Re: AB 2097 -- Proposed Amendment

From: Arthur Keller <voting_at_kellers_dot_org>
Date: Thu Apr 20 2006 - 15:59:11 CDT

At 1:02 PM -0700 4/20/06, Joseph Lorenzo Hall wrote:
>On 4/20/06, Arthur Keller <> wrote:
> > I suggest that the IP ownership be determined by the contract let by
>> the SoS and be specified by the RFP. My preference is a BSD-style
>> license plus the requirement that all derivative works must be
>> published on the Internet. I know that others have differing
>> preferences.
>I guess what I was getting at is that many open source groups have
>decided to have all contributors sign contributor aggreements that
>assign copyright in their works to a central entity. This ensures
>that one entity can defend the IP in case of a suit (say someone
>accuses the final product of containing something that they claim is
>their IP)... and it ensures that you don't have to track down all the
>individual contributors if you need to enfore the license terms (say a
>company takes the IP and puts it in something that violates the terms
>of the license).

Open source does not necessarily mean provided by volunteers. It
could also mean developed by an entity with employees that makes the
results available through some appropriate license. The general
public might feel much better about a controlled software development
process by UC employees and contractors than by a collection of
volunteers with differing motives.

> > >* It's unclear if the contractor would be writing software for *all
>> >systems* where a vendor didn't comply or would be writing software for
>> >just a single COTS platform (like the OVC design).
>> Good point. If only one existing vendor complies, should the SoS
>> contract to expand the choices available anyway? If a county is
>> using equipment from a vendor that doesn't comply, should that county
>> be limited to the reduced number of vendors that do comply, if any.
>> Or should the SoS try to maintain competition by procuring an open
>> source system.
>I'm just not sure... I'll have to think more. A prize seems
>interesting too... put up a deadline for a fully functional system and
>a couple hundred grand (twice what the Australian eVACS system was
>procured for).

Your points are well-taken. The Australian system doesn't do all
that California voting systems need to do.

Regarding the effect of prizes, consider DARPA's Autonomous Vehicle
Grand Prize. I wouldn't say that any of the vehicles produced is
production grade. Fully functioning does not mean production grade.
There are some who think that some of the commercial products, while
possibly fully functioning, may not really be production grade.
Furthermore, prizes don't ensure that a system is secure or reliable.

That's why I suggest a software development procurement effort that
involves the application of state-of-the-art software engineering
techniques to maximize reliability and cracker-proof.

Many of the developers of Linux-Apache-MySQL-PHP and related
components are contributed (paid for as employees of friendly
companies) because they see the greater benefit of such general
purpose computing infrastructure, from which they derive financial
gain. Few companies derive financial gain from voting system
software, so the idea that an IBM or an Oracle would donate employees
to the cause, as they do for LAMP components, does not make sense.

While bug fixes and small components are often contributed by pure
volunteers, it's rare for ongoing major development to be done
entirely by unpaid volunteers who are not given release time for such
work by their employers.

How would you feel if a certain political party were to decide that
they would pay for the development of open source voting machines?
Would that make you feel confident in the result?

There are lots of design choices that can be made, and those really
should be made in a fishbowl and not presented as a fait accompli.

Consider the design choices that went into the California Statewide
Voter Database, and how names much match precisely to the letter,
including spaces, with no allowances for Michael vs. Mike, or married
vs. maiden names, or certain ethnic names with multiple words (is
that a middle name or part of the last name?) or transliterated
spellings that vary. Should those choices have been made in the
open, where they could be debated publicly as they as designed and
subsequently implemented?

Best regards,

Arthur M. Keller, Ph.D., 3881 Corina Way, Palo Alto, CA  94303-4507
tel +1(650)424-0202, fax +1(650)424-0424
OVC-discuss mailing list
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
Received on Tue May 2 21:06:52 2006

This archive was generated by hypermail 2.1.8 : Tue May 02 2006 - 21:06:54 CDT