Open Source: How E-voting Should Be Done
"It is enough that the people know there was an election. The people who cast the votes decide nothing. The people who count the votes decide everything." -- Joseph Stalin
In the past eight years, elections in the United States have taken on the guise of a TV game show, with the elections themselves not quite as compelling as watching voting mechanisms fail across the country, especially in key battleground states such as Florida and Ohio. Pols and pundits from both sides of the aisle are quick to place most of the blame on faulty electronic voting systems. But until we set a technical policy that favors open voting systems, as Australia did in 2001 with its open source eVACS (Electronic Voting and Counting System), we have only ourselves to blame.
[ For more on how technology is reshaping the race for the U.S. presidency, see InfoWorld's special report. ]
The closed source approach to disenfranchisement
Current U.S. policy ensures that e-voting remains in the hands of very few proprietary vendors, including the much-maligned Diebold, which has received so much bad press that it has renamed its voting machine division Premier Election Solutions.
Don't let the new name fool you. Little has changed about e-voting systems, which take on several forms, including the two most common: touchscreen devices and optical-scan readers. What they have in common, however, is that they all use closed source code. In many cases, even the manufacturers don't have the source code to software running on their own systems. Premier Election Solutions recently advised that its machines lost votes in Ohio primaries due to an incompatibility with McAfee's anti-virus software. In the words of XKCD, someone is clearly doing their job horribly wrong. Later, Premier claimed that its own software was at fault.
More often than not, however, blame for e-voting failure is placed on the storage media of these devices, either due to their relative fragility or their apparent ease of tampering.
When results from elections conducted on e-voting systems are called into question, manufacturers point the finger at defective "memory cartridges." Those of us in IT know that if all flash storage were this error-prone, digital cameras and iPods wouldn't exist. Worse, we know it's far simpler to pocket or swap out a small flash card containing a few thousand votes than it would be if those votes were recorded on paper ballots.
Another problem of current e-voting systems is that many still in operation provide no paper trail. Americans can't fill up their cars or access their bank accounts from an ATM without being prompted to print a receipt, but in many voting precincts, we can vote with nothing tangible to show for it.
Most voters already know these systems are flawed. It's the relative lack of outrage that is troubling. Perhaps trust in the electoral process is still sufficient to assuage fears of stolen elections, or the issue of flawed voting technology itself has become a running joke, like cracks about an honest politician. Even The Simpsons parodied the situation recently.
Those of us who live in IT every day know better. We know exactly how poorly designed some software frameworks are. We see the security challenges presented by Web servers, mail servers, remote access, and so on, but when it comes to the foundation of our democracy, we just shake our heads and move on.