eVAC Changes Licensing

'The cost of freedom is eternal vigilance'

Having been pretty quiet on this front for a while I coincidentally noted that Scott at Open Voting Foundation has just posted some depressing news about Software Improvement changing the licensing of its eVAC system from GPL to 'controlled open source'.

Whatever that means.

Sure enough, a check of the Software Improvement site shows that all reference to open source has been removed.

Except for this:

Our eVACS^® solution is the world leader in transparent and accurate election software.'

Maybe not now?

Meanwhile, Worldchanging has made several references to ExtremeDemocracy, which I'll investigate in a little while

Victorian government elects open source for e-democracy platform

Came across this article in Computerworld. Looks like the idea is taking off.*

Of particular note is the following paragraph:

The Electronic Democracy Subcommittee, chaired by Victorian MP Michael Leighton said the use of open source is specifically recommended so voters can "be satisfied with the integrity of the system".

and:

"The other principle we recommended for electronic voting is that there is a paper trail -unlike what happened in the US presidential election.

However, I have to wonder why the following recommendation was made:

Leighton said the line for "electronic democracy" would be drawn at Internet voting, and recommendations have been made that this not be considered.

Last week the Victorian Electoral Commission called for tenders for electronic voting machines.

Diebold was also mentioned.
I may be naive, but do I smell a lobby group?

---

*Update: the full report can be found here.

---

Environment and Open Voting

The 'Millenium Ecosystem Assessment' report (summarised here by Greenfacts) has been cited as a cause for gloom and doom in the popular press.

There is no reason for that to be so (See Worldchanging on the topic). In fact, the report predicts a net degradation of the environment and overall standard of living in only one of the four scenarios it explores.

Why the gloom? Well, guess which scenario is closest to the current world situation (actually, I can see a few aspects of some of the other scenarios, but there's certainly no grounds for complacency!)

So, what are these scenarios, and what have they got to do with Open Voting?

The scenarios were derived from considering two factors: the degree of cooperation between nations, and the degree of proactive response to environmental threats:

• Order from Strength assumes a world where regions concentrate on local safety and protection, placing little value on common goods, and not thinking ahead on environmental issues. This scenario was found to have the poorest economic growth prospects. (In fact, the prospects were negative in the majority of measures applied)
  
• Global Orchestration suggests a modest improvement could be achieved if the world nations were to adopt a more cooperative marketing model, and take strong steps to reduce poverty.
• Adapting Mosaic takes a different approach, emphasising proactive responses to environmental issues at a local level. Its projected outcome is a lot more promising.
• Not suprisingly, TechnoGarden suggests the best outcome is to be had if a globally connected economy adopts a proactive approach to environmental issues.

Of the two factors considered, it appears that adopting a proactive approach to problems has a more positive effect and, fortunately, it would appear to be the easier approach to adopt. I'm not talking about government level, but the the common folk who, thanks to improved communications, are becoming more aware of what issues affect them, and are better able to take coordinated action, with or without government approval.

A more coordinated global marketing policy will be harder to achieve. At this level, regions are represented by governments, and it will be by governments (and the lobby groups who define their policies) that global markets will be opened up and made more interdependent.

And it is here that I see Open Voting making a contribution. If the voting process can be streamlined, then people (who, as mentioned in the last paragraph, are becoming more able to make decisions for themselves) will be more inclined to participate in official policy making. (Even if it's only to elect the policy makers, in the first instance.)

What's in the Database? (draft)

This is the initial draft. I will flesh it out and spruik it up over time.
Meantime, feel free to cast your opinions.

What tables should be present? How should they be organised?

Table: Voters
For starters, there should be a table for storing voter related information that is provided on registration. This should include stuff like:

• Voter ID*
• Login Name*
• Password
• Address
  
• Email
• Public Encryption Key

Address isn't strictly necessary, but is usually required to allow for statutory declarations ('I live here and this is the only time I've voted today')

Now, the Voters table is a permanent feature, to be used in successive polls. Sectioned off in a separate database is information relating to a particular ballot:

Table: Ballot
This is where ballots are stored in a form accessible to everyone. Data required:

• Ballot ID
• Timestamp
• IsCurrent
  
• Ballot Details
• Voter Signature
• Electoral Signature

The signatures are important. They represent a 'hashed' form of the row data which can be accessed by means of the voter's (or electoral office's) public keys. Any attempt to modify the data will be detected by the consequent invalidation of the calculated hash value against the signature. (I will describe public key encryption in more detail as required.)

Table: VoterBallot
This is where ballots are stored in a form accessible to the voter. Data required:

• Voter ID
• Ballot ID (encrypted by voter)

Which is to say: the voter can use this table to subsequently access and validate their ballot details, but no one else can.

Draft Proposal

This is a duplication of a posting I made elsewhere.

A Draft Proposal For An Open Voting System

Background:
Given the recent furore over the verifiability (or lack) of the electronic touch screen voting systems used in the recent US election, it astonishes me that a google on the topic turns up just one reference to an open source electronic voting system! That is the eVACS system that was used for the 2002 Canberra election in Australia.

I do note that there is the OpenVote organisation that has set up in the last 12 months, and which is using eVACS as a basis for their own offering.

I may give Open Vote a hand at some point. Before I do, however, I want to get a few thoughts of my own down.

General Thoughts:
(NB: this is based on Australian procedures. Please point out any variation to your own local system that would affect the associated reasoning. eg, unlike the US and UK systems, voting is compulsory.)

Unlike the eVAC solution, I want a system that does *not* rely on specialised voting machines. Voting should be accessible online from any network access, and should be as easy as online banking. In other words, it should be a server solution.

I also want a system that can be used anywhere. This may be a pipe dream, but hey, this whole thing is a pipe dream at the moment!!

The way I see it, specialised voting machines have the following problems:

• availability: one problem cited in the US was the lack of available machines in certain districts (which more often than not 'happened' to be Democrat...)
• inconvenience: Why do we need to go and stand in long queues to exercise our sliver of democratic privilege anyway? this is the 21st century!
• flexibility: the inconvenience thing also prevents the general public from a greater participation in how society functions (but that's something for down the track)
• tampering: a number of reports also cited that machines were mysteriously shut down for 'maintenance'. Later, many machines appeared to be unavailable for scrutiny (and the data they contained possibly destroyed)

OK. So the server solution isn't without drawbacks either:

• tampering: all data being sent to one location is a very tempting target for tweakers... There is a very simple mechanism for discouraging this: allowing the voter to review (and even modify?) their ballot.
• control: access to data in one central location is much easier to control.
• trust: how do you know that the final result presented is a true representation of the input? How do you *ever* know this? This is what scrutineers are for, and why it is critical for the workings of any voting system to be open for viewing.

Criteria:
Any new system must achieve at least the same standards of integrity, verifiability, and general confidence in use as the one it is replacing so, before we go into details, let us for consider what a voter must do in order to successfully place a vote:

1. Registration: First off, a voter must be entered onto the electoral role. ie submit whatever personal details are needed to establish that they are, in fact, eligible to vote...
2. Identification: On voting, voters must identify themselves
3. Declaration: The voters must declare that they have not voted anywhere else.
4. Acceptance: The officer, on confirming the voter's eligibility, crosses their name off the role and issues voters with ballot papers
5. Submission: Voters make their choice (in confidence) and deposit their ballot in the box provided.
   

From the POV of the polling officials:

1. Audit: All ballots papers must be accounted for
2. Procedure: All votes must be counted.
3. Verification: Scrutineers must agree that the voting is proper

Meeting Criteria:
So, how do we go about meeting these criteria?

1. Registration: this is going to depend on locality, and is best handled by a separate database. All an open vote system really needs is an identifier and a password. Each entry should be referred to by the main electoral role database. Registered voters should be provided with their ID and password.
   
2. Identification: A voter provides their login and password. They are then given options to enter, view or edit their ballot. This provides opportunities to: record their vote, review their recorded vote for any irregularities, and to change their minds! (Why not? So long as all changes are recorded!)
   
3. Declaration: A voter may vote as often as they like: ie, only the last entry will be counted. An audit trail report may be providedto the voter on demand .
   
4. Submission and Acceptance: Both criteria are covered by one action: submitting the completed ballot (after it has been validated). This fixes one problem with the current system: after you're crossed off the role and given your ballot papers, there's nothing to stop you walking out (in oz, it is illegal to *deliberately* cast an informal vote, or incite people to do so: actually, invalid votes are surprisingly rare, for the lower house, at least)
   
5. Audit: Checks on the validity of the count can be made at a number of levels: the voter can log in and confirm that their vote is as they remember it, vote transaction details (of varying levels) can be sent to various emails for scrutiny etc., the voting station can store a list of ballots cast, central stations can store stats. on how many votes were received from how many stations (10,000 votes for Scudder only from *this* address between 5:50-5:55pm??? Hmmm! All these people seem to have death certificates...)
   
6. Procedure: The database stores the raw votes, and useful stats like time of voting, nominal seat/district. Should be simple enough to provide totals etc.
   
7. Verification: The raw data should be available to all (with exception of who voted for whom)
   

I think that lays out the bare bones of what I envision.

What next? I will start pottering about with a database design, check out whatever the various Electoral Comissions require, and let anyone wishing to comment in passing do so!
Then, I might be ready to set up an open source project...

PS:
...Oh Yes! We need a name: suggestions welcome

Personally, I like the sound of 'We, The People'

What This Is...

The US election of November, 2004 generated a lot of controversy, particularly about the validity of results provided by electronic voting systems that were:

• closed source
• provided by companies with clear links to GOP (ie the Republicans)

I do not intend to pursue the details of those controversies here (you may do so at eg: http://www.freepress.org)

I do intend to publish my thoughts and design notes for an open electronic voting system.

My starting points are:

• an open system, available for scrutiny by all those interested
• a system that will operate from a home PC with internet access. I wish to pursue this avenue for two reasons:

1. specialist machines appear prone to the sort of accusations given above
2. user convenience: when electronic voting becomes more widespread (and I believe it will, current controversies aside) a system that is convenient to use may encourage a much greater participation in the decision making process than has previously been seen.

• a system that allows the voter to check and perhaps even change their ballot after it has been cast. This draws on the 'many eyes' principle and should make it a lot harder for votes to be rigged.

How far will this get in practice? We'll see!

Comments

Please feel free to enter any general comments or criticisms here.
(You can, of course, comment on individual postings)

Any suggestions for references are welcome.