See-Through Voting Software
By Kim Zetter | Also by this reporter
02:00 AM Apr. 08, 2004 PT
VoteHere, an electronic voting systems company, released its source code this week in a bid to let others examine how the machines work and help people gain confidence in the e-voting process.
In addition, the Bellevue, Washington, company revealed a novel alternative to paper trails to verify the accuracy of the vote count: Voters would get an encrypted code on a receipt that corresponds to their vote, and at the end of the election voters could check through the Internet to see that their vote was tallied correctly.
Other voting-system makers have resisted calls for scrutiny of the inner workings of their machines. In contrast, VoteHere released its source code on its website this week after spending the past few months submitting details of its machines to conferences and journals to solicit feedback from security experts.
"We went into this business to make voting better," said VoteHere founder and chief executive Jim Adler. "We're doing everything we can to move the ball in that direction."
VoteHere doesn't manufacture voting machines. Instead, the company patented a technology called VoteHere Technology inside, or VHTi, that it hopes to license to voting-machine manufacturers. It can even be integrated into current electronic touch-screen voting machines, adding auditing capability to help verify that the machines record votes accurately.
So far, only one of dozens of voting companies has partnered with VoteHere. Sequoia Voting Systems of Oakland, California, will install the software in its touch-screen machines, though Sequoia hasn't said by when. The Sequoia system would need to undergo federal and state certification testing once the VoteHere software is installed.
Activists have criticized paperless electronic touch-screen voting machines because they don't produce an audit trail that voters can use to verify that the machines counted votes correctly and that the results weren't altered. Some have called for machines to produce a voter-verified paper trail. But Adler said, "The call to go back to paper ballots has drowned out any other solution."
He said the VoteHere method ensures the accuracy of the machines in a way that is more secure than a simple paper receipt. Here's how it works: Next to each candidate's name on the ballot, a random code appears that changes for each voter. After making their ions, voters receive a printed receipt containing their unique codes, along with encrypted information that assures that the codes match the correct candidates. Once the voters verify their votes, they cast their ballots on the machine. After the election, voting codes appear on the county website so voters can see that the codes on their receipts translated to a counted vote. While the county tallies the votes, the public can tally them independently as well.
Adler said nonpartisan watchdog groups and computer scientists also could verify the results independently in this way to ensure that no votes were lost or changed.
"Since all of the ballots are published, there's an entire election transcript," he said. "So the voters can do their bit to verify their own vote and then anyone can verify the backend. I think that's what's important. This verifies that the count was right."
Adler said that with so much transparency and with so many people monitoring the results, somebody is bound to catch any anomalies.
"If someone comes through your yard, there is a dog barking to tell you it's happening. We're trying to make sure that there is a dog barking if someone touches those ballots," he said.
Some critics pointed out that the VoteHere procedure might be too complicated for some voters. But Adler said not all voters would have to check their votes at the end of the election to ensure the vote count was correct. It would take only a small percentage to verify the election.
In December, a hacker broke into VoteHere's internal computer network and copied its source code. Adler said his company's decision to release the source code didn't have anything to do with the hack. VoteHere had been planning to release the code before the break-in, but was waiting to obtain sufficient feedback.
"We felt the source code was finally at a sufficient state of maturity to release it," Adler said.
Josh Benaloh, a cryptographer and researcher with Microsoft, has examined VoteHere's research papers and methodology. He said the VoteHere paper receipt is a nicety but not a necessity. What matters is the cryptography and the public counting afterward.
"If you use cryptography and use it properly, you can build an electronic system that is much safer than a paper system and has a much higher level of integrity," Benaloh said. "You can follow your vote right through to the end and make sure that your vote is counted. No other system does this."
He also said allowing public verification of votes after the election cancels the need to see the source code inside the voting machine.
"There's some irony in the fact that this is the system that least needs to have its source code released," he said. "They're using a paradigm that uses external verification, and you can ensure that everything is OK even without reading the source code."