Open-source electronic voting

It is pretty much agreed that electronic voting systems need to provide a paper receipt for auditing, but what if instead the electronic voting system printed out a unique ballot that could be scanned and tallied before the voter left the polling station?

On Thursday Alan Dechert, president and CEO of the Open Voting Consortium, Brian J. Fox and Parker Abercrombie of The Okori Group, and Brent Turner, met with CNET News and offered a peek at a different kind of electronic voting system to be demonstrated live at this year's LinuxWorld in San Francisco.

Currently private companies provide electronic voting machines and services throughout the country, among them Premier Elections Solutions (formerly Diebold) and Sequoia Voting Systems. But doubt exists about the accuracy of these systems, in part, because the companies refused to allow third-party scrutiny. In 2007, the California Secretary of State Debra Bowen instituted a third-party review of the electronic voting systems used in the state and found various irregularities. In 2004, former California Secretary of State Kevin Shelly decertified several voting systems under increasing concerns over the integrity of those systems.

The Open Voting Consortium advocates the use of open-source tools to provide election officials with accurate electronic voting systems, systems they say will save countries nearly 90 percent of the cost of current electronic voting machines. They are currently concentrating their efforts within California. They hope to announce soon adoption by at least one large county in the state and perhaps be in a position to provide services to the entire state in time for the 2012 presidential election.

The Okori Group has designed a Web-enabled service for county officials to create their ballot design, with templates for multiple candidates, yes or no propositions, and other contests likely to appear in an election. Drawing upon a database of eligible local candidates and issues, an election official creates a ballot with the Okori Group's online tool.

Dechert said that the Open Voting Consortium system would allow for unique read-only discs to be burned for each machine within each precinct and ward. The local poll worker would load the bootable disc into a special computer and printer hybrid that is yet to be designed.

For the purposes of the demonstration at CNET, Dechert used a laptop and an inkjet printer. But what Dechert envisions is a touch-screen tablet PC physically attached to an inkjet printer with a single DVD-drive. He envisions such a machine costing around $400 to produce, and said that a production model could also be offered to consumers as well.

To vote, a person would use the touch-screen to make selections, as is the case with conventional electronic voting systems.

The difference, said Dechert, is that the machine would print out the final choices along with a unique bar code. The paper ballot would then be inserted into a sleeve with only the bar code exposed.

An election worker would then scan the bar code to record the vote. At the end of the election or at choice points during the day, a tally sheet could be printed, also with a barcode. The barcode uses Open Source PDF-417, a standard that is also used in identification cards and inventory systems and can be read by most scanners. Within the two-dimensional bar code is a numerical-coded sequence that shows how a person voted. There is also a unique identifier so that the ballot cannot be counted a second time. The printed ballot cannot be linked with a specific person, but the ballot can be associated with the electronic tally stored in the computer.

Dechert says his system is better because it doesn't use fancy cryptography, it uses a simple chain of custody.

Once the bar code has been scanned, the vote entered, the paper ballot is put into a box. Later the paper ballots can be tallied if need be.

Attendees at this year's LinuxWorld will have the opportunity use this open-source voting system to cast a mock ballot for the 2008 presidential election. They'll also see first-hand how the votes are tallied every half hour and made available for recount using this system. LinuxWorld will take place August 4-7 at San Francisco's Moscone Center.

[lmasanti]

There are a couple of "country" where "county" should be.

[robvme]

I think it wise to plug all of the security issues inherent in the Linux Kernel and how those holes are addressed before we commit to a voting system that has any kind of integrity. Linux is not ready for primetime in this area.

[Dalkorian]

Thanks, I needed a good laugh.

[brianm88]

You say that as if Windows was?
If so then we need to pull the plug on ALL electronic voting until such holes are addressed.

You surely can't be implying that Windows 98 or XP is -secure- enough!

I would argue that the linux / open source world can come up with better more secure system and *trustable* system than any proprietary based solution.

[Dalkorian]

Why does this need to be so complicated? In my precinct, we're handed a paper ballot and a blue felt pen, we mark our choices and feed the ballot into a scanner. The scanner records and tallies the votes, plus it has the paper ballots in case a physical recount is needed. Simple and effective, plus more trustworthy than this "touch the screen, get a barcode you can't verify, feed it into another machine" nonsense.

[c|net Reader]

I was thinking similar WRT the bar code. How does the voter know that the bar code represents that voter's intentions? Audits can compare arbitrary ballots against the bar code, but how many can be wrong before the entire election is declared void? If any are allowed to be wrong, then some number of votes can be biased without halting the election.

[TheDutchMen]

I like the idea of a computer generated ballot. Do have two concerns. 1) How do I know the bar code is a true representation of my vote. I feel the bar code could lead to fraud. I would be too easy to record a different vote in the bar code then the way I voted. 2) One issue against this idea. In the past test have been done to check if the voter verifies the paper trail against their vote. And the voter has not picked up intentional errors (fraud, the paper trail different from their vote.) How will you over come that problem?

[cjbf]

Dalkorian is absolutely correct. This system is more complicated, which means more expensive, and unneccessarily so. When the expected requirement for paper proof becomes law, I'll bet our commissioners throw good money after bad & buy some sort of attached printer that 1) will NOT have the printout in the same format as the ballot (which would make checking your vote against what's on the screen easier & faster and 2) will NOT be printed in large enough type for easy reading in whatever light is available. They will NOT cut their losses & admit that they spent the HAVA money unwisely in the first place.

[c|net Reader]

One idea proposed before is to have the machine print a form that is easily scanned and avoids the problems of human marked forms (marks too big, too small, too faint, too shaky, etc.). Scanning has its own problems, of course. How do you know the scanner accurately reflected your vote? Scanners can be hacked, too. Audits come into play, of course, but there's always something. You could require scanning multiple times on separate scanners and, say, entering a code from each into a tallying machine (manually or electronically), where the code is a hash of the vote state and a key unique to the scanner. That would confirm that multiple scanners read the vote the same way, but then the tallying machine becomes the single point of failure.

As has been suggested before, a means by which the voter can confirm that his vote was tallied accurately is likely the best course. That is, when looking at the tallied voting results, if the voter can search for a vote with a particular code number printed on the voter's receipt, then the voter can confirm that his intended votes were tallied correctly.

[albizzia]

Having worked as a polling place official, I agree that this proposal is too complicated and prone to errors. There will be too many people bypassing the scanning step and just dropping the unscanned uncounted ballot in the box. That is why the local paper ballot and scanning system has the ballot scanner on the ballot box itself, the ballot is scanned to deposit it in the box. While cardboard security sleeves are available for the voters to use, few bother to use them. Voters are much more concerned about their vote being counted accurately than about their vote being secret.

Printing the completed ballot with a machine is good as it reduces errors and could reduce paper use, though it does cost more than preprinted paper ballots filled out by hand. But no complicated obscure bar code is needed, just a good easy to read OCR font.

[sfpearce]

Here is a two-minute video about the recent successful open source voting machine display at the Linux conference:

http://www.youtube.com/watch?v=4E2eTg_LQ4E