|
April 2006 (Vol. 7, No. 4) 1541-4922/06/$26.00 © 2006 IEEE Published by the IEEE Computer Society News: Cradle of Liberty Lags on E-Voting
Several United States sites call themselves "The Cradle of Liberty," owing to their importance during the Revolutionary War, and the appellation is sometimes extended to the US as a whole. However, when it comes to advancing the technology of democracy's cornerstone—voting—the US is falling far behind the United Kingdom, continental Europe, and Australia. Vendors, officials, and standards groups in those regions are leading the way toward the technological and political infrastructure that can make the peoples' voices more easily heard and counted. Markup language standard In February, the Organization for the Advancement of Structured Information Standards (OASIS) Election and Voter Services technical committee ratified the Election Markup Language (http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=election). The EML ratification, which culminated work begun in 2001, had to account for more than data formats, protocols, and APIs. "When you talk about e-voting, you're talking about a lot of different things to a lot of different people," says John Borras, outgoing chairman of the EML technical committee and CEO of the UK's Local e-Government Standards Body. To address these differences, Borras says the TC first developed an end-to-end process of what e-voting covers—from registration to balloting and recording. Within that process, the committee didn't distinguish Internet voting from poll voting. This enables EML to play a part anywhere data must pass through voting system components. "We were clearly coming at it very much from a public voting environment viewpoint," Borras says, "although we didn't want to preclude private sector voting—like shareholder proxies, for example." After defining the top-level process, the TC moved on to the voting process semantics in various countries. Aligning the UK and US processes took a couple of years. At that point, Borras says, "the rest of Europe started to wake up, and we spent the next couple years trying to capture the variation of voting machines in Europe. So, this version of EML is a very generic set of XML schemas that handle data exchanges that will support—as far as we know—all the known voting regimes around the globe. To be sure, there will be others, but we have taken the prime movers and are confident we can accommodate all those voting regimes." Numerous European public entities have already championed EML. The Council of Europe endorsed EML(http://www.coe.int/t/e/integrated%5Fprojects/democracy/ 02%5FActivities/02%5Fe%2Dvoting/01_Recommendation/00Rec%282004%2911E_ rec_adopted.asp#TopOfPage) in September 2004 for continent-wide use (with adoption schedules at the discretion of local jurisdictions), and the UK government requires EML compatibility among e-voting components. UK banks on EML and interoperability Although the OASIS EML committee includes representatives of both the private and public sectors in the US, including IBM, Oracle, Sun Microsystems, and the US Justice Department, only one of the major US-based e-voting vendors, Election Systems and Software, is a committee member. "They've all been invited to take part and join Oasis and to contribute to EML," says Roy Hill, a committee member and technical director of Opt2Vote, a Londonderry, Northern Ireland-based vendor. Hill says he believes ESS participated because the company has a UK market presence, and the UK government requires system suppliers to comply with EML standards to ensure interoperability. "As an example," Hill says, "in a typical election, if Opt2Vote provides the voting system, the government may decide ESS will provide the counting system, so you have two separate providers, and because both would be compliant with EML, you would be certain the ESS equipment could read the data presented to it. In this way, the architecture of the system would be seen as having no possibility of collusion; the result would be the true reflection of the ballot as recorded." The EML-based approach to transparency, in which public officials can choose among a variety of vendor products, might be the most striking difference between the European and US approaches to establishing e-voting infrastructures. The UK has run numerous pilots of e-voting technology in recent years to mainly positive reviews by the nation's Electoral Commission. In a review of the nation's e-voting pilots for 2003 (http://www.sosig.ac.uk/ roads/cgi-bin/tempbyhand.pl?query=1060246851-24266&database=sosigv3), the commission affirmed the government's reliance on EML. It also praised the intent of mandating separate suppliers for different parts of the e-voting infrastructure, but it recommended some tweaking as well:
Borras says the OASIS EML committee doesn't have any illusions that the newly ratified standard will erase the gnarly problems inherent in e-voting overnight. "You have to recognize this whole e-voting environment—particularly remote, uncivilized Internet voting—is totally new, and there's very little precedent or well-defined business requirements," Borras says. "And once you get into that environment, you start opening the door to changes in voting legislation and practice." He sees it taking several years to stabilize the procedural and cultural foundations that will allow e-voting to become the norm. "The UK has been very active in testing the theory of e-voting across various channels, and what we've found is, EML as it's been drawn up by OASIS is fine, but then you have to customize it to your local environment, because there are different business rules within each country that will affect things at the detail level. In the UK, we have produced a UK-customized version of EML, and I hope this pattern picks up around the world." E-voting on the up 'n' up down under While the UK has conducted numerous e-voting pilots, the Australian Capital Territory has used e-voting in two of its general assembly elections, in 2001 and 2004. The regional government didn't mandate that separate vendors supply different parts of the overall electoral architecture, but it did require the single vendor supplying both elections to use software that was openly available to public scrutiny. The chosen vendor, Software Improvements Ltd., designed its eVACS system on the Linux operating system to meet those requirements. In its review of the 2004 election (pdf, http://www.elections.act.gov.au/adobe/2004ElectionReviewComputerVoting.pdf), the ACT's Electoral Commission said it was satisfied the transparency requirements addressed its own security concerns:
The commission review compares this approach favorably to the US reliance on proprietary solutions:
In addition to basing the ACT system on auditable software, the commission set up the following safeguards: Among voters, the system proved increasingly popular. The 28,100 votes recorded by computer in 2004 represented a 70 percent increase over the 2001 e-vote total of 16,500. Only 10 voters registered official complaints about the system. The commission recommended using the system in the 2008 elections. Back in the USA: Laissez faire While Europe and Australia move steadily forward to endorse standards and achieve e-voting transparency, voters' rights activists say US elections officials continue to display a mixture of arrogance and ignorance in setting up e-voting systems. Many examples have recently come to light. For instance, late in 2005, the Alaska Democratic Party compiled some evidence that electronic databases manufactured by Diebold, the state's e-voting vendor, might contain errors. When they asked for the complete electronic databases of the 2004 election, state elections officials told them the file formats in which the information resided were proprietary. In effect, the data within the files was public information, but the specific formats in which the data resided were the property of Diebold and therefore not accessible to the public. After local media and voting transparency activists publicized that stance in early February, the state officials backed down somewhat and agreed to release the data but only in consultation with Diebold who might be allowed to manipulate data to protect proprietary information. But in late February, the state reversed itself once again (http://www.bradblog.com/archives/00002467.htm), and told the Democrats that the state's chief security officer, Darrell Davis, had decided releasing the information in the database "would be providing an outside entity the ability to modify the structure using commonly available tools like Microsoft Access." In January, Connecticut's Secretary of State, Susan Bysiewicz, abrogated a contract with the state's chosen vendor, Danaher Corp., claiming the company had misled the state about the federal certification status of its DRE (direct recording electronic) voting machines. The state must begin its vendor search process again. Voting technology watchdog group VoteTrust USA pointed out that independent verification of certification is available through the National Association of State Election Directors. This means Connecticut officials could easily have avoided a last-minute crisis by improving its due diligence. Connecticut officials had no comment. New York officials have moved so slowly in establishing new voting technology requirements under the 2002 Help America Vote Act (HAVA, http://www.usdoj.gov/crt/voting/hava/hava.html) that the federal Justice Department announced an intent to sue the state (pdf, http://www.votetrustusa.org/pdfs/New%20York/doj_letter.pdf). Johns Hopkins University professor Avi Rubin, one of the nation's foremost experts on the e-voting climate in the US, says several factors have contributed to the widespread confusion. First, he says, "the "Election Assistance Commission (http://www.eac.gov) took a while to come out with guidelines and they're not actually providing concrete guidance. They're hemming and hawing, saying 'if you use paper here are some guidelines, if you don't here are some guidelines,' but they don't actually address the security concerns." This keeps vendors from complete certainty about what to build and makes government officials afraid of investing money in systems that that might not be qualified. "So there's a huge sense of uncertainty about what equipment is OK to use," says Rubin. "The other factor is you have such a disparity in the opinions of election officials. There's a strong split between those who back paper ballots and DRE proponents. These arguments continue in legislatures and among election officials and it's creating a bit of a stalemate in some places." VoteTrust's policy director, Warren Stewart, says that HAVA precipitated a land-rush mentality. Poorly defined public interest requirements appeared suddenly amid existing technology with known shortcomings. "It's not a very profitable business," Stewart says of e-voting. "You sell a bunch of machines to a county and then—theoretically, anyway—you don't have a sale for 15 years." The 2000 presidential election changed the scene. When Congress passed HAVA to address that problem, Stewart says it was "the first time ever the federal government had provided any money for election administration. So there's US$4 billion out there, this fantastic windfall, but everybody knew it was a once-in-a-lifetime opportunity and that began a feeding frenzy. There was zero incentive to produce a better machine, but a ton of incentive to sell the inadequate machines they had." Conclusion In the short term, both Rubin and Stewart are among those who advocate the paper ballot backup. Rubin is heartened by the increasing number of states writing paper backup into their new voting laws. For people who are alarmed by voting systems that run on private and proprietary software, the paper backup might supply a degree of transparency. However, OASIS's Borras suggests a different approach to the problem. "Within EML, we have not attempted in any way to solve those basic problems," he says. "What we've tried to build into EML is sufficient checks and balances so that your security regime, whatever that might be—and it will vary from country to country—can operate and see what's going on. This wish that if you get into e-voting, you want a printout—it can be done, but it seems to be a waste of the whole principle." Related Links
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
DOWNLOAD PDF 
All votes are cast in a public polling place over an isolated local network, staffed by independent electoral officials.