Joseph Kiniry believes e-voting is risky and current e-voting software is substandard. So it may come as a surprise that the computer science lecturer at University College Dublin works on open-source voting software.
But it seems that e-voting is here to stay, despite the fact that several governments have sunk huge amounts of money into systems that have been derided by computer security experts as insecure.
"Governments feel like if they're not being modern, there's something wrong," said Kiniry, who describes himself as half mathematician and half software engineer. "They think that computers are somehow infallible, forgetting that people are the ones who create and use computers."
That's why Kiniry and a team of researchers have built an e-voting software system they hope will provide a foundation for future secure systems. The code is open source, a decision made to ensure the platform can be widely scrutinised by peers, and should be released in July 2007.
E-voting seems straightforward - just click and then count the votes, right? Wrong. It's fraught with complexities, from translating vague election laws into software rules to recounts and the panoply of security and privacy concerns.
The team started with a body of code that was part of the Dutch government's KOA (Kiezen op Afstand) project - for those that don't know that's Dutch for "remote voting".
The project involved vendor Logica CMG, but was eventually ended. The Dutch government decided to release the code under the GNU GPL licence after stripping it of its proprietary elements.
The code was solid - not overly engineered or overly complicated - but nearly unusable at the time. It wouldn't even compile, Kiniry said.
Further, all of the documentation was in Dutch.
The team used reverse-engineering techniques to construct the missing code. What they came up with was a system that Kiniry believes surpasses other open-source e-voting software and commercial systems he's analysed. But that doesn't mean it's ready to be used for an important national election.
"We're just using it as an experimental platform and trying to make it better and let other people play with it," Kiniry said.
The back-end software, written in Java, will run on Linux or Apple's OS X. The user interface, viewed through a web browser, is "Google simple", Kiniry said.
Here's how it works: voters register to remotely vote at a government office and pick a PIN. A unique ballot is mailed to the voter that can only be used by that voter. On election day, users go to the website, type in a voter ID code and their PIN, and vote.
The ballot has a number next to each candidate that's different for every voter, a type of pre-encryption. When a vote is cast, that unique number is transmitted to the server and decoded into the correct candidate.
Kiniry said there are still attack vectors to tamper with the results, but the bar is raised higher. Even if the number was intercepted during transmission to a database, it would in essence be meaningless because it's different for every voter.
After voting, the user gets a receipt number that can be used to verify that the ballot was counted.
Recounts, while essential, are opaque and tricky since there are no physical ballots. Current software today recounts by just running the same software program over again, which "to me is not a legitimate recount", Kiniry said.
One idea is to allow third-parties to create their own software that would verify the secure transmission of votes into the database, Kiniry said. Then, those parties could run their own tally software and recount the votes.
But what if each system comes up with different totals?
"Given the ambiguity we see in the law and the way ballot voting has taken place even without computer technology, it would in some sense be little surprise that there might be some ambiguities with computer technologies," Kiniry said.
Part of the trouble is putting what are sometimes vague election laws into a language that software can accurately execute. Ireland's election system, for example, involves the redistribution votes of losing candidates to those who have more votes.
It's possible - and legal - to come up with two different winners depending on how those votes are redistributed, Kiniry said.
"How do you encode that in software?" Kiniry said. "That leaves ambiguities. Counting is not easy."
One of Kiniry's colleagues, Dermot Cochran, a research programmer at University College Dublin, wrote a software specification of the Irish counting system for his master's degree dissertation. He used the Java modelling language to express the rules in a mathematical form. But he cautioned the system needs more testing.
"Other researchers would need to really confirm the security aspects of the system," Cochran said.
Kiniry concurs that even if their system proves to be a worthy piece of software, there are still too many social and political hangups around e-voting.
"Maybe someday we will have some degree of certainty where we can use it," he said. "I believe that day is quite a ways off. Unfortunately, we are going to see them [e-voting systems] used anyway."