<http://www.business2.com/b2/web/articles/print/0,17925,683182,00.html> Business 2.0 - Magazine Article - Printable Version - Tilting at the Ballot Box Entrepreneur David Chaum's e-money venture flopped. Now he wants to fix electronic voting. For once, is the brilliant inventor right on time? By John Heilemann, September 2004 Issue The legendary cryptographer David Chaum has just invented something amazing, and his timing is nearly perfect. At a moment when electronic voting has been turned -- by a confluence of clueless election officials, slipshod technologies, dodgy vendors, and ever vigilant geeks -- from a great leap forward into an abject fiasco, Chaum has unveiled an e-voting system that's everything the current gizmos aren't. It's incredibly secure. It guarantees anonymity. Its results are verifiable. It is, Chaum claims, "the first electronic mechanism that ensures both integrity and privacy." Indeed, as far as I can see, Chaum's invention has only one conceivable drawback: It won't be on the market in time to save us on Nov. 2. As veterans of the digital revolution will recall, solving apparently insoluble problems has always been Chaum's forte. Most famously, back in 1990, he founded the company DigiCash to commercialize his pioneering work on electronic money. Even by the standards of that heady time, Chaum's ambitions were lofty: propelling the international currency system into the digital age. But while everyone agreed that the technologies he invented were elegant and brilliant, the world, it turned out, wasn't nearly ready for the incursion of e-money. At the end of 1998, DigiCash bit the dust. Technology writer Steven Levy once described Chaum as "Don Quixote in Birkenstocks." Today the Birkenstocks are gone, but the beard, ponytail, and quixotic temperament all remain in place. Once again, the windmill he's tilting at is an entrenched and archaic system. And once again he's starting a new company to profit from his ingenuity. If there were any justice or logic in this world, his success would be guaranteed. But since the world we're talking about is national politics, I fear he faces an uphill fight. No one has thought longer or harder about e-voting than Chaum. As a graduate student at the University of California at Berkeley in the late 1970s, he wrote the first papers on the topic -- then moved on to other things. But after the Floridian fiasco of 2000, in which hanging chads and butterfly ballots vividly demonstrated how dangerously outmoded our electoral technology was, Chaum's interest was rekindled. At the time, election officials in scores of states were racing to embrace touchscreen voting terminals from suppliers such as Diebold and Sequoia. So Chaum considered the idea he was hatching "a totally academic exercise." Then, out of nowhere, all hell broke loose. Computer scientists and security experts declared the current generation of machines easily hackable and prone to tampering. In particular, the critics complained that because the machines leave no paper trail, their results are impossible to audit. (Any recount would rely on the same software that might have mangled or manipulated the votes to begin with.) Voting activists dug up a pile of evidence of past e-voting irregularities. A populist campaign, "The Computer Ate My Vote," erupted on the Internet. Meanwhile, Diebold's CEO, Walden O'Dell, unwittingly fed a thousand conspiracy theories by hosting a Bush fund-raiser -- and writing to the invited guests, "I am committed to helping Ohio deliver its electoral votes to the president next year." In the face of all this, states are scrambling to figure out what to do -- both in November and further in the future. The solution that's gained the most momentum is known as "verified voting." Here a printer attached to the touchscreen terminal spits out a hard copy of the voter's choices and displays it under a transparent barrier. Once the voter approves the receipt, it's put in a sealed ballot box, from which it can be retrieved and tallied in the case of a recount. The problem, however, as Chaum points out, is that the receipts are as vulnerable to fraud as ordinary paper ballots. "They can, for example, be tampered with between the vote and the recount," he says."In a sense, ballot-under-glass is no more secure than old-fashioned punch-card systems." Chaum's system, Votegrity, produces a paper trail too -- except Chaum throws cryptography into the mix, and that changes the equation. With Votegrity, the printer attached to the terminal generates two strips of paper, each of which holds your vote in encrypted form. Overlaid on top of one another and seen through a custom viewfinder, the strips, through some cryptographic voodoo, reveal your choices in plain English. Once you've verified your vote, the strips are separated, you pick one to take home as a receipt, and the bar-code-like image on that strip is stored digitally. When the time comes to tally the votes, the images are decrypted (using a complicated Chaumian mathematical process that's all but tamperproof). Meanwhile, the encoded images are posted on the Web, so that you can go online afterward and confirm that your vote was counted by using a serial number on your strip. There's no denying that Votegrity teeters on the brink of genius. By letting voters take receipts, Chaum's system would erect formidable hurdles to election fraud -- while simultaneously, through encryption, preserving the sacrosanct anonymity of the ballot box. That said, I can think of at least three glaring reasons to be skeptical of Votegrity's prospects. First, the system isn't exactly a paragon of simplicity; it took nearly four hours of explication by Chaum for me to get my head fully around it. Second, election officials are by inclination a deeply conservative lot, especially around new technology. A system combining cryptography and the Web isn't likely to set their pulses racing -- or cause their checkbooks to spring open. Third, there's verified voting. Whatever the imperfections of ballot-under-glass, I suspect that many people who distrust e-voting will consider it a good-enough safeguard. And as the history of technology makes abundantly clear, in a contest between perfect and good enough, the latter wins every time. Naturally, Chaum disagrees. Given the intensity of the uproar over the current touchscreen terminals, he believes that states will have no choice but to adopt a more sophisticated system. "The more people swear that the machines should be trusted, the less trust there is," he says. "Forget whether they're really secure or reliable. What matters is that major chunks of the public don't believe they are. We've got a crisis of voter confidence on our hands -- and it's not going to go away." As for verified voting, Chaum simply says, "I don't think a system that's equivalent to punch cards is going to cut it at this point." Depending on what happens in November, Chaum could be proven right. With the election only two months off, the backlash against e-voting has produced a situation bordering on chaos. At the start of the year, it appeared that some 50 million voters-roughly 30 percent of the total -- would be casting their ballots digitally. Now, who knows? In California, the secretary of state has banned the Diebold machines from use and decertified all the rest. In other states, there are movements afoot to require verified voting. In still others, officials are pressing ahead with the machines despite the hue and cry. All of which suggests one thing: If the election turns out to be as close as most polls suggest, we may be headed for a multistate postelection conflagration, complete with protests and litigation, that will make the contretemps over Florida in 2000 look like a schoolyard spat. For Chaum, who's in the process of rounding up investors and hiring executives for the firm he's starting around Votegrity, such a conflagration would be, perversely, the best news imaginable. Not that he's the kind of guy who'd root for such an outcome. A bone-deep do-gooder, a privacy crusader, he's an unabashed idealist whose desire to make the world better is so earnest it's slightly painful. When I asked him why he was still tilting at windmills even after the anguish of DigiCash, he smiled, shrugged, and softly replied, "This is really important stuff -- someone's got to do it." On that point he'll get no argument from me. No matter what transpires on Election Day and in its aftermath, Chaum and his allies have already rendered an invaluable service: not only exposing the flaws of e-voting today, but pointing toward something better for tomorrow. Coming up with that something -- a digital system that's secure, private, and verifiable -- will plainly be no mean feat. As more and more geeks take up the challenge, the odds will inevitably decline that Chaum's will be the system that triumphs. But I can't help hoping that, for once in his life, he kicks the windmill's ass.? John Heilemann wrote "Pride Before the Fall." His next book is "The Valley." -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'