Re: Vendor Applies for Open Voting Consortium Certification -- OVC Press Release

From: Joseph Hall <joehall_at_gmail_dot_com>
Date: Mon Oct 16 2006 - 15:00:06 CDT

a few comments offered with the purpose of getting the juices flowing:

On 10/15/06, Arthur Keller <> wrote:
> Here is my personal thinking about what OVC certification might mean.
> This message does not represent the position of the OVC Board, which
> will take up these issues at the next Board meeting.
> OVC certified is separated out into "OVC LIsted" and "OVC Tested"
> "OVC Listed" would say that the source, documentation, license, etc.,
> are publicly disclosed. The public disclosure of the source,
> documentation, license, etc., would be on our website. We need to
> come up with a checklist of the items that need to be disclosed. We
> would then provide a listing ID that one could look up on our website
> to have access to the publicly disclosed information.
> My immediate list is:
> License for the system (which must allow others also to publish the
> software, anyone to test and experiment and analyze, including
> publication of analysis including excerpts of source code)
> Listing of components of system (e.g., electronic ballot printer,
> ballot reconciliation system, ballot verification system)

Would this include things like VoteHere which has a "for evaluation
purposes only" license:

It would also be good to list a bunch of popular or known Open Source
licenses and state whether or not they meet the criteria (and why not,
if not).

> Full source code for each component of system

Would systems that run on Windows be excluded? That is, does just the
voting application have to be disclosed (or "public") or is it all of
the system... including any third party software?

> Object code image for each component of system

Doesnt' the image depend on the architecture? If there are multiple
architectures, that mean multiple images, right? (I just don't know
the answer to this, being only somewhat technical.)

> Checksum of object code image for each component of system

What kinds of checksums... CRCs? (Seems bad) MD5, SHA-1, SHA-256,
tiger, whirlpool? A combination of the above to hedge against the

> Documentation
> Internal and external document formats and sample documents
> Specifications

Does this include hardware schematics? What kind of licenses (open
hardware, etc.) would be permissable for this?

> Feature checklist (e.g., paper ballot vs. electronic ballot with
> paper audit trail; basic architectural type)
> OVC listed registry number and date (which would be assigned by OVC)
> Note that I would not require the rights to make derivative works or
> derivative systems (other than as part of analyses, tests, or
> experiments), and the rights to use the system for elections would
> not be required to be granted as part of obtaining an OVC listing.

This seems wise. I think "testing purposes" would include derivative
works but for a specific purpose (although, of course, deriv. works
are the stickiest and most opaque parts of copyright law)... that is,
recompilation with debugging flags set creates a work based on the
source code that is different from the distributed and as-implemented
binary (the image above).

> There would be a fee for listing that would cover costs of checking
> completeness and publishing the data in permanent registry and for
> developing and maintaining the feature checklist. My suggestion is
> $1000 per listing. Each version is a separate listing. For OVC
> listed, we do not certify anything about the system other than the
> fact that what we publish is exactly what the vendor provided. We
> should require that the vendor attest that the label "OVC Listed"
> must always be accompanied by the listing number(s) and date(s) for
> specific versions mentioned, and that the system for those versions
> always exactly match that which was submitted for listing. The
> vendor should also attest that all the information provided is true
> and complete and applies to the same consistent and complete version.
> It is my intent that if an existing vendor wished to make their
> system OVC listed by disclosing what we require, then we would allow
> that. We should therefore indicate the potential for a COTS
> exception and describe what can be COTS. The listing would be a
> qualified listing "OVC listed, except for the non-disclosed COTS
> elements x, y, and z"

Ah, didn't read this far... there would seem to be an important
distinction in here that we should all think through. For example,
third-party code that directly participates with the voting
application in the election events should probably be different than
lower-level stuff like the OS and such. However, even the low-level
stuff could be problematic (Hursi II, etc.). So maybe there should be
a different thing for those systems... like "Components OVC Listed".
(I'm having trouble thinking up something better... and maybe the
qualifier that it's not completely listed is enough... Howabout,
something added to complete OVC products to distinguish them like
"Fully OVC Listed".

best, Joe

> "OVC Tested" would say that the system has undergone various tests.
> I think we'll have to study exactly what that means.
> Best regards,
> Arthur
> At 12:50 AM -0700 10/15/06, Alan Dechert wrote:
> >Most of you already have this, but I want to make sure this is in our
> >OVC-discuss archives ... and I'd also like to start some discussion about
> >this!
> >
> >**************
> >
> >9560 Windrose Lane
> >Granite Bay, CA 95746
> >
> >
> >Subject: Vendor applies for certification with Open Voting Consortium
> >Contact: Alan Dechert
> >Phone (916) 791-0456
> >
> >
> >GRANITE BAY, CALIFORNIA - Open Voting Solutions, Inc., a Delaware
> >corporation, has become the first voting system vendor to apply for
> >certification with Open Voting Consortium, a California nonprofit
> >corporation. While many independent experts have advocated open source
> >software for election systems, no such products have been sold by voting
> >system vendors. Companies like Diebold prefer to keep the inner workings of
> >their systems confidential.
> >
> >"There is no excuse for any secret methods to be involved in the tabulation
> >of our votes," says Alan Dechert, President of the Open Voting Consortium.
> >"It's about time that voting system technology be fully open to public
> >scrutiny. We expect that Open Voting Solutions' OpenScan product will
> >become the first commercially available Open Voting system."
> >
> >Open Voting Solutions CEO, Dr. Richard Johnson, wrote to Mr. Dechert
> >requesting that testing and evaluation be done by Open Voting Consortium
> >(OVC) scientists and engineers. Dechert explains, "This is new, so all the
> >details have not been finalized. Generally speaking, a voting system can
> >earn the OVC service mark if it utilizes a voter verified paper ballot and
> >all software written for the voting process is published for all to see."
> >
> >Open Voting Solutions has submitted their OpenScan product to the State of
> >New York for certification. The New York City board of elections has also
> >requested information on the OpenScan product. With the OpenScan system,
> >hand marked paper ballots are fed into a commercially available scanner such
> >as the Kodak i40 scanner. The pictures of the ballots are then processed
> >with free open source software running on ordinary computers to determine
> >votes cast. Open Source means that the instructions, written by computer
> >programmers in a computer programming language, are publicly available.
> >
> >"We are looking forward to obtaining the approval and feel that being the
> >only vendor with an Open Voting Consortium compliant product will be a
> >significant advantage. It says a lot about our commitment to making this
> >public process fully public and keeping costs down," says Dr. Johnson.
> >
> >OVC certification will be a two-stage process. Earning the OVC service mark
> >is not a very involved process and should not take more than a week or two.
> >The OVC service mark does not ensure that the system is glitch-free: it
> >indicates that the vote tabulation process is fully open to public scrutiny
> >and verification. The second part of the process will look for glitches or
> >software bugs in the system.
> >
> >Dechert continues, "OVC certification is not yet recognized by election
> >boards around the country. We think OVC certification will be compelling
> >because it's the only voting system certification process where everything
> >we do will be published. Right now, the process is a big secret with
> >existing test labs and vendors. We know they miss a lot of things, but we
> >really don't have any way of knowing what tests were run. You'd think that
> >almost six years after the election mess in 2000, the system would have been
> >corrected. It's time to make some important changes."
> >
> >Open Voting Solutions was co-founded in 2005 by David Webber of Maryland and
> >Richard Johnson of New York. Open Voting Consortium was co-founded in 2003
> >by Alan Dechert, Doug Jones of the University of Iowa, and Arthur Keller of
> >UC Santa Cruz.
> > ###
> >
> >_______________________________________________
> >OVC-discuss mailing list
> >
> >
> --
> -------------------------------------------------------------------------------
> Arthur M. Keller, Ph.D., 3881 Corina Way, Palo Alto, CA 94303-4507
> tel +1(650)424-0202, fax +1(650)424-0424
> _______________________________________________
> OVC-discuss mailing list

Joseph Lorenzo Hall
PhD Student, UC Berkeley, School of Information
OVC-discuss mailing list
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
Received on Tue Oct 31 23:17:04 2006

This archive was generated by hypermail 2.1.8 : Tue Oct 31 2006 - 23:17:10 CST