November 4, 2003
A right way to do it.
I have had a chance to read that Wired article, "Aussies Do It Right: E-Voting," and it appears that my initial impression was correct. While there are some shortcomings in the details of the software and hardware, the methods the Australian Capital Territory Electoral Commission and Software Improvements followed in the design and implementation of the system were, it appears, good ones.
For one thing, their software is open-source. Not only has this exposed the software itself to the scrutiny of outside observers, it has resulted in a better and more secure product overall:
The commission posted drafts as well as the finished software code on the Internet for the public to review.
The reaction was very positive.
"The fact that the source code had been published really deflected criticism," [Software Improvements' lead engineer on the product Matt] Quinn said.
A few people wrote in to report bugs, including an academic at the Australian National University who found the most serious problem.
"It wasn't a functional or a security issue but was a mistake nonetheless, and one that we were glad to have flagged for us," said Quinn.
Further, the election commission had the software audited for security problems by an independent verification and validation company. As it happens, the audit found no problems, but having the word of an independent company that specializes in software validation is worth any number of glib reassurances from the company that wrote the software in the first place.
The methods that the Australian commission and Software Improvements used are pretty much the diametric opposite of those followed by Diebold and Riverside County, as well as the other companies and districts that use those machines. Instead of strict secrecy, which is well known in software security circles as being worse than useless (useless in that it provides no security, worse than useless in that it provides a false sense that all is well), design and development of the Software Improvements system was entirely open, from beginning to end. Anyone, from an expert to an ordinary voter, can with some effort satisfy themselves that the system works as those responsible for it say it does.
Here, we only have the word of a few foolish officials such as Mischelle Townsend and of the representatives of Diebold and the other electronic voting companies. Personally, I trust those people about as far as I could comfortably spit out a rat. (Apologies to Douglas Adams.)
Matt Quinn, though, beautifully sums up both this issue and another issue about which I am very concerned:
Quinn, however, thinks all e-voting systems should offer a receipt. "There's no reason voters should trust a system that doesn't have it, and they shouldn't be asked to," he said.
"Why on earth should (voters) have to trust me -- someone with a vested interest in the project's success?" he said. "A voter-verified audit trail is the only way to 'prove' the system's integrity to the vast majority of electors, who after all, own the democracy."
As for the costs of securing and storing such receipts, Quinn said, "Did anyone ever say that democracy was meant to be cheap?"
Quinn also believes that voting systems must use open-source software.
"The keystone of democracy is information," he said. "You have a big problem when people don't have enough information to make up their minds or, even worse, they have misleading information and make up their minds in a way that would be contrary to what they would decide if they had the full story.
(Emphasis mine.) This is emphatically true, and it doesn't stop with the lies from Diebold, Townsend and the rest. Quinn is speaking of electronic voting systems, but this is just as true of democracy as a whole. Where do the majority of voters in the United States get the bulk of their information?
Fox News.