Re: Respose to Joe Hall: Transparency and Access to Source Code in Electronic Voting

From: Joseph Lorenzo Hall <joehall_at_gmail_dot_com>
Date: Sun Jul 30 2006 - 11:59:36 CDT

On 7/29/06, Arthur Keller <> wrote:
> The vendor should not need anyone's permission to publish the
> software it developed or contracted for.

It depends on the details... if they weren't careful with work for
hire assignments, etc. the copyright in their code could be vastly
spread out. I've seen this with other companies and it is a major,
major pain in the ass to reconcile (it's akin to moving the copyright
in an open source project from all the individual authors to assigned
to one foundation... not trivial).

> I think that if any vendor that refuses to release its code at all
> should not be in the market for selling voting equipment. Delaying
> public release of the software is acceptable only with the agreement
> to replace that software with publicly disclosable software, and then
> full disclosure once it is replaced. Refusing ever to disclose
> software begs the question of what is there to hide. Eventual full
> disclosure is needed to confirm or refute the conspiracy theorists.
> Eventual full disclosure is will make evident the benefit gained, if
> any, in replacing the previously trade secret voting systems with
> open source voting systems.

Think about it from the other side, for a second.

These codebases were not developed with the intention of eventual
disclosure. A vendor and their representation might find it very if
not exceedingly difficult to convince themselves that they know the
full liability that might be encompassed by releasing their source
code. There could be external patent trolls who see that a vendor has
been using a patented algorithm without a license for years. There
could be internal developers that have copied and pasted from other
codebases into their code. There could be a whole slew of things,
some rather benign and some quite bad, and there is an almost zero
chance that they would have the resources to be able to convince
themselves that they fully understand the liability associated with
disclosing aging codebases.

So, while some of a possible reluctance to disclose could very well be
"they have something to hide" I would guess there is an equal if not
greater amount of "they don't really know what they have and figuring
it out is prohibitive". -Joe

Joseph Lorenzo Hall
PhD Student, UC Berkeley, School of Information
OVC-discuss mailing list
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
Received on Mon Jul 31 23:17:09 2006

This archive was generated by hypermail 2.1.8 : Mon Jul 31 2006 - 23:17:10 CDT