Re: [OVC-discuss] draft of text for new OVC-sponsored bill

From: Jim March <1_dot_jim_dot_march_at_gmail_dot_com>
Date: Mon Jan 19 2009 - 15:23:01 CST

I have a concern with how the open source section is worded.
Basically, while the licensing of the project must allow for others to
alter the code as desired (as is typical with FOSS licenses such as
GPL/BSD/etc.), that should NOT be read to mean that the altered code
would also be certified for use in an election. We must block any
such reading by others down the road.

One of the advantages to this FOSS election system process is that
both the source and executable code will be readily reviewable by
everyone. This gives us the ability to make sure the code (and final
configuration) is good, AND the ability to make sure what's in the
field is the same stuff as what was certified - even if that cert
process is seriously stripped down from the current norms.

The last thing we want is a Linux-familiar "haxxor" working within an
elections office to tweak the code in strange, creative ways before
election day (and before we get a chance to check it out!) and say
"but the license says we can".

So here's some tweaks - new text is in BOLDFACE:

--------------
 (c) The open source license shall meet with the Open Source
definition which requires,

     (i) free redistribution,
     (ii) source code PUBLICATION,
     (iii) derived works MUST BE ALLOWED, USABLE IN ELECTIONS SUBJECT
TO CERTIFICATION,
     (iv) integrity of the author's source code,
     (v) no discrimination against persons or groups,
     (vi) no discrimination against fields of endeavor,
     (vii) distribution of license IS REQUIRED BY ANYONE DISTRIBUTING
OR ALTERING THE SOURCE WORK,
     (viii) license must not be specific to a product,
     (ix) license must not restrict other software - IN THE CASE OF
ELECTIONS, IN LINE WITH CERTIFICATION RULES,
     (x) license must be technology-neutral.

 (d) The free software license is a matter of liberty, not price, and
shall meet the following requirements:
     (i) freedom to run the program, for any purpose - IN AN ELECTION,
SUBJECT TO CERTIFICATION RULES SUPPORTED BY THE CALIFORNIA SECRETARY
OF STATE;
     (ii) freedom to study how the program works, and adapt it to your
needs - IN ELECTIONS, SUBJECT TO CERTIFICATION;
     (iii) freedom to redistribute copies so you can help your neighbor;
     (iv) freedom to improve the program, and release your
improvements to the public, so that the whole community benefits; and
     (v) freedom to access the source code is a precondition for these freedoms.
--------------

In short, all I'm saying here is that the entire FOSS/GNU/GPL/FSF
mindset has to be tuned to election conditions. By stating a broad
swath of this culture's basic precepts in the law (which I otherwise
agree with!!!), the accidental byproduct could be to read
certification totally out of the process.

If it's not clear yet: if there are too many fragmented "election
distros", one for each county for example and varying radically
between elections, then...guys, we do NOT have enough C/C++ geeks
available to track all possible fraud that could occur. So unless
somebody can prove my thinking wrong here, I think we need to keep the
number of "election distros" to as small a number as possible.
Full-on Federal certification via the EAC/NIST process would be
overkill (and it's as verifiably useless as a nitrous oxide switch on
a lawn mower) but there does have to be some process by which open
source election code has to be "frozen in stone" and on file at the
California SecState's office so that we can confirm that what's used
in the field is the legit shit via downloading from the "known good"
government site with hashes and then do file compares with whatever is
actually out in the precinct.

If that isn't done, and we have to track each county's tweaks...oh God
what a nightmare and opportunity for fraud.

"Open source" doesn't automatically mean "can't be evil" - go ask Hans
Reiser's wife if you don't believe me...

Jim March
_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
By sending email to the OVC-discuss list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at http://gnosis.python-hosting.com/voting-project/
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Thu Jan 7 00:09:45 2010

This archive was generated by hypermail 2.1.8 : Thu Jan 07 2010 - 00:09:57 CST