Arrogant Letter Agrees to Comply With Law by Submitting Source Code for Review, But Mysteriously Insists That SoS Bowen Revoke Demand to Release Version of Source Code Held by Escrow Firm...
By John Gideon on 6/28/2007, 8:05am PT  

Guest Blogged by John Gideon of VotersUnite.Org

As The BRAD BLOG reported yesterday, voting machine company ES&S has finally relented and agreed to join all of the other companies operating in the state by cooperating with the Secretary of State Debra Bowen's "Top-to-Bottom Review" of all electronic voting systems previously certified by her predecessor Bruce McPherson. After previously refusing to supply the state with source code for the company's InkaVote Plus system used exclusively in Los Angeles County, Bowen had demanded the release of the source code from escrow where it was stored by state law, as we also reported previously.

But has ES&S really relented? Or is something else up?

We asked yesterday why ES&S decided to send their source code, instead of allowing Bowen to pull it from the escrow facility at Iron Mountain, as she had previously demanded. And now, based on a letter from the company which The BRAD BLOG was able to obtain from one of our sources, as sent to Bowen's office when they agreed to supply the source code Monday, the smell of something fishy continues to permeate. The complete ES&S letter is posted in full at the bottom of this article.

On Monday, June 25, ES&S sent the letter to Lowell Finley, California's Deputy Sec. of State in charge of Voting Systems Technology and Policy, agreeing to supply the source code for InkaVote Plus is an amazing example of the company's arrogance even as it continues to beg a myriad of unanswered questions.

ES&S opens the letter repeating their desire for changes to the previously agreed upon Non-Disclosure Agreement (NDA) they have with the state. AS well, they believe the cost of Bowen's "top-to-bottom review" is too high, and they have concerns with some of the researchers who are doing the review. Nonetheless, they agree to cooperate.

Yet, after informing Finley that they intend to finally send the required source code, they instruct him that they expect him to send a letter to Iron Mountain Intellectual Property Management Inc. to release the firm from the state's request for the escrowed source code. Now why would they need to do that?

"As ES&S is providing the InkaVote Plus voting system source code directly to your office, ES&S requests that you send a letter to Iron Mountain retracting your request for the InkaVote Plus voting system source code," writes ES&S' Steven M. Pearson in the letter.

"This will provide the required notification to Iron Mountain that you are no longer in need of the requested source code and allow Iron Mountain to close your request. In addition, this will avoid ES&S from having to issue contrary instructions to Iron Mountain to prohibit the release of the InkaVote Plus voting system source code."

So what the heck is that all about?...

Iron Mountain is the repository for the source code provided by ES&S when they requested that their InkaVote Plus voting system be certified for use in the state of California. That source code is there per state law (California State Election Law Section 1903) and the certification document [PDF] for that voting system, as signed by former Secretary of State, Bruce McPherson.

The ES&S letter also refers to a letter to the SoS from Frank Bigelow, representing the California State Association of Counties (CSAC) in which Bigelow questions the motivation and "apparent personal agendas of a number of the currently proposed examiners".

The letter then ends with a not so veiled threat that if any need for changes is found, Los Angeles County will have to pay for those changes.

We have asked the Secretary of State's office to respond to some questions after reading the letter. We've yet to hear back from the office in response, but will update this item when and/if we do hear from them.

These are the questions we sent:

  1. Why did ES&S directly provide the source code and not just have Iron Mountain deliver the code that is supposed to be on escrow at that facility for purposes like the state's inspection?
  2. Is there actually any ES&S source code at Iron Mountain and, if so, is it the same code used in the voting system presently in use in Los Angeles County?
  3. What steps will be taken to ensure that ES&S has complied with state law and the certification agreement regarding that escrow?
  4. Did they include the environment and compiler used to build the software from the source code?
  5. If so, will you be doing your own trusted build to compare against the software used in the last election?
  6. If not, how will you confirm that the source code was used to build the software used in the last election?
  7. And finally, does the Secretary of State intend to comply with the wishes of ES&S and notify Iron Mountain that they no longer need to comply with it's request for the source code escrowed there?
  8. If so, how confident is the Secretary of State that the source code is, in fact, actually escrowed at Iron Mountain in compliance with state law?

When we get answers to these questions, as mentioned, we'll pass them on to you.

(ES&S PDF version is here as well as posted in full at the end of this article),

The 6/25/07 letter from ES&S' Steven M. Pearson to CA's Dep. SoS Lowell Finley may be downloaded as a PDF here, a text version follows in full below...

June 25, 2007

VIA E-MAIL TRANSMISSION: LFinley@sos.ca.gov
AND OVERNIGHT DELIVERY

Lowell Finley
Deputy Secretary of State
Voting Systems Technology and Policy
1500 11th Street, 6th Floor
Sacramento California 95814

RE: “Top-To-Bottom Review” of InkaVote Plus Voting System

Dear Deputy Secretary Finley:

This letter and the enclosures herein shall serve as a follow-up to our most recent conversation of June 21, 2007, in which we discussed the California Secretary of State’s (“SOS”) proposed “top-to-bottom review” of the InkaVote Plus voting system.

Despite the SOS’ continued refusal to even consider the limited revisions requested by ES&S to the Confidentiality and Non-Disclosure Agreements (“NDAs”) or address the concerns repeatedly communicated by ES&S regarding the exorbitant cost of this exercise and concerns respecting several examiners, ES&S has executed the Agreement Regarding Voting System Documentation and Equipment (“SOS Agreement”) and encloses a fully executed copy of the same. As such, ES&S also agrees to release the InkaVote Plus voting system source code to the SOS solely for purposes of this review in accordance with the terms of the SOS Agreement.

We have been advised by ES&S’ escrow agent, Iron Mountain Intellectual Property Management, Inc. (“Iron Mountain”), that you have made a separate request directly to Iron Mountain to release the InkaVote Plus voting system source code to your office. As this review is not a permitted release condition under ES&S’ contract with Iron Mountain, we don’t expect that your request will be fulfilled by Iron Mountain without ES&S’ agreement and direction to Iron Mountain to release the code. As such, we will authorize our business partner International Lottery & Totalizator Systems, Inc. (“ILTS”) to release the InkaVote Plus voting system source code directly to your office. Your office should receive such source code on Tuesday, June 26, 2007. Further, as ES&S is providing the InkaVote Plus voting system source code directly to your office, ES&S requests that you send a letter to Iron Mountain retracting your request for the InkaVote Plus voting system source code. This will provide the required notification to Iron Mountain that you are no longer in need of the requested source code and allow Iron Mountain to close your request. In addition, this will avoid ES&S from having to issue contrary instructions to Iron Mountain to prohibit the release of the InkaVote Plus voting system source code. ES&S respectfully requests that such letter be sent on Tuesday, June 26, 2007 upon your receipt of the code from ILTS.

ES&S expects that the SOS and each of the examiners will strictly comply with the NDAs and take all necessary actions to fully ensure that the trade secrets contained within the voting system source code and related confidential and proprietary information are protected from any unauthorized disclosure or use by anyone, including each of the examiners. In that regard, we are in receipt of a copy of the enclosed letter to Secretary Bowen from Mr. Frank Bigelow on behalf of the California State Association of Counties (“CSAC”). As echoed by the CSAC, there are serious concerns regarding the motivations and apparent personal agendas of a number of the currently proposed examiners.

We reiterate those concerns and our expectation that the SOS shall ensure that the examiners strictly comply with the terms of the NDAs and not disclose or in any way use the information reviewed or gained through such review for any improper purpose, including the design and development of competing voting systems. Please understand that ES&S will hold not only the examiners responsible, but the SOS as well, for any prohibited disclosure or use of ES&S’ trade secrets and related confidential and proprietary information.

In addition to the SOS Agreement, ES&S encloses herein a check in the amount of $131,000 as payment in full for the vendor’s portion of the cost to complete the “top-to-bottom review” of the InkaVote Plus voting system. We understand that these funds will be deposited into escrow by the SOS and drawn against as the review work is completed by the examiners in accordance with the SOS’ engagement and scope of work. Please be advised that ES&S’ hereby reserves all rights and previous arguments made to the SOS as communicated in both ES&S’ April 24 and June 15, 2007 letters. In the event it is later determined that the SOS’ proposed review was not conducted in accordance with applicable law, ES&S reserves the right to seek a refund of some or all of the fees paid for this review.

Lastly, as the InkaVote Plus voting system has already been fully qualified by federally accredited independent testing authorities against current federal voluntary voting system standards and certified by the SOS in accordance with current California certification requirements, we fully expect that the SOS’ review will not result in the need to make any changes to the voting system in order to comply with such existing requirements. As such, in the event that recommendations or requested changes result from this examination which are not otherwise required by applicable federal or state law, before any changes can be made, ES&S will need to determine whether its sole

California customer using this system, Los Angeles County, is willing and able to incur the expense of developing and certifying such changes. As we previously stated, we are skeptical that a customer will be willing or able to pay the cost of changes to its voting system that are not otherwise required by applicable law.

If you have any questions or need additional information, please contact me directly.

Sincerely,

Steven M. Pearson

cc: The Honorable Debra Bowen, Secretary of State
Aldo J. Tesi – ES&S
Eric A. Anderson, Esq. – ES&S
Lou Dedier – ES&S
Michael M. Hupp, Esq. – Koley Jessen
Chris Ortiz - ILTS
David Beirne – Executive Director, Election Technology Council
Steve Weir – President, California Association of Clerks and Elections Officials
Connie McCormack – Los Angeles County Register-Recorder/County Clerk
Judy Whitehurst, Esq. – Principal Deputy County Counsel, Los Angeles County