License advice for Electronic Voting Machine (fwd)

From: David Mertz <voting-project_at_gnosis_dot_cx>
Date: Tue Aug 19 2003 - 17:53:52 CDT

I sent the below email to the Free Software Foundation.

-------- Forwarded message --------
Date: Tue, 19 Aug 2003 18:28:10 -0400
From: mertz_at_gnosis_dot_cx
To: gnu@gnu.org
Subject: License advice for Electronic Voting Machine

Gentlepersons,

I am working with a fledgeling project called EVM2003, whose purpose is
the creation of Free Software voting systems that produce a
voter-verifiable paper trail. Some general information on the project
can be found at:

    http://gnosis.cx/voting-project/announce.html

Code and documentation we produce will be hosted at:

    http://sourceforge.net/projects/evm2003

As well, the discussion of our membership group is archived at:

    http://gnosis.cx/voting-project/

In general, we believe that the proprietary electronic voting systems
that are being implemented by many USA states and counties are a threat
to the integrity of the election process. As FSF members are well
aware, prorietary code tends to rely on a flawed notion of "security
through obscurity" rather than on public exposure of code to
cryptographic criticism and analysis. As well, we believe that rather
than Direct Recording Electronic (DRE) systems, producing a voter
inspectable ballot serves as an additional guard against fraud and
tampering in elections processes.

Although this round of source code development has only recently begun,
many of the members associated with this project have been working
towards it for several years; and the group includes a number of
prominent academics in computer science, political science, law, and
related fields.

After some rounds of internal discussion (archived above) on best
licensing terms, we have nearly agreed to release all project source
code under GPL (and all documentation, including list archives, as
Public Domain). However, given the specific tampering dangers inherent
in an elections system, one of our members, Professor Douglas Jones, has
proposed the addition of the following clause to a modified GPL (perhaps
to be labelled as "EVMPL"):

    Copies of all or any part of this code may be used freely in
    non-voting applications. Copies of all or part of this code may not
    be used in voting applications unless the entire revision history
    relevant to the code in question is retained and additions are made
    to reflect any and all revisions to that part of the code that is
    copied.

The concern that underlyies Dr. Jones' clause is that free disclosure of
the code by itself is not a strong enough audit criteria for elections
boards and certifying organizations to utilize. Specifically, any code
utilized in actual governmental elections must be certified in precise
implementation--no revisions can be allowed to a source code version
between the time of certification, and the time when an election is
conducted. Subsequent elections would need re-certification if any code
was modified in the interim.

Although revelation of complete source code is certainly a -necessary-
condition for certifying organizations to do their job, such
organizations should not have to make guesses about why the code differs
from previously certified (or merely previously submitted/proposd)
versions. Instead, a revision log provides guidance in evaluation of
all source changes.

We would like the opinion of the Free Software Foundation as to whether
the addition of the above proposed clause would produce a
"GPL-compatible" license; or at least a FSF-approved license.
Alternately, we contemplate that the FSF may have faced similar issues
in its past, and have recommendations for ways to revise our proposed
clause in a way as to win FSF's approval, while simultaneously
addressing our additional concern.

All the best, David Mertz
email or 413-863-4552
(or 99 2nd St, Turners Falls MA 01376).
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Sun Aug 31 23:17:13 2003

This archive was generated by hypermail 2.1.8 : Sun Aug 31 2003 - 23:17:18 CDT