Re: Representative Holt's OWN WORDS [Re: OVC-discuss Digest, Vol 36, Issue 9]

From: Danny Swarzman <danny_at_stowlake_dot_com>
Date: Thu Nov 01 2007 - 03:04:16 CDT

I haven't seen in any of this disclosure stuff the kind of quality
auditing that would demonstrate a quality process has been followed
such as that required by the FDA for medical diagnostic equipment.

The vendor should be required to make public the complete records for
the project: all design documents, test procedures and results, bug
reports, etc. An auditor should be able to verify that all such
information is present. An inspector should be able to examine such
materials to see that they are complete and consistent.

Now that I see the text of the bill, I am more vigorously on the side
of the opponents.

There is really no excuse for all these qualifications. It is absurd
to think that the vendors need this level of secrecy to protect their
interests.

-Danny

On Oct 31, 2007, at 11:27 AM, Barbara Simons wrote:

> An "oath of secrecy" is not the description I would use. I urge
> people
> to read the bill. However, I have transcribed the relevant portion
> below for those of you who don't have the time to scroll through the
> legislation.
>
> Holt had always called for no secret software. The change in the
> legislation was forced by Microsoft. I believe that no federal
> legislation could pass that prohibited secret software, at least not
> while MS has the power and influence that it currently has.
>
> That said, I believe that the pro-HR811 negotiators did a remarkable
> job, given the pressure they were under. The bill requires that all
> "election-dedicated voting system technology" be certified and
> escrowed
> with an accredited laboratory. The disclosure restrictions apply only
> to the accredited laboratories. The labs are required to disclose
> "technology and information regarding the technology" to a "qualified"
> person who has signed an NDA OR (not AND) "is required to disclose the
> technology to the person under State law."
>
> A "qualified" person is (quoting from the text of the legislation):
>
> 1. a government entity with responsibility for the administration of
> voting an election-related matters for purposes of reviewing,
> analyzing,
> or reporting on the technology;
> 2. A party to pre- or post-election litigation challenging the
> results
> of an election or the administration or use of the technology used
> in an
> election, including but not limited to election contests or challenges
> to the certification of the technology, or an expert for a party to
> such
> litigation, for purposes of reviewing or analyzing the technology to
> support or oppose the litigation, and all parties to the litigation
> shall have access to the technology for such purposes;
> 3. A person not described in the above clauses who reviews, analyzes,
> or reports on the technology solely for an academic, scientific,
> technological, or other investigation or inquiry concerning the
> accuracy
> or integrity of the technology.
>
> Perhaps even more important, there are crucial limitations on what the
> NDA can require. In particular, the NDA MUST allow:
> 1. "disclosure of evidence of crime, including in response to a
> subpoena or warrant;"
> 2. "the signatory to perform analyses on the technology (including by
> executing the technology), disclose reports and analyses that describe
> operational issues pertaining to the technology (including
> vulnerabilities to tampering, errors, risks associated with use,
> failures as a result of use, and other problems), and describe or
> explain why or how a voting system failed or otherwise did not perform
> as intended."
>
> Had the Holt bill been law during the Sarasota court case, it seems to
> me that Florida would have been required to provide Jennings' expert
> witness with the code. That is a huge improvement over the status
> quo,
> even if it's not as much as many of us would like.
>
> Regards,
> Barbara
>
> Fred McLain wrote:
>> Aha, now I see why there is such strong opposition to HR-811 as
>> currently worded. By forcing those that would inspect the code to
>> somehow prove that they are qualified to do so and forcing an
>> "oath of
>> secrecy" upon them the vast majority of those that would inspect the
>> code, the OSS community, to exclude themselves from the inspection
>> process. That is completely unacceptable.
>>
>> I write complex software for a living and have lead open voting
>> software development projects. I my experience there is no need for
>> closed source, secrecy or anything of the sort.
>>
>> I would also assert based on my 25+ years of active software
>> development and my 4 years in voting software development that there
>> is *no need for an operating system* in voting equipment. In
>> fact, it
>> would be best to write this without an OS since the inspection
>> becomes
>> far simpler and more reliable.
>>
>> -Fred-
>>
>> On Oct 30, 2007, at 2:49 PM, Hamilton Richards wrote:
>>
>>
>>> A few thoughts after watching the YouTube video of Rush Holt, which
>>> is actually at <http://www.youtube.com/watch?v=F9hLLmBJLZE>.
>>>
>>> Code inspection is a sideshow
>>> -------------------------
>>> Rush Holt is quite right--the integrity of elections can be assured
>>> not by inspecting source code but by auditing paper records.
>>> Auditing
>>> amounts to an end run around any possible shenanigans in the
>>> software.
>>>
>>> If the video's unsourced claim that "up to 10% of the
>>> electronically-generated paper records allowed by HR811 are damaged,
>>> unreadable, and unusable for audits" is based on anything, it's
>>> based
>>> on early implementations produced by manufacturers who have an
>>> interest in seeing them rejected. Electronically generated
>>> voter-verified paper ballots can be far more reliable than
>>> hand-marked ones, and far less vulnerable to ballot-box stuffing and
>>> spurious rejection by crooked election officials.
>>>
>>> Concerning code inspection, it's universally accepted in computing
>>> science that code cannot be validated by inspection. You can inspect
>>> a piece of software all you like, and when you finally quit, you
>>> cannot know whether there's a flaw--innocent or deliberate--that you
>>> missed. Therefore the arguments about "full disclosure" of election
>>> software are at best a sideshow. Requiring inspectors of proprietary
>>> software to sign NDAs is no more than one would expect from
>>> commercial software vendors, who habitually commit the accounting
>>> error of booking lines of code under Investment, rather than
>>> Expense.
>>>
>>> The video's contention that "The committee changed the bill when
>>> they
>>> heard from Microsoft ... so ordinary American citizens can never
>>> know
>>> how their votes are being counted" is disingenuous. Microsoft could
>>> publish its entire inventory of software on the web, and "ordinary
>>> Americans" would still never know how their votes were being
>>> counted.
>>>
>>>
>>> Open source is a good thing
>>> -----------------------
>>> Discounting the importance of software disclosure is not to say that
>>> open-source software for elections wouldn't be a great step forward,
>>> but the reason is not that it would guarantee election integrity.
>>>
>>> One reason in favor of open source is that truly open software would
>>> be of higher quality initially than proprietary software (there's
>>> nothing quite like knowing that your work will be viewed critically
>>> by hundreds of your peers), and it could be expected to continue to
>>> improve in response to scrutiny and contributions from the
>>> open-software community.
>>>
>>> Another reason is that election officials choosing open-source
>>> software would be free from enslavement to a particular vendor. A
>>> vendor that charged too much or failed to perform could be replaced
>>> by another vendor, since all would have access to the same software.
>>>
>>> Some proponents of open source, always looking for more arguments in
>>> its favor, claim that open source is less insecure than undisclosed
>>> source. That claim may have some merit, but it's of no practical use
>>> ("less insecure" is like "less pregnant")--unless the software is
>>> known to be completely secure, other security measures such as
>>> voter-verified paper ballots are still essential.
>>>
>>>
>>> The mythical golden age
>>> --------------------
>>> The video makes the claim that "we already have 'verifiable'
>>> elections. They're called hand counted, paper ballot elections. We
>>> don't need a federal bill...". The colorful history of election
>>> fraud
>>> in the days before computers is so widely known that this can
>>> only be
>>> another disingenuous claim. Its author's antipathy to the use of
>>> computers in elections is evident, but since it is unsupported by
>>> any
>>> logical arguments, it's far from persuasive.
>>>
>>>
>>> Profits are evil?
>>> ------------
>>> The video ends by asserting that no one should make a profit from
>>> elections. Does that mean that election officials should not be
>>> paid?
>>> That the suppliers of printed paper ballots should provide them at
>>> cost? How about the printers' suppliers of paper and ink? This
>>> smells
>>> like a religious argument more than a logical one, and the thing
>>> about religion is that you either get it or you don't. Brandishing
>>> religious arguments at nonbelievers is famously counterproductive.
>>>
>>>
>>> The bottom line
>>> -------------
>>> Your mileage may differ, but for me HR811, imperfect as it is,
>>> represents a worthwhile step forward, and I'm grateful to Rep. Holt
>>> for introducing it and for putting up with all the flak.
>>>
>>> Cheers,
>>>
>>> --Ham
>>>
>>> At 12:00 PM -0700 2007/10/30, ovc-discuss-request@listman.sonic.net
>>> wrote:
>>>
>>>> [...]
>>>> -------------------------------------------------------------------
>>>> ---
>>>>
>>>> Message: 1
>>>> Date: Tue, 30 Oct 2007 10:34:35 -0400
>>>> From: "Nancy Tobi" <nancy.tobi@gmail.com>
>>>> Subject: Re: [OVC-discuss] [FWD: RE: [vote-technology] Booted
>>>> out of
>>>> the Hotel at the 2007 Post-Election Auditing Summit]
>>>> To: "Open Voting Consortium discussion list"
>>>> <ovc-discuss@listman.sonic.net>
>>>>
>>>> [...]
>>>> But most interesting to you may be Representative Holt's OWN WORDS
>>>> on the
>>>> subject. You can see those here:
>>>>
>>>> http://www.youtube.com/profile?user=HANDSONELECTIONS
>>>>
>>>> Best,
>>>>
>>>> Nancy Tobi
>>>>
>>>>
>>> --
>>> ------------------------------------------------------------------
>>> Hamilton Richards, PhD Department of Computer Sciences
>>> Senior Lecturer (retired) The University of Texas at Austin
>>> ham@cs.utexas.edu hrichrds@swbell.net
>>> http://www.cs.utexas.edu/users/ham/richards
>>> ------------------------------------------------------------------
>>> _______________________________________________
>>> OVC-discuss mailing list
>>> OVC-discuss@listman.sonic.net
>>> http://lists.sonic.net/mailman/listinfo/ovc-discuss
>>> By sending email to the OVC-discuss list, you thereby agree to
>>> release the content of your posts to the Public Domain--with the
>>> exception of copyrighted material quoted according to fair use,
>>> including publicly archiving at http://gnosis.python-hosting.com/
>>> voting-project/
>>>
>>>
>>
>> Instant Messaging (IM) Addresses:
>> Jabber: mclain@jabber.org
>> Yahoo: appworx_fred, schemalogic_fred
>> MSN: appworx_fred@hotmail.com, schemalogic_fred@hotmail.com
>> AIM: mclain98021
>> ICQ: 6947005
>> GTalk (Jabber): mclain98021@gmail.com
>> Skype: fmclain
>>
>>
>>
>> _______________________________________________
>> OVC-discuss mailing list
>> OVC-discuss@listman.sonic.net
>> http://lists.sonic.net/mailman/listinfo/ovc-discuss
>> By sending email to the OVC-discuss list, you thereby agree to
>> release the content of your posts to the Public Domain--with the
>> exception of copyrighted material quoted according to fair use,
>> including publicly archiving at http://gnosis.python-hosting.com/
>> voting-project/
>>
>>
> _______________________________________________
> OVC-discuss mailing list
> OVC-discuss@listman.sonic.net
> http://lists.sonic.net/mailman/listinfo/ovc-discuss
> By sending email to the OVC-discuss list, you thereby agree to
> release the content of your posts to the Public Domain--with the
> exception of copyrighted material quoted according to fair use,
> including publicly archiving at http://gnosis.python-hosting.com/
> voting-project/
>
>

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
By sending email to the OVC-discuss list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at http://gnosis.python-hosting.com/voting-project/
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Fri Nov 30 23:17:02 2007

This archive was generated by hypermail 2.1.8 : Fri Nov 30 2007 - 23:17:31 CST