Re: Microsoft-backed Consortium, AeA, Opposing Open Voting Bill, AB 852 (Alan Dechert)

From: Hamilton Richards <hrichrds_at_swbell_dot_net>
Date: Thu Apr 26 2007 - 20:56:55 CDT

>Message: 1
>Date: Wed, 25 Apr 2007 23:58:59 -0700
>From: "Alan Dechert" <dechert@gmail.com>
>Subject: Re: [OVC-discuss] Microsoft-backed Consortium, AeA, Opposing
> Open Voting Bill, AB 852
>To: "Open Voting Consortium discussion list"
> <ovc-discuss@listman.sonic.net>
>Message-ID: <003901c787d0$5e2d4180$0201a8c0@upstairs>
>Content-Type: text/plain; format=flowed; charset="iso-8859-1";
> reply-type=original
>
>Hamilton wrote,
> >
> > Of course the people have a right to know how their votes are
> > counted, but let's pause for a moment to consider whether it's
> > worthwhile to devote a lot of attention, energy, and political
> > capital to the campaign for full public disclosure of voting
> > technology. ....
> >
>Okay, let's pause....
>
>Now that we're done with that ....
>
>[...]
>
>I believe the really difficult part -- getting this far -- is behind us.
>Letting go of our goals now would be an enormous waste and a betrayal of so
>many that have supported the effort. There can be no doubt: we must follow
>through on this work.

Where did I suggest "letting go of our goals"? As I understand it,
OVC's main goal is the widespread adoption of e-voting systems that
use open-source software and print voter-verified paper ballots [1].
I support that goal just as enthusiastically as ever.

What seems to have set you off is my observation that disclosure of
vendors proprietary code does not satisfy the public's need to know
that votes are counted correctly. Disclosure, and the code inspection
it enables, may have many beneficial consequences, but assurance that
the code will count votes correctly is not one of them.

>It pains me to see supporters lose interest, but that's the way it goes. We
>lose some, but then we gain others.

Who has lost interest? Not I! If I had lost interest, I wouldn't have
spent several hours trying to express myself as clearly and precisely
as I could (although doubtless not well enough). And I would have
canceled my monthly OVC PayPal subscription.

> > There's good reason to doubt that public disclosure would
> > actually help the people to "know how their votes are counted".
> >
>We have seen a lot of problems with these machines, and given the secretive
>nature of development methods and testing, even simple-minded flaws get
>through with little scrutiny. There is absolutely no excuse for any of this
>to be secret. I don't see any good reason to doubt that public disclosure
>would help in this regard.

Nor do I. I've had a look at some DRE code, and it's chock full of
low-hanging fruit-- blunders that would earn a sophomore programmer
an F. But it doesn't follow that disclosure would mean it could be
trusted to count votes correctly.

>Moreover, public disclosure is not the end goal. We want public technology
>applied to the voting system. It's not rocket science. We want to
>de-couple the technology maker from the service provider. We believe this
>is a better model than the present cartel-run system. We can allow for the
>possibility that the manufacturer could also provide the services, but
>qualified service providers

If public disclosure isn't the end goal, then isn't it a distraction
from the main goal?

> > At this point it's probably obvious that all this inspection
> > would be an enormous logistical nightmare.
> >
>Not at all. What we have now is an enormous logistical nightmare. It is
>difficult to make security by obscurity work -- or pretend to try to make it
>work.

At that point in my posting, I was referring to inspection of *all*
of the software in the machine, which includes Windoze. Do you really
think that a meaningful inspection of Windoze would be anything other
than a logistical nightmare?

>
> > ....... Even if Microsoft and the other vendors of COTS software
> > used in e-voting systems were to do an about-face and open their
> > source code to public inspection, there's no way such a massive
> > undertaking could ever be funded.
> >
>This is absurd. While some people have been looking for ways to fund the
>"massive undertaking" of building a new and open system, most of the work
>has already been done. You need to look at the OASIS EML and Open Voting
>Solutions development efforts -- no Billware (as Prof Johnson likes to say)
>in the system. The main obstacle is certification.

Can you possibly be conflating (1) disclosure and inspection of
vendors' proprietary code with (2) development of an Open Voting
Solutions system? It hardly seems likely, but I can't come up with
any other interpretation of what you just wrote.

>There is no need for any MSFT cooperation. Jurisdictions just need to get
>rid of it. Look at Maryland. Over the past few years, they invested over
>$100 million in grossly overpriced crappy Diebold DREs that use Windows CE,
>and now they are in the process of getting rid of it. MD will save a lot of
>money.

More power to them! That makes a whole lot more sense than demanding
that Microsoft and Diebold disclose their crappy code.

>We believe that San Francisco can get a new open source optical scan voting
>system for less than they were prepared to pay Sequoia ($12.6 million) for
>an already developed system (actually, some of the Sequoia system is not
>certified, i.e., the IRV counting system, and you have to look the other way
>to not to notice that it really doesn't comply with other standards it's
>supposed to meet). We intend to prove this.

Great! It seems to me that given a level playing field (and some way
to avoid the hugely inflated costs of certification), open-source
systems should easily beat proprietary systems in the marketplace.

>[delete more stuff about how testing doesn't solve everything]
>
> > Fortunately, as readers of ovc-discuss well know, the untrustworthy
> > e-voting software is part of a larger system, and that larger system
> > can be made trustworthy despite the untrustworthiness of its software
> > component. The OVC design [3] accomplishes this feat by printing each
> > ballot for its voter to check. The printer-equipped system can be
> > trusted, whether or not its source code has been publicly inspected,
> > because the results --the printed ballots-- are verified by the
> > voters.
> >
>Not really. There are plenty of presentation problems possible that
>voter-verified printed ballots don't solve. Review what happened in
>Sarasota Co. FL last November.

I'm not quite following here. Can you give me a link to the Sarasota episode?

>I continue to believe a good electronic ballot printer is feasible, and
>could be made from technology similar to the one laptop per child project --
>very cheap and open. This will take a while, but I wouldn't call it a
>massive -- nothing compared to building a good airplane. The biggest
>challenge is meeting accessibility requirements. There is a lot of work to
>be done there.

If you're quoting "massive" from my characterization of a meaningful
code review of Windows, then again you seem to be confusing two
completely distinct projects:

    1. code review of a proprietary system (e.g., Diebold)

    2. development of a new open-source system

What concerns me is that resources spent on a (fruitless) code review
could be much better spent on development.

>
> > So a good question is: What would disclosure, inspection,
> > and testing buy us?
> >
>It would make it possible to have a fully transparent voting system. I
>agree with Debra Bowen when she reiterated in her Apr 17 letter, that
>"Increasing transparency will build voter confidence in the electoral
>process." Voter confidence is paramount.

Well, now we're venturing into the realm of slogans and public
psychology-- indisputably important fields in which I have no
expertise at all.

Actually I have no problem with calls for disclosure based on the
general desirability of transparency. What I was questioning was the
claim that disclosure is a means of ensuring that votes are counted
correctly. So far this discussion has turned up plenty of impassioned
arguments in favor of disclosure, but nothing to support that claim.

> > OK, it would ensure public humiliation of the vendor, ...
> >
>We don't care about "humiliation of the vendor." We have put pressure on
>the vendors.

You're taking my remark more seriously than I meant it (I should have
added a wink emoticon).

>This pressure is bringing them to the table. This is what we
>want to do. I had some interesting conversations with vendor
>representatives at the Caltech/MIT workshop last month. If we weren't
>bringing this pressure, why would they even talk to me? OVC matters to
>them.

Open source software on Diebold/ES&S/Sequoia/Hart hardware might not
be a bad combination (although given what you found, I'd be tempted
to leave Diebold out of it). At a Texas legislative hearing where I
testified last week, another witness portrayed that as the wave of
the future.

>We have something to offer them, as it turns out. Soon, I will be showing a
>draft of my letter to them. Then, you may get a better idea of what we're
>really trying to do. Right now, I don't think you know.

Hmmm... I'm not sure how to take that.

> > ... but satisfying though that may be, is it worth all the trouble?
> >
>Time will tell. But, obviously, I think it is worth "all the trouble."

Again it seems that you're not distinguishing between (1) development
of open-source software and (2) inspection of disclosed proprietary
software.

>Open source is a great thing. It's one of the greatest ideas at work
>today -- evolutionary and revolutionary. Open source voting software is
>just a part of the open source movement.

Of course! Everybody knows about Apache's share of the web server market.

>But I think it is an important
>part -- a wedge into government IT. I think Red Hat sees that too. I'll
>have more to say on that subject after the Red Hat Summit (May 9 - 11).
>BTW, my keynote address is 9:30 am on May 9 and our workshop is at 11:30.
>Brent Turner will be there. Anyone else from ovc-discuss?
>
>Alan D.

I'll be on the east coast (New Hampshire) then, but my time there is
already committed. Best wishes for a successful meeting!

Cheers,

--Ham

1. <http://www.openvotingconsortium.org/our_solution>

-- 
------------------------------------------------------------------
Hamilton Richards, PhD           Department of Computer Sciences
Senior Lecturer (retired)        The University of Texas at Austin
ham@cs.utexas.edu                hrichrds@swbell.net
http://www.cs.utexas.edu/users/ham/richards
------------------------------------------------------------------
_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
==================================================================
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
==================================================================
Received on Mon Apr 30 23:17:15 2007

This archive was generated by hypermail 2.1.8 : Mon Apr 30 2007 - 23:17:16 CDT