Tigret

wtf?

Tigret

n. regret, disappointment felt when watching television recorded days previously on a TiVo or DVR and seeing advertising for an event or program that has already happened in real time.

trademark-free synonym: DVRegret

Richard Stallman Speaks at the iSchool

copyright, open source, patents, berkeley, photos, p2p, policy, DRM, legal, podcasts, iSchool

Link: http://groups.sims.berkeley.edu/podcast/audio/Richard_Stallman_at_UC_Berkeley_12_Sep_2007.ogg

A picture of Richard Stallman speaking at a podium, wearing a vaguely western shirt Richard Stallman gave the first UC Berkeley School of Information distinguished lecture of the year today on "Copyright vs Community in the Age of Computer Networks". Here's the abstract:

Copyright developed in the age of the printing press, and was designed to fit with the system of centralized copying imposed by the printing press. But the copyright system does not fit well with computer networks, and only draconian punishments can enforce it. The global corporations that profit from copyright are lobbying for draconian punishments, and to increase their copyright power while suppressing public access to technology. But if we seriously hope to serve the only legitimate purpose of copyright--to promote progress, for the benefit of the public--then we must make changes in the other direction.

Here is the audio in Ogg format (courtesy of Don Marti, editor of LinuxWorld.com).

I was privileged to introduce RMS... here's what I said:

In meatspace, you might know our speaker as Richard Matthew Stallman; in the world of bits and bandwidth, where we spend an increasing amount of our time, he's known simply as RMS. He was raising hell and championing software freedom before I was born, and I'm almost 30. His accomplishments are vast in terms of numbers and magnitude. Stallman has received numerous awards, four honorary doctorates and was awarded the MacArthur Fellowship in 1990. He has long championed the notion of copyleft; a concept which promotes freedom by requiring modified works to be distributed under the same generous license under which the work was originally licensed. In 1989, the Free Software Foundation, which he founded, embodied this notion of copyleft in a general-purpose software license called The GNU General Public License or GPL. The GPL has gone through three revisions since and remains the most widely used license for free and open source software. Richard Stallman stands out for consistenly arguing that, besides the oft-cited pragmatic reasons for free software, there exits a moral imperative that software should be free. So, to tell us more about all of this... without further ado, here's Richard Stallman to speak about "Copyright vs Community in the Age of Computer Networks".

Some random thoughts...

wtf?, SIMS, berkeley, friends, education, iSchool
  • Peter Lyman's memorial today was beautiful.
  • I'm so going to see Dragon Wars. I love dragons!!!
  • Wow. Kathy Griffin: "Suck it, Jesus". I guess you can't say that on TV, huh?
  • I've finished both Neuromancer and Count Zero and am on to Mona Lisa Overdrive. Wow... written in 1984, 1986 and 1988! Wow. And I read these after having played the Cyberpunk RPG back in the day.

HR811 Does Not Require Source Code Disclosure

elections, reform, standards, copyright, news, secrecy, politics, problems, friends, research, policy, legal

Many people seem to erroneously think that HR811 requires the disclosure of voting system source code. For example, in a recent press alert, Doug Lewis of The Election Center says:

The provision that covers source code is giving a blueprint for malice in the elections process and Congress would be far better copying the language developed by Senator Feinstein in S1487 on access to source codes.

However, HR811 doesn't reach source code. Allow me to explain...

When HR811 was reported out of committee, a key definition was changed. Under HR811, voting systems are prohibited for use in federal elections unless voting system vendors deposit "election-dedicated voting system technology" in escrow. Also, these materials must be made available to three classes of people:

  1. Governmental entities that administer elections in order to review, analyze or report on the technology.
  2. Parties in pre- or post-election litigation to review or analyze the technology in support of the litigation.
  3. Persons who review, analyze or report on the technology solely for an academic, scientific or technological investigation.

For most of the life of the Holt Bill, the definition of what materials these classes of people got access to in order to support their review, analysis or reporting included voting system source code. However, when reported out of committee, the definition of "election-dedicated voting system technology" was changed to point to the 2005 Voluntary Voting System Guidelines definition of "voting system software". That definition reads:

voting system software: All the executable code and associated configuration files needed for the proper operation of the voting system. This includes third party software such as operating systems, drivers, and database management tools. See also dynamic voting system software, semi-static voting system software, and static voting system software.

This is an operational definition; that is, this includes things one would need to operate the equipment. It is not an analytical definition; that is, it doesn't include the things that one would need to analyze and review the technology. For that, at a minimum, one would need access to source code.

A group of experts, including, Andrew Appel, David Dill, Edward Felten, David Jefferson, Avi Rubin, Barbara Simons, Warren Stewart, David Wagner, Dan Wallach, John Washburn and myself wrote a letter on May 22, 2007 of this year expressing concern with this change and recommending that the legislation point to a different, more analytical definition of the elements needed for voting system analysis and review.

This stance was crafted to mirror the language in the Committee Report on HR 811 (pp.19-20) which included the definitional reference that our letter emphasized (actually, I think that simply citing to section 5.7 of the VSTCP Manual would be sufficient).

However, the language of the bill has not been changed and it appears the bill will go up for a floor vote this week.

What does this mean? This means that any of the three classes of people listed above will only have access to "executable code" and "configuration files" from voting system software. That is simply not adequate for a thorough voting system review. There are certain types of analysis that are made impossible without access to source code and other types of analysis which are made so difficult as to be close to impossible. In many cases, this would require decompilation of the executable software which is a laborious, imprecise and arcane process on code bases like these which can be very large.

In my opinion, the current language is misleading as it appears to give broader access than it actually does. The options to correct this seem to be (in order of personal preference):

  • Modify the language to explicitly include source code (I won't even mention build environments)

  • Modify the language to explicitly include access to other useful things that are not source code (ballot definitions, audit logs, on-board vote data, etc.). These are particularly important in legal challenges.

  • Eliminate the disclosure provisions entirely.

Despite this problem, I continue to think -- along with Avi, Ed and Matt (EFF) -- that HR811 is an important and necessary step in U.S. election reform.

UPDATE [2007-09-12T14:22:12]: By request, I have taken down the letter referenced above.

A Window into the Hart Document Review of the California TTBR

elections, certification/testing, reform, vendors, standards, copyright, hacks, news, secrecy, privacy, berkeley, research, policy, usability, legal

Well, it has been more than 45 days since we submitted our document review report on the Hart System 6.2.1 to the California Secretary of State under the Top-To-Bottom Review (TTBR). According to our contract (see page 10):

No Principal Investigator, UC Senior Reviewer, Associate Reviewer or accessibility expert shall make or release any comments or other information about the processes, procedures, progress or findings of the voting system review or any draft or final report to any third party via any medium for 45 days from the submission of the final report to the SOS, or until the final report is made public by the SOS, whichever is sooner.

This clause means that I can now talk about our Document Review efforts... I do hope the full reports are published soon; I have no clue what is holding them up other than they probably aren't the top priority in the very-busy SoS' office right now (as you'll see, they're nowhere near as sexy as the other three types of reports that were issued).

All of what I say below I say on behalf of myself and no one else. Errors, omissions, etc. are my responsibility alone.

Working Conditions

We were housed in a secure room in the UC Berkeley Law School (Boalt Hall). The time was very tight; we had a handful of days off over about 5 weeks (which is an experience much like the hours election staff have to put in right before an election). The secrecy required for our work was extreme. We worked in a secure facility using a red/black military information protocol where any confidential or proprietary information was labeled red and was not to leave the room. Because our work involved reviewing massive amounts of documentation (thousands of pages per vendor), the secrecy requirements meant that we printed and read on the order of 10,000 pages of documents between the two vendors that we examined in the Berkeley facility (Sequoia and Hart). We killed one entire shredder making sure all the paper and CDs were thoroughly destroyed.

As my thesis is primarily concerned with transparency in electronic voting, it seemed particularly absurd that we had to maintain such a tight protocol to protect nebulous trade secrets of the vendors. However, I do understand that if we're to have a competitive free market here in voting systems, we need to be cautious with inadvertent leaking of information that gives vendors a competitive edge in the market.

Methodology

Our task was twofold: 1) to produce a document that summarized the usability and thoroughness of the documentation for the voting system and the testing documentation from the ITAs and; 2) to assist the source code and red team testers with particular types of document-centric questions (e.g., "Is so-and-so communication protocol ever described explicitly in the documents?").

In terms of methods, the second task was easy enough once we were familiar with the contents of the documents and where certain types of information resided. The first was more difficult. As we describe in our report, a very sound methodology would have involved developing a codebook of requirements, regulations, etc. that voting system documentation must address (from the VSS, etc.) and then coding each document according to the codebook. This is a useful qualitative method that can be quite powerful (and typically involves writing thematic memos about particular issues and then stringing the memos together into a larger analysis). However, we didn't have time for that. Instead, we examined the documents from the point of view of the needs of each individual involved in particular phases of an election. We also spent time with the documents running two mock elections with the equipment in the SoS' facilities in Sacramento.

Findings

I'll naturally let our reports speak for themselves; however, here are a few of our findings for the Hart system:

  • The ITA test reports are completely inadequate and do not provide the level of detail that one would need to assess whether or not the voting systems were tested to the letter of the VSS. They also do not provide the level of detail needed to replicate the testing in a laboratory environment. In many places, it is difficult or impossible to tell what types of testing methodologies were employed and under what conditions systems were tested. In some cases, the division of labor between two ITAs resulted in serious deficiencies where certain pieces of the VSS were not tested at all or where it is unclear to what extent certain features were tested.
  • The documentation from a usability standpoint was pretty good. It could be improved, naturally. Specifically, the documents do a good job of describing how to do something, but don't discuss at all why one would want to do something and what the implications or technical details might be. Also, the documents were highly referential in that the user would have to leave a particular document to go to another document in order to learn about or complete a specific step. This was particularly a problem for the California Use Procedures document where the public won't have access to the confidential and proprietary documents that election officials have.
  • We found that, assuming technically-knowledgeable staff, the documentation for Hart would allow a jurisdiction to be reasonably self-sufficient. We do recommend that jurisdictions "break in" their procedures, machines and staff by running full-fledged mock elections so that any deficiencies can be caught before an actual election.
  • We don't believe that the documentation with which we were provided would be sufficient for the State-level certification of these systems. The inadequacy of the ITA reports and the documents that would be needed by reviewers beyond the voluminous technical data packages provided to the ITAs put state-level certifiers at an information disadvantage.

Implications

The implications of the document review reports aren't markedly different than those of the other reports. The common theme is that the national qualification process overseen by NASED was completely inadequate at judging whether or not these systems met the 2002 VSS or, more importantly, if they could be used safely in typical elections environments. Deficiencies in voting systems often fell victim to something we call the "leaky pipeline" where the deficiency would be noted in one or another part of the process but not be carried forward into the next part of the process or even cured before the system was fielded in actual elections.

It's a brave new world out there for voting technologies, and we have a lot of work to do... together.

Contact / Help. (cc) 2021 by Joseph Hall. blog software / hosting.
Design & icons by N.Design Studio. Skin by Tender Feelings / Evo Factory.
And a few words about the structure of the eye . Everyone " retina ". Especially often we hear it buy clomid online in the phrase " retinal detachment ." So what is the retina ? This - the front edge of the brain, the most distant from the brain part of the visual analyzer. The retina receives light first , processes and transforms light energy into irritation - a signal that encodes all the information about what the eye sees . The retina is very complex and in their structure and function . Its structure resembles the structure of the cerebral cortex. The shell of the retina is very thin - about 0.14 mm.