Open-source project aims to erase e-voting fog

Joseph Kiniry, a computer science lecturer at University College Dublin, seems an unlikely candidate to work on open-source voting software.

He believes e-voting is risky and current e-voting software is substandard. Nonetheless, e-voting is here to stay, and governments around the world have sunk big money into systems that have been roundly assailed by computer security experts as insecure.

"I think governments feel like if they're not being modern, there's something wrong with them," said Kiniry, who describes himself as half mathematician and half software engineer. "They think that computers are somehow infallible, forgetting that people are the ones who create and use computers."

That's why Kiniry and a team of researchers have built an e-voting software system that they hope will provide a foundation for future secure systems. The code is open source, a decision made to ensure the platform can be widely scrutinized by peers, and should be released in July.

E-voting seems simple -- just click and then count the votes, right? Wrong. It's fraught with complexities, from translating vague election laws into software rules to recounts and the panoply of security and privacy concerns.

The team started with a body of code that was part of the Dutch government's "Kiezen op Afstand" (KOA) project, which is Dutch for "remote voting."

The project involved vendor Logica CMG, but was eventually ended. The Dutch government decided to release the code under the GNU GPL license after stripping it of its proprietary elements.

The code was decent -- not overly engineered or overly complicated -- but nearly unusable at the time. It wouldn't even compile, Kiniry said. Further, all of the documentation was in Dutch, he said.

The team used reverse engineering techniques to construct the missing code. What they came up with was a system that Kiniry believes surpasses other open-source e-voting software and commercial systems he's analyzed. But that doesn't mean it's ready to be used for an important national election. "We're just using it as an experimental platform and trying to make it better and let other people play with it," Kiniry said.

The back-end software, written in Java, will run on Linux or Apple's OS X. The user interface, viewed through a Web browser, is "Google simple," Kiniry said.

Here's how it works: Voters register to remotely vote at a government office and pick a PIN code. A unique ballot is mailed to the voter that can only be used by that voter. On election day, users go to the Web site, type in a voter ID code and their PIN, and vote.

The ballot has a number next to each candidate that is different for every voter, a type of pre-encryption. When a vote is cast, that unique number is transmitted to the server and decoded into the correct candidate.

Kiniry said there are still attack vectors to tamper with the results, but the bar is raised higher. Even if the number was intercepted during transmission to a database, it would essentially be meaningless because it's different for every voter.

After voting, the user gets a receipt number that can be used to verify that the ballot was counted.