Re: AB 2097 -- Proposed Amendment

From: Arthur Keller <voting_at_kellers_dot_org>
Date: Thu Apr 20 2006 - 05:56:03 CDT

At 6:13 PM -0700 4/19/06, Joseph Lorenzo Hall wrote:
>Here are my thoughts:
>* You'd still want the provision in there that systems would be
>decertified if the vendor doesn't comply.

That's an excellent point.

>* Why just UC?

The main advantage of specifying UC is that it avoids the long delay
from creating an RFP, posting it, selecting bids, and awarding a
contract. If our goal is to have something ready for the 2008
primary election (March or June 2008), we'll need to start as quick
as possible.

In consideration of this issue, I suggest changing the date to March
31, 2007. That adds 3 months to the time to get a system ready, and
allows the legislation to appropriate or obligate the funds as
necessary for the 2007-2008 fiscal year (which starts July 1, 2007).

>It would be better if businesses were included and it
>specified that the work would have to be done under a license that
>meets the requirements of the bill (public disclosure). Also, who
>gets the copyright assignment? The contractor or the SoS? (In general
>the government isn't allowed to have copyright but can be assigned
>copyrights in works... you'd definitely want an IP lawyer's opinion on
>this instead of mine. :) ).

I suggest that the IP ownership be determined by the contract let by
the SoS and be specified by the RFP. My preference is a BSD-style
license plus the requirement that all derivative works must be
published on the Internet. I know that others have differing

>* It's unclear if the contractor would be writing software for *all
>systems* where a vendor didn't comply or would be writing software for
>just a single COTS platform (like the OVC design).

Good point. If only one existing vendor complies, should the SoS
contract to expand the choices available anyway? If a county is
using equipment from a vendor that doesn't comply, should that county
be limited to the reduced number of vendors that do comply, if any.
Or should the SoS try to maintain competition by procuring an open
source system.

>* I'm on the fence about the federal certification part. First,
>regardless if this is a smart thing to do, doesn't HAVA require
>federal certification for systems used in federal elections? I think
>so (although there's no fed. election in 2007). Second, it's unclear
>to me whether or not federal certification is a useful thing anymore.
>Obviously, systems (the TSx) have made it through the fed. cert.
>process when they were blatantly non-compliant. The standards
>themselves aren't that good; for example, it's not that you'd want to
>ban interpreted code altogether (HTML, Java, etc.), what you want is
>to make sure that the software that is tested doesn't change between
>the test/audit and the election. That requirement will be in the VVSG
>until the next revision of the standards... which won't go into affect
>until 2010 at the earliest. However, there's some useful things that
>happen at the federal level that, say, the CA SoS would be poorly
>positioned to test (shake and bake testing, etc.) and I can't imagine
>academics like Wagner, Jefferson and Bishop will be available to do
>source code audits indefinitely in the future.

There's an opportunity to create standards through VSPR, but that's
not been done yet. I'd like to see it happen.

>This is all written very quickly... so I apologize for any mistakes,
>overgeneralizations, misstatements, etc. -Joe

Hey, your quick dash responses are more coherent and reasoned than
most people's rambles most any day.

>Joseph Lorenzo Hall

Best regards,

Arthur M. Keller, Ph.D., 3881 Corina Way, Palo Alto, CA  94303-4507
tel +1(650)424-0202, fax +1(650)424-0424
OVC-discuss mailing list
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
Received on Tue May 2 21:06:52 2006

This archive was generated by hypermail 2.1.8 : Tue May 02 2006 - 21:06:54 CDT