State legislation and regulation

Regulators in both North Carolina and California are concerned with access to election system source code. In August of 2005, the North Carolina legislature passed SB223/H238 into law which stipulated that all source code used in voting systems certified in North Carolina would have to undergo a variety of evaluations. The provision stated that ``all source code'' would be made available for review, even that of third party vendors such as the operating system.See §163-165.7(c), available as passed by both houses of the NC Legislature here: https://www.ncga.state.nc.us/Sessions/2005/Bills/Senate/HTML/S223v7.html. It is unclear whether or not this statute will be enforced.Diebold Election Systems, Inc. was concerned that, among other things, it didn't have the rights to provide access to the source code of third-party software components of its system. It sued the North Carolina Board of Elections to prevent this regulation from taking effect. The case was dismissed as the Court found that there was no dispute as to the language or interpretation of the statute. See: Diebold v. North Carolina Board of Elections, unpublished (NC. Super. November 30, 2005), available at: https://www.eff.org/Activism/E-voting/diebold_order_dismissal.pdf.

In California, the Secretary of State has taken a series of steps to increase the transparency and robustness of voting systems used in the State. The Secretary of State keeps a copy of the source code and binary executables for voting systems and retains the right to perform a full independent source code review.Other provisions relevant to public scrutiny and expert evaluation include: Vendors must establish a California County User Group and hold one annual meeting where the system's users are invited to review the system and give feedback and volume reliability testing of 100 individual voting under election-day conditions. See: California Secretary of State, ``10 Voting System Certification Requirements'', available at: https://ss.ca.gov/elections/voting_systems/vs_factsheet.pdf. The Secretary exercised this right in Spring of 2006.Security Analysis of the Diebold AccuBasic Interpreter, Voting Systems Technology Assessment Advisory Board, February 14, 2006, available at: https://ss.ca.gov/elections/voting_systems/security_analysis_of_the_diebold_accubasic_interpreter.pdf.

In the California legislature, there has been one resolution passed and a bill introduced that concerns disclosed and open source software in voting systems. A legislative resolution, ACR 242, was passed in August of 2004 that tasked the California Secretary of State with producing a report on open source code in voting systems.``[T]he Legislature hereby requests the Secretary of State to investigate and evaluate the use of open-source software in all voting machines in California and report his or her findings and recommendations to the Legislature.'' See ACR 242, as chaptered, available here: https://www.leginfo.ca.gov/pub/03-04/bill/asm/ab_0201-0250/acr_242_bill_20040831_chaptered.html, Office of the California Secretary of State, ``Open Source Software in Voting Systems'', 31 January 2006, available at: https://ss.ca.gov/elections/open_source_report.pdf. Recently, California Assemblymember Goldberg has introduced AB 2097.See AB 2097, ``An act to add Section 19213.5 to the Elections Code, relating to voting systems, and declaring the urgency thereof, to take effect immediately.'', available at: https://leginfo.ca.gov/pub/bill/asm/ab_2051-2100/ab_2097_bill_20060217_introduced.html. This bill would forbid the Secretary of State from approving any voting system for use in California unless ``all details of its operating system and specifications are publicly disclosed.'' It further prevents voting system vendors from exercising any rights against any voter who evaluates the voting system. The Election Technology Council of the Information Technology Association of America, has come out against the bill, as introduced, for a variety of reasons from competitive concerns to intellectual property issues.Id., note .