Open Source: How E-voting Should Be Done
Geeks to the Rescue
Maybe it's time for us geeks to come to the rescue, with a little help from Congress. We've built the Internet, designed staggeringly complex technologies for conducting lightning-speed financial transactions, securing sensitive patient data, even our own entertainment. After all, you'd be hard-pressed to say that there's more complexity in an e-voting machine than in, say, your TiVo or even your cell phone.
But the key to securing e-voting resides in making its systems open source.
Opening the Polls to Open Source
If you look around the open source community, you will find a wide variety of projects that are not only widely used but extremely well designed and very secure. Apache, Perl, PHP, OpenBSD, FreeBSD, and the Linux kernel are just a few examples. Coders who contribute to these projects generally do so without remuneration, producing some of the best code available.
It's time for us to make good on the promise of open elections and open our e-voting systems as well -- no black boxes, no intellectual property protections, no obfuscation, and certainly no backdoors. Doing so would require a federal mandate, one that would eliminate the use of closed source devices.
This being a free-market economy, vendors should certainly be able to participate in the construction of truly secure e-voting systems. But to ensure the integrity of our elections, the code they run on their products must be open. Moreover, it should be the same across all e-voting platforms. Just as the PC industry produces multiple PC brands that all run Windows, e-voting vendors should produce systems that run the same open source voting software.
The open source community has already gotten involved in reshaping our approach to e-voting systems. The Open Voting Consortium, for example, is pushing for simple, standard touchscreen voting systems that do not directly interface with any system, or record votes. These systems would simply print paper voting receipts with bar codes that would then be scanned and dropped into a ballot box, officially casting the vote.
This method removes the need for any polling station to be held responsible for counting votes, thus eliminating any effect tampering with machines might have on results. It also ensures a paper trail for potential recounts. Moreover, by relying on paper in printers rather than official ballots, no voter can be turned away for lack of ballots at a polling place.
This solution is cheap and straightforward, yet isn't widely used. Instead, we have spent billions of dollars on commercial solutions that offer no paper trail -- just a poor security history.
One recent example involved a Republican at-large election in Washington, D.C., in which thousands of votes appeared and then disappeared during the day. Sequoia Voting Systems equipment was used for that election. Not surprisingly, Sequoia has laid the blame for those phantom votes on human error, perhaps a corrupt memory cartridge. Retailers wouldn't accept cash registers that were this error-prone. In many cases, brand-new e-voting systems have been shelved due to such issues, at a fantastic cost to taxpayers.
Network Integrity: Ensuring All Votes Count
Leveraging existing network infrastructures to completely remove the polling place from the vote-counting equation is another essential step to ensuring secure elections.
In many cases, public polling is conducted in government buildings, schools, community centers, and other facilities equipped with some form of broadband Internet access. Devices running open source software could be made to create an instant, encrypted link to transmit all votes to a centralized server, while still providing a paper trail at the polling place in the form of a printout.
In this way, votes from a significant number of precincts could be counted as they are entered, rather than after the fact. Communication with the central server would be secured using existing encryption methods such as AES (Advanced Encryption Standard) and certificate-based authentication. Even when voting in someone's garage, your vote would be more secure than it would be using a pile of flash cards in a box.
In addition, these devices wouldn't require manual configuration. Once connected and authenticated to the central server, all ballot choices would be pulled from the central server for display to the voter. Thus, setting up the polling place would simply require volunteers to plug everything in and turn the systems on.
Of course, connectivity to the central server is sure to be this solution's weakest link. Though all transactions would be encrypted, the system would also need to incorporate a queuing method to retain votes until the server is available. This functionality could also maintain vote integrity even where Internet connectivity is not available. Simply connect the device to the network at a later time, and the votes are delivered to the central server. As above, paper receipts of each vote would be made available as they were cast, as a fallback should problems occur.