[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Excellent, Mr. Paul Tiger
On Tue, Apr 04, 2006 at 07:46:03AM -0600, Ralph Shnelvar wrote:
> Dear Paul C. and all:
>
> Since I write proprietary software for what is laughably called a living, it
> hardly behooves me to bad mouth it.
>
> What I'm trying to get at is that secret and proprietary software is
> perfectly OK as long as the original (paper) data is available for counting
> and processing. Then if a variety of (independent!) techniques are used to
> analyze the data then one will have a high degree of faith that the counts
> are correct.
I was trying to address this in an earlier post by talking about
rules for how the paper ballots are scanned and what is the work
product of scanning them. For analysis programs, there need not be a
requirement that they be Open Source. The issue is with the input to
analysis programs.
Not everyone can be allowed to touch and handle the original paper
ballots. These are the official record of the election. These are the
ballots that have the finger prints of the voter on them. These are
the real stuff of an election. These must be kept in a safe place, and
only brought out and run through scanners under carefully supervised,
but open, conditions. The work product of each scan of the ballots
should be a file, or collection of files, that can be used as input to
vote counting and vote analysis programs. Each time the ballots are
scanned, a new work product is produced. The most obvious possible
check on the election is to compare the a scan with previous scans
of the same ballots. If one can't get the same images, something is
really wrong and needs to be fixed.
I see this work product as being a collection of scan image files in
a format that is suitable both for image display and image processing.
This format has to be one for which there is Open display and
processing software. The format itself doesn't have to be Open, but
there can be no secrets about what it is, and no legal restrictions on
writing software that uses it. (Other than a thankyou note to the
originators of the format.)
As with all Open Source software, there would be no restriction on
using it in secret, or using it and adding secret extensions. But you
can't sell your code with extensions to someone who incorporates it
into the Official election process and still keep it secret or
proprietary.
If you want to earn money by writing election analysis software, you
can. You just can't sell it to the people who are charged with
running free and fair elections. If you write software for them, they
own it, and they are obligated to release it under an Open Source type
of license. When you negotiate with them about doing a job for them,
you should realize that there will be no 'residuals'. What you get
paid up front is all that you will get for doing the work. ( Like
writing Secret software for NSA or the military. Try selling copies
of that to some other government! )
If you want to bring a law suit on the basis of something you have
found through the use of proprietary or secret analysis software, you
have to be prepared to release the software as part of the legal
discovery process. If you don't have the right to release it, you
don't have standing. You lose your law suit.
But if you find something wrong using secret software, and can then
demonstrate that there is a problem by repeating your analysis using
other software that is Open, you can avoid releasing your secret stuff
because you didn't use it to create your evidence. (This may take some
additions/changes to case law.)
I think it can work.
>
> That's what auditing is supposed to be about: an independent sampling of the
> data to determine if the original mechanism is correct.
^^^^
The data are the ballots. We need to discover a method for giving independent,
verified access to what is on the ballots.
>
> Ralph Shnelvar
>
>
> On Sun, 2 Apr 2006 21:54:02 -0600, you wrote:
>
> >On Sun, Apr 02, 2006 at 10:55:03AM -0600, Ralph Shnelvar wrote:
> >> Dear Paul:
> >>
> >> I happen to agree with you except for one detail.
> >>
> >> Everything you have written demonstrates to me that if the process is open
> >> that Open Source is unnecessary since the process can be repeated with a
> >
> >Perhaps Open Source is unnecessary, but there is a real big problem
> >for verifiability if people in charge of the software claim a right to
> >secrecy about the details of the software. If this right has legal
> >standing, there will always be legal process for 'balancing' right to
> >openness vs. rights to secrecy. For true verifiablity, I believe that
> >anyone who cares to ask should get an open and honest answer to their
> >question. It need not be an answer that they are willing to deal with,
> >but there needs to be full answer available to anyone. This sort of
> >verifiability is not part of the legal structure of Intellectual
> >Property Law in USA. So I opt for Open Source, not as a Holy Mission,
> >but as a practical way through our legal system to our common goal of
> >openness.
> >
> >The people who actually design and write the software would have to be
> >paid, but payment would be by salary from an organization that has
> >contracted to write the software, not from license fees generated
> >through ownership of copyrights or patents. Open Source is about how
> >people get access to the software, not about getting software from
> >screwballs and flakes. Its about getting a chance to test the software
> >BEFORE YOU BUY.
> >
> >This issue doesn't matter to you today as much as some other issues,
> >but I think it will become a bigger deal as we make progress on your
> >other issues.
> >
> >> variety of counting systems. If all the systems (Open Source, Closed,
> >> sorta-open, hand-counted, etc.) all agree within a small margin of
> >
> >Of course Open Source has nothing to do with hand counting. It comes into
> >play if one argues for hand counting by bad mouthing proprietary software.
> >
> >
> >
> >> difference, then one would have a high degree of comfort that the ballots
> >> were counted correctly.
> >>
> >> Then diligence would transfer from the computers to the physical security of
> >> the ballots.
> >>
> >> Ralph Shnelvar
> >>
> >>
> >>
> >> On Fri, 31 Mar 2006 14:19:19 -0700, you wrote:
> >>
> >> >On Fri, Mar 31, 2006 at 04:04:12AM -0700, Ralph Shnelvar wrote:
> >> >> On Wed, 29 Mar 2006 04:57:08 -0700, you wrote:
> >> >>
> >> >> >More like old hack. Back in 03 when some of us were invited to work on the
> >> >>
> >> >> [snip]
> >> >>
> >> >>
> >> >> Let me add that Open Source code will not fix any of these problems. One
> >> >> could pour over the code line-by-line but if the computer uses a chip that
> >> >> contains some of this back-door modem code then the machine can be hacked.
> >> >> It might be difficult to do but given that elections sometimes control a few
> >> >> billion dollars, difficulty is not an obstacle.
> >> >>
> >> >
> >> >I think that this is an unrealistically pessimistic view of Open
> >> >Source. If one means Open Source in the hands of incompetent boobs,
> >> >you are correct. But paper ballot elections run by incompetent boobs
> >> >also suffer serious problems. Making source available for visual
> >> >inspection is not Open Source. More important is giving people
> >> >copies that they can use and modify and test. Copies that they can
> >> >use to demonstrate errors.
> >> >
> >> >I also think Paul T. is extreme in saying any system can be hacked. I
> >> >think, for example, of the computers at Lawrence Livermore National
> >> >Lab. that are used for H-bomb design calculations. These are not
> >> >easily hacked. The reason they are not is that serious people have
> >> >thought seriously, and sweated the details of stopping intruders, and
> >> >stopping goof balls who don't care about security. Finding such people
> >> >and paying enough to be serious is expensive, but affordable,
> >> >considering that the alternative is letting outside people messing
> >> >with national security.
> >> >
> >> >Now, for elections: The techniques used at LLNL have been described in
> >> >the open literature and can provide the basis for a discussion of
> >> >using computers in elections. Election officials can use them without
> >> >paying royalties or license fees. But they will have to pay for
> >> >implementing them.
> >> >
> >> >An important aspect of the secure use of computers is to carefully
> >> >restrict the role they play to something that can be put in a secure
> >> >enclosure, and guarded all the time.
> >> >
> >> >I can see using computers to scan paper ballots, but with important
> >> >caveats. Among the conditions that must be met are:
> >> >
> >> > It is done in a secure location with strict and orderly procedures
> >> >for the physical handling of the ballots.
> >> >
> >> > The paper must be of a high enough quality that it can be put through
> >> >the scanners (note the plural) more than once. Much more than once.
> >> >
> >> > There are no legal restrictions on how often the ballots are
> >> >rescanned. But they never leave the secure area, and they are never
> >> >abused by careless handling.
> >> >
> >> > The first result of the scan must be a collection of ballot image
> >> >files that must be publicly available for inspection and computer
> >> >analysis by all interested, and disinterested, parties.
> >> >
> >> > Message Digests of these files must also be available, so that users
> >> >of these files can verify that they have true copies of the originals.
> >> >
> >> > The software that analyzes the images and counts voting marks on the
> >> >ballot is also Open Source, and can be run by interested parties on
> >> >the publically available scanned images.
> >> >
> >> >The full list goes on and on. This is just a beginning.
> >> >
> >> >With a computer system that is properly designed and secured. A
> >> >recount would be much easier to organize and execute than a recount of
> >> >a hand counted election. If it discovered an error, that error would
> >> >be located in a very specific place in the chain of custody of the
> >> >data, and if a crime had been committed there would be good legal
> >> >evidence.
> >> >
> >> >Hand counted paper ballot elections would be much cheaper, I'm sure.
> >> >But a recount of a hand counted election would be a big deal.
> >> >If it lead to a different result, the paper trail would probably not
> >> >be useful in prosecuting any criminal activity.
> >> >
> >> >Design of such a computer system, if it is to be done, must be an open
> >> >activity. The model for such open design that I think of is the
> >> >design of the newest revision the a Data Encryption Standard. Everyone
> >> >who cared to follow that work was able to do so. There were no
> >> >secrets. Some ideas were too difficult for most people to understand,
> >> >but no one was kept from understanding by lack of a security
> >> >clearance.
> >> >
> >>
>
--
Paul E Condon
pecondon@xxxxxxxxxxxxxxxx