Web-based electronic voting systems

Electronic voting systems have gained a bad reputation for their reliability, integrity and usefulness. Fundamentally, they are flawed as a concent as they commit the worst mistake any technology can make: replace existing manual methods without changing their fundamental operations. Technology must never simply mechanize existing methods. Information allows to completely rewrite the rules and on the subject of elections, information technology's main benefit is the removal of both geographic and time constraints.

Electronic voting is a major issue receiving too little relevant attention and little to no expert technical development. Political engineering is still a very primitive domain that has not received the relevant expertise and research. This document explains the issues, problems and solutions related to electronic voting and provides a framework for successful, fail-proof and efficient electronic voting systems. The framework is based on professional experience and research in Web development and technologies, database and information management systems as well as political dynamics in modern democracies.

As a starting point, almost all current perceptions about electronic voting are wrong, misguided or misleading. The dangers are largely misunderstood, the complexities overstated in many aspects and the applied solutions deliberately constructed to fail. It is essentially easy and cost-effective to develop an electronic system for all levels of elections, from local-based referenda to national elections. Very little of what is currently debated in terms of electronic voting is based on technical comprehension of current Web technologies, security and communications potential. Politicians do not have the technical knowledge to understand the systems and related companies do not have the political legitimacy to work with traditional commercial protections.

Electronic voting systems currently implemented in the United States are deliberately developed to influence the outcome of national elections and do not correspond to the necessary criteria for a safe and efficient system of electronic elections. Trade secrets restrictions on evaluation, which are not based on technical justifications, lack of proper trail for recounts, poor security in construction, notably relying on Microsoft Access databases for Diebold's systems, are not markers for either competent or incompetent systematic problems. They are deliberate technical choices to make the systems prone to tampering, hacking and a general lack of credible security.

None of the recorded failures, votes cast and not counted, the inability to proceed to manual recounts or comparisons between individual machine and total tallies and votes recorded for wrong candidates are error-related outcomes. They are all obvious and deliberate programming built into the systems. No professional tallying system can record a vote for a wrong candidate without the outcome being deliberately programmed in the software. No professional tallying system can be unable to proceed to comparison of vote counts without deliberate intent of fraudulent outcome. The technical expertise to prevent these problems is mastered by every skilled programmer in the world and there are several larger systems currently in function that provide much greater levels of security and integrity.

Any computer software can be hijacked as long as any single line of code can be dissimulated. Within an installed application, programmers are in complete control of their environment. They can do everything they want with the information they process. A program's source code reveals everything that is going on in any software, whereas compiled executable code can be completely untraceable. All voting systems currently in use in the United States are proprietary closed source software, which goes against the most basic technical reasoning.

A typical voting system can be written with anywhere between 100 and 1,000 lines of code. While software with only 100 lines of code would not quite capture the complexity of a national election, at 1,000 lines it would be very close to having a large part of the system done. All other operations are up to using standard protocols and systems such as those used on the Web for communications, database, authentication and such. These protocols insure security for hundreds of billions of dollars moved every day in electronic transactions. They can be fail-proof; it is simply a matter of cost and will.

A voting system is essentially one of the simplest pieces of software that can be written. A skilled second year student is capable of developing a 90% fail-proof voting software for small elections, while talented students can easily develop the whole system as their final projects (this would actually be quite a good challenge for computer science departments around the country).

There is not one shred of technology, business logic or algorithm used in a networked voting system that has not been written millions of times. It is a basic system that reads input, adds variables, stores data and outputs results. There are very few programs that can be so fully explained with so few words. The insistence of the companies who developed the systems to hide their source code in the name of trade secrets is as credible as claiming such for the layout of their coffee room. They had nothing to invent to achieve their objectives. In fact, inventing anything in this context would be completely unnecessary and credible evidence for gross incompetence.

Luckily, source code is only one part of a software program. Licensing and configuration account for a large part of an election system. Any voting system can be made 100% fail-proof with very simple rules and configurations. The rules presented below may not achieve 100% of the required security, but they are close to 99%. This level of security is at least 98% higher than what current systems provide. The rules are presented in no particular order, they are all equally important:

1. Every module of executed code should come from open source software, all of which must be independently verified by as many experts as possible
2. Every piece of software should be executed from interpreted code
3. The system must use high security Web protocols and replicate processing several-fold (i.e. there must be as many independent servers as possible receiving, processing and storing every vote in real-time)
4. Independent processing servers should send confirmation to citizens email addresses along with URLs where confirmation of stored results can be consulted (alternatively phone messages could be used, but written information is more easily archived)
5. Confirmation receipts should be printed in double and immediately scanned into an independent system, matched with an ID generated independently from the voting software, separately transferred and verifiable along with the stored results by the citizens, while the second receipt should be available for manual recount (i.e. voters take one receipt home and verify that the ID correspond to those stored on the processing servers while the other is kept in a locked recount box)
6. Processing servers should send back confirmation of what they processed right away to the machine used for voting before the voter leaves the machine
7. Parallel manual elections should be held until it can be 100% certain that no tampering of any sort can take place, requiring citizens to use both electronic and paper ballots, which are to be compared

Technological security matters would be entirely assured if these rules are followed closely. The rest is up to physical security in polling places and independent verification. Computer security has nothing to do with secrecy. It is all up to encryption, anti-hacking measures and reliable software. The fact that the voting software itself is so simple makes it easy to verify the code. It also makes it a simple matter to ask the best in computer security university departments to develop it. There is no credible technical-based justification for these systems to be developed in the private sector any more than there are justifications to allow politicians to manage their development.

We would have no hesitation in repeating those words under oath. They are simple facts of software development and we hope they will dispel some of the misconceptions. The extent of those systems is quite large but competent project management and genuine political will make it easy to develop reliable, safe and efficient systems capable of dramatically reducing the cost of running elections, eliminating tampering and increase confidence and participation by the population, which are both inadequately low in all modern democracies.