[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: updates to the position statement
- To: bcv@xxxxxxxxxxx
- Subject: Re: updates to the position statement
- From: cmalley@xxxxxxxxxxxxx
- Date: Thu, 20 Nov 2003 09:12:42 -0700
- Delivered-to: mailing list bcv@booyaka.com
- Mailing-list: contact bcv-help@booyaka.com; run by ezmlm
A few comments regarding Paul's proposed rewording of #3, since
I was the person who griped about "proprietary"...
I think you mean "Insist on public disclosure of all source
code FOR SOFTWARE used in voting machines or vote counting machines."
The machines themselves will contain binaries, not the actual source.
The statement is a little too "all encompassing". Voting
machines use software in their operating systems (eg, Windows)
and firmware. You will never get Microsoft to
disclose source for Windows, nor will Intel give you source for
their firmware. The scope needs to be limited to software related
to the voting application, as provided by the vendor. (And,
yes,I am paranoid about Diebold working with Microsoft
to install some hack in Windows, but I don't think we can
deal with that.)
The statement doesn't address who the software is disclosed to.
I don't think vendors will be willing to disclose to an open-ended
audience like "the general public". Such a disclosure would likely
make their trade secrets visible to competitors, and I don't think
lawyers will go for this. Perhaps the software should be disclosed
to a group of reviewers to be selected by the County or some other
neutral party. I'm comfortable with ignoring this in the position
statement, let the lawyers work out the specifics.
Finally, I'm skeptical about this whole "disclosure" issue.
I think it's worth having in the statement to weed out vendors
who are unwilling to cooperate with public review. But...
Reviewing the source code for a complex system is a daunting
task, and there is no way to be certain that what you are
reviewing matches what is on the machines. The reviewers would
need to compile the sources themselves, and then use checksums
or other means to compare binaries. Sounds like a huge mess
to me, and I think it would be better to put our energy behind
either (a) sticking with manual counts, or (b) changing the laws
to allow electronic voting with paper ballot recounts.
So... how about something simple like this? :
- require disclosure of software that is specific to the
voting application
-Chris
Paul Walmsley <paul@xxxxxxxxxxx>
>
> I've made the changes to the position statement that we agreed to during
the last meeting. They are:
> 1. changing 'trail' to 'ballot' in the third paragraph
> 2. adding a mention of HR 2239 into the last bullet point
> 3. removed "proprietary" from the second bullet point, pending a rewrite
> of the point.
> ...
>
> Speaking of #3, at the last meeting, we put off consideration of
> replacement language until this evening's meeting. Several worthy
> alternatives were discussed last week. The one that I recall went like,
>
> "Insist on public disclosure of all source code used in voting machines
or
> vote counting machines." If people perceive problems with this
> formulation, or one similar to it, it might be nice to get some of the
> preliminary discussion started on the mailing list before tonight's
> meeting. Thoughts?