X

Firm invites experts to punch holes in ballot software

VoteHere, a maker of security software for voting machines, publishes the source code for its product online in hopes that peer review will reveal any weaknesses.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
See full bio
Robert Lemos
2 min read
VoteHere, a maker of security software for voting machines, published the source code for its product online in hopes of garnering additional analysis of its method for verifying the integrity of electronic votes.

The company, which has patented its VHTi technology, wants comments, not competition, so it released the code and several documents to its Web site under a license that restricts use of the code to analysis for a period of 60 days.

"We pride ourselves on being good students of cryptography," said Jim Adler, founder and CEO of the Bellevue, Wash.-based company. "We know there is no security through obscurity, so we want to be open."

Revealing encryption algorithms for peer review is a standard practice in encryption circles and allows experts to poke holes in other people's technology. VoteHere hopes the additional scrutiny will prove that its technology is sound, Adler said.

The company's software is designed to let voters verify that their ballots were properly handled. It assigns random identification numbers to ballots and candidates. After people vote, they get a receipt that shows which candidates they chose--listed as numbers, not names. Voters can then use the Internet and their ballot identification number to check that their votes were correctly counted.

"It doesn't protect the system from compromise, but it detects when compromises happen," Adler said. "We are the barking dogs: If anything touches the ballots, it can be detected."

The move comes as questions arise about the security of electronic and Internet voting.

Though few problems with electronic voting machines arose on March 1, Super Tuesday, many problems have cropped up during other elections.

Some states, Michigan among them, are going full bore to ballots cast on the Internet, despite some computer scientists' concerns that the Net is not secure enough to prevent election tampering. About 28 percent of Michigan voters cast their ballot online in February during that state's Democratic caucus. In the same month, the Department of Defense backed away from plans to conduct a trial that could have let the 6 million Americans abroad cast their vote online.

VoteHere has had its own security issues to deal with as well. In December, the company called in the FBI to investigate a breach in the company's network. Adler said the investigation was ongoing and stressed that VoteHere's plans to release source code had been in the works since last summer.