Firm invites experts to punch holes in ballot software
experts to punch holes in ballot software
VoteHere, a maker of security software for voting machines, published
the source code for its product online in hopes of garnering
additional analysis of its method for verifying the integrity of
electronic votes.
The company, which has patented its VHTi technology, wants comments,
not competition, so it released the code and several documents to its
Web site under a license that restricts use of the code to analysis
for a period of 60 days.
"We pride ourselves on being good students of cryptography," said Jim
Adler, founder and CEO of the Bellevue, Wash.-based company. "We know
there is no security through obscurity, so we want to be open."
Revealing encryption algorithms for peer review is a standard practice
in encryption circles and allows experts to poke holes in other
people's technology. VoteHere hopes the additional scrutiny will prove
that its technology is sound, Adler said.
The company's software is designed to let voters verify that their
ballots were properly handled. It assigns random identification
numbers to ballots and candidates. After people vote, they get a
receipt that shows which candidates they chose--listed as numbers, not
names. Voters can then use the Internet and their ballot
identification number to check that their votes were correctly
counted.
"It doesn't protect the system from compromise, but it detects when
compromises happen," Adler said. "We are the barking dogs: If anything
touches the ballots, it can be detected."
The move comes as questions arise about the security of electronic and
Internet voting.
Though few problems with electronic voting machines arose on March 1,
Super Tuesday, many problems have cropped up during other elections.
Some states, Michigan among them, are going full bore to ballots cast
on the Internet, despite some computer scientists' concerns that the
Net is not secure enough to prevent election tampering. About 28
percent of Michigan voters cast their ballot online in February during
that state's Democratic caucus. In the same month, the Department of
Defense backed away from plans to conduct a trial that could have let
the 6 million Americans abroad cast their vote online.
VoteHere has had its own security issues to deal with as well. In
December, the company called in the FBI to investigate a breach in the
company's network. Adler said the investigation was ongoing and
stressed that VoteHere's plans to release source code had been in the
works since last summer.
