Unisys, Microsoft and Dell have banded together to create e-@ction. This is an electronic voting system that covers everything from voter registration to final tabulation and reporting. The idea is that this will solve many of the hairy issues surrounding the current voting system. There is a large argument as to the trustworthiness of an electronic voting system vs. the current ballot system. Security is a major issue, scalability and reliability are also major hurdles. However, this article is not going to focus on the question of "electronic voting vs. paper ballots", nor will it dwell on the fact that Microsoft historically has not created secure, stable and scalable software solutions. This article is going to address a different question. Should a voting system, especially one used to elect government officials, be closed source?

Let's look at the current voting system. For the most part, voting booths in the United States are simple affairs. A punch card or a lever based system is theoretically easy to prove or disprove as unbiased. If there is a question as to the accuracy of a ballot counting machine, ballots can be hand counted, or the machine can be examined. The current system is open. Anyone can learn 'how' the system works, and prove to themselves that the system is fair. Most of the problems occurring in the Nov. 2000 presidential election were based on human error, not secretive machines that were doing something underhanded.

A free election is no good unless the citizens can trust that their votes have been counted and have not been tampered with. Citizens must be able to have a reasonable degree of comfort that ballot boxes cannot be easily stuffed. Can a closed source product bring that level of security?

In short, the answer is no. Look at the recent debacle with Interbase, a backdoor existed in that closed source software for six years. One that was put there intentionally. Borland was a "trustworthy" company, but would you like the developers who built that backdoor building your voting software? Unfortunately, there is no way to ensure that they aren't. There is no way to prove that Microsoft SQL, IIS, NT, Windows 2000 or any other closed source software doesn't have similar backdoors. The only way that the backdoor in Interbase was found was because they opened the source code for public review. Once code has been released to the public, then any sufficiently motivated programmer can review it.

So, if the United States Government wants to move to electronic elections, Open Source is the only way that they can give citizens a level of trust that ballot stuffing is not likely and that their votes will be counted. Open Source would allow any independent citizens rights group or simple programmer to look into the detailed workings of the voting system, just as any concerned citizen can do today. Of course, there would have to be some sort of check system in place to guarantee that the program installed in the voting booth is identical to the reviewed code, but this is better that blindly accepting whatever proprietary program e-@ction eventually creates.

As is usual in the Open Source community, a project is already underway with this in mind. FREE, "Free Referenda and Elections Electronically", is a java based effort to create a non-commercial, non-partisan voting system. I had a chance to talk with Jason Kitcat of the FREE project.

Binary Freedom: First of all, what lead to the creation of the FREE project?

Jason: Well, I was researching the impact of the Internet on various parts of life while at the University of Warwick, UK. It was clear that politics was being affected, but how was hard to say, as politicians and governments are slow to adopt stuff.

I started a year long project titled "People Power: The Revolution in Civilian Affairs within the Context of the Information Revolution and its impact on the Political Process." Not very snappy but with this I explored the increasing power of Non-Governmental Organizations and how technology is creating this empowerment.

One of the key areas I explored was electronic democracy. I took a look at the commercial solutions appearing just as I was thinking about it and was absolutely appalled by the stuff they were trying to sell. There was no evidence of proper design, security analysis or the correct skills in the companies. They often relied on security through obscurity, and also used an e-commerce paradigm which is totally unsuited to electronic voting. E-commerce works by us giving up privacy in return for safe transactions backed by credit cards; you just can't run electronic voting like that.

Binary Freedom: Can you briefly describe the FREE system?

Jason: FREE was developed with a couple of key principles in mind:

1. Security is essential.
2. Voter rights, especially privacy, must be maintained.
3. Openness and trust are essential to any system.
4. The system must be fast and survivable.

These principles are applied in a number of ways. The system is written in Java 1.1 tapping directly in Java's security and network awareness. The "preserve privacy" voters login and are authorized by one server (the Electoral Roll server) before being authorized with a unique, single-use, cryptographic key. This is used to send a vote to the separate Regional server. The system is highly distributed into cells or regions. Each region has one Electoral Roll server and one Regional server; this helps survivability and performance. Once a ballot is complete, all results are totalled and sent to a totaled server for a final result.

It's kind of complicated and hard to describe succinctly, but the web site has more information.

Binary Freedom: Are there any major features that still need to be added to the system?

Jason: Well, we currently have a volunteer porting our GUI from Swing to AWT 1.1 this will allow FREE to become GNU FREE which I'm quite excited about.

We want to improve our detection facilities, as the key thing is to ensure that we catch anyone who does breach our security. The worst imaginable scenario is for security to be compromised without the administrator knowing about it.

FREE is usable now, so while major new features are being added, they are improvements as opposed to basic building blocks.

Binary Freedom: Have you reviewed the documentation about e-@ction, the proprietary election system, apparently being developed by Dell, Microsoft and Unisys?

Jason: I've really stopped getting worked up about these. The European Union announced a big electronic voting project at the end of last year and so have a whole bunch of other people. I read what details I can and realize that they'll never see the light of day or are technically doomed by the wording of their mission.

I'm just staying focused on making FREE the best we can and spreading the good word of Free Software.

In summary...