Re: Amendments back from Leg Counsel

From: Arthur Keller <voting_at_kellers_dot_org>
Date: Sat Apr 29 2006 - 19:15:03 CDT

I finally had a chance to review this legislation in detail and
propose edits/rewrites. These edits [in bold] reflect the leginfo
version of 4/25 after Alan's edits of 4/25.

Feel free to quibble over my definition of free software license.

Best regards,
Arthur

THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS:

   SECTION 1. The Legislature finds and declares all of the
following:
    (a) Current state law requires that the vote counting process be
publicly observable. However, with the advent of computerized vote
counting processes, the ability of the public to meaningfully observe
tabulation is limited because details of these systems are secret.
Public scrutiny is lacking. The people of California declare that
every voter has the right to know that votes are accurately recorded
and counted.
    (b) Vendors shall be required to disclose all technical details
when applying for state certification for a voting system. The
Secretary of State shall manage a process whereby citizens can obtain
technical information free of charge, including computer source
code, relevant to voting systems under review for certification as
well as systems that have obtained state certification.
   SEC. 2. Section 19213.5 is added to the Elections Code, to read:
    19213.5. (a) By June 30, 2007, the Secretary of State shall not
approve a voting system for use in any election until all details of
its operating system and specifications are publicly disclosed.
[Rewrite as:
The Secretary of State shall not approve after June 30, 2007 any
voting system for use in any election until all materials in
paragraph (d) are publicly disclosed.]
    (b) By June 30, 2007, an application for voting system
certification in this state shall be subject to both of the
following:
    (1) The voter's right to inspect and test the voting system, to
retain test materials, test results, and to freely publish the same
openly.
    (2) A promise to refrain from exerting any copyright, trade
secret, or other rights that it may have to hinder any voter of the
state from exercising the rights under paragraph (1) of this
subdivision.
[add "The vendor shall retain copyright, trademarks, and other
proprietary rights that are consistent with the intent of this
legislation."]
    (c) The Secretary of State shall require reasonable notice of
public testing and that the tests be performed in a manner that does
not burden the vendor with significant costs beyond those of making
the voting system available.
    (d) The materials to be made freely available to the voting public
include all of the following:
    (1) All voting system specific source code.
[Rewrite as: "Source code for all software and firmware for all
voting specific components."]
    (2) Detailed instructions for building the software, including
compiler used, compilation scripts, and checksums.
    (3) Voting specific hardware, complete specifications, drawings
and schematics.
[Rewrite as "Complete specifications, drawings, and schematics for
all voting specific hardware and firmware."]
    (4) General purpose COTS components described in detail, including
versions and dates of manufacture.
[Rewrite as "Detailed descriptions, including versions and dates of
manufacture, of general purpose COTS components."]

(I'm trying to get parallel construction to make clear what the
*materials* are.)

    (e) By June 30, 2007, the Secretary of State shall establish and
maintain a Web page on the Internet to provide all of the following:
    (1) Free download of materials pertaining to each voting system
certified or under consideration for certification.
    (2) A system for acquiring and processing input from the voting
public.
    (3) A reporting system to inform the public on findings, problems
reported, problem resolution, and comments from the Secretary of
State, the public, and vendors.
    (4) Standards used by the Secretary of State for evaluating voting
systems, including test plans and specific test cases employed.

As amended:
    (f) The Secretary of State, no later than June 30, 2007, shall
establish a public review process that allows any member of the
public to review voting system software based on the information
required to be disclosed pursuant to this section.
    (g) (1) If, by February 1, 2007, the Secretary of State is
dissatisfied for any reason with a vendor's progress toward
compliance with this section, he or she may do either or both of the
following:
    (A) Contract without bid with any campus or campuses of the
University of California to create voting system software to run on
existing voting system hardware or replacement COTS hardware.
    (B) Issue a request for proposal [add "s"] for replacing any
non-compliant product.
    (2) Any product deemed by the secretary to be a noncompliant
product shall be irrevocably decertified and neither it, not a
similar product from the same vendor, shall be eligible for
recertification, except that it may be used in elections until
January 31, 2008. The secretary shall replace any noncompliant
product no later than February 1, 2008, subject to the following
conditions:
    (A) The secretary may forego the federal certification process
otherwise applicable to the product.
    (B) All software developed for a replacement product shall be open source.

You may well have problems with decertification based on the
Secretary of State's decision rather than action or the lack of it by
a vendor.

[I propose rewriting (g) as follows:
    (1) Vendors of voting systems that are already certified or have
been submitted for certification by the Secretary of State shall
deposit a copy of the materials listed in paragraph (d) no later than
January 31, 2007 for the public review process. Vendors submitting a
voting system for certification after January 31, 2007 shall provide
to the Secretary of State the materials in paragraph (d) for public
review. No evaluation of an application for certification by the
Secretary of State's office shall occur after June 30, 2007 unless
the materials listed in paragraph (d) are first made available for
public review and the vendor shall have complied with paragraph (b).
    (2) On or shortly after February 1, 2007, the Secretary of State
shall evaluate vendor compliance progress with provisions of this
measure. In the event that the Secretary of State determines that
there will not be sufficient publicly disclosed voting systems
available for use within the State of California, he or she may do
either or both of the following:
    (A) Contract without bid with any campus or campuses of the
University of California to create voting system software to run on
existing voting system hardware or replacement COTS hardware.
    (B) Issue a request for proposals for replacing any non-compliant product.
    (3) Any voting system developed under this section shall be
subject to the following conditions:
    (A) The secretary may forego the federal certification process
otherwise applicable to the product, and otherwise the state voting
system certification process shall be followed.
    (B) All software developed for a replacement product shall be open source.
    (C) The voting system shall be made ready for use in elections by
January 31, 2008.
    (4) Any voting system component or product for which the materials
listed in paragraph (d) that have not been made available by May 31,
2007 to the secretary for disclosure under the public review process
shall be deemed a non-compliant product and shall be permanently and
irrevocably decertified for use in elections except that
non-compliant but previously certified voting systems may be used in
elections until January 31, 2008, or until such time when the
secretary has the replacement product(s) ready, but not later than
June 30, 2008.]

    (h) The Secretary of State shall utilize funds made available from
the Voting Modernization Fund [add "or from the federal government
under such programs as the Help America Vote Act as amended"]. The
Secretary of State may not expend
General Fund moneys for this purpose.
    (i) For purposes of this section, the following terms have the
following meanings:
    (1) "COTS" means a common off-the-shelf component that is
manufactured in large quantities and is widely available.
    (2) "General purpose COTS devices [replace with "component" to
match usage] means a COTS component intended
for use in a variety of nonvoting systems.
    (3) "Voting specific" means a hardware or software [add "or
firmware"] component manufactured
specifically for use in a voting system [add "or a hardware or
software or firmware component used in a voting system that is not
COTS"].
    (4) "Vendor" means any person, partnership, corporation, or other
entity that offers a voting system, whether for money or not, to the
state, to any county, or city of the state, or to any governmental
agency.
    (5) "Voting system" means any computerized machinery used in a
public election to present one or more contests to voters, to obtain
voter choices, to verify voter choices, to store voter choices, to
communicate voter choices, to tabulate voter choices, or to present
partial or full results of one or more contests.
    (6) "Source code" means computer instructions written by
programmers.
    (7) "Non-compliant product" means a product certified for use in
elections for which documents have not been disclosed to the
Secretary of State for full public disclosure according to the
requirements of this measure.
    (8) "Open Source" means [add "source code that is"] publicly
disclosed [replace "source code" with "and"] licensed under a free
software license.
[Add: (9) "Free software license" means a license for software that
allows free use without support and requires that all derivative
works made available as part of a system for sale be freely
disclosed.]

-- 
-------------------------------------------------------------------------------
Arthur M. Keller, Ph.D., 3881 Corina Way, Palo Alto, CA  94303-4507
tel +1(650)424-0202, fax +1(650)424-0424

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss

==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Tue May 2 21:06:54 2006

This archive was generated by hypermail 2.1.8 : Tue May 02 2006 - 21:06:54 CDT