Re: Respose to Joe Hall: Transparency and Access to Source Code in Electronic Voting

From: Joseph Lorenzo Hall <joehall_at_gmail_dot_com>
Date: Sun Jul 30 2006 - 13:56:11 CDT

On 7/30/06, Arthur Keller <voting@kellers.org> wrote:
> At 9:59 AM -0700 7/30/06, Joseph Lorenzo Hall wrote:
> >On 7/29/06, Arthur Keller <voting@kellers.org> wrote:
> > >
> > > I think that if any vendor that refuses to release its code at all
> >> should not be in the market for selling voting equipment. Delaying
> >> public release of the software is acceptable only with the agreement
> >> to replace that software with publicly disclosable software, and then
> >> full disclosure once it is replaced. Refusing ever to disclose
> >> software begs the question of what is there to hide. Eventual full
> >> disclosure is needed to confirm or refute the conspiracy theorists.
> >> Eventual full disclosure is will make evident the benefit gained, if
> >> any, in replacing the previously trade secret voting systems with
> >> open source voting systems.
> >
> >Think about it from the other side, for a second.
> >
> >These codebases were not developed with the intention of eventual
> >disclosure. A vendor and their representation might find it very if
> >not exceedingly difficult to convince themselves that they know the
> >full liability that might be encompassed by releasing their source
> >code. There could be external patent trolls who see that a vendor has
> >been using a patented algorithm without a license for years. There
> >could be internal developers that have copied and pasted from other
> >codebases into their code. There could be a whole slew of things,
> >some rather benign and some quite bad, and there is an almost zero
> >chance that they would have the resources to be able to convince
> >themselves that they fully understand the liability associated with
> >disclosing aging codebases.
> >
> >So, while some of a possible reluctance to disclose could very well be
> >"they have something to hide" I would guess there is an equal if not
> >greater amount of "they don't really know what they have and figuring
> >it out is prohibitive". -Joe
>
> Assuming the "disclose or replacement and cooperate" requirement, I
> would be willing to have the disclosure after replacement be the
> gradual process that starts at the commitment to replace and
> cooperate, along the lines of what Doug said. However, the
> disclosure option should result in immediate and full disclosure,
> because there is no commitment to replace with disclosable software,
> firmware, etc.

This sounds reasonable... I'll think about it some more. It would be
great to get a vendor to commit to this... I think it would give them
an edge over others. I've been struggling with trying to find a way
to convince a vendor or two that our scrutiny could only result in a
better product. -Joe

-- 
Joseph Lorenzo Hall
PhD Student, UC Berkeley, School of Information
<http://josephhall.org/>
_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
==================================================================
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
==================================================================
Received on Mon Jul 31 23:17:09 2006

This archive was generated by hypermail 2.1.8 : Mon Jul 31 2006 - 23:17:10 CDT