We are strong supporters of open source software, and in fact, an early version of our mix-net was released under GNU Lesser General Public License (LGPL) 2010. Here we elaborate on our decision to release our software once again under an open source license.
The role of a researcher includes dissemination of results to society and verifying the applicability of theory to practice. Thus, our goal, from 2007 onwards, has always been to implement a mix-net (and an electronic voting system) faithfully to cryptographic theory and following best practices in software engineering. We have learned much from this exercise, both from neighboring fields in computer security, and by identifying inconsistencies and weaknesses in cryptographic theory that would have been hard to notice otherwise.
It is only recently that there has been a surge in interest in real-world cryptography in academia (the growth of the Real World Crypto Symposium (RWC) which started five years after our project is an example). This made it hard to secure research funding, which is why we turned to election authorities and large vendors to fund our work. We have been an invited speaker at RWC twice.
Election authorities have limited budgets, they are subject to procurement laws and regulations, and it is hard to convince decision makers about the value of security in general. The long periods between elections complicates matters further. This has made it hard even for government officials that understand the security concerns of researchers to provide sufficient funding.
The large vendors require revenue to operate which means that they are forced to find a tradeoff between the reality of running a business and providing secure solutions that follow best practice in cryptography and software engineering. They are also indirectly subject to the same problems as election authorities, but they have the funding to lobby for their solutions between elections.
We have for many years pleaded for a change at all levels in this system, and worked hard to improve our software in the mean time, but it seems that nothing will change in the near future.
We no longer accept that the only realistic option for election authorities is to buy closed source software with questionable security from large vendors as complete monolithic systems, regardless if this is due to laws and regulations, funding problems, or if it is due to the lobbying of large vendors.
We consider this to be a potential threat to democracy. Academics and the general public have reported vulnerabilities in many systems sold or licensed by the large vendors to election authorities and the transparency is poor. Developing countries are particularly exposed.
We have decided to donate our work to the public and hope that others will contribute as well. This allows election authorities to use scientifically sound solutions with transparent security and correctness claims that can be verified independently by experts and the public.
Due to the international nature of our team, our strong academic and industrial credibility, the transparency of our project, and the lack of any license fees, the general public can now request that any public tender requires that our software is used, and it strengthens the arguments of officials in the procurement process; if our software is free and open source, why should they accept that other vendors do not make their software free and open source?
We wish to guarantee that our software remains in the hands of the public even if it is adopted by vendors and improved and/or provided only as a service. The natural choice is then to use the GNU Affero General Public License (AGPL), but apparently this is considered unacceptable by some parties. Thus, we have decided to use the The MIT License instead.