Meeting Minutes: July 10, 2018 (approved September 13, 2018)
City and County of San Francisco
Don Chan, Secretary
Christopher Jerdonek, Chair
Larry Bafundo, Vice Chair
Open Source Voting System Technical Advisory Committee (OSVTAC)
of the San Francisco Elections Commission
Tuesday, July 10, 2018
City Hall, Room 479
1 Dr. Carlton B. Goodlett Place
San Francisco, California 94102
Order of Business
1. Call to Order & Roll Call
Chair Jerdonek called the meeting to order at 6:04 p.m. Present: Members Hage, Jerdonek, Kattouw, Wasserman. Member Bafundo had an excused absence. Also present: Secretary Chan.
2. General Public Comment
3. Approval of Minutes of Previous Meetings
Member Wasserman pointed out a typo in item #7 of the May 9 minutes. Chair Jerdonek asked if the wording on the question of copyright was correct. He suggested the wording in the resolution be “starting with the code presented” instead of “using the code presented.” With the corrections, Member Kattouw moved to approve, seconded by Member Hage. By a 4-0 vote, the motion carried.
There was no public comment.
Chair Jerdonek said the Committee’s statement on the Slalom report is now on the website in a section called “Communications.”
Member Hage reviewed his travel plans, as did Member Wasserman and Member Kattouw. With all of this in consideration the next OSVTAC meeting will be Monday, August 27. Due to the members’ travels, Chair Jerdonek will report to the next Commission meeting on July 18. He will also update the Recommendations document.
There was no public comment.
5. Member Reports
Chair Jerdonek reported that after the Committee’s statement to the Commission, the Commission passed a resolution on open source voting. The San Francisco Board of Supervisors Budget Committee met, and Supervisor Cohen proposed adding $1.25 million to the Department’s budget for the project, spread over two years.
The Department is working with the Department of Technology (DT) to hire a Project Manager (job classification 5504).
Chair Jerdonek had a list of questions compiled from the tour TAC took after the election, and he just submitted them to the Department. If he gets replies by next meeting, TAC can discuss them. He then pointed to the document in the packet that was from Los Angeles County’s VSAP project, showing that they are contracting out $282 million to develop it. Maybe this can be discussed in agenda item #8.
Member Kattouw did a brief review of contributor license agreements (CLAs), where copyright assignments can be irrevocably made. There was mention of the Software Freedom Conservancy (a non-profit that can act as a home for various open source projects). Member Wasserman summarized his report to the Commission at the last Commission meeting, which included the Committee’s thoughts on the Slalom report. The resolution passed by the Commission (very much in line with the Committee’s opinion) said it disagreed with the estimated costs and the waterfall development process presented by Slalom.
There was no public comment.
6. 2017-2018 Civil Grand Jury Report
Chair Jerdonek felt the Committee could discuss the topics, findings, and recommendations in the report that relate to the Commission, and then give their opinions. They began with the point about certification and how that impacts the feasibility of agile development.
To the point of the project not progressing far, the Committee agreed with some reasons given but not all, the main agreement being over not having a central point of leadership.
[In the below, F=finding and R=recommendation:]
F4, F7, and F8: they agreed with the statements.
F10: they found too simplified. The issue of security is very complex. There was disagreement with the characterization of having “x” numbers of “bad actors” vs “good actors as the equation for risk management.
F11: they disagreed.
F12: is not just applicable to open source voting software, but even so, open source software should be easier to be certified incrementally, and more quickly.
F13 and F18: seem to contradict one another where the latter disproves the former.
F14: there was a question of where “the large numbers of” these non-profits were, since the report only named three. Member Hage mentioned that in the past there were several that were involved in open source voting projects, but they are no longer.
F15: they didn’t believe the two mentioned were “ideal” but potential. Some members thought other organizations might be better.
F19: this was a contested finding dependent on the definition of mandate. Is this project a mandate written in the Department’s charter, or is it just within the scope of what the Department can do related to elections? Is the project a mandate established by Commission resolution? Is it being directly responsible for the development of the system, or acquiring it?
F20: members discussed whether the Department ever did software development and if it was “critical.” In previous elections, did the Department code the pages that displayed the results? Did they do software for tracking vote by mail?
Mr. Jim Soper commented about patches to operating systems not needing certification. He felt there were no organizations that were committed to working on open source voting. As to cooperation among counties, he felt there was too much territoriality.
The Committee moved on to reviewing the recommendations:
R1/R2: it was felt that some of the tasks should be done by the project manager, Department, or Commission.
R3: There was a discussion regarding creating a “portal” or information page on the TAC website, including things like what would be on the page, who would decide, and how to list it (e.g. chronological). Chair Jerdonek can do initial posts/links. The committee can review and suggestion changes or additions at meetings.
Member Kattouw moved to approve setting up an information page on the TAC website for “the project” and have Chair Jerdonek be responsible for putting in the initial links. Member Wasserman seconded. By a vote of 4-0 the motion passed.
R4: regarding producing a quarterly report, this item seemed more relevant to the Department and project manager, and needs further analysis.
R5: refers to the notion that there should be more than one bidder for RFPs but doesn’t recognize that there is only one vendor with a system certified in the state.
R6: regarding costs, the statement doesn’t apply just to open source voting.
R7: asks for outside development of code. Agree.
R9: CACEO would be a good start, but the Commission doesn’t have staff to do this. The more stakeholders involved, the more the project can be bogged down. There is a question of whether management would go for developing a system that is more than California-centric. The survey should be done by the Director of Elections.
R10: using HAVA funds is okay, but there is not much available.
R11: partnerships with 18F and USDS. Again, it was mentioned that there are not all that many around involved and committed, and doing more than being supportive.
R12: the Department should do this.
R13: having an MOU with the State might increase other counties’ interest. The Committee agrees.
There was a discussion of how certification of modules would work.
Mr. Jim Soper said that maybe under SB 360, getting approval for a “pilot project” could avoid having to get a full system certification, as long as it affects less than half the county. Member Kattouw said it’s unclear what that means.
Mr. Jim Soper said he had a good relationship with CACEO, but it is chaired by Dean Logan and he’s not sure how cooperative he’ll be.
7. Voting System Component Development
Chair Jerdonek and Member Hage have been working on the results reporter component and completed a basic part of the data model, loading it, and getting the program running. It can now load all data, including detail data. There is now a need to develop real templates to produce some documents/reports. Member Kattouw expressed interest in producing some layouts. Member Hage will do conversion software to generate a test case. He would like to get some GIS data and SHA files. Member Kattouw may have some access to that. Chair Jerdonek said they are still waiting for scanned ballot images from the Department. But this month is busy for all members so work will be slow in coming.
Chair Jerdonek mentioned that he and Member Hage discussed establishing three more Git repositories, responsible for – 1) generating input files for the results reporter from real election data, 2) data only, and 3) house the production templates to display SF’s data in a nice format. GitHub Pages can be used for (3) to display a sub-directory of the repository.
There was a short discussion about what the repositories would contain. Chair Jerdonek explained that he had envisioned a narrower purpose for the original results reporter repository, while Member Hage thought it would be more multi-purpose. These additional repositories address this larger issue.
The names for them, respectively:
Member Kattouw moved to approve setting up the three repositories, seconded by Member Hage. By a vote of 4-0 the motion passed.
Chair Jerdonek reported that he asked the Deputy City Attorney about whether the City had to be added as a copyright holder of the project. Questions brought up: can a conditional copyright be given to the City? Is there a remedy to the violation of such a copyright? Can it be revocable or irrevocable? What could be the worst case scenario if copyright is shared with the City? Maybe this is an opportunity for the City to investigate that and establish a policy.
8. Project Background and Terminology
There was a discussion about the VSAP contract for Los Angeles (the document provided by Mr. Jim Soper) in relation to whether or not it would be open source.
Member Kattouw cited various sections of the contract that he liked:
2.1.1 – being county owned.
2.1.2 – is work for hire so gives all rights to the county
2.1.3 – no more charge for documentation.
2.1.4 – pre-existing materials included.
2.1.5 – gives the county license to use pre-existing materials also.
Member Wasserman said 2.1.3 should include everything it needs to produce an open source program, including the build script. Chair Jerdonek wondered if the rights to use third-party materials would let them make those materials open source (even if proprietary).
There seemed to be a requirement that the county use for the program the hardware that the vendor is making, and that the vendor has the ability to use their hardware for other purposes (e.g. sale to others). Chair Jerdonek felt that this clause in the contract made it more restrictive than even proprietary systems. The question remained unanswered as to whether this would be open source, but there were lessons in it that San Francisco can learn from (e.g. adopt or avoid).
Mr. Jim Soper mentioned that Los Angeles County has not claimed the system will be open source, but rather disclosed. He also noted that Sequoia was sold to Dominion in 2010.
9. Equipment Decisions and Implementation Plan
There was no discussion on this item.
10. Committee Recommendations
There was no discussion on this item.
11. Topics for future discussion
Chair Jerdonek asked what the city would do with the old equipment when the City gets new equipment (e.g. scanners). Who owns it? Can the Committee possibly use it?
Member Wasserman mentioned the document on the Election Transparency and Security Act of 2020, provided by Mr. Brent Turner. It appears to be a petition seeking public support and/or signatures.
Member Kattouw reviewed parts of it and said it appeared to be targeting specific types of organizations (501(c)(6) / consortia) to benefit from it.
The use of smart phones for voting was discussed, including the issue of security.
Mr. Jim Soper said that this proposed act was seriously flawed and that the use of the internet for voting is infeasible.
Adjourned at 9:58 p.m.