Re: VotersUnite Proposals for new Holt Legislation

From: Joseph Lorenzo Hall <joehall_at_gmail_dot_com>
Date: Thu Nov 23 2006 - 09:53:11 CST

On 11/23/06, Kathy Dopp <> wrote:
> On 11/22/06, Nancy Tobi <
>> wrote:
> > In case anyone has not yet seen Gideon/Thiessan's proposal:
> >
> >
> >
> John and Ellen's proposals leave U.S. elections wide open to
> outcome-altering tampering and errors, just like the former Holt bill that
> they supported.
> Specifically, I have problems with these provisions:
> #2 disclosed software means that voting system experts would not be allowed
> to look at the software. The software, for many reasons, needs to be
> required to be "open source" software, not "disclosed" software. Most
> experts would not be able to review or help modify and improve 'disclosed
> software'. Much of the software we use now is already 'disclosed' software
> and you see how little good that has done. Consult with The Open Voting
> Consortium for more information on this.

This is imprecise if not incorrect. (This is not an attack.)

There are very good reasons that proposed legislation either uses the
term "disclosed" (HR 550 et al) or provides a deadline past which a
vendors software has to meet some disclosure requirements (CA's AB
2097). I don't think it would be wise to make vendors licensing
decisions for them... that is, you legislate what you need and no

All the aims with respect to access of mandating open source software
could be met with mandating disclosed software as long as the rights
needed under Copyright law (17 USC 106) by evaluators are granted...
unless the goal is to allow anyone to modify and change and
redistribute the vendor's software (if so, tell me why this is

One key difference between disclosed and open source software is that
in disclosure regimes, you're not allowing anyone to compete against a
vendor with its own software (this is a major part of why Software
Improvements is seeking to go proprietary with their new version of
the GPL'd Australian eVACS). VoteHere (who I don't have any
connections with, if Bev is watching) has a disclosed source license
that has allowed experts to review their software. In other cases,
most notably with DESI, we had to rely on software leaks in order to
do source code review (no other vendors source code is available for
review). We have no other access to source code as the public, and
limited access that has been granted to election officials to hire
independent experts to review has been fruitful (the VSTAAB report on
Hursti I flaws).

best, Joe

Joseph Lorenzo Hall
PhD Student, UC Berkeley, School of Information
OVC-discuss mailing list
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
Received on Thu Nov 30 23:17:11 2006

This archive was generated by hypermail 2.1.8 : Thu Nov 30 2006 - 23:17:19 CST