Author: Jay Lyman
alternative, electronic voting system. By utilizing a Linux-based Internet and telephone election system with 128-bit
encryption, Church and his Ontario-based startup CanVote were able to give nearly 95,000 voters in 11 municipalities the option of Web- or phone-based votes in local
elections last November.
“We started out with a customer rather than a technology,” said Church, referring to the local government. “We didn’t have a lot of money or time. We were trying to figure out how
to get phone, Internet, and go. We didn’t want to go back to paper ballots.
We wanted something different, something better.”
The quest for an electronic alternative started with the commercial software
and the larger election system vendors, but Church said he soon realized
nothing off the shelf would cut it and nothing from the big guys would fit
Linux, with its reputation as a highly secure, highly stable, yet flexible
operating environment soon emerged as the clear answer, Church said, adding that an open source
database was also used for the CanVote solution.
“Linux is development-friendly and small-friendly,” he said.
And while security may be the biggest issue in general with election systems
and software, Church said the local Canadians were more concerned with
putting something in place in time for polling.
“There were things that fit with Linux that were important to them,” Church
said. “We couldn’t study it for two or three years. We had an election
coming up and had to serve it. We had to bootstrap something pretty fast.”
Bootstrap they did, with an interactive voice response (IVR) system as the
core of the Linux election system, which did not deliver paper receipts but
did manage to serve 52 percent of voters in a municipal contest — a
relatively high turnout figure.
CanVote’s Church readily acknowledged that the complexity and security needs
for the local elections in Ontario pale in comparison to the
initiative-laden, multiple-candidate, multiple-race elections that take
place in the States. “Our elections are much lower profile elections,” Church said. “The security
thing is nowhere near as big an issue as it would be for Americans. In our
case, it was kind of like, if a mayor doesn’t get elected, nobody cares.”
In discussing plans for expansion and taking on larger elections in Canada
and perhaps elsewhere, Church said CanVote will stick to open source
software. “We’re not going to employ proprietary if we can avoid it,” he said.
Good approach, apparently. Proprietary election software from vendors such
as Diebold and Accenture has drawn serious criticism in the U.S. for its lack of security. Open source
systems, on the other hand, have proven successful not only in Church’s local
elections last November, but also in Australia, first
in 2001 and possibly again soon, officials said.
Australia elects open source
Elections software expert David Wagner, an assistant professor of computer science at the University of California, Berkeley, said the Australia model — where the
government sought proposals from more than a dozen vendors and eventually
chose the single open source pitch — holds promise for electronic voting’s
He indicated the Australians, like Americans, went through an epiphany about
the sad state of its election infrastructure when the nation in 1998
had the same kind of close elections as America’s 2000 presidential/legal
The Australian Capital Territory commissioned open source election software in 1999.
The government chose Software
Improvements, a local company that came up with and posted the code for
a system called eVACS, developed with the Australian Electoral Commission,
tested in a Legislative Assembly election in October 2001, and intended for
use in future elections. The system cost less than $150,000 and was created
within a 27-week window between signing of the contract and election day. Of a total of 191,829 votes in the Australian territorial election, 16,559 were cast electronically, representing 8.6 percent of the total vote, which was all counted electronically with data entry on the paper ballots.
Software Improvements managing director Carol Boughton said the eVACS
system, designed for government elections but capable of use even in association and board contests, is being internationalized
to handle all types of election systems and scenarios. The system sits on a
cut-down Debian Series 1 operating system, which limits the operations
permitted, and uses a PostgreSQL 7.1 database.
Boughton said the system comprises modules for setting up an election,
voting, data entry (for votes not collected electronically), counting, and
reporting. It does not provide for paper receipts of votes.
“The voting software runs on standard PCs, but can run on any equipment with
an Intel 386 or above architecture, networked in an isolated LAN at each
polling place,” Boughton said via email. “The voting clients are basically
dumb terminals driven by the voting server.”
Boughton said while an interim vote count is possible at the polling place,
a full count of votes taken at all of a district’s polling places is done on
a separate, standalone counting server.
Boughton also said that on loading, eVACS server hardware is automatically
wiped clean. Echoing UC Berkeley’s Wagner, she said the key aspect of the
entire system has been transparency.
“Second is the ability to cut down the operating system to limit the
functionality to those required operations — a security feature,” she said.
“Third aspect is that with the client having the source code, there are no
ongoing annual fees for maintenance and support.”
UC Berkeley’s Wagner said the open source nature of the eVACS software has already
paid off. “The system has been evaluated by outside security
guys, who found one small detail, one bug that was worth correcting.”
Cautions on closed source electronic voting
Wagner was the co-author of a report that blasted a U.S.
electronic voting system known as SERVE — Secure Electronic Registration
and Voting Experiment. SERVE was set to be used for the presidential election this coming November, but was
scrapped after security warnings from Wagner and fellow researchers from
Lawrence Livermore National Laboratory and Johns Hopkins University.
The findings of Wagner and three other election software experts ended up
forcing the U.S. Department of Defense and
Voter Assistance Program to abandon the
$22 million SERVE proprietary election system, which was produced
primarily by Accenture, among other vendors. DOD spokesperson Glen Flood, who
had previously defended the system for voters stationed or living overseas,
said the government needed greater confidence in the security of a system to
go forward with it.
“It’ really a shame they were forced to scrap it,” Wagner said. “It was the
right decision, but it’s a real problem for ex-pats.”
While the Internet and possible introduction of viruses or potential
undetected tampering were primary among the researchers’ critique of SERVE,
the system’s closed code from Accenture and others was also prominent among
problems because of insufficient scrutiny during qualification and
certification, they said.
Wagner called transparency in election software one of two critical
components needed to produce a viable electronic alternative to — it’s time
to start saying it again — hanging chads.
“If there are problems, there are opportunities for third parties to find
them,” Wagner said.
The other critical component to a trustworthy, reliable election system, he
said, is a verifiable paper receipt that can be used in case of a recount.
Wagner suggested the open source approach might work in the U.S. if
both major political parties had access to the source code and system,
ensuring a perceived and real fairness. “If the Democrats and Republicans can both look, it gives you some reason to
believe it may be reasonable to have trust in election software,” Wagner
While Wagner had to qualify the definition of open source as publicly
available code — as opposed to the somewhat limiting perception that open
source refers to software developed for fun by ad hoc groups of hobbyists
— he said the public disclosure of code is a fundamental
requirement of a trustworthy election system.
“I think that has a lot of benefit for election software to get the
confidence of people,” Wagner said. “Elections are unique in the
transparency requirement. Proprietary systems don’t provide that level of
public trust. They can’t. I think there’s general discomfort in putting all
of that trust in one company.”
Open source elections coming to the U.S.?
But the GOP and Dems do not have to start assembling their Campaign 2004
cracking team just yet. Even if Floridians and other voters previously
betrayed by paper ballots were to furiously take up the cause of an open
source alternative, such a system would not come close to making it through
the elections system certification process in time for use in the next presidential
Paul DeGregorio, one of four members of the federal Election Assistance
Commission formed in 2002 to assist states in avoiding fiascos, said the
role of open source software will be chief among issues being assessed by
the commission and federal legislative committees with the help of the National Institute of Standards and Technology and other scientists.
“I think it’ll be an important issue, no question,” said DeGregorio, who
declined to offer a perspective on open versus closed code for elections
before hearing from experts and forming his opinion. “Whenever you look at
voting systems and security of voting systems, this is an issue that has to
be looked at in the process.”
While Linus Torvalds was not elected the provincial ruler of Ontario and
Eric Raymond did not garner many write-in votes in elections down
under, the U.S. government remains skeptical of open
Nevertheless, UC Berkeley’s Wagner — whose SERVE research team said in its
critique that the Internet and proprietary code vulnerabilities “cannot be
fixed by design changes or bug fixes” — said publicly available source code
and voter-verifiable, paper audit trails could punch electronic voting’s
“It’s not a case where there’s no available solution,” Wagner said. “There
are ways available. They’re just not being used.”
While he highlighted that more Americans than ever will be voting
electronically in the upcoming presidential match — an estimated 50 million
are eligible — Wagner said the newer technology may actually leave us
longing for the days when we got to know and love hanging, dimpled, pregnant,
and otherwise indiscernible chads.
“The last four years have seen a major shift toward electronic voting,”
Wagner said. “I think people are going to use it and they’re going to like
However, with the lion’s share of those new electronic ballots getting cast
by touch-screen technology that has no paper receipt, Wagner predicted
another troublesome election in November.
“There’re valid reasons to be concerned,” he said. “With the touch
screens, if there’s a dispute, there’s no way to do a recount. At least with
paper, you have something to look at. We may find ourselves with no chad,
hanging or otherwise. I’m not sure that’s an improvement.”
- Open Source