Making the source code available of systems used to organise voting will not not help solve problems with electronic voting machines, says David Glaude, one of the IT specialists involved with Poureva, a campaign to stop the Belgian government's use of automated systems for voting. Glaude commented on the publication by the Estonian government of the source code of the server software used for elections since 2005.
In June and July, voting computers and their weaknesses were discussed on three separate occasions.
In June, a Swiss IT security expert, Sebastien Andrivet, made public a vulnerability that he found in the e-voting software that is used in the cantons of Geneva, Berne, Lucerne and Basel-Stadt. At the Nuit du Hack conference in Paris, he demonstrated a virus that could change a 'yes' vote into a 'no' and vice versa. The news prompted the Green party in Geneva to call for a moratorium on the use of the systems.
Complex
On 9 July, at the Libre Software Meeting conference taking place in Brussels, Glaude had talked about the use of computers for voting in elections organised in Belgium. Glaude opposes the use of computers for voting. He argues that voting systems must be kept simple, so they can be understood by any citizen. Using computers means the system becomes much more complex. "Even if you publish the code, where is the guarantee that this is the code that was used on election day? How to guarantee the tools that are used to build the executable version of that code? What about the operating system? What about the computer hardware and drivers?"
On 17 July, the government of Estonia made part of its election software available on Github, publishing it under a creative commons licence. "The intention behind this repository is to make source code of the server side components of Estonian internet-voting system available for public review", Estonia's National Electoral Committee writes on the site.
Oversight
Glaude, asked for comments on the Estonian publication, refers to recent comments by US computer scientist Barbara Simons, quoted in a news item by Ars Technica. The news site reports that Simons is still sceptical: "I think it's good that the source code has been released, but it doesn't prove that the released code is what is used during the election. We know that last-minute code changes can be made with no independent oversight." Simons wrote a report on the Estonian Internet Voting System in 2011. She concluded that the system is insecure and listed seven problems.
Glaude also points to the Belgian Poureva campaign, which in 2008 explained that Estonia's Internet voting system is incompatible with the principles of a democratic election. "That is still true today."
More information:
Estonian Public Broadcasting news item
Estonian internet-voting system on Github
Ars Technica new item
Gigaom news item
Inside IT news item on the virus in the Swiss election software (in German)
David Glaude's presentation on e-voting at RMLL
Comments on Estonia's voting systems by Barbara Simons
Comments by Jason Kitcat on Estonian voting system
Le Matin news item on the virus in the Swiss election software (in French)
Poureva on Estonia's remote voting (in French)
Comments
Barbara Simons is right about the security and possible problems with open source automated systems for voting.