Currently not feasible

Dutch Minister: Electronic voting software needs to be open

Published on: 18/10/2017
Last update: 30/10/2017

The openness of source code is an important requirement of software for electronic voting systems. To guarantee the transparency, verifiability and integrity of these systems, anyone should be able to check how the systems are working and verify that they meet their requirements. Furthermore, a Common Criteria EAL4+ certification requires that all source code is available for review. That will not always be the case when using proprietary libraries to build the system.

So said Ronald Plasterk, the demissionary Dutch Minister of the Interior, in his answers to members of the Dutch Parliament recently.

Not feasible

Their questions were a reaction to the publication of the report 'Feasibility of vote printers and vote counters' by Atos Consulting. The company was commissioned by the Ministry of the Interior to find out whether these two types of systems could be implemented according to the requirements previously drawn up by the independent expert group Electronic Voting, and how much time and money this would take. Of the 23 suppliers that were approached, in the end only four parties had actually responded. And only two of those had used the form provided for their responses; the other two simply submitted on their own solutions, independent of the set requirements.

Even though two of the four suppliers considered the open source requirement to be feasible, Atos found issues in their responses that would ultimately forbid opening up the code. That's how the consulting company came to conclude that electronic voting based on the current set of requirements is not feasible.

These are the issues concerning opening up the source code as they were brought forward by the suppliers and Atos:

  • the software may not be sold to others, which would make it economically unfeasible for a supplier to have its engineers working on maintenance and product innovation, and to provide warranties;
  • the required Optical Character Recognition (OCR) technology, which is acquired from a third party, contains confidential methods and algorithms that prevent it from being published as open source;
  • software from the hardware supplier and standard software libraries will not be available as open source; and
  • test plans to measure signal leakage, based on the NATO TEMPEST SDIP-27/1 specification, cannot be made available as open source.