Welcome

Dear Reader,

I get this familiar feeling whenever an election year rolls around. I guess it is kind of like despair mixed with something more proactive, like maybe annoyance. I'm not talking about politics exactly, although I will admit that politics get pretty annoying. What really concerns me now is the backward nature of voting technology and the sense that nothing ever gets done about it.

The vote-counting fiasco of the US 2000 election was 18 years ago. Since then, numerous studies have shown that our voting machines are insecure, and we have uncovered evidence of foreign powers attempting to hack our voting systems. If you're wondering "why isn't this problem fixed yet?" you're not alone.

It is fair to say that some (though not all) of the very worst machines have been retired in recent years, but other systems that have some pretty severe problems are still in active use. Many voting machines use software from the 1990s – including obsolete OpenSSL implementations and unpatched versions of Windows XP. And because these systems are all proprietary and closed source, the world has no way to audit them and see how broken they really are. At the recent DEF CON conference in Las Vegas [1], testers revealed numerous security issues with voting machines in use today. One had an SSL certificate that was five years old. Another had an easily accessible memory card, which an attacker with physical access could swap out, exploiting software vulnerabilities to get control and change vote totals. These stories come back every year, typically before an election, and everyone gets shocked; then after the election, the problem floats back down to the end of the priority queue.

In the midst of all this grim news, one very interesting and hopeful development is the ongoing work of the TrustTheVote project [2] and its parent organization, the Open Source Election Technology (OSET) Institute [3]. TrustTheVote is an effort to design a complete framework for the voting process, including registration, voting, and counting, that is logical, unified, sensible, and secure. OSET's Election Technology Framework will be based on open standards, so everyone in the world will know how it works, and the powerful crowd-sourcing capabilities of the open source development model will provide universal auditing and feedback to ensure that the system remains secure and up-to-date.

OSET and TrustTheVote are interested in the engineering. Instead of serving as just another voice in the room, they want to build the system that the other voices are talking about. As they state on their website:

• No lofty academic research papers
• No congressional testimony
• No reliance on bureaucracy
• No endless public debates
• No TV news talking heads

Their focus is on "designing, developing, testing, and making available real production-ready and more trustworthy election administration software."

OSET and TrustTheVote have no intention of acting as vendors or distributors of voting machines. Their mission is to build a software framework that is then available to any vendor who wants to use it.

The voting machine industry in the US is mostly controlled by three companies, and those companies have changed very little over the years. In spite of all the negative publicity, no market forces have actually caused them to stop selling their cryptic, invisible systems to non-technical election officials. But open source software has great potential for disruption.

If the TrustTheVote project succeeds in bringing their framework into the discussion, voting machine vendors will have to make a choice. They can cooperate with TrustTheVote, integrating the universal election platform into their systems, and probably achieve vast savings in development costs, but they will need to give up some of their capacity for secrecy and competitive obfuscation.

On the other hand, if they insist on continuing to market their archaic, black-box systems, they will risk losing business to mainstream vendors such as HP, Oracle, and IBM, who will be perfectly happy to integrate TrustTheVote's framework rather than having to develop their own.

The Election Technology Framework is still a work in progress. According to the website, the current timeline calls for TrustTheVote to deliver "… production candidate election management systems plus ballot casting and counting devices for test and evaluation with the goal of being ready for deployment in the 2020 election cycle." Much has already been accomplished, but much work remains.

The TrustTheVote project could use more volunteers, especially volunteers who understand the importance of open standards and open source software. Of course, they also welcome donations, but another gift you can give to the TrustTheVote project is your awareness. Visit their website, send the link to your friends, and let the world know that we really do have a chance for better election security if concerned citizens tune in.

Joe Casad, Editor in Chief