Re: Microsoft-backed Consortium, AeA, Opposing Open Voting Bill, AB 852

From: Alan Dechert <dechert_at_gmail_dot_com>
Date: Thu Apr 26 2007 - 01:58:59 CDT

Hamilton wrote,
> Of course the people have a right to know how their votes are
> counted, but let's pause for a moment to consider whether it's
> worthwhile to devote a lot of attention, energy, and political
> capital to the campaign for full public disclosure of voting
> technology. ....
Okay, let's pause....

Now that we're done with that ....

Let's consider that we've already spent a lot of time and effort on this --
some of us six years or more. We sponsored legislation going back to
2004 -- first success with ACR 242.

I don't think we have lost any political capital, btw.

AB 2097 last year was a great investment for a variety of reasons. Now, AB
852 reflects our experience and the fact that we have a new Secretary of
State that agrees with this goal.

I believe the really difficult part -- getting this far -- is behind us.
Letting go of our goals now would be an enormous waste and a betrayal of so
many that have supported the effort. There can be no doubt: we must follow
through on this work.

It pains me to see supporters lose interest, but that's the way it goes. We
lose some, but then we gain others.

> There's good reason to doubt that public disclosure would
> actually help the people to "know how their votes are counted".
We have seen a lot of problems with these machines, and given the secretive
nature of development methods and testing, even simple-minded flaws get
through with little scrutiny. There is absolutely no excuse for any of this
to be secret. I don't see any good reason to doubt that public disclosure
would help in this regard.

Moreover, public disclosure is not the end goal. We want public technology
applied to the voting system. It's not rocket science. We want to
de-couple the technology maker from the service provider. We believe this
is a better model than the present cartel-run system. We can allow for the
possibility that the manufacturer could also provide the services, but
qualified service providers

[snip unnecessary argument about how disclosure doesn't fix all the

> At this point it's probably obvious that all this inspection
> would be an enormous logistical nightmare.
Not at all. What we have now is an enormous logistical nightmare. It is
difficult to make security by obscurity work -- or pretend to try to make it

> ....... Even if Microsoft and the other vendors of COTS software
> used in e-voting systems were to do an about-face and open their
> source code to public inspection, there's no way such a massive
> undertaking could ever be funded.
This is absurd. While some people have been looking for ways to fund the
"massive undertaking" of building a new and open system, most of the work
has already been done. You need to look at the OASIS EML and Open Voting
Solutions development efforts -- no Billware (as Prof Johnson likes to say)
in the system. The main obstacle is certification.

There is no need for any MSFT cooperation. Jurisdictions just need to get
rid of it. Look at Maryland. Over the past few years, they invested over
$100 million in grossly overpriced crappy Diebold DREs that use Windows CE,
and now they are in the process of getting rid of it. MD will save a lot of

We believe that San Francisco can get a new open source optical scan voting
system for less than they were prepared to pay Sequoia ($12.6 million) for
an already developed system (actually, some of the Sequoia system is not
certified, i.e., the IRV counting system, and you have to look the other way
to not to notice that it really doesn't comply with other standards it's
supposed to meet). We intend to prove this.

[delete more stuff about how testing doesn't solve everything]

> Fortunately, as readers of ovc-discuss well know, the untrustworthy
> e-voting software is part of a larger system, and that larger system
> can be made trustworthy despite the untrustworthiness of its software
> component. The OVC design [3] accomplishes this feat by printing each
> ballot for its voter to check. The printer-equipped system can be
> trusted, whether or not its source code has been publicly inspected,
> because the results --the printed ballots-- are verified by the
> voters.
Not really. There are plenty of presentation problems possible that
voter-verified printed ballots don't solve. Review what happened in
Sarasota Co. FL last November.

I continue to believe a good electronic ballot printer is feasible, and
could be made from technology similar to the one laptop per child project --
very cheap and open. This will take a while, but I wouldn't call it a
massive -- nothing compared to building a good airplane. The biggest
challenge is meeting accessibility requirements. There is a lot of work to
be done there.

> So a good question is: What would disclosure, inspection,
> and testing buy us?
It would make it possible to have a fully transparent voting system. I
agree with Debra Bowen when she reiterated in her Apr 17 letter, that
"Increasing transparency will build voter confidence in the electoral
process." Voter confidence is paramount.

> OK, it would ensure public humiliation of the vendor, ...
We don't care about "humiliation of the vendor." We have put pressure on
the vendors. This pressure is bringing them to the table. This is what we
want to do. I had some interesting conversations with vendor
representatives at the Caltech/MIT workshop last month. If we weren't
bringing this pressure, why would they even talk to me? OVC matters to

We have something to offer them, as it turns out. Soon, I will be showing a
draft of my letter to them. Then, you may get a better idea of what we're
really trying to do. Right now, I don't think you know.

> ... but satisfying though that may be, is it worth all the trouble?
Time will tell. But, obviously, I think it is worth "all the trouble."

Open source is a great thing. It's one of the greatest ideas at work
today -- evolutionary and revolutionary. Open source voting software is
just a part of the open source movement. But I think it is an important
part -- a wedge into government IT. I think Red Hat sees that too. I'll
have more to say on that subject after the Red Hat Summit (May 9 - 11).
BTW, my keynote address is 9:30 am on May 9 and our workshop is at 11:30.
Brent Turner will be there. Anyone else from ovc-discuss?

Alan D.

OVC-discuss mailing list
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Mon Apr 30 23:17:14 2007

This archive was generated by hypermail 2.1.8 : Mon Apr 30 2007 - 23:17:16 CDT