Frequently Asked Questions About Open Source Voting

What is an open source voting system?

An open source voting system is election technology whose source code, the human-readable instructions that tell computers what to do, is published publicly under a license that allows anyone to view, study, and improve it. This stands in contrast to proprietary voting systems, where the source code is treated as a trade secret and kept hidden from public scrutiny.

In practical terms, an open source voting system includes all the software components used in an election: the ballot layout and design tools, the software that runs on optical scanners to read marked ballots, the tabulation engine that counts votes and applies election rules such as ranked-choice voting, and the reporting system that publishes results. Every one of these components would have its source code available for public review.

Critically, an open source voting system still uses paper ballots as the primary record of voter intent. The software processes and counts the ballots, but the paper itself remains available for recounts and audits, providing a physical check on the accuracy of the electronic count.

Is open source voting software less secure than proprietary software?

No. In fact, the evidence strongly suggests that open source software is more secure than proprietary alternatives, and this principle applies to voting systems just as it does to other critical software. The idea that hiding source code makes software safer is known as "security through obscurity," and it has been rejected by the cybersecurity community for decades.

When source code is public, thousands of independent researchers, security professionals, and developers around the world can examine it for vulnerabilities. Bugs and security flaws are found faster, reported more reliably, and fixed more quickly. This is why the most critical infrastructure on the internet, including web servers, encryption protocols, and operating systems, overwhelmingly runs on open source software.

Proprietary voting systems, by contrast, have a history of serious security flaws that remained undetected or unpatched for years precisely because only a small number of people had access to the code. Independent researchers who managed to examine these systems consistently found significant vulnerabilities, many of which the vendors were unaware of.

How much would an open source voting system cost compared to proprietary systems?

While the initial development cost for an open source voting system is significant, the long-term economics strongly favor the open source approach. Proprietary voting systems typically involve large upfront licensing fees plus ongoing maintenance contracts, support fees, and charges for any customization. These costs are borne independently by each jurisdiction that uses the system.

An open source system, by contrast, can be freely shared across jurisdictions. Once the software is developed and certified, any city or county can adopt it without paying licensing fees. Maintenance and improvement costs can be shared among participating jurisdictions, dramatically reducing the per-jurisdiction cost. San Francisco's investment in developing an open source system would benefit not just local voters but every community that chose to adopt the software.

Estimates suggest that the total cost of ownership for an open source voting system over a ten-year period would be substantially lower than the equivalent cost of proprietary systems, even accounting for the higher initial development investment.

Would publishing the source code make it easier to hack an election?

This is one of the most common misconceptions about open source voting. Publishing source code does not make a system easier to compromise for several important reasons. First, the security of a well-designed voting system does not depend on the secrecy of its source code. Just as the security of a bank vault depends on the strength of its construction rather than on keeping its blueprints secret, election security depends on strong cryptographic protections, physical security measures, and audit procedures.

Second, determined attackers can and do reverse-engineer proprietary software. The compiled code that runs on voting machines can be decompiled and analyzed regardless of whether the original source code is published. Keeping the source code secret primarily hinders defenders, not attackers, because it prevents the broad community of security researchers from identifying vulnerabilities before they can be exploited.

Third, and most importantly, paper ballots provide a physical backup that is completely independent of any software. Even if an attacker somehow compromised the election software, a post-election audit of the paper ballots would detect the discrepancy. This layered defense, combining transparent software with a paper record, is far more robust than any proprietary system that lacks one or both of these protections.

What role do paper ballots play in an open source voting system?

Paper ballots are fundamental to the security model of an open source voting system. They serve as the voter-verified record of intent, meaning each voter can confirm that their paper ballot accurately reflects their choices before it is submitted. Once cast, the paper ballot becomes the official record that can be recounted by hand if necessary.

The combination of open source software and paper ballots creates a uniquely strong security model. The software provides fast, accurate counting that enables timely reporting of election results. The paper ballots provide an independent check that can verify the software's accuracy through risk-limiting audits or full recounts. Neither component alone is sufficient, but together they provide both efficiency and verifiability.

Can open source voting systems handle ranked-choice voting?

Yes, and in fact open source systems are particularly well-suited for ranked-choice voting. The algorithms used to tabulate ranked-choice ballots involve multiple rounds of counting, transfers of votes from eliminated candidates, and complex rules about how surplus votes are distributed. These processes are more difficult for the public to understand and verify than simple plurality counting, making transparency even more important.

With an open source ranked-choice voting system, anyone can examine the exact algorithm used to tabulate results. Researchers can verify that the software correctly implements the jurisdiction's ranked-choice rules, and citizens can understand precisely how their ranked preferences were processed. This transparency is especially valuable in close elections where the outcome depends on the details of the tabulation algorithm.

San Francisco has used ranked-choice voting for municipal elections since 2004, making the city an ideal testing ground for open source tabulation software designed to handle this more complex voting method. Learn more about our latest developments in open source election technology.

Who would maintain and update an open source voting system?

Governance and maintenance are critical questions for any open source voting project. The most likely model involves a dedicated team of professional developers employed or contracted by the jurisdiction that owns the system, supplemented by contributions from a broader community of volunteer developers, security researchers, and civic technologists.

Several governance models from the open source world could be adapted for voting systems. The jurisdiction could establish an independent technical oversight body responsible for reviewing proposed changes, managing the certification process, and coordinating with election officials on maintenance schedules. Community contributions would go through a rigorous review process before being incorporated into the certified version of the software.

This model is not hypothetical. Many critical pieces of government and infrastructure software are maintained through similar public-private partnerships, and the open source community has decades of experience with collaborative software governance at enormous scale.

What is the certification process for open source voting systems?

Voting systems in the United States must be certified at the federal level by the Election Assistance Commission and at the state level by each state that uses them. These certification processes test voting systems for accuracy, reliability, security, and accessibility. Open source voting systems would go through the same certification process as proprietary systems.

Some proponents argue that the certification process would actually be easier for open source systems because the source code would already be publicly available for review. Certification testing bodies would not need to negotiate access to proprietary code or rely solely on vendor documentation. The transparency inherent in open source development aligns naturally with the goals of the certification process.

However, the current certification framework was designed with proprietary systems in mind, and some procedural adjustments may be needed to accommodate the continuous-improvement model common in open source development. Election technology reform advocates are working with certification bodies to ensure that the process supports innovation while maintaining rigorous security standards.

Are any jurisdictions currently using open source voting systems?

As of now, no U.S. jurisdiction is running a complete, fully certified open source voting system in production elections. However, significant progress has been made in several areas. Some jurisdictions use open source components for specific election functions, such as ballot design, results reporting, or post-election auditing. Several open source voting projects are in active development, with prototype systems undergoing testing and evaluation.

San Francisco has been at the forefront of the open source voting conversation, with the city's Board of Supervisors and Elections Commission both expressing support for exploring an open source approach. The city's initiative has inspired similar conversations in other jurisdictions and has drawn attention from election reform organizations nationwide.

Internationally, some countries have adopted open source components in their election systems, providing additional evidence that the approach is viable. The experience of these early adopters is informing the design of U.S.-focused open source voting projects.

How can I support the open source voting movement?

There are several meaningful ways to contribute to the advancement of open source voting technology. Citizens can contact their local election officials and elected representatives to express support for transparent election technology. Technologists can contribute their skills to open source voting projects, whether through code contributions, security reviews, accessibility testing, or documentation.

Organizations focused on election reform, digital rights, or civic technology can add their voice to the growing coalition of supporters advocating for open source approaches. Academics and researchers can contribute to the growing body of evidence demonstrating the security and feasibility of open source voting systems. And everyone can help by sharing information about open source voting with their communities and encouraging informed public discussion about how we secure our elections.

Stay informed by following our latest news and reviewing press coverage of open source voting developments.