Showing posts with label e-voting. Show all posts
Showing posts with label e-voting. Show all posts

01 March 2010

Which Licence for Open Source Digital Voting?

Here's a provocative thought:


We’ve dared to suggest that the GPL as it stands today, or for that manner any other common open source license, will probably not work to adequately provide a license to the software sources for elections and voting systems technology under development by the Open Source Digital Voting Foundation.

It's an important issue, since applying open source software to digital voting is something that you really want to get right - for the sake of open source and democracy.

Here are just some of the key issues that the Open Source Digital Voting Foundation faces:

1. Open source licenses rarely have “law selection” clauses. Fact: Most government procurement regulations require the application of local state law or federal contracting law to the material terms and conditions of any contract (including software “right to use” licenses).

2. Open source licenses rarely have venue selection clauses (i.e., site and means for dispute resolution). Fact: Many state and federal procurement regulations require that disputes be resolved in particular venues.

3. There are rights assignment issues to grapple with. Fact: Open source licenses do not have “government rights” provisions, which clarify that the software is “commercial software” and thus not subject to the draconian rules of federal procurement that may require an assignment of rights to the software when the government funds development. (There may be state equivalents, we’re not certain.) On the one hand, voting software is a State or county technology procurement and not a federal activity. But we’ve been made aware of some potential parallelism in State procurement regulations.

4. Another reality check is that our technology will be complex mix of components some of which may actually rise to the level of patentability, which we intend to pursue with a “public assignment” of resulting IP rights. Fact: Open source licenses do not contain “march-in rights” or other similar provisions that may be required by (at least) federal procurement regulations for software development. Since some portion of our R&D work may be subject to funding derived from federal-government grants, we’ll need to address this potential issue.

5. There is a potential enforceability issue. Fact: Contracting with states often requires waiver of sovereign immunity to make licenses meaningfully enforceable.

6. In order to make our voting systems framework deployable for legal use in public elections, we will seek Federal and State(s) certifications where applicable. Doing so will confer a certain qualification for use in public elections on which will be predicated a level of stability in the code and a rigid version control process. It may be necessary to incorporate additional terms into “deployment” licenses (verses “development” licenses) specific to certification assurances and therefore, stipulations on “out-of-band” modifications, extensions, or enhancements. Let’s be clear: this will not incorporate any restrictions that would otherwise be vexatious to the principles of open source licensing, but it may well require some procedural adherence.

Interesting stuff. At the moment:

At this juncture, its looking like we may end up crafting a license somewhat similar in nature to the Mozilla MPL.

Views, anyone?

Follow me @glynmoody on Twitter or identi.ca.

28 October 2009

If a Sequoia Falls in the Forest...

...maybe somebody's listening:

Today, Sequoia Voting Systems officially introduced its latest revolutionary new offering – the Frontier Election System – the first transparent end-to-end election system including precinct and central count digital optical scan tabulators, a robust election management and ballot preparation system, and tally, tabulation, and reporting applications based on an open architecture with publicly disclosed source code developed specifically to meet current and future iterations of the federal Voting System Guidelines.


“Security through obfuscation and secrecy is not security,” said Eric D. Coomer, PhD, Vice President of Research and Product Development at Sequoia Voting Systems. “Fully disclosed source code is the path to true transparency and confidence in the voting process for all involved. Sequoia is proud to be the leader in providing the first publicly disclosed source code for a complete end-to-end election system from a leading supplier of voting systems and software. Sequoia’s Frontier Election System has been designed to comply with all the current Election Assistance Commission’s Voluntary Voting System Guidelines.”

As you may recall, Sequoia had previously been a big fan of precisely that "security through obfuscation and secrecy", so this is an astonishing turnaround. Kudos to them for finally seeing the light - its rivals will doubtless follow suit soon, because no one can be seen to be *against* transparency.

But even more kudos to all those people who fought the e-voting industry's attempts to shut them up and get on with murky business as usual. This will surely become a textbook example of how dogged and rigorous advocacy finally wins out.

Follow me @glynmoody on Twitter or identi.ca.

27 October 2008

Hooray! The Wicked e-Voting Witch is Dead...

For the moment, at least:

Secretary of State for Justice Michael Wills was asked if the government planned to introduce e-voting before the local and European elections in 2009. He said last week: "The Government do not plan to introduce e-voting for the 2009 European or local elections ... The Government have no plans for further e-voting pilots in statutory elections at this stage."

17 June 2008

Open Voting Consortium

Elections seem like a no-brainer for openness: after all, fairness requires transparency, and you don't get more transparent than being fully open. And yet previous e-voting systems have proved notoriously fallible - not least because they weren't open. The Open Voting Consortium aims to do solve these problems:

The Open Voting Consortium is a not-for-profit organization dedicated to the development, maintenance, and delivery of trustable and open voting systems for use in public elections. We are comprised of computer scientists, voting experts, and voting rights activists. We have a growing international membership base, but our organizing efforts are currently focused in California where we are actively engaged in legislation and implementing Open Voting as a model for the United States.

Needless to say, it's based on open source:

We have developed (1) a prototype of open-source software for voting machines (2) an electronic voting machine that prints a paper ballot, (3) a ballot verification station that scans the paper ballot and lets a voter hear the selections, and (4) stations with functions to aid visually impaired people so they can vote without assistance. Open source means that anyone can see how the machines are programmed and how they work.

07 April 2008

This Gets My Vote: Open Source e-Voting

If any area of human activity cries out for openness, it is the political process. In particular, if want to institute e-voting, you'd be mad not to opt for open source and its associated transparency. Or, to put it another way, you'd be nuts not to follow Brazil's fine example:

The Tribunal Superior Eleitoral (the brazilian Election Supreme Court), officially announced on April 4th, 2008, that the brazilian 2008 elections will use 430 thousand electronic voting machines migrated from VirtuOS and Windows CE to GNU / Linux and open source softwares for security and auditing defined by proper law.

All open source and in-house developed software will be digitally signed and all loaded software will may be verified at voting places by inspectors at any time to check against tampering.

Special measures will be taken to reduce risks of breaking in by crackers, like no direct network connection to internet.

Random voting machines will be audited by TSE, political parties and external auditors.

Political parties software experts will have access to voting machines software from April to September, looking for problems and or point of improvements.

18 March 2008

A Sequoia that Hates Sunlight? How Odd

As you have likely read in the news media, certain New Jersey election officials have stated that they plan to send to you one or more Sequoia Advantage voting machines for analysis. I want to make you aware that if the County does so, it violates their established Sequoia licensing Agreement for use of the voting system. Sequoia has also retained counsel to stop any infringement of our intellectual properties, including any non-compliant analysis.

It's not as if they have something to hide, of course....

13 November 2007

UK Government Votes for e-Voting Quagmire

The UK Government has this crazy idea about IT: that if they say "make it so" often enough, it is so. But what they fail to realise is that complex IT projects are, er, complex, and often/usually go wrong. Stamping your pretty little foot ain't gonna fix it. As a result of this institutional ignorance/stupidity/wilfulness, it looks like the government is ploughing on with the doomed e-voting idea. When will they ever learn?

24 October 2007

Open Source Mathematics

Suppose Jane is a well-known mathematician who announces she has proved a theorem. We probably will believe her, but she knows that she will be required to produce a proof if requested. However, suppose now Jane says a theorem is true based partly on the results of software. The closest we can reasonably hope to get to a rigorous proof (without new ideas) is the open inspection and ability to use all the computer code on which the result depends. If the program is proprietary, this is not possible. We have every right to be distrustful, not only due to a vague distrust of computers but because even the best programmers regularly make mistakes.

Seems pretty obvious, really: no open source, no transparency, no way of following the logic, no proof: QED.

And if you can't really believe closed source for maths or science, why should you believe it in business? How can you check an accountancy program, say, if you can't see the code? And don't even get me started on closed-source e-voting machines... (Via The Inquirer.)

09 August 2007

Code is Law is Code

Here's an interesting case:

When Dale Lee Underdahl was arrested on February 18, 2006, on suspicion of drunk driving, he submitted to a breath test that was conducted using a product called the Intoxilyzer 5000EN.

During a subsequent court hearing on charges of third-degree DUI, Underdahl asked for a copy of the "complete computer source code for the (Intoxilyzer) currently in use in the State of Minnesota."

An article in the Pioneer Press quoted his attorney, Jeffrey Sheridan, as saying the source code was necessary because otherwise "for all we know, it's a random number generator."

What's significant is that this shows a growing awareness that if you don't have the source code, you don't really have any idea how something works. And if you don't know that, you can hardly use it to make important decisions - or even unimportant ones, come to that. Obviously, this has clear implications for e-voting, and the need for complete source code transparency.

29 June 2007

E-vote? Ew-vote

Rather belatedly (sorry, ORG) I got round to reading the Open Rights Group report on the e-voting trials in the UK. It's fantastic stuff - well, the report is, at least: its content is pretty frightening.

This paragraph in the Recommendations said it all, really:

ORG’s position is that e-voting and e-counting provide considerable risks to the integrity of our democracy. The risks presented far outweigh any benefits the systems might potentially offer. In practice the systems have proved to be more expensive, less robust, and considerably slower than manual methods, so any potential benefits are not felt. ORG received some comments which suggest that e-voting and e-counting are inevitable and that to oppose these technologies would be a Luddite view. ORG disagrees, and it is telling that a significant proportion of those concerned about voting technologies are computer scientists and professionals, who are usually enthusiastic adopters of new technology.

What's interesting is not just the damning indictment of e-voting that it offers, but the paradox of "enthusiastic adopters of new technology" who are nonetheless "concerned about voting technologies". I count myself as belonging to this schizophrenic group: it seems clear to me that today's e-voting technologies are simply not reliable enough to entrust our democracy to it.

Interestingly, the central problem is openness, or lack of it: if the entire e-voting process could be made totally open and observable, while preserving confidentiality, many of the most worrying problems would go away.