Re: Nevada paper trails work without a hitch

From: Arthur Keller <arthur_at_kellers_dot_org>
Date: Mon Sep 27 2004 - 01:25:26 CDT

At 2:37 PM -0500 9/26/04, Douglas W. Jones wrote:
>On Sep 26, 2004, at 2:14 PM, Joseph Lorenzo Hall wrote:
>>On Sun, 26 Sep 2004 13:34:38 -0500, Douglas W. Jones
>><> wrote:
>>> Douglas W. Jones Comments on the EAC TGDC Testimony
>>"...suggestion of a 'dissertation defense model' of source code audit
>>Doug, does this mean that vendors would disclose their code and, like
>>a piece of code that makes up a dissertation, be subjected to attacks
>>by a certain subset of the population?
>What this means is that there would be a public report of the
>source code examination, in which the source code examiner
>would present the results of the examination along with
>samples of the source code that illustrate the key observations.
>This way, the examination would be taken from the realm of
>the entirely confidential to the realm of being open to public
>The "thesis defense" model Paul Craft presented also includes a
>prohibition on taking notes during the presentation. I gather
>there is a similar prohibition at thesis defenses at some
>universities -- it allows the thesis to be defended in public
>without fear that someone will spoil the patent or copyright
>rights of the student by rushing something into print before the
>thesis is published.
>Paul Craft suggested this as a creative way to open up the
>voting machine examination process without forcing the vendors
>to go open-source. While I'd perfer real open-source voting
>systems, anything that opens up the process is a step forward.
>Frankly, though, the statement from Herb Deutsch from ES&S
>that he'd like to end the system of proprietary ITA reports
>offers a far bigger step, although quite frankly, I think Paul
>Craft's proposal combined with Herb Deutsch's proposal would
>be even better, since ITA software review reports are not
>uniformly revealing and are frequently fairly close-mouthed
>about what was observed.

I make the distinction between traditional "open source" and
"published source." Published source can be both publicly
inspectable and remain proprietary. You can retain intellectual
property rights even when something is published. You can retain
trademark, copyright, and patent protection. What you cannot retain
is trade secret protection, but frankly trade secret protection of
voting machine technology (for other than private security keys) is
incompatible with the maxim of secret ballots counted in public view.

Relying on secrecy for security leads one to wonder how secure the
system really is.

Best regards,

Arthur M. Keller, Ph.D., 3881 Corina Way, Palo Alto, CA  94303-4507
tel +1(650)424-0202, fax +1(650)424-0424
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
Received on Thu Sep 30 23:17:09 2004

This archive was generated by hypermail 2.1.8 : Thu Sep 30 2004 - 23:17:11 CDT