VoteHere Release Audit Trail Code

Wed Apr 7 08:48:52 PDT 2004

<http://www.internetnews.com/dev-news/print.php/3336851>

Internetnews.com

 VoteHere Release Audit Trail Code
 By  Jim Wagner
 April 7, 2004

E-voting software developer VoteHere made its audit checking source code
available for download Tuesday in a bid to prove its software does what it
promises: provide a verifiable audit trail over every citizen's vote.

 Much of the debate surrounding the electronic tabulation of votes has
centered on the machines' ability (or inability in this case) to record
votes and then let voters and election officials verify the correct vote
was entered and stored in the central repository.

 Jim Adler, VoteHere founder, said the source code makes good on its
promise back in August 2003 when the company announced a partnership with
e-voting machine manufacturer Sequoia, to release the code for all to see.

 "We're a bunch of cryptographers and as students of cryptography, we know
there's no real security in obscurity and feel that openness and
transparency are an important part of the process, especially with
technology that is used to audit an e-voting machine," he told
internetnews.com.

 To date, attempts by e-voting opponents to get software makers to release
their code for public scrutiny have met with failure. The most notable case
dealt with manufacturer Diebold Election Systems, which filed
cease-and-desist orders against a group of college students who discovered
vulnerabilities in its machines and posted their findings on the Internet,
as well as anyone who put links to the vulnerabilities on their Web site
and their Internet service providers (ISP).

 In December 2003, the company withdrew the orders after the college
students, through the Electronic Frontier Foundation (EFF) filed suit
against them.

 Eight days later, Diebold and five other manufacturers banded together
under the Information Technology Association of America to "identify and
address security concerns" and "raise the profile of electronic voting."

 VoteHere officials expect the open-sourcing of its audit trail will close
the debate on its area of security, at least. Though it's software only
runs on Sequoia's machines, Adler said the manufacturer makes up 20 to 30
percent of the industry's market share.  The company paid Dr. Robert
Baldwin, co-founder of California-based Plus Five Consulting and former
technical director of RSA Security, to conduct an independent analysis of
its code, who said he was in no way affiliated with VoteHere.

 "We actually found fewer types of problems than we normally find when we
look at other people's code," he told internetnews.com. "I think they
definitely had an eye towards producing higher-quality code because they
knew somebody was going to go looking at it. The software could easily look
at 100 million-person audit trail and verify it within an hour."

 Individuals who want to review the code can download it here:
<http://www.votehere.com/downloads.html>

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'