The Command Post
2004 US Presidential Election
« Dems Defer Infighting, Attack Bush | Main | Dean Dables in Right Wing Conspiracies »
September 07, 2003
| Electronic Voting

First, a disclaimer: I'm an employee of Software Improvements. We do this sort of stuff - Satellite software, Weapons System software, Electronic Voting software, Medical software etc. So please check all the facts for yourself - a Google on "eVACS" for example.

A recent article in MIT's Technology Review states some uncomfortable truths about non-electronic voting. How it's inherently very insecure and open to abuse.

For all the problems inherent in electronic voting (e-Voting), the reason it's got a deservedly bad press is simply because of some woeful implementations. "Secret Sauce" might be a good recipe for a Fast-Food chain, but "Secret Source" code for an e-Voting machine is a disaster. And proprietary, trade-secret hardware... requires a degree of trust verging on gullibility.

Here in the ACT (Australian Capital Territory), e-Voting was used on a trial basis in the 2001 elections. Anyone who cared to could read the source code used in the machines. Anyone who cared to could also read the source code of the Operating System that resided on the machines, and even the source code of the compiler used to make the binary images. Not many did want to, but it's available, free, for those who want it.

Is the system perfectly secure? No way.

Is the system vastly more secure than any paper voting system? Certainly, and provably.

Is it more secure than the electronic voting machines currently in use in the USA? I don't know - because the software and hardware for those are all trade secrets, I'm not allowed to find out, and neither are you. We just have to trust them.

Documents detailing the performance and history of the eVACS® system used in the ACT are freely available on the web, along with the source.

One thing you won't find freely is the cost of the system. But as I work for Software Improvements, the makers, I can tell you. (I had nothing to do with the project myself, I was too busy making spaceflight avionics software at the time). The cost to develop the software was well under $150,000 US, (at least, that's what we got paid for it - that fact's available on the web too) and it runs on machines that cost about $1,500 US each. (All figures in the below quote are in Australian Dollars, about 65c US)

The cost of the project in total was $406,000.
Of this amount, the re-usable EVACS software accounted for $200,000. The cost of providing hardware in polling places amounted to $125,000 with $25,000 of this amount invested in hardware that can be re-used at future elections. Other costs
included venues, security, auditing, printing of barcodes and professional and technical assistance.
- ACT Elections Report (pdf)

So contrary to Glen Reynolds, e-Voting isn't neccessarily a bad thing. Better than paper, if implemented properly anyway. And if it's not implemented in a totally open manner, how come the US voter is standing for it, especially when there's a cheaper, better alternative? If us Aussies can develop a system like this, surely US developers can for only a few million, and have the satisfaction of it being "Made in the USA"? <humour>And if not, you could always buy one of ours for a tenth of that price. </humour>



Posted by Alan Brain at September 7, 2003 09:34 AM | TrackBack
Comments

e-voting is very difficult to do properly. The architecture of the system has some stringent and conflicting requirements (annonymity, idempotency (only one vote per customer), the ability to audit and recount, etc). And the implementation has to be flawless.

With traditional proprietary, closed source methods, there will be no chance of doing this correctly. None. The tech community really has to get the message out.

Legislation requiring open source code review for e-voting would be a good place to start.

Posted by: lewy14 at September 7, 2003 07:20 PM

yeah im sure all those idiots in west palm will be able to use computers.

Posted by: gijoe at September 10, 2003 04:13 PM

Lewy - Then tell me, what about our national ATM system. Is it “difficult to do properly.”? Is “…The architecture of the system ….stringent (with some)..conflicting requirements (annonymity, idempotency (only one vote per customer), the ability to audit and recount, etc)? Any problem with the implementation? Is it ….”flawless.”

The fact of the matter is, we could do this quite easily, but it would dash ALL of the local ward healers into the dustbin of history. No more paper ballots to “fix” with the tiny mason’s finger trowel, no more mechanical machines you can be alone with a few hours before the non-partisan group comes to “certify” your polling place.

The problem isn’t open-source code, it’s political inertia, crooked locals and a system that’s been gamed so many times no one bothers to bat an eye (unless, of course, a tight national election throws the light of day on your typical “fix”).

With some modification, you could even have people vote at the ATM machines. Each individual would have a key code (some prime number times last 4 digits of SS number). You can vote ONLY ONCE in 2 week period, but the window closes at the end of the 2 week cycle. No more news media circus, where they get it wrong with 1% of the vote counted. No one will know the outcome until the end of the 2-week period.

The last thing you’re going to want in this mix is hackable “open” code. Let the NSA run it with a 152-key crypt code. It can be done. We need the political will to do it.

And that’s what we DON‘T have.

Posted by: torpedo_eight at September 10, 2003 09:49 PM

Post a comment

Thanks for signing in, . Now you can comment. (Click here should you choose to sign out.)

As you post your comment, please mind our simple comment policy: we welcome all perspectives, but require that comments be both civil and respectful. We also ask that you avoid the extensive use of profanity, racist terms (neither of which we consider civil or respectful), and other boorish language.

We reserve the right to delete any comment, and to prohibit you from commenting on this site, if we feel you have broached this policy. As a courtesy, we will first send you an email noting a violation so you understand the boundaries. This will occur only once, however, and should we ban you from our comment forums we expect that ban to be permanent.

We also will frown upon those who suggest that we ban other individuals for voicing unpopular opinions, should those opinions be voiced in a civil and respectful manner. The point of our comment threads is to provide a forum for spirited though civil and respectful discourse … it is not to provide a forum in which everyone will agree with your point of view.

If you can live by these rules, welcome aboard. If not, then we’re sorry it didn’t work out, and thanks for visiting The Command Post.


Remember me?

(You may use HTML tags for style)