Electronic Voting
Today's Irish Times has two articles on page 8 about the campaign against the flaws in the new electronic voting system, and the important warnings by Margaret McGaley of NUI Maynooth about the integrity of the system. Thought it'd be timely to republish a couple of articles I wrote for our email newsletter "t.b.o." last January...
Source In The Open
You know the electronic voting system that people have been going on about in Ireland for the past year? We were thinking... let's do the bleedin' obvious: instead of talking in the abstract, let's get a copy of its source code and give it a good gander.
So last month [December 2002] we put in a Freedom of Information request to the Department of the Environment and Local Government, which is responsible for the new system.
We requested "the source code of the electronic voting system first used in Ireland's May 2002 general election, plus any supporting technical documentation supplied to the Department of Environment and Local Government including the functional specifications".
We made the request in good faith, so that the 200,000 lines of code could undergo public scrutiny - particularly by experts such as programmers in business and academia. We need this access in order to examine the internal workings of the system properly, to see that (a) it is as secure as possible, (b) it produces fair and accurate election results, and (c) it does so in an efficient and cost-effective manner. We don't want to see just what's on the surface, at the interface: we want to see exactly what's happening under the bonnet as it were.
Now we expected one of two things: either they'd hand over the source code, or they'd come up with some incredibly lame excuse, along the lines that we weren't the Right Kind Of People to be looking at it.
But what we didn't expect was for the Department to admit that... it doesn't have the code!!!
It turned down our request for the source code, saying "the record does not exist in the Department". In a letter dated 13th January, 2003, Assistant Principal Michael Murphy of the Department's Franchise Section stated that: "The source code is held by the Nedap/Powervote [sic] and is not available in the Department of the Environment and Local Government."
Nedap/Powervote's voting machines have also been used in the Netherlands, and in Cologne and Dusseldorf in Germany. In an information paper the Department says that "Ireland's use of the software represents the first time the software has been adopted by a country for all election types (comprising local, general, Presidential and European elections and referenda)."
The Department commissioned PMI Software to evaluate the system's components and "the performance of the database in relation to election requirements". [An aside: PMI is a subsidiary of Project Management Group, "the largest Irish-owned engineering and technical services company". In July 2001, the Office of Public Works engaged PMG to assist in the implementation of the electrical engineering for the project of electronic voting in the Dail.]
Perhaps the PMI/PMG consultants saw the source code (OK, let's find out - and what language were its comments and variables written in, as in English, Dutch, German...). But governments in other jurisdictions have gone much, much further, and made the source code for their voting systemsand readily accessible to all.
Take the Australian Capital Territory election commission in Canberra. It has put the full source code of its electronic voting system on a publicly accessible website, in a neatly zipped 127k file, at:
http://www.elections.act.gov.au/EVACS.html
Some might argue that putting the source code into the public domain isn't in the public interest, that it might compromise the system's security. We don't think so: the general feeling within the software industry would probably be that public peer review, by a wide range of programmers, would do the very opposite, making the code far more robust, secure and efficient.
But above all it's about an issue of trust, and trust works both ways.
If the new electronic system is to be fully accepted by the electorate, the system's internal workings should beand available to the electorate and civil society.
In particular it should earn the trust of our programming community - the very same sector earmarked by successive governments as a key part of our economy and society. The government in turn should put its trust in that community, not just in a bunch of private consultants or some Dutch/UK company.
Instead, it finds nothing strange in allowing the source code to be held abroad, and in not bothering to keep a copy for itself after spending so much of our money getting it written.
Meanwhile, thanks to Pete, a regular early bird on P45.net's discussion forums, for the following quote:
"The integrity of our public electoral system is well worth the cost of paper ballots and the minor inconvenience of a trip to a polling station. If we try too hard to impress ourselves with our technological sophistication, we could end up fooling ourselves into a false sense of security. Men died for our right to vote, and we can endure some minor inconveniences and costs to help ensure the integrity of our democratic elections. To recapitulate, the integrity of electronic voting in public general elections with secret ballots can be ensured only if the following precautions are taken:
- usecomputer architecture andsource software
- prohibit online voting (except in rare cases)"
* * *
A Modest Proposal
So the Irish government is to spend a mere 33 million euro on that new electronic system, in 42 constituencies. A system that quite possibly will be used only once every five years. [Footnote: since my January article, this morning's Irish Times says the system will cost a staggering 45 million euro, and that 1.5 million euro will be spent on a "public relations campaign and the creation of an Internet website", as opposed to a non-Internet website presumably. But exactly how much will it cost?...]
Couldn't they have adapted some existing computer networks, one that's in use every day, in just about every village and town across the land? One that has a nice, familiar, easy-to-use interface that even your Gran would like?
Yes, our modest proposal is to piggyback onto existing major networks such as (a) the banks' ATMs or (b) the National Lottery.
The Lotto's network already has thousands of terminals. Its scanning machines and central computers should be able to handle ballot papers with 10 or 15 candidates instead of Lotto tickets with 42 numbers. Its system can handle 8,000 payslips a minute, and could be adapted to calculate the final results just minutes after the election.
To add further drama and spice to our electronic democracy, the results could be fed to the central count centre in the RDS, then displayed on a Eurovision Song Contest style scoreboard - Ireland has a great tradition in this area. Progress reports could come from Ronan Collins and Shirley Temple-Bar, all under the watchful eyes of a bloke in a suit from Stokes-Kennedy-Whatsit.
And... wait for it... people would be able to vote by how their family has always voted - by birthdays, your home phone number etc - and they could even have "quick pick" candidates and "rollovers".
* * *
That last piece was heavy on the irony, but on a more serious note: if you're interested in the campaign being run by Margaret about e-voting risks, there's more
here and here
The "Slashdot effect" kicked in quite a few months after I published the original article - check out the comments on Slashdot
Posted by mick cunningham at July 31, 2003 01:37 PM | Email a friend this entry
| TrackBack
have you any more information on the companies you mentioned?
Posted by: jools at February 5, 2004 07:24 PM