This should give the people trying to get Diebold to divulge their source code some ammunition. Diebold is important because if something isn't done there will be a cloud of suspicion hanging over the outcome in Ohio and other states no matter who wins them.
___________________________
E-voting firm opens up its code
By Alan Boyle
MSNBC
Updated: 9:12 p.m. ET April 07, 2004BELLEVUE, Wash. - A software company voluntarily released the source code for its paperless ballot verification system on Tuesday, marking a first in the increasingly controversial electronic-voting market.
Bellevue-based VoteHere said the code, along with documentation and examples included in the downloadable software package, would allow outside experts to evaluate how the company's VHTi technology works to verify election results. The VHTi system uses cryptographic methods to secure ballots and flag vote-tampering efforts.
"Now it's up to the world to take a look and dig in and give us their opinion," the company's founder, Jim Adler, told MSNBC.com.
E-voting systems have sparked a sharp debate over the past few months, due to well-publicized glitches as well as wider concerns over computer security. In January, a group of computer scientists contended that no Internet-based election system could be fully secured against fraud, leading the Defense Department to cancel an Internet voting experiment. Similar concerns have been raised over the use of e-voting machines in traditional polling places — and state election officials are taking the concerns to heart.
One of the country's foremost skeptics about paperless e-voting, Stanford Professor David Dill, said releasing the source code for e-voting software was a "very unusual" and "very healthy" development. But he stressed that it was far too early to pass judgment on VoteHere's software itself.
"I think it's a good business move, and I think it's a good thing for building confidence in a new technology," Dill, who created the Verified Voting Foundation, told MSNBC.com. "Releasing the software is part of what has to happen. The other part is having increased scrutiny. ... I hope that this step will result in careful external review."
In order to be used in actual elections, voting systems must be certified by federal and state officials. But VoteHere's source-code release is aimed more at a community of academics and activists who have raised concerns about electronic voting in particular.
The unauthorized release of source code for Diebold Election Systems' e-voting software, the market leader, sparked volleys of charges and countercharges last year. "Doing a voluntary release of the software in this case, versus the involuntary release in Diebold's case, is the right way to do things," Dill said.
Computer policy consultant Barbara Simons, who was among the critics of the Pentagon's Internet voting experiment, also praised the release of the source code. But Bruce Schneier, the founder and chief technology officer of Counterpane Internet Security, said the availability of the code would not sway him from his opposition to paperless voting systems.
"Just because it's released doesn't mean it's secure," he told MSNBC.com.
Schneier said he didn't plan to analyze the source code — and wondered whether any serious security experts would take on the challenge. "That would take 80 to 100 hours of my time, and no one's going to pay me," he said.
Not ready for prime time
VoteHere has not yet put its technology into existing election systems, but it has made a deal with Sequoia Voting Systems for incorporating VHTi software in future machines.
Even if hackers break into a voting system, the verification software would keep the ballots secure and sound an alarm, Adler said. Last year, VoteHere's corporate network weathered a computer attack, but the company said no voting software was compromised.
"What VHTi does is, it detects problems with the election system," he explained. "You can build a fence as high as you want, but if somebody gets in the yard, you want to make sure you know about it. So VHTi is that barking dog in the yard."
The source code is not a complete commercial product. A "known issues" section lists functions and features that still need to be added or tweaked, Adler said. But the package includes a voting-machine simulation that lets programmers see how the system works.
"You can actually program it to cheat, and you can watch where the protocol detects where your ballot was changed ... which I think is very instructive," he said.
Adler said the long-promised release of the source code was held up so that the process could be reviewed by an outside company, Plus Five Consulting of Palo Alto, Calif. The consultants' feedback was incorporated in the release process, Adler said.
In a written statement, Plus Five co-founder Robert Baldwin, who was formerly a technical director at RSA Security, said the source code was written "in a professional and consistent style, making it easy to understand and review."
more---
msnbc.msn.com |
