Re: Respose to Joe Hall: Transparency and Access to Source Code in Electronic Voting

From: Arthur Keller <voting_at_kellers_dot_org>
Date: Sat Jul 29 2006 - 20:48:42 CDT

It appears that you agree with my point 8 below.

I'm not suggesting that Windows or BallotStation of GEMS *become*
open source or be licensed under GPLv2. To do so would remove the
proprietary nature of those systems. I have no objection to
intellectual property rights over software. What I do object to is
trade secret protections for voting systems.

So here's my proposal:

1. Escrow existing voting system software, firmware, and designs.

2. Vendors may choose to fully disclose their software, firmware, and
designs other than security passwords or to replace systems with
publicly developed open source software designed to be disclosed.

3. Election officials contract for the construction of a complete
system for the entire voting process of open source software.

4. Vendors deploy fully disclosed systems (either their own or by
including the publicly developed systems).

5. The escrowed systems are disclosed either by vendor choice or when
they are replaced with publicly developed systems.

Public disclosure of vendor systems once they are replaced by
publicly developed software should not pose any security risk, but
will aid researchers in investigating whether there were backdoors or
other security problems with existing systems.

Best regards,

At 6:31 PM -0700 7/29/06, Joseph Lorenzo Hall wrote:
>Thanks again for great feedback. While the comparison to Linux is
>easy to make, Linux was not an ugly commercial project and then
>suddenly its source was opened. For example, could you imagine what
>would happen in the short-term if all of Windows was released under
>GPLv2only tomorrow? How could we take something like Windows (or
>BallotStation and GEMS) and go from purely commercial to open source?
>I believe there needs to be some transitional procedure and I think
>it's going to take the cooperation of a bunch of constituencies. I
>also think that the transition should include a wider disclosure of
>source code culminating in public disclosure. Something that makes
>sense to me is if a vendor decided to voluntarily open its source to a
>limited group of people* in order to encourage finding holes, flaws,
>etc. and then after a round of that, to a wider group of people (say
>technical activists) and then finally to go public. If anyone knows
>of how a business has done something like this before and not
>suffered, let me know. -Joe
>* And, yes, I'm not sure how the state or vendor or anyone chooses
>these people. I've brainstormed about this and nothing seems
>particularly good to me.
>On 7/29/06, Arthur Keller <> wrote:
> > 8. If existing voting systems are so poorly written that they must
>> rely on "security through obscurity," then the software in those
>> systems should be replaced expeditiously with software (open source
>> OR proprietary published software) that can withstand public
>> scrutiny. The concept that existing systems should be kept secret as
>> a security measure should be a stopgap towards their replacement, not
>> a permanent artifact. And once these existing systems are replaced,
>> then there is no reason why they should be publicly disclosed so that
>> we can see for ourselves whether they were or could have been avenues
> > for fraudulent activity.

Arthur M. Keller, Ph.D., 3881 Corina Way, Palo Alto, CA  94303-4507
tel +1(650)424-0202, fax +1(650)424-0424
OVC-discuss mailing list
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
Received on Mon Jul 31 23:17:08 2006

This archive was generated by hypermail 2.1.8 : Mon Jul 31 2006 - 23:17:10 CDT