See-Through Voting Software

R. A. Hettinga rah at shipwright.com
Thu Apr 8 10:09:26 EDT 2004 

<http://www.wired.com/news/print/0,1294,62983,00.html>

Wired News


See-Through Voting Software 
By Kim Zetter


02:00 AM Apr. 08, 2004 PT

VoteHere, an electronic voting systems company, released its source code
this week in a bid to let others examine how the machines work and help
people gain confidence in the e-voting process.

 In addition, the Bellevue, Washington, company revealed a novel
alternative to paper trails to verify the accuracy of the vote count:
Voters would get an encrypted code on a receipt that corresponds to their
vote, and at the end of the election voters could check through the
Internet to see that their vote was tallied correctly.


 Other voting-system makers have resisted calls for scrutiny of the inner
workings of their machines. In contrast, VoteHere released its source code
on its website this week after spending the past few months submitting
details of its machines to conferences and journals to solicit feedback
from security experts.

 "We went into this business to make voting better," said VoteHere founder
and chief executive Jim Adler. "We're doing everything we can to move the
ball in that direction."

 VoteHere doesn't manufacture voting machines. Instead, the company
patented a technology called VoteHere Technology inside, or VHTi, that it
hopes to license to voting-machine manufacturers. It can even be integrated
into current electronic touch-screen voting machines, adding auditing
capability to help verify that the machines record votes accurately.

 So far, only one of dozens of voting companies has partnered with
VoteHere. Sequoia Voting Systems of Oakland, California, will install the
software in its touch-screen machines, though Sequoia hasn't said by when.
The Sequoia system would need to undergo federal and state certification
testing once the VoteHere software is installed.

 Activists have criticized paperless electronic touch-screen voting
machines because they don't produce an audit trail that voters can use to
verify that the machines counted votes correctly and that the results
weren't altered. Some have called for machines to produce a voter-verified
paper trail. But Adler said, "The call to go back to paper ballots has
drowned out any other solution."

 He said the VoteHere method ensures the accuracy of the machines in a way
that is more secure than a simple paper receipt. Here's how it works: Next
to each candidate's name on the ballot, a random code appears that changes
for each voter. After making their selections, voters receive a printed
receipt containing their unique codes, along with encrypted information
that assures that the codes match the correct candidates. Once the voters
verify their votes, they cast their ballots on the machine. After the
election, voting codes appear on the county website so voters can see that
the codes on their receipts translated to a counted vote. While the county
tallies the votes, the public can tally them independently as well.

 Adler said nonpartisan watchdog groups and computer scientists also could
verify the results independently in this way to ensure that no votes were
lost or changed.

 "Since all of the ballots are published, there's an entire election
transcript," he said. "So the voters can do their bit to verify their own
vote and then anyone can verify the backend. I think that's what's
important. This verifies that the count was right."

 Adler said that with so much transparency and with so many people
monitoring the results, somebody is bound to catch any anomalies.

 "If someone comes through your yard, there is a dog barking to tell you
it's happening. We're trying to make sure that there is a dog barking if
someone touches those ballots," he said.

 Some critics pointed out that the VoteHere procedure might be too
complicated for some voters. But Adler said not all voters would have to
check their votes at the end of the election to ensure the vote count was
correct. It would take only a small percentage to verify the election.

 In December, a hacker broke into VoteHere's internal computer network and
copied its source code. Adler said his company's decision to release the
source code didn't have anything to do with the hack. VoteHere had been
planning to release the code before the break-in, but was waiting to obtain
sufficient feedback.

 "We felt the source code was finally at a sufficient state of maturity to
release it," Adler said.

 Josh Benaloh, a cryptographer and researcher with Microsoft, has examined
VoteHere's research papers and methodology. He said the VoteHere paper
receipt is a nicety but not a necessity. What matters is the cryptography
and the public counting afterward.

 "If you use cryptography and use it properly, you can build an electronic
system that is much safer than a paper system and has a much higher level
of integrity," Benaloh said. "You can follow your vote right through to the
end and make sure that your vote is counted. No other system does this."

 He also said allowing public verification of votes after the election
cancels the need to see the source code inside the voting machine.

 "There's some irony in the fact that this is the system that least needs
to have its source code released," he said. "They're using a paradigm that
uses external verification, and you can ensure that everything is OK even
without reading the source code."

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list