FreeDevelopers' Proposal For Electronic Voting
by Marilyn Davis PhD.
(Facilitator of E-Democracy Projects, FreeDevelopers.net)
with assistance from:
and Tony Stanco
Since the dawn of the computer age, electronic voting has been criticized for being inherently fraught with opportunity for error and fraud. The prevailing paradigm, inherited from paper elections, has been that, to protect the privacy of the voter, we must throw away the electronic ballot immediately after it is counted. This leaves no opportunity for recount and the situation is impossible.
However, the paper paradigm doesn't hold in the computer network medium. Here, the ballots must be kept to protect the voter. In the computer medium, the ballots themselves can be protected by encryption, and therefore remain alive, available for checking by the voter, and for inexpensive recounts by anyone.
Another prevailing paradigm, since Marc Andreesen invented the browser, is that the world wide web is the `Internet'. There is a host of criticisms against internet voting based on this assumption. They are right. The web, because of its architecture, is a slippery medium with traps everywhere for the online voting developer. The web should be used for entertainment, education and shopping only.
However, if the matter is as serious as a vote, it deserves email confirmation. The email medium, if restricted to any robust, open source OS and mail transfer agent, is secure.
Another prevailing paradigm, since the rise of the database server industry, is that it is impossible to give administrative control of a database to the users. To use a database server, you must have an administrator involved.
The truth is, it is only impossible to give users control of a database if it relies on a generalized server, i.e., PostgreSQL, Informix, Oracle, etc. The generalized database server technology, because of its flexibility at the administrative level, is unable to present a flexible face to the user.
However, it is possible to build a specialized database server, for well-defined data types, obsolescing the administrative level. Multi-user games are built on this principle. Often several generations of games will be built using one server. A specialized server is typically written by one engineer working a long time by him/herself because specialized servers tend to be very complex. This is because they are built with the intent of collecting all the complexity of the problem into a small package, and providing an easy-to-use `Application Programmer Interface' (API) so that other programmers can easily build their version of the game upon it.
We have such a server for voting, 'The Clerk', written by Marilyn Davis, and named after the elected facilitator of a Quaker business meeting. Programmers and users can easily build many generations of democracy experiments upon it.
The first experiments have been eVoted email lists, and email petitions, supported by Linux and Exim. Email petitions also have a web interface to help the voter. This facility weathered concerted attack as it was used for the online `La Consulta', a nation-wide vote taken in Mexico by Zapatistas. From the attacks, we've learned our lessons. Now, the technical security is in place.
From the technical point of view, online voting by this method is perfect already, if you restrict your thinking to attack from outside the system. However, the potential for attack from the inside is absolute. The server can be subverted from the inside to falsify results. In the wrong hands, it becomes big brother, subverting the will of the group to the will of the programmer who compiles the code.
However, if the voting system is a network of thousands of dedicated cheap PCs, each with the ability to cooperate and check the others, and overseen by thousands of lightly-trained individuals, the model becomes that of many sisters rather than of big brother and, when the source code is available for public scrutiny, online voting is safe.
Such a network, once in place, not only provides cheap secure elections for all levels of government, but also can be a conduit of cooperation and democracy at all levels of society, inviting any group to meet, discuss, and make decisions online, at no extra cost. Every individual can design and administer experiments in democracy.
We, at FreeDevelopers, propose that the federal government provide funding to develop this conduit for a new age of democracy.
The FreeDevelopers e-democracy group split during December 2000, largely because of a dispute arising from a refusal of the ongoing FD team to respond adequately to concerns about the use of national flags and the "war" rhetoric of the web site, together with concerns over undemocratic management of the group. Of the original authors of this paper, Tony Stanco and Rajagopal CV are still with FreeDevelopers, while Marilyn Davis and Greg Black are with eVote(R)/Clerk. For more information about eVote: http://www.deliberate.com/