Re: Representative Holt's OWN WORDS [Re: OVC-discuss Digest, Vol 36, Issue 9]

From: Barbara Simons <simons_at_acm_dot_org>
Date: Thu Nov 01 2007 - 13:56:22 CDT

Dear Nancy,

I, like Rush Holt, would have preferred that HR 811 still prohibited the
use of secret software in voting machines.

You may feel that Microsoft had no right to weaken HR 811, but that does
not change the reality of what happened.

Since you mentioned Katrina, I suspect that you and I agree that the
Federal government performance, or lack thereof, before the storm hit
was outrageous. That outrage is still being perpetrated, as New Orleans
refugees are forced to live in FEMA trailers in obscure locations where
they can't obtain work. But even if I state my outrage IN CAPITAL
LETTERS, that will not fix the problem.

The leadership of the Civil Rights Movement was outraged by Jim Crow
laws and the gross inequities to which African Americans were
subjected. Had they only been outraged, we might still have Jim Crow
laws in the South. Many members of the Civil Rights community were
dissatisfied with the Voting Rights Act when it was under consideration
by Congress, and they argued about it in private. However, they stood
together publicly and supported the bill, because they knew it was the
best they could get at the time.

The Holt bill has been seriously weakened, but it is still significantly
better than the status quo. A key strength of HR 811 is that it would
for the very first time mandate national manual random audits. While
the audit provision is not perfect, it is a huge improvement over the
no-audit status quo.

Ultimately, if we are able to mandate statistically significant audits,
then the presence or absence of secret code becomes a relatively minor
issue, especially if the law - as is done in H.R. 811 - mandates that
experts involved in legal challenges be given full access to the
software, something that we don't have today. I don't know what you
want, but my primary concern is that the person who has been declared
the winner of an election actually is the winner. Statistically sound,
well done audits, followed by full manual recounts if necessary, will
provide us with that assurance.

I am not an expert in martial arts, but it seems to me that a key
component is to bypass your opponent's strengths and exploit his
weaknesses. You will lose if you confront Microsoft head on about
secret software. But you can win if you bypass the software issue
altogether and focus on requiring statistically sound manual audits.

Regards,
Barbara

P.S. As everyone knows, open source code can contain bugs, and there
is at least a small chance that it also could contain malicious code.
There is also the problem of guaranteeing that the software running on
the voting machine is identical to the software that is supposed to be
running on the machine. Consequently, even if we were fortunate enough
to have open, or at least public, source voting machine software, we'd
still need statistically sound election audits.

Nancy Tobi wrote:
> To respond to Barbara:
>
> 1) a nondisclosure agreement IS EXACTLY an oath of secrecy. Under 811,
> talk about what you see in the code, and you are in violation of
> FEDERAL law.
> 2) What you call "the negotiators" of the bill did NOT do "a
> remarkable job" nor am I as sanguine as you about giving up the law of
> MY land to a private corporation no matter how much money it has. We
> have a little thing called the US Constitution, which guarantees us
> the right to a republican form of government. This, by definition, is
> governance with the consent of the governed. Those people on Capital
> Hill willingly and freely negotiated away our democracy. That's a
> remarkable a job as "heckuva job" Brownie did during the Katrina
> travesty.
> 3) We do not need HR811, a bill that cements secret vote counting into
> Federal law, consolidates control over elections in the hands of five
> white house appointees, mandates new complex, and unnecessary voting
> technology, and inflicts huge unfunded mandates, to save us from
> events like Sarasota.
>
> WE NEED FREE AND OPEN ELECTIONS FOR THAT. PRIVATELY CONTROLLED,
> CORPORATELY OWNED, SECRETLY COUNTED, ELECTIONS DO NOT MEET THIS
> REQUIREMENT.
>
> Period.
>
> Best,
>
> Nancy
>
> On 11/1/07, *Danny Swarzman* <danny@stowlake.com
> <mailto:danny@stowlake.com>> wrote:
>
> I haven't seen in any of this disclosure stuff the kind of quality
> auditing that would demonstrate a quality process has been followed
> such as that required by the FDA for medical diagnostic equipment.
>
> The vendor should be required to make public the complete records for
> the project: all design documents, test procedures and results, bug
> reports, etc. An auditor should be able to verify that all such
> information is present. An inspector should be able to examine such
> materials to see that they are complete and consistent.
>
> Now that I see the text of the bill, I am more vigorously on the side
> of the opponents.
>
> There is really no excuse for all these qualifications. It is absurd
> to think that the vendors need this level of secrecy to protect their
> interests.
>
> -Danny
>
> On Oct 31, 2007, at 11:27 AM, Barbara Simons wrote:
>
> > An "oath of secrecy" is not the description I would use. I urge
> > people
> > to read the bill. However, I have transcribed the relevant portion
> > below for those of you who don't have the time to scroll through the
> > legislation.
> >
> > Holt had always called for no secret software. The change in the
> > legislation was forced by Microsoft. I believe that no federal
> > legislation could pass that prohibited secret software, at least not
> > while MS has the power and influence that it currently has.
> >
> > That said, I believe that the pro-HR811 negotiators did a
> remarkable
> > job, given the pressure they were under. The bill requires that all
> > "election-dedicated voting system technology" be certified and
> > escrowed
> > with an accredited laboratory. The disclosure restrictions
> apply only
> > to the accredited laboratories. The labs are required to disclose
> > "technology and information regarding the technology" to a
> "qualified"
> > person who has signed an NDA OR (not AND) "is required to
> disclose the
> > technology to the person under State law."
> >
> > A "qualified" person is (quoting from the text of the legislation):
> >
> > 1. a government entity with responsibility for the
> administration of
> > voting an election-related matters for purposes of reviewing,
> > analyzing,
> > or reporting on the technology;
> > 2. A party to pre- or post-election litigation challenging the
> > results
> > of an election or the administration or use of the technology used
> > in an
> > election, including but not limited to election contests or
> challenges
> > to the certification of the technology, or an expert for a party to
> > such
> > litigation, for purposes of reviewing or analyzing the technology to
> > support or oppose the litigation, and all parties to the litigation
> > shall have access to the technology for such purposes;
> > 3. A person not described in the above clauses who reviews,
> analyzes,
> > or reports on the technology solely for an academic, scientific,
> > technological, or other investigation or inquiry concerning the
> > accuracy
> > or integrity of the technology.
> >
> > Perhaps even more important, there are crucial limitations on
> what the
> > NDA can require. In particular, the NDA MUST allow:
> > 1. "disclosure of evidence of crime, including in response to a
> > subpoena or warrant;"
> > 2. "the signatory to perform analyses on the technology
> (including by
> > executing the technology), disclose reports and analyses that
> describe
> > operational issues pertaining to the technology (including
> > vulnerabilities to tampering, errors, risks associated with use,
> > failures as a result of use, and other problems), and describe or
> > explain why or how a voting system failed or otherwise did not
> perform
> > as intended."
> >
> > Had the Holt bill been law during the Sarasota court case, it
> seems to
> > me that Florida would have been required to provide Jennings' expert
> > witness with the code. That is a huge improvement over the status
> > quo,
> > even if it's not as much as many of us would like.
> >
> > Regards,
> > Barbara
> >
> > Fred McLain wrote:
> >> Aha, now I see why there is such strong opposition to HR-811 as
> >> currently worded. By forcing those that would inspect the code to
> >> somehow prove that they are qualified to do so and forcing an
> >> "oath of
> >> secrecy" upon them the vast majority of those that would
> inspect the
> >> code, the OSS community, to exclude themselves from the inspection
> >> process. That is completely unacceptable.
> >>
> >> I write complex software for a living and have lead open voting
> >> software development projects. I my experience there is no need for
> >> closed source, secrecy or anything of the sort.
> >>
> >> I would also assert based on my 25+ years of active software
> >> development and my 4 years in voting software development that
> there
> >> is *no need for an operating system* in voting equipment. In
> >> fact, it
> >> would be best to write this without an OS since the inspection
> >> becomes
> >> far simpler and more reliable.
> >>
> >> -Fred-
>
_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
By sending email to the OVC-discuss list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at http://gnosis.python-hosting.com/voting-project/
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Fri Nov 30 23:17:03 2007

This archive was generated by hypermail 2.1.8 : Fri Nov 30 2007 - 23:17:31 CST