Enterprise

A Far-Fetched Fix for E-Voting Woes: Open Source

The 2008 presidential primaries capture the lion’s share of election season media exposure, but an equally critical campaign is running quietly in the background.

The controversial decision to implement various types of electronic voting machines in place of paper ballots is garnering little public attention, while many states hastily implement flawed electronic voting machines and related election procedures, according to the Electronic Frontier Foundation.

The U.S. lacks a universal voting standard. With federal rule-making limited to federal voting activities, individual states are left to determine their own voting procedures and the type of voting apparatus –electronic or paper — to use.

Criticism of the current crop of voting machines focuses mainly on the lack of clear requirements for a paper record of electronic votes. Part of this ongoing dispute is the disagreement between legislators and voting machine vendors on any procedure to oversee the programming of the proprietary, and thus secret, computer code that runs the voting machines. No open source program for voting machines yet exists.

Some industry watchers and legislators propose the use of open source programming as the answer to securing e-voting technologies. So far, voting machine vendors have been reluctant to support the notion of open source code. While some proponents of e-voting urge that open source code may be one way to provide more transparency with voting machines, voting machine critics warn that identity management techniques must also be used to ensure the process is completely transparent.

“Much of the debate is between non-technologists and technologists who have theories but not practicalelection experience,” Carl Almond, senior security architect at global IT consultancy firm Avanade, told LinuxInsider. “I find it entertaining that vocal groups are dead set about using paper [trails] while the rest of the world is moving away from paper.”

Hanging Chad vs. Digital Bits

A discussion about e-voting technology with a security official or voting rights proponent almost inevitably stumbles upon the paper ballot anomalies that occurred in Florida during the 2004 Presidential election. Predictably, this example is used to support assertions of proof that paper ballots are inept and unreliable. However, numerous court challenges to digital voting tabulations often reach the same assertions of proof against e-voting from proponents of traditional paper ballots.

Essentially, all voting mechanisms have an Achilles heel, suggested Almond. Paper ballots suffer from the ease with which election workers can lose entire ballot boxes. With lever-type voting machines, election workers have been known to open the back to record the voter count only to find no votes were recorded.

“Paper-based voting systems are regularly miscounted. But electronic-based voting machines are not inherently more accurate. They are designed not to ensure accuracy but to provide the availability of voting anonymously,” said Almond.

Either way, both paper and digital voting systems are flawed in terms of getting the vote out and getting the result right. A report published by the National Institute of Standards and Technology (NIST) in December 2006 condemns the sole use of e-voting machines, stating that “a single programmer could ‘rig’ a major election.”

Digital Voting Divide

Electronic voting machines are not a new phenomenon. They are already in use throughout the country in local and state elections. As Almond sees it, Americans are already voting electronically on a regular basis, but not yet in most government sponsored elections. Television shows like “Dancing With the Stars” and “American Idol” introduced many people to one form of electronic voting. The question, he noted, is when and whether the populace already accustomed to voting electronically will demand that electronic voting be expanded to include all government elections.

People debate the merits of e-voting for a variety of reasons, including suspicion of new technologies and a general distrust of politics, according to Jamie McKown, Wiggins professor of government and polity at the College of the Atlantic. “Reports on e-voting security often decontextualize the history of voter fraud in this country, as if boxes were somehow assumed to be better. You constantly hear calls for paper trails, and open and free inspection of voting machine source code. But it’s a very thorny issue and one that has a lot of facets,” McKown told LinuxInsider.

Mapping E-flaws

Much of the in-fighting over electronic voting machines surrounds the way these computers store records. A twin concern is the lack of a paper record in some of the machines. Both of these questions exist regardless of the source code — be it proprietary or open source.

These concerns have a pressing link to legal issues that make the e-voting process highly vulnerable to court challenges, according to Bob Brownstone, a Silicon Valley attorney at Fenwick & West with a law practice in electronic information management and e-forensics.

One of the harshest criticisms of electronic voting is the fact that voting data is stored on flash memory sticks or a hard drive. Both are often removed and transported to a central location rather than having their data sent electronically. Another key objection is the lack of public disclosure of the source code. A pivotal issue falls around the lack of a Voter Verified Audit Trail, or VVAT.

“Unlike the ATM or gas station experience, voters do not get a printout to show proof of voting. There ismuch worry over computer malfunction. There is no way to prove a vote without a paper receipt. Also, there is no screen to summarize the vote before a voter finishes,” Brownstone told LinuxInsider.

Electronic voting machines are also prone to protocols that could enable dishonest swapping out of memory sticks, according to Brownstone. In the past, extremely poor planning and training of election-day workers in basic do’s and don’ts have added to the e-voting machine problem.

Open Source Cure-All?

Many election experts concede that electronic voting machines will ultimately be mandated by both federal and state election organizations. That movement is already underway. Given that reality, could open source programming play a key role in solving the issues surrounding voter transparency and election accuracy?

“Absolutely, open source voting software could be used and should be used. There are two major issues facing open source voting software,” said Almond. “First, no one in the U.S. has funded a project to build the software. Second, the voting laws across the U.S. are not sufficiently standardized to make the creation of this software practical.”

However, others note that the solutions to e-voting problems go beyond questions of proprietary versus open source programming of the machines. If the use of open source did nothing else, though, it would promote public trust for the electronic voting process, believes David Dill, professor of computer science at Stanford University and cochair of the USENIX Electronic Voting Technology Workshop.

“I would like to see open source used, although that is not the full solution. Getting there will not be easy. We need to rewrite the programming or start from scratch. Then we have to have public review,” Dill told LinuxInsider.

Viable, Not Probable

In theory, open source programming of voting machines would remove their veils of secrecy. In practice,though, using open source may not be a viable option if code is not made available. However, a formal effort to work on open source code for voting machines could come at any time from anyone, said Dill.

“A vendor could decide to disclose proprietary source code. A development team could volunteer on a new project to create the code. Or a community could form to develop the code. Any of these could work. Various groups are working on a solution, but I don’t see any credible group forming,” said Dill.

1 Comment

  • Open voting solutions and the Open voting consortium are one example. Funding would definitely help.
    I think that open source alone only helps up until you put the software on the machine. If it can be tampered with you are still out of luck.
    Some say the machines should print or make ordinary paper ballots or a paper trail, but it still matters who transports them after the voters have touched them! This only "fixes" the problem up until the voting booth. What happens after that is anyone’s game!
    As a voter, I don’t trust what happens after my ballot goes into the ballot box, but I don’t have unlimited resources to really check up on it. I have the 20 minutes I spent on election day doing what many consider to be irrational!
    Fortunately, there are systems emerging that can give voters a glimpse of what happens after the ballot box. I urge you to check out Punchscan and Scantegrity, both of which are open source. Their security is not based on the security of the software or the machine, but implementation of a protocol that can be verified by anyone, and they provide privacy preserving receipts to each voter so they can check that their vote made it to the final tally.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by Jack M. Germain
More in Enterprise

LinuxInsider Channels