interesting testimony.
    Again, I will try--each of us will try to limit our 
questions to the same 3 minutes that you have given to us.
    Let me start with Mr. Gallagher. The EAC Commissioner, I 
understand, has said that disclosing source codes would help to 
restore public trust in the election process. And he explicitly 
stated vendors should not have the right to keep a source code 
a secret. He has called on computer scientists and election 
officials to work together to solve many of the problems 
related to voting systems, and I think in some cases it can be 
either problems, or perceptions of problems are very damaging 
as well.
    How do you respond to that explicit call from the EAC?
    Mr. Gallagher. First of all, I have tremendous respect for 
Commissioner Soaries. He is a great man, and a great public 
speaker if you have ever heard him.
    I don't think we are at odds here. I don't think anybody at 
this table is potentially at odds. I think we agree there 
should be some degree of openness. The question is in what 
circumstances; how does that actually work; what are the 
mechanics?
    I would submit that having things, as I understand it, and 
I may be wrong--that in a true open source environment, 
software environment, my particular concern is one of the 
attractive nuisance; in other words, persons coming along who 
might not otherwise be inclined for mischief all of a sudden 
seeing and being presented with an opportunity, not too 
dissimilar from my children, and wanting to exploit that 
opportunity to nefarious ends, or even just for grins and 
giggles.
    I think what we want is an open source environment 
controlled in some form or fashion, agreed-upon rules and 
procedures that everyone can subscribe to, because, as my 
colleague to my left was saying, that the more people involved, 
the better that withstands the test. The only question I would 
ask is what are the rules, because if you get too many cooks in 
the kitchen, you get too many recipes.
    Ms. Lofgren. I wonder, Dr. Wagner, if you could comment on 
Mr. Gallagher's statement, and also if you could--I don't know 
if this is to the business school or the computer science 
school, but if--the defects are going to be probably one of two 
kinds: either an intentional backdoor or a bug that was not 
intentional. And presumably the intentional backdoor is more 
easily found and resolved. Maybe not. But if we were to do an 
open source regime, as suggested by Mr. Behlendorf, what would 
the economic impact be? Would it be adverse on vendors of 
machines? Could they accommodate it and still flourish? What do 
you think the impact would be?
    Mr. Wagner. So to the first of your questions, I think in 
the long run, until we disclose all of the source codes to the 
public, I believe that the public will be--will have concerns, 
will not trust and will express reservations over the source 
code. So in the long run, I believe that is where we need to 
head to enable the public and the candidates to gain 
confidence.
    As far as the economic impact of source code disclosure, I 
believe that there are some costs to source code disclosure, 
but that is easily manageable, especially through a gradual 
introduction of increasing disclosure.
    Ms. Lofgren. My time has expired. So I will ask the Ranking 
Member to ask his questions.
    Mr. McCarthy. I apologize. I want to be quick and maybe try 
to get some yes or no answers.
    I would appreciate it if we could get everybody's cards. I 
would like to talk to you later.
    First to Dr. Wagner, you were part of the FSU team that 
analyzed down there. Did you have the source code?
    Mr. Wagner. Yes.
    Mr. McCarthy. And maybe to Mr. Zimmerman, you had mentioned 
in Fedder v. Gallagher--I read your statement here where you go 
through it. You state, with regard to your lawsuit with these 
Sarasota voters, that Florida prevented independent inquiry 
into the source code. Do you still keep that same statement 
after the FSU Study?
    Mr. Zimmerman. Yes, I do. And with all due respect to David 
Wagner, who I have worked with in the past many times, I think 
he is a very fantastic scientist who I go to for information 
from time to time.
    Mr. McCarthy. You have used him before?
    Mr. Zimmerman. In an informal way, yes.
    Mr. McCarthy. But you feel this is not an honest----
    Mr. Zimmerman. What has gone on in the Fedder v. Gallagher 
case, is essentially the State is deciding on its own the scope 
of a project, and I don't even believe Mr. Wagner will say it 
is an expansive project that is aimed at getting all of the--
find all of the potential problems and----
    Mr. McCarthy. I understand. I don't want to get into the 
case because I can't go through the cases. But just on the 
study itself, do you feel that study--you don't agree with the 
study even though he stated he had the source code?
    Mr. Zimmerman. I believe that there are problems with the 
study, yes, and I would be happy to talk with you later.
    Mr. McCarthy. Okay. Thank you. And Mr. Williams. So your 
statement--and it was kind of towards the end--you had concerns 
with hackers, with others. If you just put them all out there, 
you thought maybe testing them much like maybe the FSU study 
would be the proper way? I don't want to put words in your 
mouth, but am I understanding that correctly? 
    Mr. Williams. I am very much in favor of controlled 
evaluation of source code. I am very much opposed to just 
opening up the kimono, okay, because not just hackers and 
terrorists but well-meaning--most of our problems are not 
caused by bad guys. They are caused by well-meaning good guys. 
So there is no advantage to making it possible for any citizen 
to modify voting system software.
    We don't operate voting systems that way. You get a voting 
system as solid as you can get it, and you freeze it. You don't 
let anybody touch it. If anybody touches it, you make it go 
back through the entire sequence of tests again. So there is no 
advantage from that point of view of being able to modify and 
expand and customize it to your own use. That is not what we do 
with voting system software. The only advantage is to be able 
to find these supposed bugs and Trojan horses and all the bad 
stuff, and I think that people like Dr. Wagner can do that in a 
controlled situation just as well as he can with an open 
situation.
    Mr. McCarthy. Only because you are both Ph.Ds. Have you had 
an opportunity to read the FSU study?
    Mr. Williams. I have read most of it.
    Mr. McCarthy. Do you agree with Mr. Zimmerman that you 
think something is wrong with the study?
    Mr. Williams. Well, I won't agree or disagree but I will 
make a statement about the study. In my 20 years of doing this 
kind of evaluation, that is the most open, professional well-
written study I have yet to see.
    Mr. McCarthy. All right. Thank you. I appreciate it. You 
are very interesting.
    Ms. Lofgren. Our last member is Susan Davis, who will have 
her questions answered.
    Mrs. Davis. Thank you. Thank you, Madam Chair. Thank you 
all for being here. I think this question would really go to 
you, Dr. Wagner. Have they tested all the systems in Florida to 
your knowledge? And could you help us understand how that was 
done and what should have been done perhaps or going forward, 
what we ought to be looking at?
    Mr. Wagner. Certainly. Well, I can't speak for the state of 
Florida. I can't speak for the entire audit they did. The team 
that I was involved with had a narrow mandate to look to see 
whether there were problems in the machine software provided to 
us that could have caused or created the undervote in that race 
there. And our conclusion was that it did not.
    Now, I can understand why some members would be--why there 
may be some folks who would be reluctant to trust the results 
of our study. Until everyone can choose the expert of their own 
choosing, I can understand why they may have concerns.
    Mrs. Davis. Now as part of your all--were you able to go 
back and see the testing that had been done?
    Mr. Wagner. We were not asked to review the entire Florida 
State audit, we had a very specific mandate.
    Mrs. Davis. Okay. Thank you. Thinking about how the public 
responds. I mean, this is really all about the credibility of 
the systems, and whether or not if you had transparency, is 
there a concern that some individuals with some knowledge could 
actually frighten the public into believing that there were 
flaws in the system that could not be overcome? And how would 
that work?
    Mr. Wagner. I think there is some concern there in the 
short term, given my experience of how full of security 
problems these machines are. In the short term, that would be a 
concern. I think that the way to address that is through a 
gradual transition planning where in the beginning, we begin by 
following Professor Williams's recommendations to make the 
source code available to qualified experts, give the vendors a 
chance to address those problems, and prepare their systems for 
disclosure and gradually move towards a long-term goal of 
public disclosure.
    Mr. Williams. I think it is worth pointing out that the 
vendor in this case was a full participant in this study. Is 
that a fair statement?
    Mr. Wagner. I was pleased with their cooperation, yes.
    Ms. Lofgren. This has been a very helpful panel. And 
obviously, your written testimony amplifies considerably on 
your oral testimony today. It is very, very helpful. I know it 
is not easy to wait for the Congress Members to come over from 
an extended vote and then of course to shorten because now we 
are terribly behind. But we do appreciate this, and it does 
make a difference in our understanding and hopefully our wisdom 
as we proceed. So thank you each and everyone. It is very much 
appreciated. And with that, this hearing is adjourned.
    [Whereupon, at 3:30 p.m., the subcommittee was adjourned.]


    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]




