Tuesday, November 12, 2013

Estonia opens i-voting source code to the public

Source: http://a.abcnews.com
It has been demonstrated time and time again that electronic voting systems result in thousands of dollars in savings for elections and this is also true with the paradigm of Internet-based voting systems. However, one of the biggest expenditures needed to run an election that supports i-voting protocols is the development of the election software. A bold move by the government in Estonia could help to not only reduce costs for future automated elections, but it could also help to improve transparency and security as well.

The Electronic Voting Committee in the country of Estonia released its electronic voting software to the open source community for viewing and scrutiny. The source code for this software is now available through GitHub, a popular open source platform on the Internet. It is important to note that Estonia is only releasing the server side source code to the public and not the client side.

This is not the first time that Estonia has made the source code of its online voting system available to the public, but in the past, people had to sign a confidentiality agreement before they were offered the privilege of viewing the code. By allowing the source code to be viewed openly and freely on the Internet, Estonia has given a boost to transparency in its election system.

The country has been using its e-voting system since 2005, implementing in five elections to date. Voters use the country's mandatory identity card to cast their vote online. The voting platform can be accessed from any computer and the voter can submit and change the vote all the way up to Election Day. The identity card contains an electronic authentication system that is at the heart of the security and integrity of the e-voting protocol.

While it is still unclear whether online voting improves voter turnout, it has been noted by Estonian Public Broadcasting (Eesti Rahvusringhääling) that 24.3 percent of all votes cast in the 2011 general elections were cast using the electronic online voting system.

“This is the next step toward a transparent system,” said Electronic Voting Committee chairman Tarvi Martens. “We welcome the fact that experts representing civil society want to contribute to the development and security of the e-elections.”

Nevertheless, there have been allegations that the 2011 general elections were tampered with, as Tartu University student Paavo Pihelgas found a security hole that would allow a virus to block votes to certain candidates. The voter would not be aware that any tampering had been done. This was never proven, but it did point out a potential problem. American computer scientist Barbara Simons agrees that malware, insider threats and other security risks make i-voting systems inherently vulnerable to attack

While some opponents to i-voting may say that opening the source code to the public could open up even more vulnerabilities, the open source approach will likely act more in the favor of Estonian elections. Just as major companies like Microsoft and Google host “hackathons” that challenge programmers to find security risks and flaws in their systems, the open source nature of the e-election software will allow programmers and experts from the general public to scrutinize the code, finding and reporting bugs and flaws back to government officials.