[CAVO] Fwd: CAVO informal response-- Travis County RFI

Brent Turner turnerbrentm at gmail.com
Wed Aug 5 06:44:39 UTC 2015


---------- Forwarded message ----------
From: Brent Turner <turnerbrentm at gmail.com>
Date: Tue, Aug 4, 2015 at 11:41 PM
Subject: CAVO informal response-- Travis County RFI
To: Dana Debeauvoir <Dana.Debeauvoir at traviscountytx.gov>
Cc: Dan Wallach <dwallach at cs.rice.edu>, Michael Winn <
Michael.Winn at traviscountytx.gov>, Michelle Parker <
Michelle.Parker at traviscountytx.gov>, Bob Nash <bobjnash at sbcglobal.net>,
Alec Bash <alec.bash at gmail.com>, Tim Mayer <timbmayer at gmail.com>, "Schwab,
James" <james.schwab at sos.ca.gov>, Brian Fox <bfox at opuslogica.com>, Lawrence
Rosen <lrosen at rosenlaw.com>, Patrick Masson <masson at opensource.org>,
"Castro, Daniel" <dcastro at itif.org>, "Juan E. Gilbert" <juan at ufl.edu>


Dear Dana-

Please accept our informal response. Further definition and technical
guidance can be provided upon request.

As there is no direct need for formal consideration.. and CAVO operates out
of public duty-- we have not responded formally but merely hope you
appreciate and consider the following response.as you analyze your way
toward best voting system practices. If you decide you would enjoy our
participation on any aspect of your project, we will gladly make every
effort to assist you

1. Re TC RFI 5.1 Background -  The mission of the California Association of
Voting Officials is to develop and make available open source voting
systems for use in public elections, as well as to provide training,
education and management practices to election officials for the effective
employment of technologies. CAVO was formed in 2013 to provide guidance and
risk management for California and national jurisdictions seeking solution
to the election system technology crisis highlighted in CA Senate Bill 360
( Padilla ). CAVO advocates GPL V3 open source software for use in publicly
owned election systems. See www.cavo-us.org for board member information.
The board members of CAVO are extremely vetted for expertise and dedication
to an extreme unmatched in the election system security environment.
Members have pioneered general open source and open source election system
reforms pro bono for over a decade.

2. Travis County's RFI states ' We intend for STAR-Vote™ to be a publicly
available product with Travis County (or, possibly, a consortium of
counties) owning all intellectual property and proprietary rights in and to
the system and all legally protectable elements and components of it.
(Additional information on ownership of intellectual property and
proprietary rights, as well as information on data generated by the
STAR-Vote™ System can be found in Section 4.1 and 4.2). We are taking these
steps to protect the integrity of the STAR-Vote™ design and to minimize the
licensing cost for its use. However, we encourage responders to imagine new
ways of making their involvement in this project profitable. For example,
responders may propose to other counties ideas for adding modules with
additional functionality or offering customized installation of this
system. We expect the successful responder for this project to hold just
claim to great expertise and be well positioned to offer this service to
others."

*CAVO's position is that the system should be GPL V3 and not constrained to
this intellectual property / proprietary albeit " disclosed " model. *


Furthermore the RFI states-  "At the writing of this RFI, our belief is
that the best way to meet these goals is for Travis County (or a consortium
of other STAR-Vote™ counties) to retain all intellectual property and
proprietary rights in and to the STAR-Vote™ system and all legally
protectable elements and components of it. In this scenario:  Travis
County (and/or a consortium) would own the copyright and all other IP
rights (patents, trademarks, etc.) with the vendor disclaiming any of their
prior patent (or other IP) coverage over STAR-Vote™;  Vendors would be
contracted to provide services under a work-for-hire arrangement;  Source
code for all modules would be published, but usage rights for actual
elections as well as derivative rights (as in using the code to create a
derivative voting system) would be controlled by Travis County (and/or
consortium) with a view toward ultimately releasing usage and derivative
rights under a “suitable” (as determined by Travis County and/or
consortium) open source license that would allow and encourage preparation
of third-party derivative work, recognizing that voting systems must be
state and federally certified;  Source code for specific modules relating
to third-party verification of the public bulletin board and related
published election artifacts would be published under a "suitable" (as
determined by Travis County and/or consortium) open source license; and 
During the period in which usage and derivative rights are retained by
Travis County (and/or consortium), Travis County (and/or consortium) will
commit to licensing all elements of STAR-Vote on a Reasonable and
Non-Discriminatory (RAND) basis."

*CAVO's position- GPL V3 is the most suitable open source license for
election systems. This finding has been determined by the open source
community as well as Free Software Foundation and Open Source Initiative.
See www.opensource.org <http://www.opensource.org/> CAVO"s position is that
neither Travis County nor an appointed consortium have adequate expert
opinion to refute that conclusion, and therefore a conflicting conclusion
will result in a lessening of the system. The " slippery slope " created by
the " business as usual" model is unacceptable for election systems. *


3. Re TC RFI 5.4 - 5.7 Time frames  / expenses / partnerships

*CAVO's position-  A functional system can be developed and certified
within two years at a cost of approximately five million dollars. Project
managers should be allowed to choose engineers and direct the project in
accordance with strict open source principles. CAVO is available to
participate or direct others to participate toward best results.
Participants should be chosen from a pool of vetted prospectives without
pre-disposition toward " business as usual " interests. CAVO's further
stated position is not to necessarily be " selected ' but rather to obtain
a role as quality assurance / risk manager for Travis County's project.
CAVO is likely the only available partner that has shown a dedication to
democracy, rather than a business interest, at the motivational core and
has foremost experts available for open source voting projects *


Best regards,

Brent Turner

CAVO Secretary



On Tue, Jul 7, 2015 at 10:51 AM, Dana Debeauvoir <
Dana.Debeauvoir at traviscountytx.gov> wrote:

> Dear Brent,
>
> At this stage, I am gathering responses from the RFI.   I want to hear
> what contributors have to say first on a variety of important issues.  Not
> ready for an update on your issue at this time.  Thank you for staying in
> touch.
>
> Best, Dana
>
>
>
> *From:* Brent Turner [mailto:turnerbrentm at gmail.com]
> *Sent:* Tuesday, July 07, 2015 10:06 AM
> *To:* Dana Debeauvoir; Dan Wallach; Michael Winn; dlogan at rrcc.lacounty.gov
> *Cc:* Bob Nash; Alec Bash; Tim Mayer; Schwab, James; Brian Fox; Lawrence
> Rosen; Scott.Wiener at sfgov.org; Patrick Masson
> *Subject:* Re: {EXTERNAL} Fwd: [CAVO] Why CAVO recommends GPLv3 for
> election software
>
>
>
> Dear Dana :
>
>
>
> I wanted to check in for any updates regarding your licensing issue. I
> have added Patrick Masson from Open Source Initiative as a cc for your
> convenience.. OSI is currently working with the White House and is a good
> resource  to make sure the government is adhering to open source standards.
> see www.opensource.org
>
>
>
> Please let me know of any progress and how we might assist further.  I
> have still  not heard back from Dean or Jared..  so the L.A. project is
> still an unknown.   Good news- we recently had information sharing with the
> US House of Representatives and they are getting up to speed on the
> standards as well.
>
>
>
> Best again-
>
>
>
> Brent
>
>
>
> On Wed, Jun 17, 2015 at 9:49 PM, Brent Turner <turnerbrentm at gmail.com>
> wrote:
>
> Thank you for responding, Dana.
>
>
>
> Dean Logan in L.A. County has been given this same information..  I have
> cc'd Dean and others here.
>
>
>
> San Francisco is working through these same issues.  The vendors and
> intellectual property community reps are attempting to purport there is no
> clear definition to open source. The open source community recognizes this
> as a ploy toward delaying the adoption of open source as well as what is
> referred to as " open washing " i.e . selling/inserting  a non-open source
> code while calling it open source. Luckily there is now  a large enough
> community standard and enough expertise to thwart these attempts.
>
>
>
> We are speaking with the EAC and others about this work in progress,
> attempting to get them up to speed on the open source technology.  We have
> also reached to Jared Marcotte from Pew, who is one the leads on the L.A.
> project , but like Dean Logan he has not yet responded. This lack of
> response further raises the concerns  of the open source community, as
> conversation and a group approach is part and parcel to the open source
> community's general approach  to  transparency.
>
>
>
> Thanks again for staying in this dialogue. OSI and CAVO are gald to lend
> their experts to your project in hopes we can set the proper standard for
> the rest of the country to follow.
>
>
>
> Best regards,
>
>
>
> Brent
>
>
>
> On Wed, Jun 17, 2015 at 1:23 PM, Dana Debeauvoir <
> Dana.Debeauvoir at traviscountytx.gov> wrote:
>
> Thank you for the info on GPL v3, Brent.
>
> Best, Dana
>
>
>
> *From:* Brent Turner [mailto:turnerbrentm at gmail.com]
> *Sent:* Wednesday, June 17, 2015 12:30 PM
> *To:* Eric Bauman; Brigette Hunley; angela lee; Bob Nash; Dana
> Debeauvoir; Fried, Jason (BOS); Ruthee Goldkorn; Dale Ho
> *Subject:* {EXTERNAL} Fwd: [CAVO] Why CAVO recommends GPLv3 for election
> software
>
>
>
>
>
> ---------- Forwarded message ----------
> From: *Lawrence Rosen* <lrosen at rosenlaw.com>
> Date: Wed, Jun 17, 2015 at 10:18 AM
> Subject: [CAVO] Why CAVO recommends GPLv3 for election software
> To: CAVO <cavo at opensource.org>
> Cc: Lawrence Rosen <lrosen at rosenlaw.com>
>
> [I wrote this article last November. While I sought then to encourage an
> OSI-approved "FOSS" license, I also specifically recommended GPLv3. Now
> that we have a discussion list, it is appropriate to circulate this
> proposal here for discussion. If we're going to select a specific license
> for our software, we ought to decide that here in our open source
> community. :-)  /Larry]
>
>
>
> ***********************
>
>
>
> There are many ways to distribute software. Valuable software nowadays is
> usually distributed under a free and open source license (FOSS license, in
> short), both because it is usually "free of cost" software but also "free
> of restrictions" on copying, making changes, and redistributing that
> software.
>
>
>
> There are various open source licenses to choose from. They are listed at
> the www.opensource.org website. Unless a license is listed at that
> website, most developers and potential customers won't call it FOSS
> software. The OSET Foundation Public License (OPL), a license recently
> proposed for an election software project, is not a FOSS license. [1]
> <http://static.squarespace.com/static/528d46a2e4b059766439fa8b/t/53558db1e4b0191d0dc6912c/1398115761233/OPL_FAQ_Apr14.pdf>
>
>
>
> FOSS licenses offer several distinct ways to give software away.
>
>
>
> Choosing among those licenses for software is not an arbitrary game of
> darts. For open source election software that can be trusted and always
> free, the choice of license is particularly important. That is why I
> recommend the General Public License version 3.0 (GPLv3) as the best
> license to use. This article gives several important reasons why.
>
>
>
> ·         Among the many FOSS licenses, GPLv3 is the most modern, widely
> accepted, and best understood license available today. Its predecessor
> license, GPLv2, is historically far and away the most used worldwide; GPLv3
> is replacing it in the rate of license adoption for new FOSS software.
>
>
>
> ·         GPLv3 is a reciprocal license. Once a project or distributor
> releases election software under the GPLv3, it will remain FOSS software in
> perpetuity under the GPLv3 license. Modifications to that FOSS software
> will also be distributed in perpetuity under the GPLv3. This guarantees
> that our election software won't ever be taken under commercial covers and
> turned into proprietary software with unacceptable lock-in and source code
> restrictions that make voting untrustworthy.
>
>
>
> ·         The GPLv3 license promotes open and shared development efforts.
> While it is possible to create excellent open source software under more
> permissive FOSS licenses, those licenses allow commercial fragmentation of
> the software. That isn't appropriate for widely used election software.
>
>
>
> ·         The GPLv3 encourages trustworthy software. There is a law of
> software development named in honor of Linus Torvalds stating that "given
> enough eyeballs, all bugs are shallow"; or more formally: "Given a large
> enough beta-tester and co-developer base, almost every problem will be
> characterized quickly and the fix will be obvious to someone." [2]
> <http://en.wikipedia.org/wiki/Linus's_Law>  GPLv3 software projects
> invite eyeballs on all distributed versions of the software to identify
> bugs and security issues; other licenses don't always do that.
>
>
>
> ·         Although GPLv3 will specifically encourage FOSS development
> practices for the election code base and its derivative works, that GPLv3
> license is nevertheless compatible with successful commercial software and
> support business as well. One need only refer to the robust Linux ecosystem
> and its contribution to diverse commercial technology worldwide, whose
> basic software is entirely under the GPLv2 and GPLv3 licenses. The GPL
> licenses made that possible.
>
>
>
> ·         GPLv3 will encourage innovation because GPLv3 source code is
> open to view and change.
>
>
>
> For these reasons, CAVO recommends that election software be distributed
> under GPLv3. This will inevitably create a diverse, worldwide, and
> enthusiastic community of software developers to create election systems we
> can all trust.
>
>
>
> *Footnotes:*
>
>
>
> [1]
> <http://static.squarespace.com/static/528d46a2e4b059766439fa8b/t/53558db1e4b0191d0dc6912c/1398115761233/OPL_FAQ_Apr14.pdf>
> The OSET Foundation claim on their website that their license is "an open
> source software license" is simply untrue. They can try to make it so by
> submitting their license to www.opensource.org and following OSI's
> published license review process. While I am merely an observer nowadays of
> that license review and approval process, as former general counsel for OSI
> I am confident that certain provisions in that license make it incompatible
> with the GPLv3 despite the assertion on OSET's own website that it is.
>
>
>
> [2] <http://en.wikipedia.org/wiki/Linus's_Law> Wikipedia Entry on
> "Linus's Law"
>
> **Lawrence Rosen is a CAVO member, an attorney and a computer specialist.
> He is founding partner of Rosenlaw & Einschlag, a law firm that specializes
> in intellectual property protection, licensing and business transactions
> for software technology. Larry served for many years as general counsel of
> the non-profit Open Source Initiative (OSI). He currently advises many open
> source companies and non-profit open source projects. Larry's book, **"Open
> Source Licensing: Software Freedom and Intellectual Property Law**", was
> published by Prentice Hall in 2004. He also taught Open Source Law at
> Stanford Law School. Larry often publishes and speaks around the world on
> open source and intellectual property issues.*
>
>
>
>
> _______________________________________________
> CAVO mailing list
> CAVO at opensource.org
> https://lists.opensource.org/cgi-bin/mailman/listinfo/cavo
>
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/cavo_lists.opensource.org/attachments/20150804/61dc5782/attachment.html>


More information about the CAVO mailing list