E-voting systems, most of which are supplied by four private vendors, will count nearly a third of the votes cast nationwide in today's elections. All four vendors use proprietary e-voting software, all of which is subject to government-approved auditing and review procedures. These firms also, however, jealously protect the source code behind their e-voting systems, and critics have charged that the certification process is incomplete, under-funded, and susceptible to vendor manipulation.
One of the biggest e-voting vendors, Diebold Systems, illustrates almost everything that could go wrong with proprietary e-voting software. Diebold was caught using non-certified software, and the company stands accused of leaving its systems exposed to a variety of security failures and software hacks. The California state attorney general filed a lawsuit against Diebold for selling shoddy e-voting software, and BlackBoxVoting.org, an e-voting advocacy group, recently showed a video demonstrating how a chimpanzee (really!) could erase audit logs on one of the company's e-voting machines.
All of this raises the question: Could open-source e-voting software do a better job? Many watchdog groups, including BlackBoxVoting.org and Open Voting Consortium, believe open-source software provides the best way to guarantee truly secure, trustworthy elections. The open-source development model would, for example, ensure that developers find and fix potential security flaws, rather than ignoring or burying them.
Yet even if both models produced equally secure software, we're not just talking about an app server for someone's widget company. We're talking about the system that decides who governs the United States, from local school boards to the presidency. I have a serious problem turning over the democratic process to companies that treat vote-counting as a trade secret.
Even so, I worry that open-source alternatives could run into trouble if they aren't prepared to deal with the political as well as the technological aspects of this process. In fact, an open-source e-voting initiative could easily turn into an unmitigated disaster.
I'm not saying that the current system works: When a company like Diebold can exhibit such willful stupidity, yet remain a legitimate option for counting the nation's votes, it's time for a change. Bear in mind, however, that open-source software won't automatically solve the problem of how to create a foolproof audit trail for election results--one of the biggest controversies surrounding e-voting. Also remember that this isn't just about creating software code; it's about handling a high-explosive mix of technology, public expectations, and partisan politics, along with a lot of people who will do their very best to ensure the system fails miserably.
Is the open-source community ready to deal with all of this? Do any of us really understand just how treacherous this process will be? I have my doubts. But by the time you read this, we'll probably know whether proprietary e-voting solutions can do any better--or any worse.