California’s secretary of state, Debra Bowen, believes that open-source software should be used in elections involving electronic voting machines, to protect against error and fraud.
Speaking in Cambridge, MA, yesterday during a panel discussion at the EmTech organized by Technology Review, Bowen noted that individual counties are currently responsible for purchasing voting machines. Often the choice is left up to an IT professional who may lack detailed knowledge of cryptography and computer security. But the biggest concern, according to Bowen, is a lack of access to the machines’ underlying code. “Many times, a person has no legal right to review the software, even if they could,” she said.
Bowen has a history of pushing for greater transparency and accountability in election technology. After taking office in November 2006, she commissioned a top-to-bottom review of e-voting systems, including detailed analyses of source code, documentation, security, and usability. “All of the systems had security issues,” Bowen said.
The study revealed a variety of problems, from software vulnerabilities that could let an attacker install malicious software that changes the outcome of a vote, to opportunities to tamper with the devices while they are held in storage.
E-voting companies are working to address these problems, but Bowen is still frustrated that the software running on voting machines is proprietary.
When asked about future elections, Bowen said the one technology she’d like to see integrated into voting systems tomorrow is open-source software for creating ballots and tabulating votes. Both tasks are horrendously complicated, she added, and so need to be very carefully monitored. For example, Los Angeles County alone may use 330 different ballots for a single election, because dozens of local races may be going on in different neighborhoods. And one common problem there with early deployments of touch-screen voting machines was that voters were presented with ballots that didn’t show all the races that applied to them.
Tabulating votes is also problematic. Votes arrive through a variety of channels, via mail as well as polling stations, and must be tabulated quickly and accurately. But there is little regulation or oversight of the way existing software does this. “A lot of the concern comes out of the fact that no one can look at the software,” Bowen says. She notes that voting-machine analysis often has to be performed under a nondisclosure agreement, meaning that the details of some flaws remain undisclosed.
MIT computer science professor Ron Rivest, who has studied the security and privacy of voting systems, says that these systems should be designed to work even if the software underneath is somehow flawed. “Do you have to trust the software in order to trust the election results?” he asks. The ideal situation, Rivest says, is one where the presence of bugs or malware cannot affect the outcome of an election.
There are other ways that technology can complicate the election system. One of Bowen’s biggest worries about November’s presidential election isn’t the voting machines being used but the databases in which voter registration information is stored. A number of states recently introduced a requirement that names on drivers’ licenses and voter registration records match exactly. Bowen says this could unfairly disqualify some voters, because the software used to compare records often cannot account for typos. For example, a computer may not recognize that “OM’alley” is a typo of “O’Malley.” In 2006, Bowen says, exact match requirements prevented more than 20 percent of Los Angeles County voters from being properly placed on voter registration lists.
Under Bowen’s stewardship, San Francisco will experiment with new software in November. It’s one of the few cities already using instant-runoff voting, a system that lets voters rank candidates in order of preference instead of choosing just one. The rankings data can be used to determine a winner if no candidate receives a majority of the vote.