Risks of mandated source disclosure

There are risks associated with government-mandated public disclosure using either a disclosed source regime or open source licenses. One such risk is that trade secrecy would be de facto eliminated from the highly competitive, small-margin voting systems market. This could mean the end for larger companies, which are more sensitive to the smallness of margins, as it will cause a slip of their market position and competitive edge against other larger vendors. If open source software is required, a body of open source software for election management and tabulation will be created that will lower the barriers to entry into the market and necessarily increase competition. The available software will be one piece that new firms will not need to develop in creating a viable voting system (see § for a discussion of other barriers to entry). Either of these possibilities will make it easier for small firms to enter the market, but also may make the market less appetizing for large vendors.

There could be narrower licensing options under a government mandate. That is, if a governmental entity deems it necessary to mandate disclosure, it would seem that they would also specify the terms of such disclosure. This would prohibit vendors from doing their own calculus of what to allow and disallow in the terms of their software license and would mean that they now had to fit their previous business models into the license agreement mandated for the market in which they seek to operate.

Finally, there is an evolving concept of eminent domain -- where the government must compensate an individual for taking property -- in the field of intellectual property. Should vendors be compensated for the release of intellectual property in the source code that runs their systems? The relevant forms of intellectual property implicated in the source code for voting systems are patents, copyright and trade secrets. Patents and copyrights are not much of an issueFor patents and copyright, 28 USC 1498 provides that a patent or copyright holder can sue the government for ``recovery of his reasonable and entire compensation'' but cannot enjoin the work being ``used by or for'' the government. Disclosure of patented, copyrighted software would not correspond to large financial exposure for voting systems vendors; depending on the terms of distribution (limited or public), the availability of the source code for voting system software would not undermine their ability to sell software products or enforce and license their patents. and claims under the Freedom of Information Act (FOIA) or its state-level equivalents will usually protect proprietary and confidential information.State equivalents to FOIA in the form of public records acts typically have broad exemptions for confidential information and trade secrets. Exemption 4 of FOIA allows the government to withhold trade secrets under certain circumstances involving FOIA requests. See: Erisman, M. K. The never ending saga of unit prices: To disclose or not to disclose, that is the question. 2005 Army Law 138 (2005).

That leaves the case of trade secrets released against the vendor's wishes. In Ruckelshaus v. Monsanto Co.,Ruckelshaus, Administrator, United States Environmental Protection Agency v. Monsanto Co. 467 U.S. 986 (1984). the Court found that the disclosure of trade secrets claimed to be held in confidence by the Environmental Protection Agency (EPA) as part of a pesticide registration program was a 5th amendment ``taking'' of property.Id., at 1003-1004. How was the dollar amount calculated in Ruckelshaus? I get asked this constantly. The Court ruled that the ``taking'' existed when Monsanto had a ``reasonable investment-backed expectation'' of confidentiality and that this was formed when the EPA allowed vendors to mark certain information as trade secret through their registration program.Id., at 1010-1014. Further, without a reasonable investment-backed expectation, no taking existed.

For voting systems, this means that any disclosure should be done carefully. That is, with rules or laws that mandate disclosure, any efforts to extend the effects of such policy to source code submissions made under a previous regime would likely run afoul of the Ruckelshaus notion of 5th Amendment ``taking'' of trade secrets. Voting systems vendors will likely not find it difficult to make a showing of ``reasonable investment-backed expectation'', as past indications show that vendors have been highly protective of their intellectual property.See discussion accompanying note . From this analysis, the best course of action would be a non-retroactive policy in which the government clearly stated its intent to disclose system source code and also stipulated that any trade secrets would have to be removed by the vendor prior to submission.