Feds want e-voting source code disclosed
By Declan McCullagh
Staff Writer, CNET News.com
Story last modified June 8, 2004, 10:15 PM PDT
HUNT VALLEY, Md.--Electronic voting machine vendors should make their source code available for scrutiny by state elections officials, the head of a federal voting commission said Tuesday.
DeForest Soaries, chairman of the Election Assistance Commission, or EAC, said disclosing the source code--the line-by-line instructions that make up an electronic voting machine's software--would help to restore public trust in the elections process. Vendors should not "have the right to keep this source code a secret," Soaries told a dinner gathering of Maryland election officials.
Soaries' suggestions, which also include standardized security checks and better record-keeping of problems, stop short of calling for paper receipts from electronic voting machines. Some advocacy groups are lobbying for "voter-verified paper ballots" that would create a physical audit trail to flag what could be a buggy computerized election machine.
"I find myself at the middle of a national debate that will quickly go global," Soaries said. "How do we secure electronic voting devices for the 28 (percent) or 29 percent of the population that will use them?"
Some 50 million Americans are expected to use e-voting machines in the November election.
It's unclear, however, what effect these recommendations will have. Soaries readily acknowledges that the commission he chairs has no authority to impose its views on state election officials, and he said he had not yet approached the other three members of the commission to seek their endorsement.
"Now is the time for computer scientists and election officials to get together and solve the problem," Soaries said.
His recommendations include:
• The EAC should ask voting machine vendors to release the source code to states under nondisclosure agreements. Computer scientists in each state should be asked to sign the agreement and review the code.
• An existing National Software Reference Library, operated by the Department of Commerce, should be expanded to include source code for voting machines. Using a technique such as a checksum, state officials would be able to verify that their machines are running the same code as the version in the library.
• States should undertake "enhanced security measures" in November. One suggested option is cryptography, which is receiving favorable reviews from the computer science community.
• Problems with electronic voting machines should be compiled and analyzed. No federal database of such glitches currently exists.
Linda Lamone, Maryland's election administrator, called the recommendations "terrific" in an interview after the dinner speech.
Maryland, which uses Diebold e-voting machines everywhere but Baltimore, already has access to the source code to the devices under a nondisclosure agreement, Lamone said. "We already follow some of the recommendations," she said.
Congress created the EAC as part of reforms enacted after the November 2000 Florida election debacle. The group is charged with certifying election hardware, doling out billions of dollars in grants to states, and "conducting studies and other activities to promote the effective administration of federal elections."