Foo Camp and Electronic Voting12 Sep 2004
I'm at Foo Camp this weekend, an ad hoc gathering hosted by Tim O'Reilly. Tim describes Foo Camp as follows:
Foo Camp is a creation of the people who attend. We're inviting people who're doing interesting works in fields such as web services, data visualization and search, open source programming, computer security, hardware hacking, GPS, and all manner of emerging technologies to share their works-in-progress, show off the latest tech toys and hardware hacks, and tackle challenging problems together.
One of the challenging problems we have tackled is electronic voting. While Foo Camp attendees span all corners of the technology industry, we all agree on the basic approach that needs to be taken in order to offer a reasonably secure, feasible, and simplistic solution.
The most interesting aspect of the proposed solution is that it actually involves less technology and sophistication than other solutions that have been proposed in recent years - and this from a group of technology enthusiasts. The basic idea is that a two step process is needed:
- In the first step, the voter uses a machine to select the desired candidate, and this machine prints a ballot that displays the selection in a standardized font that is easy to read using an OCR technology. This ballot does not include any personal information about the voter; only the voter's selection is indicated.
- The second step involves the voter presenting this ballot to the election officials, and this is where voter eligibility and such are verified. An eligible voter then inserts the ballot produced by the first step into a counting machine (the one that performs the OCR), and here it is recorded. The consumed ballot is kept for confirmation.
There are quite a few benefits to this solution, the biggest of which is that it does not attempt to be a perfect solution. It also manages to closely resemble the existing process while making several notable improvements. Other benefits include:
- No reliance upon the security of the first step (because the ballots are not counted until the second step) in addition to the opportunity for third parties to make financial gains (proprietary implementations are fine, since security only matters in the second step).
- The first step allows for multiple methods of error reduction as well as evidence of each vote due to the fact that a physical ballot is generated.
- Potential for future improvements, including the ability to generate ballots (first step) from locations outside of the secure voting area (because another ballot can always be created in the secure voting area, eliminating concerns of coercion).
- The voters themselves have an opportunity to verify the first step, because the output is human readable, and this output is exactly what is read and recorded.
- The second step relies upon an open standard, and implementations are required to be open source and thoroughly reviewed by software professionals.
- Multiple implementations of the second step are possible, strengthening the reliability and security.
- There is little cost in increasing the verification efforts for situations where the vote is closer than the tolerance level of this system.
There are other details, but this should give you a general idea. More formal specifications and such are in the works. Feel free to suggest weaknesses and improvements to this system; this is still a work in progress.