I'm not going to register with my information, and here's why:
1) I don't know what this website is, and why it's collecting my information. Where's the credibility? Now people can use this "open source software" and can modify the where the endpoints are. I'm a little bit worried than anyone who has malicious intent can alter the code.
2) Why isn't it even requiring HTTPS/SSL? I don't want anyone to intercept my sensitive information, especially with someone that can just dump the code anywhere and pretend to be an "official" voter registration. Take that demo app for example.
I know this post was meant for something good, but I feel security measurements are not its strongest points. And I must petition for more security when the app involves with sensitive information that can be collected by any 3rd party website. Please correct me if I'm wrong!
I think your concern is legitimate. I imagine that organizations wishing to make use of the app or modify it will imbue it with trust by associating themselves with it - ie a League of Women Voters logo somewhere on the page. As the article points out though, there are a lot of regulations in this space so I'm not sure if that is allowed.
As far as SSL goes yes I think at the very least the production.rb file should declare `config.force_ssl = true`.
> Now people can use this "open source software" and can modify the where the endpoints are.
I'm a bit confused by what you see as the point of concern here. Are you concerned that the actual deployed application doesn't reflect the source code provided? That's a concern regardless of the license used; it's an example of where security is based largely on trust.
> I want to acknowledge the hard work across the organization, from software engineers to lawyers, to find a way to give back to the open source community and satisfy the concerns of both.
So it seems that this decision was done after careful legal advice was sought. I'd love to hear what the lawyers actually said about this "advisory." Does including an advisory remove liability on the code's creators, much like the "Contents may be hot" advisory removes liability on McDonalds should a customer burn themselves?
I asked a similar question in a comment on another link: if a coder were to open-source an app that could easily be repurposed as, say, a search engine for pirated videos, but they included an "advisory" saying exactly what a derivative work's creator should do to obey the law, is the original coder liable? It would seem that the DNC would say "no," but maybe voting law is different from copyright/piracy law when it comes to liability? But if anything, I'd expect voting law to be even stricter...
I can't speak for this specific case, but when releasing software to others (open sourcing, licensing, etc) it's common to run the codebase through something like Black Duck. Everything that comes up as a false positive needs to be checked into and cleared. Everything that's a true positive must have its license read to ensure that any terms of its release are being met.
For software that's been released but doesn't have a clear license (e.g. some "Pull to refresh" implementation on Github) it's often necessary to ask the author to sign some form of "no, I really won't sue you" release.
If it's discovered that some license was inadvertently violated (e.g. attribution) then it can be necessary to send a mea culpa to the licensor so they're not incensed if someone points the violation out to them later.
if a coder were to open-source an app that could easily be repurposed as, say, a search engine for pirated videos, but they included an "advisory" saying exactly what a derivative work's creator should do to obey the law, is the original coder liable?
Never, with or without the disclaimer. The Grokster case did not ensnare any coders, only the business. Knife manufacturers are not liable for stabbings.
The Obama campaign in 2012 had a smartphone/tablet app that they used in the early days of the re-election campaign to register voters as part of their first canvassing passes. Being open-source software, any person or organization that wants to help increase voter turnout could modify it to suit their specific needs - maybe they rely on older voters, so they want to make a more high-contrast version, or they need to translate the app for their voting bloc.
You could also work to make an API out of the state data (it's a a ton of work to aggregate all that), or work to make the site an offline application so that voter registration forms can be created, saved, and later emailed, or even printed and snail mailed to voters. The biggest obstacle with voter registration in the US is that you have to physically mail a sheet of paper. I'd be willing to bet that few unregistered voters probably also have a printer, stamps, and an envelope all ready to go.
Now, one caveat to all this is of course that I'm not sure how much of it is completely kosher. There are lots of regulations on this stuff, obviously.
Great ideas. I hadn't thought at all about modifications to the UI - ie focusing on accessibility concerns for older voters, or supporting multiple languages.
Another possibility: feature that lets people "pledge" to vote by entering their email address. This could be useful to canvassers on the ground trying to catch busy people passing by without the time to fill out a form at that moment. The app could then email the voter to follow up, as well as alert them when their state's deadline is drawing near.
While this is a partisan comment, it highlights the political reason why the DNC pursues registration drives. It stands to benefit from doing so. Voters in demographics more likely to support the Democrats are less likely to register and less likely to be engaged.
It should be pointed out that the various organs of both the Democratic and Republican party both run voter registration drives, as do a number of other groups (with varying degrees of affiliation with official parties).
It's not surprising that each group targets demographics which seek to further their aims.
Despite that, registering more voters is categorically a good thing. We as a society require an informed and engaged electorate. Registering to vote is part of that engagement.
That's only because the GOP have decided not to cater to the vast majority and instead are held hostage by their tea partiers/religious right/corporatists.
Democrats have their share of right-wingedness, but also cater to marriage equality folk, minorities and progressives.
When Republicans give up on 47% of the electorate, it's a clear sign that, for them, voter suppression is more effective than registration.
1) I don't know what this website is, and why it's collecting my information. Where's the credibility? Now people can use this "open source software" and can modify the where the endpoints are. I'm a little bit worried than anyone who has malicious intent can alter the code.
2) Why isn't it even requiring HTTPS/SSL? I don't want anyone to intercept my sensitive information, especially with someone that can just dump the code anywhere and pretend to be an "official" voter registration. Take that demo app for example.
I know this post was meant for something good, but I feel security measurements are not its strongest points. And I must petition for more security when the app involves with sensitive information that can be collected by any 3rd party website. Please correct me if I'm wrong!