Democratic societies of today face the challenge of upgrading public dialogue and reinforcing citizens’ participation in decision making, thus passing from an e-government to an e-governance model. eVoting is an important aspect of this effort, while at the same time is one of the most controversial issues at a technological, political and social level. A basic precondition for the maturity and acceptance of eVoting systems is the establishment of trust for their users.
The concept of public trust
Public trust is a complicated and hard to formalize concept with social and also philosophical extensions. It can be viewed as a social property based on interactions among a set of different entities and hence can be established only if all entities are persuaded that a situation or a system satisfies specific properties of trust. A more pragmatic view of trust maybe as follows:
Trust of an entity A in a service X is the measurable belief of A in that X will behave dependably for a specified period within a specified set of principles and rules.
In the eVoting domain, entity A is the voter and service X is the eVoting system. The term “dependably” refers to the ensuring of the basic requirements which apply to both electronic and conventional voting, such as democracy, secrecy, fairness, verifiability, etc. Under this view, the management of trust is the effort to translate, specify and incorporate these requirements in the system, in a completely transparent way that will allow for verification by everyone.
Transparency is probably the biggest advantage of traditional voting systems. In electronic systems though, it is not easy for someone to comprehend precisely how they work, since one does not know how the computer operates internally. Especially when such systems operate as black boxes (e.g. to protect intellectual property rights) it is not possible to establish a minimum acceptable transparency level. This means that, as in many information systems providing e-services, the property of trust is mostly based on the reputation of the eVoting system developer or operator (e.g. the State).
Open Source software and transparency
Any eVoting system should be a democratic system. This implies that it should be open to scrutiny by everyone. Of course, the majority of people lack the e-skills required to validate the design soundness or to assess test results. However, they may be motivated by others who are experts.
The most natural way to achieve this is to use open source software in the development process of an eVoting system, using a model/procedure similar to the one described hereafter:
A group of developers implements the system and subsequently distributes it for free use by all, e.g. through the web. In addition, if the development process is combined with typical design methods and risk analysis techniques, as opposed to ad-hoc system design, the result will be an extended documentation of all design and development details. The software is open and extendable and allows the easy incorporation of new protocols.
Expert programmers from around the world may download the software, execute it and identify and fix potential security flaws. Various user communities (e.g. blogs) may test the software and provide feedback to the open source community for possible modifications, refinements and improvements that might ensure ease of use and thus greater user acceptance.
Scientists and security professionals may check the documentation thoroughly and provide mathematical evidence for the security and the scientific soundness of the system (e.g. quality and length of cryptographic keys). The State or other authorities may organize open calls for attackers who will in turn help the system mature and become more robust.
This mobilization of an international community actually creates added value for the system. This approach may require fairly long time but is an open and democratic procedure, fully compatible with the character of voting. What is more, the adoption of an open source model ensures independence from specific vendors and offers lower costs in relation to commercial software.
How safe is the use of open source?
The usual critique against using open source in eVoting is that the provision of an open system to malicious users may make it an easy target for attacks. However, after the maturity stage, one expects that the system will be secure and robust against such attempts. Just to set an example, Linux kernel, Apache server and openVPN, are among the most secure open source systems. The AES algorithm that substituted DES was the result of an open contest, its source code was published and analysed for a long time, it was approved by the National Security Agency, and was the first to be openly released for use by everyone. Many cryptographic libraries have been developed based on the open source model and are freely distributed over the web.
Similar examples also exist in the eVoting domain, the example of Australia being the most characteristic. In Australia, the eVoting system used in ACT election on October of 2001 was developed by a private company but subsequently, the source code was opened to public, which led to the identification of some problems that needed to be fixed.
The use of open source software in eVoting systems, together with an effort for free distribution to the widest possible community, can substantially increase the transparency and trustworthiness of the system and facilitate its social acceptance. Other issues that emerge, such as who is the owner of the system, to what extent are commercial interests harmed by the use of open source and whether an equilibrium condition may be found, should be encountered at a different level (e.g. at State level) and out of the scope of the open source model.