E-voting firm opens up its code
VoteHere hopes scrutiny will boost confidence
VoteHere's software relies on cryptographic algorithms to detect ballot tampering.
By Alan Boyle
Science editor
MSNBC
Updated: 03:36 PM PT April06, 2004
BELLEVUE, Wash. - A software company voluntarily released the source code for its paperless ballot verification system on Tuesday, marking a first in the increasingly controversial electronic-voting market.
Bellevue-based VoteHere said the code, along with documentation and examples included in the downloadable software package, would allow outside experts to evaluate how the company's VHTi technology works to verify election results. The VHTi system uses cryptographic methods to secure ballots and flag vote-tampering efforts.
"Now it's up to the world to take a look and dig in and give us their opinion," the company's founder, Jim Adler, told MSNBC.com.
E-voting systems have sparked a sharp debate over the past few months, due to well-publicized glitches as well as wider concerns over computer security. In January, a group of computer scientists contended that no Internet-based election system could be fully secured against fraud, leading the Defense Department to cancel an Internet voting experiment. Similar concerns have been raised over the use of e-voting machines in traditional polling places — and state election officials are taking the concerns to heart.
One of the country's foremost skeptics about paperless e-voting, Stanford Professor David Dill, said releasing the source code for e-voting software was a "very unusual" and "very healthy" development. But he stressed that it was far too early to pass judgment on VoteHere's software itself.
"I think it's a good business move, and I think it's a good thing for building confidence in a new technology," Dill, who created the Verified Voting Foundation, told MSNBC.com. "Releasing the software is part of what has to happen. The other part is having increased scrutiny. ... I hope that this step will result in careful external review."
In order to be used in actual elections, voting systems must be certified by federal and state officials. But VoteHere's source-code release is aimed more at a community of academics and activists who have raised concerns about electronic voting in particular.
Last year, the unauthorized release of source code for Diebold Election Systems' e-voting software sparked volleys of charges and countercharges. "Doing a voluntary release of the software in this case, versus the involuntary release in Diebold's case, is the right way to do things," Dill said.
Not ready for prime time
In sharp contrast to Diebold, the e-voting industry's leader, VoteHere has not yet put its technology into existing election systems. VoteHere has made a deal with Sequoia Voting Systems for incorporating VHTi software in future machines.
Even if hackers break into a voting system, the verification software would keep the ballots secure and sound an alarm, Adler said. Last year, VoteHere's corporate network weathered a computer attack, but the company said no voting software was compromised.
"What VHTi does is, it detects problems with the election system," he explained. "You can build a fence as high as you want, but if somebody gets in the yard, you want to make sure you know about it. So VHTi is that barking dog in the yard."
The source code is not a complete commercial product. A "known issues" section lists functions and features that still need to be added or tweaked, Adler said. But the package includes a voting-machine simulation that lets programmers see how the system works.
"You can actually program it to cheat, and you can watch where the protocol detects where your ballot was changed ... which I think is very instructive," he said.
Adler said the long-promised release of the source code was held up so that the process could be reviewed by an outside company, Plus Five Consulting of Palo Alto, Calif. The consultants' feedback was incorporated in the release process, Adler said.
In a written statement, Plus Five co-founder Robert Baldwin, who was formerly a technical director at RSA Security, said the source code was written "in a professional and consistent style, making it easy to understand and review."
In order to download the package, Internet users must click their assent to a license agreement that restricts how the software would be used and distributed. Adler said the license provisions were "not onerous at all," but Dill said he was holding back on downloading the files until he had a better sense of the limitations, particularly on the issue of modifying the software.
Feedback for future versions
Adler said VoteHere would the source-code offering as the VHTi software is improved, and would likely incorporate suggestions from evaluators. "As people give us more feedback, we'll definitely take it to heart," he said.
The next couple of months are likely to be a key period for state election officials, who are expected to receive $2.3 billion in federal assistance during that time frame for upgrading their voting systems. Adler said his company was "pushing for trials [involving VHTi] in the fall ... not widespread, but we think it's important people see that this technology is ready to go."
Some computer security experts contend that a paper ballot trail provides the only way to assure voters that their ballots have not fallen victim to a glitch or intentional tampering. Dill, for example, worries that the very complexity of e-voting programming may make it difficult to recognize problems as they occur.
"If you've got a traditional election with paper ballots, people know what's going on if someone disappears with a ballot box for a while," Dill noted.
But Adler said the source-code release was aimed at showing security experts that his company's system would offer adequate safeguards as well as improvements over the hanging chads, confusing designs and the other shortcomings of paper ballot schemes.
"There are some quarters that would like to turn a blind eye to any sort of innovation," Adler said, "but I think that would be a big mistake."