Nettime mailing list archives

<nettime> Aussies Do It Right: E-Voting
ben moretti on Tue, 4 Nov 2003 03:38:17 +0100 (CET)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> Aussies Do It Right: E-Voting

# what a lovely idea at the bottom of this article
# - the rest of the world voting in us elections -
# makes a strange sort of sense however. cheers, ben

Aussies Do It Right: E-Voting  
By Kim Zetter 

Story location:

02:00 AM Nov. 03, 2003 PT

While critics in the United States grow more concerned
each day about the insecurity of electronic voting
machines, Australians designed a system two years ago
that addressed and eased most of those concerns: They
chose to make the software running their system
completely open to public scrutiny. 

Although a private Australian company designed the
system, it was based on specifications set by
independent election officials, who posted the code on
the Internet for all to see and evaluate. What's more,
it was accomplished from concept to product in six
months. It went through a trial run in a state
election in 2001. 

Critics say the development process is a model for how
electronic voting machines should be made in the
United States. 

Called eVACS, or Electronic Voting and Counting
System, the system was created by a company called
Software Improvements to run on Linux, an open-source
operating system available on the Internet. 

Election officials in the Australian Capital
Territory, one of eight states and territories in the
country, turned to electronic voting for the same
reason the United States did -- a close election in
1998 exposed errors in the state's hand-counting
system. Two candidates were separated by only three or
four votes, said Phillip Green, electoral commissioner
for the territory. After recounting, officials
discovered that out of 80,000 ballots, they had made
about 100 mistakes. They decided to investigate other
voting methods. 

In 1999, the Australian Capital Territory Electoral
Commission put out a public call for e-vote proposals
to see if an electronic option was viable. Over 15
proposals came in, but only one offered an open-source
solution. Two companies proposed the plan in
partnership after extensive consultation with
academics at Australian National University. But one
of the companies later dropped out of the project,
leaving Software Improvements to build the system. 

Green said that going the open-source route was an
obvious choice. 

"We'd been watching what had happened in America (in
2000), and we were wary of using proprietary software
that no one was allowed to see," he said. "We were
very keen for the whole process to be transparent so
that everyone -- particularly the political parties
and the candidates, but also the world at large --
could be satisfied that the software was actually
doing what it was meant to be doing."

It took another year for changes in Australian law to
allow electronic voting to go forward. Then in April
2001, Software Improvements contracted to build the
system for the state's October election. 

Software Improvement's Matt Quinn, the lead engineer
on the product, said the commission called all the

"They, as the customer, dictated requirements
including security and functionality, (and they) were
involved at every step of the development process,
from requirements to testing," Quinn said. "They
proofed every document we produced." 

The commission posted drafts as well as the finished
software code on the Internet for the public to

The reaction was very positive. 

"The fact that the source code had been published
really deflected criticism," Quinn said. 

A few people wrote in to report bugs, including an
academic at the Australian National University who
found the most serious problem. 

"It wasn't a functional or a security issue but was a
mistake nonetheless, and one that we were glad to have
flagged for us," said Quinn. 

In addition to the public review, the commission hired
an independent verification and validation company to
audit the code, "specifically to prevent us, as a
developer, from having any election-subverting code in
there," Quinn said. 

"We were concerned that it wouldn't be secure enough,"
said Green, the electoral commissioner. The audit was
performed specifically to search for security
weaknesses in the system, but Green says the
researchers found none. 

The state tested 80 machines in the election,
distributed among eight polling places throughout
Canberra (the country's capital). A comparative manual
count after the election showed that the system
operated accurately. 

The plan is to use the 80 machines again next year,
but Quinn said the difficulty in deploying the system
nationwide is that it would have to be adapted for use
over larger geographic areas. 

The machines are not what Quinn would call high-tech.
The voting terminal consists of a PC and offers
ballots in 12 languages, including Serbian and Farsi.
The system includes English audio for vision-impaired
and illiterate voters. 

The voter swipes a bar code over a reader that resets
the machine for a new vote and calls up a ballot. Once
a selection is made and reviewed, the voter swipes the
bar code again to cast the vote. The bar code doesn't
identify the voter; it simply authorizes the voter to
cast one ballot. 

The terminals link to a server in each polling place
through a secure local-area network so no votes are
transmitted over the Internet or phone lines. 

Quinn said the server writes two copies of the votes
onto separate discs that are digitally signed and
delivered independently to a central counting place.
The digital signature is a 128-bit unique identifier
generated from the voting data. If the data were
changed in transit, the identifier would change too,
raising red flags that something went wrong. 

The machine does not include a voter-verifiable
receipt, something critics of U.S. systems want added
to machines and voting machine makers have resisted. 

A voter-verifiable receipt is a printout from the
machine, allowing the voter to check the vote before
depositing the receipt into a secure ballot box at the
polling station. It can be used as a paper audit trail
in case of a recount. 

Green said the commission rejected the printout
feature to keep expenses down. The system cost
$125,000 to develop and implement. The printouts would
have increased that cost significantly, primarily to
pay for personnel to manage and secure the receipts
and make sure voters didn't walk off with them. 

Quinn, however, thinks all e-voting systems should
offer a receipt. "There's no reason voters should
trust a system that doesn't have it, and they
shouldn't be asked to," he said. 

"Why on earth should (voters) have to trust me --
someone with a vested interest in the project's
success?" he said. "A voter-verified audit trail is
the only way to 'prove' the system's integrity to the
vast majority of electors, who after all, own the

As for the costs of securing and storing such
receipts, Quinn said, "Did anyone ever say that
democracy was meant to be cheap?" 

Quinn also believes that voting systems must use
open-source software. 

"The keystone of democracy is information," he said.
"You have a big problem when people don't have enough
information to make up their minds or, even worse,
they have misleading information and make up their
minds in a way that would be contrary to what they
would decide if they had the full story. 

"Any transparency you can add to that process is going
to enhance the democracy and, conversely, any
information you remove from that process is going to
undermine your democracy." 

The issues of voter-verifiable receipts and secret
voting systems could be resolved in the United States
by a bill introduced to the House of Representatives
last May by Rep. Rush Holt (D-New Jersey). The bill
would force voting-machine makers nationwide to
provide receipts and make the source code for voting
machines open to the public. The bill has 50
co-sponsors so far, all of them Democrats. 

"If a voting system precludes any notion of a
meaningful recount, is cloaked in secrecy and
controlled by individuals with conflicts of interest,
why would anyone buy it?," Quinn said. "At the very
least give citizens the right to choose whether they
want to use paper ballots ... thus allowing each
elector to be personally satisfied as to the integrity
of the process in which they are participating." 

Quinn, who was working in Chicago for Motorola during
the 2000 presidential election, says he is "gob
smacked" by what he sees happening among U.S.
electronic voting machine makers, whom he says have
too much control over the democratic process. 

It has been widely reported that Ohio-based Diebold
Election Systems, one of the biggest U.S.
voting-machine makers, purposely disabled some of the
security features in its software. According to
reports the move left a backdoor in the system through
which someone could enter and manipulate data. In
addition, Walden O'Dell, Diebold Election System's
chief executive, is a leading fundraiser for the
Republican Party. He stated recently that he was
"committed to helping Ohio deliver its electoral votes
to the president next year.'' 

"The only possible motive I can see for disabling some
of the security mechanisms and features in their
system is to be able to rig elections," Quinn said.
"It is, at best, bad programming; at worst, the system
has been designed to rig an election." 

"I can't imagine what it must be like to be an
American in the midst of this and watching what's
going on," Quinn added. "Democracy is for the voters,
not for the companies making the machines.... I would
really like to think that when it finally seeps in to
the collective American psyche that their sacred
Democracy has been so blatantly abused, they will get

But he says that the security of voting systems in the
U.S. shouldn't concern Americans alone. 

"After all, we've all got a stake in who's in the
White House these days. I'm actually prone to think
that the rest of the world should get a vote in your
elections since, quite frankly, the U.S. policy
affects the rest of the world so heavily." 

ben moretti

http://personals.yahoo.com.au - Yahoo! Personals
New people, new possibilities. FREE for a limited time.

#  distributed via <nettime>: no commercial use without permission
#  <nettime> is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: majordomo {AT} bbs.thing.net and "info nettime-l" in the msg body
#  archive: http://www.nettime.org contact: nettime {AT} bbs.thing.net