Limited disclosure

It is clear that source code access is essential to evaluation. As in the California case,See, supra, § . where a critical interface between the paper record and a non-sighted voter was mandated to be open, there are critical pieces of a computerized voting system where openness of the technology is of paramount importance. (Ping: This gives no reason why.) The interfaces between ballot and vote data and forms of input and output are such critical points where maintaining secrecy results in pushing trust from one part of a voting system to another. In the end, openness is a natural and highly efficient way to break this cycle of pushing trust from one system to another. Other areas of critical importance include vote storage, reading and writing. Limited disclosure of this code could achieve many of the benefits of source disclosure while minimizing risks.

Limited disclosure can be achieved by restricting the scope of code disclosed and the audience to which it is disclosed. That is, what in the code should be disclosed, critical systems (as argued for above) or all the code? Disclosing all the code has the benefit of ensuring that there is no place for malicious or erroneous code to hide. Allowing the public to view all the source code would have the benefits and risks discussed in §.

Once the decision as to what code is disclosed has been made, we need to decide who gets to see it. As in the federal open source and disclosed source bills discussed previously, do we allow all the public to acquire the voting systems code that will run our election or do we limit the pool to a select few or a subset of the public? On the contrary, if source code dissemination was controlled by application and contract,For example, an individual or organization could have to submit an application attesting to certain competences and sign a legally binding agreement that forbid certain activities. Such pre-requisite competencies could be to have a PhD-level degree in an area such as computer science and experience in system evaluation. Examples of activities to forbid would be to distribute the code further, to compile code flaws that aren't made available to the regulatory agency, to publish non-public reports and to transmit source-level information to a vendor's competitors. the goal of having third-party code review could be achieved without the exposure and intellectual property concerns associated with public dissemination. However, a critical piece of restricted dissemination would be a requirement that all output from such reviews would be publicly available and unredacted to balance the exclusivity of code availability.