A software company voluntarily released the source code for its paperless ballot verification system on Tuesday, marking a first in the increasingly controversial electronic-voting market.
Bellevue-based VoteHere said the code, along with documentation and examples included in the downloadable software package, would allow outside experts to evaluate how the company's VHTi technology works to verify election results. The VHTi system uses cryptographic methods to secure ballots and flag vote-tampering efforts.
"Now it's up to the world to take a look and dig in and give us their opinion," the company's founder, Jim Adler, told MSNBC.com.
E-voting systems have sparked a sharp debate over the past few months, due to well-publicized glitches as well as wider concerns over computer security. In January, a group of computer scientists contended that no Internet-based election system could be fully secured against fraud, leading the Defense Department to cancel an Internet voting experiment. Similar concerns have been raised over the use of e-voting machines in traditional polling places — and state election officials are taking the concerns to heart.
One of the country's foremost skeptics about paperless e-voting, Stanford Professor David Dill, said releasing the source code for e-voting software was a "very unusual" and "very healthy" development. But he stressed that it was far too early to pass judgment on VoteHere's software itself.
"I think it's a good business move, and I think it's a good thing for building confidence in a new technology," Dill, who created the Verified Voting Foundation, told MSNBC.com. "Releasing the software is part of what has to happen. The other part is having increased scrutiny. ... I hope that this step will result in careful external review."
In order to be used in actual elections, voting systems must be certified by federal and state officials. But VoteHere's source-code release is aimed more at a community of academics and activists who have raised concerns about electronic voting in particular.
The unauthorized release of source code for Diebold Election Systems' e-voting software, the market leader, sparked volleys of charges and countercharges last year. "Doing a voluntary release of the software in this case, versus the involuntary release in Diebold's case, is the right way to do things," Dill said.
Computer policy consultant Barbara Simons, who was among the critics of the Pentagon's Internet voting experiment, also praised the release of the source code. But Bruce Schneier, the founder and chief technology officer of Counterpane Internet Security, said the availability of the code would not sway him from his opposition to paperless voting systems.
"Just because it's released doesn't mean it's secure," he told MSNBC.com.
Schneier said he didn't plan to analyze the source code — and wondered whether any serious security experts would take on the challenge. "That would take 80 to 100 hours of my time, and no one's going to pay me," he said.
Not ready for prime time
VoteHere has not yet put its technology into existing election systems, but it has made a deal with Sequoia Voting Systems for incorporating VHTi software in future machines.
Even if hackers break into a voting system, the verification software would keep the ballots secure and sound an alarm, Adler said. Last year, VoteHere's corporate network weathered a computer attack, but the company said no voting software was compromised.
"What VHTi does is, it detects problems with the election system," he explained. "You can build a fence as high as you want, but if somebody gets in the yard, you want to make sure you know about it. So VHTi is that barking dog in the yard."
The source code is not a complete commercial product. A "known issues" section lists functions and features that still need to be added or tweaked, Adler said. But the package includes a voting-machine simulation that lets programmers see how the system works.
"You can actually program it to cheat, and you can watch where the protocol detects where your ballot was changed ... which I think is very instructive," he said.
Adler said the long-promised release of the source code was held up so that the process could be reviewed by an outside company, Plus Five Consulting of Palo Alto, Calif. The consultants' feedback was incorporated in the release process, Adler said.
In a written statement, Plus Five co-founder Robert Baldwin, who was formerly a technical director at RSA Security, said the source code was written "in a professional and consistent style, making it easy to understand and review."
In order to download the package, Internet users must click their assent to a license agreement that restricts how the software would be used and distributed. Adler said the license provisions were "not onerous at all," but Dill said he was holding back on downloading the files until he had a better sense of the limitations, particularly on the issue of modifying the software.
Feedback for future versions
Adler said VoteHere would update the source-code offering as the VHTi software is improved, and would likely incorporate suggestions from evaluators. "As people give us more feedback, we'll definitely take it to heart," he said.
The next couple of months are likely to be a key period for state election officials, who are expected to receive $2.3 billion in federal assistance during that time frame for upgrading their voting systems. Adler said his company was "pushing for trials [involving VHTi] in the fall ... not widespread, but we think it's important people see that this technology is ready to go."
Some computer security experts contend that a paper ballot trail provides the only way to assure voters that their ballots have not fallen victim to a glitch or intentional tampering. Counterpane's Schneier, for example, said VoteHere's cryptographic system was "beautiful" as an academic exercise, but might ultimately rate little more than a "so what?" response.
"The way to solve the voting problem is not with math. The way to solve it is with a paper trail," Schneier said.
But Adler said the source-code release was aimed at showing security experts that his company's system would offer adequate safeguards as well as improvements over the hanging chads, confusing designs and the other shortcomings of paper ballot schemes.
"There are some quarters that would like to turn a blind eye to any sort of innovation," Adler said, "but I think that would be a big mistake."