<http://www.internetnews.com/dev-news/print.php/3336851> Internetnews.com VoteHere Release Audit Trail Code By Jim Wagner April 7, 2004 E-voting software developer VoteHere made its audit checking source code available for download Tuesday in a bid to prove its software does what it promises: provide a verifiable audit trail over every citizen's vote. Much of the debate surrounding the electronic tabulation of votes has centered on the machines' ability (or inability in this case) to record votes and then let voters and election officials verify the correct vote was entered and stored in the central repository. Jim Adler, VoteHere founder, said the source code makes good on its promise back in August 2003 when the company announced a partnership with e-voting machine manufacturer Sequoia, to release the code for all to see. "We're a bunch of cryptographers and as students of cryptography, we know there's no real security in obscurity and feel that openness and transparency are an important part of the process, especially with technology that is used to audit an e-voting machine," he told internetnews.com. To date, attempts by e-voting opponents to get software makers to release their code for public scrutiny have met with failure. The most notable case dealt with manufacturer Diebold Election Systems, which filed cease-and-desist orders against a group of college students who discovered vulnerabilities in its machines and posted their findings on the Internet, as well as anyone who put links to the vulnerabilities on their Web site and their Internet service providers (ISP). In December 2003, the company withdrew the orders after the college students, through the Electronic Frontier Foundation (EFF) filed suit against them. Eight days later, Diebold and five other manufacturers banded together under the Information Technology Association of America to "identify and address security concerns" and "raise the profile of electronic voting." VoteHere officials expect the open-sourcing of its audit trail will close the debate on its area of security, at least. Though it's software only runs on Sequoia's machines, Adler said the manufacturer makes up 20 to 30 percent of the industry's market share. The company paid Dr. Robert Baldwin, co-founder of California-based Plus Five Consulting and former technical director of RSA Security, to conduct an independent analysis of its code, who said he was in no way affiliated with VoteHere. "We actually found fewer types of problems than we normally find when we look at other people's code," he told internetnews.com. "I think they definitely had an eye towards producing higher-quality code because they knew somebody was going to go looking at it. The software could easily look at 100 million-person audit trail and verify it within an hour." Individuals who want to review the code can download it here: <http://www.votehere.com/downloads.html> -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'