What Open Source Technology Can and Can’t Do to Fix Elections
Los Angeles voters in last month's primary election found themselves in a familiar situation: stuck in traffic. But they weren't in the comfort of their cars on the freeway. Instead, due to mishaps with new ballot-marking devices, some voters stood in line for more than 2 hours and others didn't get to vote at all.
Los Angeles County is one of a growing number of public authorities testing open source components for voting systems. It began work on its US $300 million Voting Solutions for All People (VSAP) project in 2009, announcing at the time that its source code would be open and belong to the county. Most American voting systems belong to one of a handful of certified commercial suppliers, which keep their source code close to their chests.
VSAP, which Los Angeles County used for the first time this year, has yet to open its code to public scrutiny, but the code does belong to the county. A county spokesperson told Politico it still plans to share the code once it resolves security and licensing issues.
Open source code would add to the transparency of the process, says elections expert Peter Wolf of the intergovernmental International Institute for Democracy and Electoral Assistance (IDEA) in Stockholm. That can assuage concerns from opposition political parties, competing voting system providers, and voters.
At least 22 countries have reported to IDEA that they had experimented with some form of open source voting, and the list is growing. In the United States, voting is administered at the county level, so there is a plethora of experiences to compare.
Microsoft is also involved in an open-source vote verification system, tested in this year's Wisconsin primary election. It would allow a voter to confirm that their vote was counted.
Last year, DARPA announced that the agency was building its own $10 million open source system that will showcase new verifiably secure hardware. Its hardware is not a complete voting system, either, but it might "kick industry in the pants," says open-source voting technology evangelist Gregory Miller, chief operating officer of the nonprofit Open Source Elections Technology (OSET) Institute.
Miller and another maker of open source voting technology, computer scientist Juan Gilbert at the University of Florida in Gainesville, both claim that the main three commercial vendors have adopted ideas first implemented by the open source movement.
"That was definitely a success," Gilbert says. "Our goal was to change voting."
Samira Saba, communications director of Smartmatic, a major election systems supplier that was also VSAP's commercial partner, says that Smartmatic uses open-source components in the operating systems, development frameworks, toolchains, and encryption libraries of some of its products.
"One risk with open source is assuming automatically you will have extra scrutiny." -Peter Wolf, IDEASince Gilbert isn't trying to build a commercial platform, he hasn't spent the $700,000 or so and the year it might take to obtain U.S. federal certification for his ballot-marking device, the Prime III, but the states of New Hampshire and Ohio have adopted versions for use by voters with disabilities.
That financial barrier to entry is one reason why free and open source voting systems may not be commercially viable without a change in the business model, as has happened in other businesses. Instead of charging for the right to use the software and hardware, for example, companies could charge users to get support for open systems.
"It will become a business of systems integration," Miller says. The OSET Institute predicts that such a business built on open source infrastructure could save taxpayers around 60 percent of what they now pay to voting technology companies.
Saba, of Smartmatic, says that the company recommends to clients that they disclose their system's source code to relevant stakeholders-though not necessarily the whole world-for the sake of transparency. "We believe this is the way of the future," she says.
One example of that approach was Switzerland's new online voting system (not built by Smartmatic). However, when somebody leaked the code last year, security researchers found multiple flaws not detected by the professional auditors with whom Swiss authorities had shared the code.
Though many supporters expect open source voting technology to offer an opportunity for better security, the opportunity is no guarantee, Wolf says. He once reviewed the public code for a national online voting software and noticed that it hadn't gotten a lot of attention from other reviewers.
"One risk with open source is assuming automatically you will have extra scrutiny," Wolf says, "And it will not necessarily happen. It depends a lot on the community."
Voting technology oversight turns out to be a lot like other forms of oversight in a democracy. Opening the source may enable some oversight, but it won't assure it on its own. Nor can it prevent the paper jams that caused last month's voter traffic jams in Los Angeles.
"Other technology runs 24/7 and you can learn from failures. Elections technology has to work on the day and it's almost always new," Wolf says. "Open source or not, this is always hard to get right."
Open/Close is a series of stories by Lucas Laursen for IEEE Spectrum that explores how openness and technology interact. The open source movement emerged from software, but has spread in many directions since, to hardware-focused Fab Labs and even voting booths. Openness offers plenty of tempting benefits: oversight by the crowd, preventing duplication of effort, and the ability to empower vulnerable people. But it also results in innumerable software forks, doesn't always attract a critical mass of users, and can threaten privacy. This series will address how the tensions between open and closed technology are playing out in the engineering world.