Last week, a congressional report claimed that using Chinese telecommunications companies’ goods and services in the United States could threaten national security. One of the biggest reasons to be worried, said the report, was that the companies were not being transparent about their ties to the Chinese government. If ZTE and Huawei products are used in critical U.S. telecommunications infrastructure, the argument goes, the companies and the Chinese government could end up stealing American business’s trade secrets and even threaten the very foundation of our communication system.
Surprisingly, one could level a similar criticism regarding the lack of transparency from U.S. companies providing another critical infrastructure: voting machinery. The excessive protection of the trade secrets that allow the machines to accurately (or, problematically, inaccurately) tabulate votes means that business interests are being prioritized over citizens’ interests. Analogous to our concern about the Chinese telecommunications companies, the lack of transparency and hyper-secrecy has also led to serious questions about the integrity of the voting machines.
The risk of the theft (known in trade secret parlance as misappropriation) of trade secrets—generally defined as information that derives economic value from not being known by competitors, like the formula for Coca-Cola—is a serious issue. But should the “special sauce” found in voting machines really be treated the same way as Coca-Cola’s recipe? Do we want the source code that tells the machine how to register, count, and tabulate votes to be a trade secret such that the public cannot verify that an election has been conducted accurately and fairly without resorting to (ironically) paper verification? Can we trust the private vendors when they assure us that the votes will be assigned to the right candidate and won’t be double-counted or simply disappear, and that the machines can’t be hacked? As a September USA Today editorial described, all of the above have either been proven to be potential risks or have actually happened.
Nonetheless, primarily because of trade secret law, the policy answer to the above questions is an unqualified “yes.” Undoubtedly, voting machine companies, just like telecommunications companies, have legitimate secrets, and they have the right to protect those secrets against misappropriation. But the legitimate use of trade secrecy by voting machine companies also means that the public has no way to independently verify that the machines are working properly. The public has been stripped of its ability to have independent, verifiable confidence that when a vote is made, it will be tabulated and recorded properly. Trade secret law means that we must trust the vendors when they say that their machines are free of error, bias, flaws, and security loopholes. Trade secret law effectively means that independent researchers who want to test voting machines and assure that they are operating properly cannot do so without the permission of the vendor—or risk being found to have misappropriated the trade secrets themselves.
And yet, as I’ve written elsewhere, the law was not designed to address trade secrets that involve broad public concerns like the administration of public elections. The formula for Coca-Cola is a proper trade secret: Its theft could have a devastating effect on the company itself and the beverage industry at large. But that theft wouldn’t impact the core public infrastructure that allows us to vote. Not knowing the formula for a soft drink is not quite the same as not knowing whether your vote is being counted. And unfortunately, the years since the advent of the electronic voting machine has not done much to instill confidence that the voting machine vendors believe that they need to share such information with the public or that the machines are now largely error-free.
There is a better way to think about commercial secrets—to consider them akin to privacy. In some scenarios, we want privacy to outweigh other values. For example, we generally protect the privacy of personal health information because, while useful for pharmaceutical and other medical industry entities, we are more concerned about access to personal information by those same companies. But in other scenarios, we allow limited access to that information by those same entities so as to improve treatment of a patient’s illness. Privacy is not sacrosanct. So, too, should we think about commercial secrecy: as a tool to be deployed when it is beneficial to the public at large.
Unfortunately, we are nowhere near the kind of thinking that allows for a case-by-case analysis of the need for commercial secrecy in the critical infrastructure of voting machines, or indeed any other critical infrastructure. Commercial secrecy, in a word, remains sacrosanct. But we need to think more carefully about when we truly need commercial secrecy, when it would be optimal, and when it costs too much, particularly when the secret involves the counting of votes. Until we engage in that analysis, and in the process recognize that the threat of excessive secrecy is not just from China, we will continue to sacrifice verifiable elections on the altar of commercial secrecy.
This article arises from Future Tense, a collaboration among Arizona State University, the New America Foundation, and Slate. Future Tense explores the ways emerging technologies affect society, policy, and culture. To read more, visit the Future Tense blog and the Future Tense home page. You can also follow us on Twitter.