Defining "Open Source" in the context of eVoting solution requirements.

From: David RR Webber (XML) <"David>
Date: Tue Oct 14 2008 - 21:59:07 CDT
Recently there has been a range of interpretations of open source, ranging from - we cannot have "open source" because of all the wierd licensing models, through to - we will do "disclosed source" instead.
 
Well it's no secret that as with other terms in the software industry there are so many possible interpretations of what "open source" is.
 
Therefore I've put together a strawman of what this should mean in the context of eVoting and E2E solutions for eVoting.  Notice this specifically sets out precisely what is required to be met to ensure that the unique transparency and verification aspects of voting are covered.
 
Feel free to improve refine and wordsmith as needed!  Hopefully this can then serve as the basis to make it completely obvious what is needed when the requirement for "open source" is stipulated.
 
Thanks, DW
 
======================================================
 
Defining "Open Source" in the context of eVoting solution requirements.
 
Preamble
 
The concept of open source is important for ensuring transparency and
verification in eVoting solutions - however the term "open source"
has many interpretations and so here we attempt to provide a level
setting of what this should mean in the context of eVoting solutions.
There are three areas considered: licensing and access, programming
conventions, and operational verification.
 
Licensing and Access
 
Software solely designed for and used in the primary operation of the
eVoting solution should be made publically available for inspection by
interested persons without precondition or costs.  Particularly this
should apply to the specific version and release used in an election.
Such open and free access should be permitted irrespective of whatever
licensing, copyright or intellectual property constraints the developer
of the software may be entitled to.
 
A central repository will hold the certified copies of software used in
an election.  This would be hosted by a national organization such as
NIST, GSA or NSF, and / or from the specific States election adminstration
site.
 
Programming Conventions
 
The software should be written in such a manner to aid and facilitate
inspection.  The code should be written in plain language, using obvious
techniques and naming conventions that can be easily followed by
software developers and practioners and appropriately commented as per
normal software industry best practices.
 
Specifically the code should not be obfuscated using either automated
software tools nor manually refactored to deliberately obscure the
purpose and functioning of the software.  The software developer should
be required to explain and otherwise document any specific area of the
code that is unclear or is performing a particularly complex function or
algorithm.
 
The software should be developed in a programming language that is
broadly publically available and not a limited or proprietary technology
that is known only to the eVoting solution implementers.
 
The code should be documented with overall information about each
software code module, its purpose, and its relationship to the overall
eVoting solution, inputs and outputs and the sequence of operation of
that module along with the previous and following steps.  An overall
workflow of the software modules should also be required to be
published.
 
Operational Verification
 
The software should be provided along with all the necessary build and
compilation supporting configuration files, scripts, documentation,
prerequisites and dependencies such that any software practitioner
familiar with that development environment may reproduce the executable
software components as used in the election.
 
The software should be designed to operate on available generic computer
hardware equipment that is commercially available from retail vendors to
the general public.
 
A set of default configuration files should be provided to allow operation
of a verification test suite.  Also any publically published results
and election records should be able to be run with the verification test
suite.

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
By sending email to the OVC-discuss list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at http://gnosis.python-hosting.com/voting-project/
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Fri Oct 31 23:17:04 2008

This archive was generated by hypermail 2.1.8 : Fri Oct 31 2008 - 23:17:05 CDT