Election 2020: When Copyrights & Voting Systems Collide
You may or may not agree with the complaints being lodged against voting machine systems used in this election, but it is nonsensical to argue against mechanisms that should be in place to ensure that voters are not disenfranchised.
As if 2020 could not be more of a “hitshow” with COVID-19, who would have thought that this election season would still be happening. Regardless of which side of the political spectrum you may rest, it is indisputable that this year’s presidential election has been anything but normal. One of the more disturbing assertions appears to involve the voting machines and software used in a number of states, including in a number of battleground states currently being disputed by President Donald Trump and his legal team. This has resulted in some reporting in the media on alleged “intellectual property” roadblocks involving election systems and other narratives that tend to confuse rather than clarify the situation. You probably have your own thoughts regarding alleged impediments to fair vote tallies involving certain voting systems used during the 2020 presidential election, but intellectual property should not be one of them.
In the interests of full disclosure, I do not have any inside knowledge on the architecture of many of these voting systems (including but not limited to Dominion Voting Systems election management system that is the center of a great deal of attention), but I do have a lot of experience in software development and distribution that I have accumulated over 25-plus years of legal practice. This experience includes copyright protection for software, navigating confidential information and trade secret protections, and a ton of licensing. Although there are many different ways to structure software and platform licenses, certain elements are common to all such agreements that can be leveraged to support the legitimacy of these systems and their software.
First and foremost, software can be protected in a number of different ways but is always subject to copyright protection at a minimum. Under 17 U.S.C. 102, all “original works of authorship fixed in any tangible medium of expression, now known or later developed, from which they can be perceived, reproduced, or otherwise communicated, either directly or with the aid of a machine or device” qualify as copyrightable subject matter. Computer software is most commonly viewed as literary work (as defined under 17 U.S.C. Section 101) and, therefore, protected under copyright once “saved” to disk (or other storage medium). The copyright owner thus enjoys certain exclusive rights in and to the software under copyright law, and can choose how and to what extent to license its rights to its customers. Registering the software provides additional protections to the copyright owner, such as providing standing to sue for infringement (under the Fourth Estate case from SCOTUS), obtaining statutory damages for infringement and even attorney’s fees. When combined with hardware platforms (which may be protected under patents and trade secrets as well as copyrights), it’s not hard to acknowledge that the attendant intellectual property licensing can get complicated.
The point here is that the copyright owner does indeed have control over its copyrights and other intellectual property covering the software and attendant hardware platform, but must weigh those rights against the needs of the marketplace if the owner wants to commercialize the product. Products may have software embedded as part of the system; others use software-as-a-service models for customer access over the internet. For voting systems, the former is the preferred method given the significant need for voting security. What I have seen reported regarding these systems, however, has implied that the underlying licenses may prevent full transparency in verifying the code to prevent fraud at the software and system level. That may or may not be the case depending upon the license at issue, but here a few considerations to keep in mind to set the record straight for future elections:
- Standard Intellectual Property License Restrictions Need Not Be Impediments To Investigating Fraud. Software licenses (as well as platform agreements) tend to place not only restrictions on use, but prohibitions on reverse engineering and decompiling software. This is commonly done to protect the codebase — most customers do not require the source code to the software product, as the licensor handles internal software support. That said, voting systems present a different set of considerations given the nature of the product. Based upon my experience, states should negotiate source code escrow provisions that include allegations of improper operation of the software as a triggering event so as to authorize the release of source code to a mutually agreed forensic programmer to perform necessary auditing under strict confidentiality restrictions. Voting platform providers may resist this move, but it protects the codebase while permitting legitimate review.
- Confidentiality Restrictions Should Not Restrict Legitimate Review. Confidentiality restrictions are a common element of software licenses — similar to the foregoing, they are designed to prevent unauthorized disclosure of confidential elements of the software and/or system. Unfortunately, they can be tied to termination provisions permitting immediate termination of the license for breach, as well as exclusions from indemnification protections and limitations of licensor liability. States should insist upon a separate NDA that contains not only standard confidential information exclusions, but comprehensive authorizations to accommodate judicial orders, valid government subpoenas, and legitimate governmental audit requests. In this way, federal and/or state electoral agencies can seek information without the danger of material breach.
- Data Security Can Be Used to Ensure Appropriate Access. Without question, the information compiled by voting machine vendors for elections contains not only public information (like your name and address), but highly personal information (like how you voted). Such information would, by necessity, need to be maintained for audit purposes for an election. States should not simply rely upon standard vendor security representations or references to compliance with voluntary “standards” — they should insist upon stringent data handling requirements that include comprehensive audit provisions so as to ensure appropriate access, review, and verification.
Of course, these are not comprehensive points but illustrative of some steps that can (and should) be taken to protect the vote of all citizens. You may or may not agree with the complaints being lodged against voting machine systems used in this election, but it is nonsensical to argue against mechanisms that should be in place to ensure that voters are not disenfranchised. Frankly, such companies should accept these requirements as necessary to participating in the voting tabulation process for elections. Otherwise, the perception will be that they have something to hide beyond their intellectual property, and that is something that should be unacceptable to everyone.
Tom Kulik is an Intellectual Property & Information Technology Partner at the Dallas-based law firm of Scheef & Stone, LLP. In private practice for over 20 years, Tom is a sought-after technology lawyer who uses his industry experience as a former computer systems engineer to creatively counsel and help his clients navigate the complexities of law and technology in their business. News outlets reach out to Tom for his insight, and he has been quoted by national media organizations. Get in touch with Tom on Twitter (@LegalIntangibls) or Facebook (www.facebook.com/technologylawyer), or contact him directly at firstname.lastname@example.org.