Re: evmpl license

From: Douglas W. Jones <jones_at_cs_dot_uiowa_dot_edu>
Date: Wed Sep 10 2003 - 08:56:56 CDT

On Tuesday, September 9, 2003, at 09:31 PM, Clay Lenhart wrote:

> The revision tracking clause will create extra burdon on the gov agency
> --- when we really are not interested in their development process. If
> they release the complete source code, we can run the diffs to see what
> changed. Is the revision tracking clause neccessary?

Revision tracking documents the intent of the code. Diffs only show
you what changed. Indeed, even the inadequate source code audits done
today for current-generation voting systems start by taking a diff
between
the old version and the new (as I infer it from reading the source code
audit reports). Once this is done, however, the auditors both read the
changes to the code and they read the change logs and revision control
documents. This is because they want the code not only to be permissable
in the abstract, but they also want it to do what it was intended to do
and not something else.

If I have to audit a 10 line program, I have no problem reading the whole
thing and not relying on anything else. If I have to audit a version
of Linux, on the other hand, I need all the help I can get. Who wrote
this line of code, why did they say they put it there, when was it added
and in response to what external requirement.

These auxiliary records are particularly important when a criminal case
comes up. Suppose one version of our code comes into circulation that
includes a fraud-O-matic feature that records in the bar code on the
ballot information that differs from the human readable content. Once
this is discovered in a voting system that was actually put in a polling
place, we want to be able to reconstruct how it got there. Naked code
and diffs don't help this process nearly as well as complete change
records. Of course, the crook probably hid his tracks in that arena,
but the later custodians of the code, if required by the licence,
probably
continued to update the records properly, so these records will lead
back to the crook.

And, once the crook is found, we can prosecute for violation of the
EVMPL as well as for election fraud. This is like prosecuting Al Capone
for tax evasion, but the important thing is, it gives you a lever to
prosecute with in the case of fraud.

> I propose that we change the license to:

> <changed>Using the software for voting purposes is considered
> "distribution of software" under this agreement. All rights and
> restrictions must be obeyed as if the software were actually
> distributed.</changed>

I agree with this suggested addition. You are indeed right to note
that my original proposal would have let someone put EVMPL code in
a voting application and release only the original code, retaining as
proprietary the diffs between it and the version in actual use.

                                Doug Jones
                                jones@cs.uiowa.edu
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Tue Sep 30 23:17:02 2003

This archive was generated by hypermail 2.1.8 : Tue Sep 30 2003 - 23:17:09 CDT