Re: Is Open Source Enough?

From: Richard C. Johnson <dick_at_iwwco_dot_com>
Date: Wed Sep 05 2007 - 18:58:52 CDT

Brian,
   
  Thanks for some very acute observations. It is true that, if a certification document were Open Source, anybody could pick up and use a certification issued by someone else. The certificate authorities, however, name the parties responsible for submitting a system for certification on the certificate. There is a presumption that at least some knowledge of a system must be possessed by the certificated party. I believe that the certificating party could authorize designated others to hold and exercise a duplicate certificate for a duplicate system, but this is a real question yet to be answered.
   
  Is certification transferable, and if so, on what terms? Can I as a certificate holding company distribute a certificate I hold under GLP? It may be that only a company going through the certification process would be able to hold and use the resulting certificate. Any legal minds have a notion as to the IP of certificates issued by ITAs and VSTLs?
   
  -- Dick

Brian Behlendorf <brian@behlendorf.com> wrote:
  
On Tue, 4 Sep 2007, Arthur Keller wrote:
> At 11:05 PM -0700 9/4/07, Brian Behlendorf wrote:
>> On Mon, 3 Sep 2007, Arthur Keller wrote:
>>
>> The primary reason to be in favor of open source voting systems is not
>> technological, but economic. Such software encourages competition, as it
>> lowers the cost of becoming a voting system vendor.
>
> That's still a theoretical argument. Suppose there are two companies
> competing using the code based by Open Voting Solutions? Would that
> help them compete better against closed source vendors?

Yes. Instead of spending money implementing the same thing twice, they can
spend that money on more hardware in precincts, more staff on site to address
issues, more training for election workers, etc. But possibly even more
significant than saving the cost of implementation is saving the cost of
certification, if the testing fees were instead covered by the state. Even
with subsidized testing, it does mean that one company might invest time and
effort in getting a software system to a certifiable state, only to find their
competitor able to use that certified version at no cost. This is why a
well-run ecosystem won't place the burden of development on just one company,
but spread it out across companies, NGOs, volunteers, and others, ideally
without needing government funding for writing software itself. Defining the
ballots might be all they'd need to do.

This is "theoretical" as any other business strategy is; specific situations
will definitely differ. If we're looking for a way to address the brokenness
of today's model, it's a place to start. But my main point is that it's a
stronger case for open source election software than any claims about security.
I think we'll have a tough enough time convincing laypeople that open source
software is at least as secure as proprietary - some still are confused and
think that if you can view the source code it must by definition be less
secure.

Brian

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
By sending email to the OVC-discuss list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at http://gnosis.python-hosting.com/voting-project/

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
By sending email to the OVC-discuss list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at http://gnosis.python-hosting.com/voting-project/
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Sun Sep 30 23:17:06 2007

This archive was generated by hypermail 2.1.8 : Sun Sep 30 2007 - 23:17:20 CDT