[E-voting] Source Code

Éibhear evoting at gibiris.org
Sun Mar 21 21:35:49 GMT 2004


Apologies for not continuing this discussion from last Friday.

Aengus Lawlor wrote:
> You see, that's part of your problem - I haven't said  that we shouldn't
> release the source code. I said that it doesn't make any difference
> whether it's released or not, because it won't add to the ability of the
> average voter to trust the system either way.

And here is where I believe there is a problem with the argument. I *am* 
an average voter, who also is technically qualified -- through training 
and experience -- to examine the source code of an electronic voting 
system. I have many acquaintances who are equally interested in politics 
and equally or more qualified to examine the source code. My parents, 
brothers, sisters and non-technical friends would all be able to benefit 
from my examination of the source code in order to gain an understanding 
of the system. If each of them knows some one else who has examined the 
code, they can get independent opinions. The more opinions they get from 
people whose judgments they trust (through experience or knowledge of 
their credentials), the greater their ability to trust the voting 
system. Not all average voters completely understand the old system, but 
they *can* ask people they believe do understand it.

With the proposed system, we have to rely on the vendor of the software, 
one consultancy company and a government whose preference is to railroad 
the system into place against all informed and considered objections.

> As I said, the only arguements that you have presented can be boiled
> down to the ideological argument "open source good, non open source
> bad".

I am truly baffled as to why, in light of the scenarios described 
throughout the whole of this thread, the ideological argument causes you 
concern. We *are* talking of a system that has enormous consequences on 
the day-to-day lives of everyone in the country. The more the system is 
transparent and open to rigourous examination by people and 
organisations outside the control and behest of the country's 
government, the better, surely? I own an apartment in an estate that has 
a locked gate on it. The main door to the block has a 5-lever mortice 
lock. The door to the apartment itself has a lock that requires a key. 
None of that is a reason for me not to put a Chubb lock onto the 
apartment's door. I want the apartment to be secured more. Similarly, 
once VVAT is implemented in Ireland, I still want the country's voting 
system to be *more* accessible to examination by average voters and all 
comers.

> We both agree on that, but if the system has VVAT, then the process
> isn't the property of a private firm in anotherc country, is it?

A part of it still is. Two private firms in two separate countries. That 
VVAT vastly enhances the trustworthiness of the system doesn't mean that 
Nedap or Powervote won't pull a business move that places the State at a 
disadvantage. Changing the terms of whatever licenses with less than a 
week to go before an election, breaching contract, providing source code 
six months later that, in fact, *wasn't* used in the election?

> ...  the notion that having
> the government own the source code, rather than some private company,
> would improve transparency strikes me as quixotic, at best.

When using an open source or Free Software solution, the State doesn't 
have to own the source code. In fact, unless it develops it itself or 
has copyright legally assigned to it, it would never own it in the legal 
sense. However, it would have complete control over the system once it 
acquires the code. It can make enhancements, it can completely re-write 
certain sections, it can leave it all alone certain in the knowledge 
that the code does what it wants it to do *because the State and the 
candidates and the voters have seen the code*.

And even if they haven't seen it, there's nothing to stop them looking 
at it. And that's a good thing.

Éibhear

-- 
Éibhear Ó hAnluain
Dublin,
Ireland
--
PGP/GPG Fingerprint: 2CA9 63F3 5A62 F518 4A42  BBC5 C58A 9C70 3CE8 62E7


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://lists.stdlib.net/pipermail/e-voting/attachments/20040321/8a30ace8/signature.bin


More information about the E-voting mailing list