[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Excellent, Mr. Paul Tiger



On Sun, Apr 02, 2006 at 10:55:03AM -0600, Ralph Shnelvar wrote:
> Dear Paul:
> 
> I happen to agree with you except for one detail.
> 
> Everything you have written demonstrates to me that if the process is open
> that Open Source is unnecessary since the process can be repeated with a

Perhaps Open Source is unnecessary, but there is a real big problem
for verifiability if people in charge of the software claim a right to
secrecy about the details of the software. If this right has legal
standing, there will always be legal process for 'balancing' right to
openness vs. rights to secrecy. For true verifiablity, I believe that
anyone who cares to ask should get an open and honest answer to their
question. It need not be an answer that they are willing to deal with,
but there needs to be full answer available to anyone. This sort of
verifiability is not part of the legal structure of Intellectual
Property Law in USA. So I opt for Open Source, not as a Holy Mission,
but as a practical way through our legal system to our common goal of
openness.

The people who actually design and write the software would have to be
paid, but payment would be by salary from an organization that has 
contracted to write the software, not from license fees generated
through ownership of copyrights or patents. Open Source is about how
people get access to the software, not about getting software from
screwballs and flakes. Its about getting a chance to test the software
BEFORE YOU BUY. 

This issue doesn't matter to you today as much as some other issues,
but I think it will become a bigger deal as we make progress on your
other issues.

> variety of counting systems.  If all the systems (Open Source, Closed,
> sorta-open, hand-counted, etc.) all agree within a small margin of

Of course Open Source has nothing to do with hand counting. It comes into
play if one argues for hand counting by bad mouthing proprietary software.



> difference, then one would have a high degree of comfort that the ballots
> were counted correctly.
> 
> Then diligence would transfer from the computers to the physical security of
> the ballots.
> 
> Ralph Shnelvar
> 
> 
> 
> On Fri, 31 Mar 2006 14:19:19 -0700, you wrote:
> 
> >On Fri, Mar 31, 2006 at 04:04:12AM -0700, Ralph Shnelvar wrote:
> >> On Wed, 29 Mar 2006 04:57:08 -0700, you wrote:
> >> 
> >> >More like old hack. Back in 03 when some of us were invited to work on the
> >> 
> >> [snip]
> >> 
> >> 
> >> Let me add that Open Source code will not fix any of these problems.  One
> >> could pour over the code line-by-line but if the computer uses a chip that
> >> contains some of this back-door modem code then the machine can be hacked.
> >> It might be difficult to do but given that elections sometimes control a few
> >> billion dollars, difficulty is not an obstacle.
> >> 
> >
> >I think that this is an unrealistically pessimistic view of Open
> >Source.  If one means Open Source in the hands of incompetent boobs,
> >you are correct.  But paper ballot elections run by incompetent boobs
> >also suffer serious problems. Making source available for visual
> >inspection is not Open Source. More important is giving people 
> >copies that they can use and modify and test. Copies that they can
> >use to demonstrate errors. 
> >
> >I also think Paul T. is extreme in saying any system can be hacked. I
> >think, for example, of the computers at Lawrence Livermore National
> >Lab. that are used for H-bomb design calculations. These are not
> >easily hacked. The reason they are not is that serious people have
> >thought seriously, and sweated the details of stopping intruders, and
> >stopping goof balls who don't care about security. Finding such people
> >and paying enough to be serious is expensive, but affordable,
> >considering that the alternative is letting outside people messing
> >with national security.
> >
> >Now, for elections: The techniques used at LLNL have been described in
> >the open literature and can provide the basis for a discussion of
> >using computers in elections. Election officials can use them without
> >paying royalties or license fees. But they will have to pay for
> >implementing them. 
> >
> >An important aspect of the secure use of computers is to carefully
> >restrict the role they play to something that can be put in a secure
> >enclosure, and guarded all the time.
> >
> >I can see using computers to scan paper ballots, but with important
> >caveats. Among the conditions that must be met are:
> >
> > It is done in a secure location with strict and orderly procedures
> >for the physical handling of the ballots. 
> >
> > The paper must be of a high enough quality that it can be put through
> >the scanners (note the plural) more than once. Much more than once.
> >
> > There are no legal restrictions on how often the ballots are
> >rescanned. But they never leave the secure area, and they are never
> >abused by careless handling. 
> >
> > The first result of the scan must be a collection of ballot image
> >files that must be publicly available for inspection and computer
> >analysis by all interested, and disinterested, parties.
> >
> > Message Digests of these files must also be available, so that users
> >of these files can verify that they have true copies of the originals.
> >
> > The software that analyzes the images and counts voting marks on the
> >ballot is also Open Source, and can be run by interested parties on
> >the publically available scanned images.
> >
> >The full list goes on and on. This is just a beginning. 
> >
> >With a computer system that is properly designed and secured. A
> >recount would be much easier to organize and execute than a recount of
> >a hand counted election. If it discovered an error, that error would
> >be located in a very specific place in the chain of custody of the
> >data, and if a crime had been committed there would be good legal
> >evidence.
> >
> >Hand counted paper ballot elections would be much cheaper, I'm sure.
> >But a recount of a hand counted election would be a big deal. 
> >If it lead to a different result, the paper trail would probably not
> >be useful in prosecuting any criminal activity.
> >
> >Design of such a computer system, if it is to be done, must be an open
> >activity.  The model for such open design that I think of is the
> >design of the newest revision the a Data Encryption Standard. Everyone
> >who cared to follow that work was able to do so. There were no
> >secrets. Some ideas were too difficult for most people to understand,
> >but no one was kept from understanding by lack of a security
> >clearance.
> > 
> 

-- 
Paul E Condon           
pecondon@xxxxxxxxxxxxxxxx