No e-voting in Ireland this June!

Excellent result in Ireland, the Minister responsible has been forced to announce that there'll be no e-voting in Ireland this year. After having spent over 52m euros on this project, it's unsurprising that there have been calls for the minister's resignation. If he does go he won't be the first or last political casualty of e-voting.

The Commission's report is available online here.

Other reports:, the register, ars technica


Dutch e-voting controversy

Well it's the turn of the Dutch to get some controversy on their e-voting system. The system in the news at the moment (KOA) is only for overseas voters but still it aims to count real votes. The Dutch government rather bravely opened the system to experts, even if the result was criticism. Crypto academics were not impressed with the system at all. Let's see how long the government sticks with it.

What I find surprising is that LogicaCMG were picked to build and run the system. They have no experience in this field at all. If you must get a commercial provider for e-voting, at least pick one who has done e-voting before and can pretend to understand voting's unique challenges.

More on


How not to introduce e-voting

Ireland really are making what can only be called a pig's ear out of introducing e-voting.

The mess just gets worse and worse. I pity the poor electoral officers who are sitting there waiting to see what they're going to be using on June 11th.

The latest developments are reported in The Irish Times, in essence the independent commission set up to assess whether the e-vote should proceed wanted legal indemnification. Without it they wouldn't approve the e-voting system. In other words the commission don't want to be sued when it all goes wrong with the e-voting because they let it go ahead under political pressure.

Surprise, surprise they got the legal indemnification from the Irish government and I think we'll see a green light (with caveats) when the report comes out in a week.

Interestingly the source code for the e-voting system is only leased to the government and some more legal jiggery-pokery was had before the commission were allowed to see the source. Now they have about a week to examine the source and write the report. No problem then.


VoteHere release some code (sort of)

You turn your back to start packing and something happens!

VoteHere have released the code and documentation to their VHTi voter verification technology. You can download it here but read the license first.

Essentially it gives you the right to look at the source code for 60 days and that's it. You can't really use the source for anything useful and more importantly it's referred to everywhere as a 'reference source implementation'. In other words the code could be completely unrelated to what is on the machines using VoteHere's VHTi system.

The Good

Let's be fair, VoteHere have taken a brave step and released this to the world. Of course they're hoping to get some good PR out of this and try to regain some attention amidst the controversy and competition from people like the Open Voting Consortium (more on them when I get back from Poland).

This download does offer insight into the design of the VHTi system and that's no bad thing. This is much more than any other supplier has done so far. And they've done it pretty much willingly – of course they need business but they don't have a gun to their head in the form of legislation or a specific negative story. Opening up the system's design to scrutiny is an important step.

The Bad

Jim Adler, the VoteHere CEO, is a smart guy… but what makes him think that anybody is going to delete the files after the 60 days of the license has expired? There's no realistic way for VoteHere to check compliance (even if they do take your email address on download). It seems like they want to have their cake and eat it – if you're going to put your code on your website you have to let go of it, not try to keep the leash on. 60 days is just silly, they'd have looked a lot better with some kind of standard non-time limited license.

The system is based on patented ideas anyway (software patents are a bad thing but we know that, move along now) so, within the US at least, they're pretty much protected for the moment, license or no license.

But, reference implementation or not, there's absolutely no guarantee that this design or source is going to go anywhere near an e-voting machine.

The Ugly

I'm supposed to be packing but here's one problem I found in a PDF included in the download package:

VoteVerificationCodes Collisions

As currently implemented, a very small number of BSNs may receive the same VoteVerificationCode for more than one BallotAnswer assigned to the same BallotQuestion. If these BSNs are used, it is possible that the voters VoteReceipt will be ambiguous. Though this may appear to be a problem, the event probability is small enough that extremely high confidence can still be achieved via the protocol. A simple remedy would be for voters who receive colliding BSNs to spoil the BSN and ask for another. Subsequent versions of the VHTi library will implement VoteVerificationCode generation so as to completely eliminate collisions within the same BallotQuestion.

Let me explain, quickly as my suitcase isn't done! The VHTi system works by showing the voter a number for the candidate they selected. So say I voted for Ronald McDonald as President on a kiosk then the screen would show his name and a number, 32 for this example. Then I get a printed receipt with the contest and number: President 32 So I can go home and check on a website by entering some code on the receipt which anonymously identifies me. The website should then also show: President 32 Each voter is given a different set of numbers for their choices. So two people voting for Ronald should have different numbers. Only I know that 32 is Ronald McDonald so the receipt can't be used for coercion or vote selling. (However there's no guarantee that because it shows 32 on the website that Ronald McDonald is who gets the vote in the system – I'm not keen on this system but now isn't the time to pick at it).

So what does VoteVerificationCodes Collisions mean? It means that in some cases the choices for a contest could all have the same number. So: President of Country – Ronald McDonald (32) – Humpty Dumpty (88) – Mickey Mouse (91) Is what the ballot could be for someone. But with the problem noted the ballot would be: President of Country – Ronald McDonald (32) – Humpty Dumpty (32) – Mickey Mouse (32) Thus seeing a 32 on the verification website won't mean much. If such a collision doesn't occur often then VoteHere are right, statistically the system (if it works as advertised) should still have enough voters checking to prevent large-scale fraud. But that's not the point, some voters will have been knowingly denied the right to verify that their vote was counted as they intended. This isn't a good bug to have, it's plain ugly.

I'm off to pack now, really.


Holiday Cartoon

Here's a great little cartoon for the halloween season…This Modern World


Resolution on Voter Verifiability

A resolution calling for voter verifiable e-voting has gone online. It's supported by the free e- democracy project and the Foundation for Information Policy Research, please support it now.