This weekly feature surveys top government IT-related news -- involving all levels of government, from the federal to state and local, and international news. It is designed to give readers a primer on current trends and developments affecting the industry's major and interesting players, surveying news headlines from around the world. Washingtonpost.com's Cynthia L. Webb pens the feature. • E-mail Cindy Webb • Cindy Webb's Daily Filter Column
By Cynthia L. Webb washingtonpost.com Staff Writer
Thursday, April 8, 2004; 11:26 AM
The electronic voting controversy -- raging for months after security experts warned that a new generation of high-tech voting machines could fail to count ballots accurately -- centers on the issue of transparency.
Critics say companies like Diebold Election Systems should reveal how their machines work and engage in a public dialogue about how to address alleged security flaws. On the other side, voting technology companies insist that they must protect their proprietary systems from competitors and anyone who might want to hack into a voting machine to change the results.
Enter into the fray VoteHere Inc., a voting software company that hopes a little disclosure can defuse the whole debate and, of course, drum up some more business.
Bellevue, Wash.-based VoteHere is voluntarily posting the code for its software online in hopes that others will poke through it and discover flaws before it is installed on e-voting machines. "Now it's up to the world to take a look and dig in and give us their opinion," CEO Jim Adler, told MSNBC.com.
VoteHere makes a security software product for e-voting machines that is designed to audit votes cast electronically and spot voting machine tampering and problems. The company posted a package of data online about its software, including "reference implementation of the cryptographic protocols, instructions on how to build the source, samples of VHTi's function usage and a document of known issues." A free download is available here. Adler, according to a piece by CNET's News.com, explained that "[r]evealing encryption algorithms for peer review is a standard practice in encryption circles and allows experts to poke holes in other people's technology. VoteHere hopes the additional scrutiny will prove that its technology is sound."
Security experts are saluting VoteHere. Dan Wallach at Rice University in Houston told New Scientist that he applauded VoteHere's move to put its software up for review at no cost. "Releasing the code is important for the transparency of any election using the technology," Wallach said.
"I think it's a good business move, and I think it's a good thing for building confidence in a new technology," said David Dill, a computer science professor at Stanford University. Dill, who is the founder of the Verified Voting Foundation, told MSNBC.com that "[r]eleasing the software is part of what has to happen. The other part is having increased scrutiny. ... I hope that this step will result in careful external review." Verified Voting, by the way, believes e-voting machines should be modified to produce a paper ballot audit trail.
Other observers aren't so impressed by VoteHere's move, especially those who say all e-voting systems should be based on open source operating systems. For example, a Slasdot.org editor said VoteHere's source code is "definitely NOT open source (unlike OVC) but it's still a step in the right direction."
OVC is the Open Voting Consortium, which is a nonprofit group working on a secure e-voting machine based on the open-source software platform. The group demonstrated a version of its systems last week at California's Santa Clara government building. It has posted a demonstration version of its ballot online.
Will other e-voting firms follow in VoteHere's path? Not likely. InternetNews.com reported: "To date, attempts by e-voting opponents to get software makers to release their code for public scrutiny have met with failure. The most notable case dealt with manufacturer Diebold Election Systems, which filed cease-and-desist orders against a group of college students who discovered vulnerabilities in its machines and posted their findings on the Internet, as well as anyone who put links to the vulnerabilities on their Web site and their Internet service providers (ISP). In December 2003, the company withdrew the orders after the college students, through the Electronic Frontier Foundation (EFF) filed suit against them."
