New Jersey Guscoria Brief

Tue Jun 10 2008 00:00:00 GMT+0000 (Coordinated Universal Time)

elections

ACLU of New Jersey has submitted an amicus brief (1.5MB PDF) in the Gusciora case, being litigated by Penny Venetis and her team at Rutgers' Constitutional Law Clinic. The brief challenges a gag order issued by the Judge based on the implications of the Judge's order with respect to 1) the first amendment rights of the experts in the case and the public; and 2) the lack of showing of good cause in restricting dissemination of results from the experts' testing.

I haven't seen the full protective order, but the two paragraphs at issue here are troubling. I can't imagine any expert that could agree to those terms that also hopes to be available for such work during the next few years (while the case makes its way through the courts). For academics that work in this field, the order is even worse in the sense that one couldn't discuss any aspect of their findings and could even be chilled in discussing findings from other studies.

One thing that gets me is the continual use (in all areas of voting technology) of the terms "proprietary information" and "confidential information". Let's be clear here: the only types of information that could be compromised by disclosure are trade secrets and confidential personal information. Any other term is just not acceptable: the other forms of intellectual property---copyright, trademark and patent rights---would not be implicated by disclosure of the information; that is, the vendor would still be able to enforce those rights. And any confidential information that is not personal information is a trade secret.

Vendors in voting systems have been getting a "pass" on the issue of trade secrecy for too long. In other contexts, trade secrets are things that one can point to and identify (e.g., the recipe for Coca-Cola). Vendors of voting technology have been able to point vaguely at their hardware, software and documentation and say, "There's trade secrets there." Undoubtedly there are. However, we need a mechanism by which vendors can positively identify trade secrets... or reviewers should be able to ask, "Is there a trade secret in this sentence from your documentation?" Narrowing what is a possible trade secret would allow reviewers (or anyone) to produce public and private reports more easily where the private reports contained trade secrets.

Usually, we "know it when we see it" with trade secrets but in the realm of voting technology, we currently do not. That's going to need to change.

NB: Obviously, there is a third type of information that could be problematic if disclosed: actionable security exploits. That is, details about security vulnerabilities sufficient to allow compromise of a voting system in a manner such that elections are placed in danger of exploit.