Re: Defining "Open Source" in the context of eVoting solution requirements.

From: Edward Cherlin <echerlin_at_gmail_dot_com>
Date: Tue Oct 14 2008 - 23:51:50 CDT

On Tue, Oct 14, 2008 at 7:59 PM, David RR Webber (XML) <> wrote:
> Recently there has been a range of interpretations of open source, ranging
> from - we cannot have "open source" because of all the wierd licensing
> models, through to - we will do "disclosed source" instead.

My interpretation has always been well outside that range. My
expectation is that we will use GPL licensing for ordinary public
distribution in Red Hat rpm packages or Debian deb packages, or any
other system including OLPC xo bundles, but that only certified and
tested releases compliant with applicable law can be used in real
elections. So people can do what they like with the code to test
proposed voting methods, security protocols and attacks, and whatever
else seems good to them, and they have to contribute any modifications
they distribute back to the community under the same license or

I don't insist on GPL, as long as some group that understands the
implications defines an official standard for public/government source
code rights for the purpose. We could propose development of such a
standard to relevant standards bodies such as ANSI and ISO.

IETF is unsuitable because it does not issue binding standards, just
"Requests for Proposal" (RFP). ECMA is unsuitable because it is a
manufacturer's association, not a proper standards body, and is known
not to know how to do an open standard. IEEE is possible if they feel
it is within their charter. We can discuss other possibilities.

> Well it's no secret that as with other terms in the software industry there
> are so many possible interpretations of what "open source" is.

Open Source and Free Software both. The official definitions are by by
Richard Stallman and others at the Free Software Foundation for Free
Software, and by Bruce Perens (originally for Debian) and others for
Open Source. There are many licenses using the term Open Source in
their definitions, many of them listed at FSF. Each is a specific
license offered by a specific organization. The generic term is Free
Software, meaning software under any Free license. FSF is generally
considered to be the authority on this matter.

> Therefore I've put together a strawman of what this should mean in the
> context of eVoting and E2E solutions for eVoting. Notice this specifically
> sets out precisely what is required to be met to ensure that the unique
> transparency and verification aspects of voting are covered.
> Feel free to improve refine and wordsmith as needed! Hopefully this can
> then serve as the basis to make it completely obvious what is needed when
> the requirement for "open source" is stipulated.
> Thanks, DW

s/old/new/ substitute new for old in the line above

s/old/new/g substitute new for old everywhere (globally)

> ======================================================
> Defining "Open Source" in the context of eVoting solution requirements.
> Preamble
> The concept of open source is important for ensuring transparency and

s/concept of open source is/concepts of Open Source and Free Software are/

> verification in eVoting solutions - however the term "open source"

s/term "open source"/terms "Open Source" and "Free Software"/

> has many interpretations and so here we attempt to provide a level


> setting of what this should mean in the context of eVoting solutions.
> There are three areas considered: licensing and access, programming
> conventions, and operational verification.
> Licensing and Access
> Software solely designed for and used in the primary operation of the
> eVoting solution should be made publically available for inspection by


> interested persons without precondition or costs. Particularly this
> should apply to the specific version and release used in an election.

> Such open and free access should be permitted irrespective of whatever
> licensing, copyright or intellectual property constraints the developer
> of the software may be entitled to.

Such Open and Free access must be provided for by law regardless of
the prior rights in the software any party may have. In order to offer
software for use in elections, the owners of such right must grant an
appropriate license in accordance with a publicly defined standard.

> A central repository will hold the certified copies of software used in
> an election. This would be hosted by a national organization such as
> NIST, GSA or NSF, and / or from the specific States election


> site.
> Programming Conventions
> The software should be written in such a manner to aid and facilitate

s/manner to/manner as to/

> inspection. The code should be written in plain language, using obvious
> techniques and naming conventions that can be easily followed by
> software developers and practioners and appropriately commented as per
> normal software industry best practices.

Conversion of the plain version to an optimized version, should this
be necessary, will use documented and widely available Free tools.

> Specifically the code should not be obfuscated using either automated
> software tools nor manually refactored to deliberately obscure the
> purpose and functioning of the software. The software developer should
> be required to explain and otherwise document any specific area of the
> code that is unclear or is performing a particularly complex function or
> algorithm.
> The software should be developed in a programming language that is

s/is/has tools/

> broadly publically available

under Free license

> and not a limited or proprietary technology
> that is known only to the eVoting solution implementers

or some other small community.

> The code should be documented with overall information about each
> software code module, its purpose,

algorithms used,

> and its relationship to the overall
> eVoting solution, inputs and outputs and the sequence of operation of
> that module along with the previous and following steps. An overall
> workflow of the software modules should also be required to be
> published.

(Not just a workflow. We should find or create a suitable software
documentation standard, including object definitions.)

> Operational Verification
> The software should be provided along with all the necessary build and


> compilation supporting configuration files, scripts, documentation,
> prerequisites and dependencies such that any software practitioner
> familiar with that development environment may reproduce the executable
> software components as used in the election.
> The software should be designed to operate on

a wide range of

> available generic computer
> hardware equipment that is commercially available from retail vendors to
> the general public.
> A set of default configuration files should be provided to allow operation
> of a verification test suite. Also any publically published results
> and election records should be able to be run with the verification test
> suite.
> _______________________________________________
> OVC-discuss mailing list
> By sending email to the OVC-discuss list, you thereby agree to release the
> content of your posts to the Public Domain--with the exception of
> copyrighted material quoted according to fair use, including publicly
> archiving at

Don't panic.--HHGTTG, Douglas Adams, Obama still moving ahead in EC! Join us! For the children
OVC-discuss mailing list
By sending email to the OVC-discuss  list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
Received on Fri Oct 31 23:17:04 2008

This archive was generated by hypermail 2.1.8 : Fri Oct 31 2008 - 23:17:05 CDT