July 28, 2003
Darned Good Questions Dept.
Stephen Bates, in the comments to this post, asks a couple of darned good questions about electronic voting machines:
[W]hat compelling argument can any corporation offer that its vote-counting software should be proprietary? What gives any nonpublic entity the right to count the votes without a close inspection of the means by which they do so, by any interested parties?
Anyone want to take a crack at them? Personally, I think he's dead-on right.
Posted by Charles Kuffner on July 28, 2003 to Technology, science, and math
Basically, it boils down to the license the customer (the government) has to sign. Most governments, at least from my experience, are singularly clueless in these matters and are willing to "trust" the vendor.
Rebecca Mercuri in Electronic Voting says "Vendors have tied the hands of election officials and independent examiners by protecting their systems under restrictive trade-secret agreements, making it a felony to inspect the operation of the machines without a comprehensive court order."
The Register has had articles (I can't find a reference) stating the DMCA has been threatened. This is very possible if the vendor has encoded any part of the database: reverse engineering this part of the code would violate the DMCA. While "fair use" reverse engineering is still valid under the DMCA, the law is still unsettled and you should be prepared to litigate the issue because the vendor is going to sue or file for a restraining order.
I also seem to remember one Florida jurisdiction wanting to examine the code after the '00 election - again no reference. The vendor threatened legal action using Trade Secret violation as a basis: the county gave up.
"Basically, it boils down to the license the customer (the government) has to sign. Most governments, at least from my experience, are singularly clueless in these matters and are willing to "trust" the vendor." - Charles M
That's precisely my objection. The whole notion that the DMCA somehow outweighs the public's right to inspect the means and processes by which votes are counted is what I'm targeting. An exception should be made; the DMCA should be amended. No private corporation should have any legal right whatsoever to prevent inspection of this specific kind of hardware and software. As one of the folks at Johns Hopkins said (the link is somewhere on my site), "This isn't the code for a vending machine. This is the code that protects our democracy."
I do appreciate your evaluation of the law as it stands. I'm advocating that it be amended to remove copyright and/or patent protection for voting technology. Surely there's plenty of money to be made selling the equipment, with or without such protection. But if removing that protection leads firms to decide to leave the field, well, that's fine with me. We don' need no stinkin' eSlates!
By the way, IANAL. I'm a software developer.
I agree with you totally, although, in my mind, the DMCA shouldn't even enter into the equation.
First a thought. "Those that cast the votes decide nothing. Those that count the votes decide everything."
Absent the restrictive covenents in the licenses, there is no need to reverse engineer. If you have the code, you look at it instead. Thus, the DMCA doesn't come into play.
We need to do two things. First, we need to educate the governmental agencies responsible for these purchases as to the seriousness of the issue. It is not "cyber hysteria" as one official categorized it - the idea of a trustworthy, verifiable voting system is central to our democratic form of government.
Secondly, we need to amend the legislation which drove the shift to e-voting (HR 3295 (Ney-Hoyer) and S 565 (Dodd-Conyers) which were reconciled and passed as PL 107-252). The enabling legislation needs to state plainly that the underlying codes for voting machine systems are subject to examination by any government using the system.
Do we need to caveat this? Probably. The codes will certainly contain trade secrets which shouldn't be divulged. Should the results be FIA? Most assuredly. Should we require the codes compile into the system you are running? Yes! Otherwise, you have absolutely no assurance what you are examining is in fact the codes running on the system. I can probably think of a lot of other items if I think about it long enough.
Finally, this issue drives me to distraction. I find it difficult not to put my tinfoil hat on when I start thinking about it. Given who the major players are, their political leanings, the fact most of the players are privately held and the Rs efforts of late to restrict the suffrage, it really is difficult not to see conspiracies under every system.