Peregrine

Recently, California’s Secretary of State was required to perform a security screening of the eVoting systems that the State of California is thinking of/planning to use. The California Secretary of State appears to have been highly opposed to this outside audit process, according to information found within the official reports (the site has lots of links to very interresting documents, most of which are well worth the reading).

Matt Bishop’s comments on the nearly total lack of cooperation from the California Secretary of State’s office gave to the review process are utterly amazing. It’s good to see that Debra Bowen (California’s Secretary of State), has now taken the step of decertifying, dis-approving all previously approved eVoting systems.

Avi Rubin has some excellent comments on the whole eVoting situation.

The State of Florida is getting into the act, reporting on their own security reviews of commercial eVoting systems (PDF). In this letter to Diebold (PDF) which the State of Florida has published, they give Diebold an ultimatum:

Based on the report, the Bureau of Voting systems Certification has determined that certain vulnerabilities outlined must be corrected by August 17, 2007, to continue this certification. Failure to do so will result in a denial of certification.

There’s 3 pages of required fixes attached to that letter.

The U.K. Electoral Commission recently released their report detailing serious security flaws in eVoting systems.

Electronic voting is a hard problem, but that doesn’t excuse Diebold Election systems, Inc., Hart InterCivic, Sequoia Voting Systems and Elections Systems and Software, Inc. from their demonstrated complete lack of fundamental understanding of how to secure … well, anything and in particular, they’ve all shown that they have no one with even the first clue of how to either implement nor apply cryptography correctly.

Applause go to both Florida and the U.K. for recognizing bad vendor crap in the first place. An extra-hearty ‘atta-girl’ goes out to Debra Bowen in California for throwing out approvals and certifications of these seriously flawed systems.

This topic is far too important to leave in the hads of the proprietary, closed-systems mindset crowd. It must be open. The code must be open and available to everyone. All systems must be thoroughly tested by reputable, recognized, outside authorities. I hope we’ll see an open source/free software implementation of an eVoting system that could be used for governmental elections. Such a system wouldn’t be limited to only government use, either, but I believe it would find place in many corporations and other institutions.