Open Source Voting: an exploration of election security without obscurity

Frequently, I am asked whether releasing software as opensource, compromises security - especially when it is used in critical areas like voting systems. Such systems can potentially make it impossible for people to claim their vote was cast falsely, ease the govt’s job to audit unused ballots and even make it impossible for political parties to buy votes.

The simple fact is that security is never based on source-code - it is always based on the mathematical impossibility (or difficulty) of factoring prime numbers. However this is, understandably, a difficult idea to digest - especially by laymen.

The easiest way to demonstrate it is,  through real life.

Scantegrity II, is a reliable-voting-system, developed by a team of researchers at MIT. The source code is, of course, available for free -  as are any patents related to it. This system was recently put to practice in the municipal elections at  Takoma Park, USA.

One can see how wonderfully open the system is - by checking out the audit website. The digital ”seed” used to randomize the data is also given away at the website ! Unused ballots are audited and released to the public. Note that the Election Commission meetings themselves are audited and released to public in a verifiable manner. And after the elections, any citizen can double check his/her vote on a website (however, the actual information of which vote goes to which political party is not published. Therefore there is no incentive for vote-buying).

These are all part of the process for the public to maintain faith in the system. Security is not compromised by this openness - it is only enhanced. Since any citizen can potentially audit the election, it does away with the age old problem of - Who will watch the watchmen ?


Open Source Voting: an exploration of election security without obscurity


November 15, 2009

Find me on Twitter @sandeepssrin

Did i make any mistake? Please consider sending a pull request.