Re: AB 2097 -- Proposed Amendment

From: Joseph Lorenzo Hall <joehall_at_gmail_dot_com>
Date: Thu Apr 20 2006 - 15:02:48 CDT

On 4/20/06, Arthur Keller <> wrote:
> >* Why just UC?
> The main advantage of specifying UC is that it avoids the long delay
> from creating an RFP, posting it, selecting bids, and awarding a
> contract. If our goal is to have something ready for the 2008
> primary election (March or June 2008), we'll need to start as quick
> as possible.
> In consideration of this issue, I suggest changing the date to March
> 31, 2007. That adds 3 months to the time to get a system ready, and
> allows the legislation to appropriate or obligate the funds as
> necessary for the 2007-2008 fiscal year (which starts July 1, 2007).

That makes sense... I'll have to think more about this.

> >It would be better if businesses were included and it
> >specified that the work would have to be done under a license that
> >meets the requirements of the bill (public disclosure). Also, who
> >gets the copyright assignment? The contractor or the SoS? (In general
> >the government isn't allowed to have copyright but can be assigned
> >copyrights in works... you'd definitely want an IP lawyer's opinion on
> >this instead of mine. :) ).
> I suggest that the IP ownership be determined by the contract let by
> the SoS and be specified by the RFP. My preference is a BSD-style
> license plus the requirement that all derivative works must be
> published on the Internet. I know that others have differing
> preferences.

I guess what I was getting at is that many open source groups have
decided to have all contributors sign contributor aggreements that
assign copyright in their works to a central entity. This ensures
that one entity can defend the IP in case of a suit (say someone
accuses the final product of containing something that they claim is
their IP)... and it ensures that you don't have to track down all the
individual contributors if you need to enfore the license terms (say a
company takes the IP and puts it in something that violates the terms
of the license).

> >* It's unclear if the contractor would be writing software for *all
> >systems* where a vendor didn't comply or would be writing software for
> >just a single COTS platform (like the OVC design).
> Good point. If only one existing vendor complies, should the SoS
> contract to expand the choices available anyway? If a county is
> using equipment from a vendor that doesn't comply, should that county
> be limited to the reduced number of vendors that do comply, if any.
> Or should the SoS try to maintain competition by procuring an open
> source system.

I'm just not sure... I'll have to think more. A prize seems
interesting too... put up a deadline for a fully functional system and
a couple hundred grand (twice what the Australian eVACS system was
procured for).

> >* I'm on the fence about the federal certification part. First,
> >regardless if this is a smart thing to do, doesn't HAVA require
> >federal certification for systems used in federal elections? I think
> >so (although there's no fed. election in 2007). Second, it's unclear
> >to me whether or not federal certification is a useful thing anymore.
> >Obviously, systems (the TSx) have made it through the fed. cert.
> >process when they were blatantly non-compliant. The standards
> >themselves aren't that good; for example, it's not that you'd want to
> >ban interpreted code altogether (HTML, Java, etc.), what you want is
> >to make sure that the software that is tested doesn't change between
> >the test/audit and the election. That requirement will be in the VVSG
> >until the next revision of the standards... which won't go into affect
> >until 2010 at the earliest. However, there's some useful things that
> >happen at the federal level that, say, the CA SoS would be poorly
> >positioned to test (shake and bake testing, etc.) and I can't imagine
> >academics like Wagner, Jefferson and Bishop will be available to do
> >source code audits indefinitely in the future.
> There's an opportunity to create standards through VSPR, but that's
> not been done yet. I'd like to see it happen.

Yeah, I almost forgot about VSPR.

Joseph Lorenzo Hall
OVC-discuss mailing list
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
Received on Tue May 2 21:06:52 2006

This archive was generated by hypermail 2.1.8 : Tue May 02 2006 - 21:06:54 CDT