Tuesday, February 05, 2008
An E-voting Document Exchange Standard
Article: XML to the E-voting Rescue
The issue of accuracy and trust in election results, most visibly raised in the wake of the 2000 US presidential election, is global in scope, as exampled by the recent upheavals in Kenya. Now, OASIS has announced development of a new XML-based markup language that provides a standard syntax for election data exchanges. EML (Election Markup Language) is designed to handle document transactions at every phase of the election process, from voter registration and authentication to ballot casting, confirmation, tabulation, and auditing. The standard focuses on the interfaces between components of the election systems, but doesn't address system back ends, such as the voting machines themselves. This security issue aside, The EML initiative is a step toward providing open, standardized electronic voting systems.
D -- Data types and document types (paying special attention to the former when they are used as the glue across the latter to hold processes together).
There are a number of document types involved in the election process, including the candidates list, voter registration, election role, ballot, result, and audit log. Important data types include the candidate id and voter id, which must pass from one document to the next. The candidate id is part of the final output—the result, but the the voter id must disappear at the point where a ballot instance is created.
O -- Organizational transactions and processes (the business processes described coarsely as drop shipments or precisely as “PIP 3A4”).
There are a number of transactions involved in an election, such as listing nominated candidates on a ballot, registering voters, verifying voter eligibility, recording votes, counting votes, and auditing the results. Developing a single unifying standard that can be applied to a wide variety of elections--local and national, governmental and institutional--strengthens the integrity of elections in general. For example, if an emerging nation is able to say that an election was conducted according to a verifiable international standard, the results of that election gain credibility.
C -- Context (types of products and services, industry, geography, regulatory considerations).
EML was developed in the context of global concern over election auditability and of increasing use of electronic voting machines. Therefore, an important objective of EML was to achieve interoperability with a wide variety of election practices, systems and hardware.
U -- User types and special user requirements (these are “people” user types).
The users of an EML-based voting system are the voters and the election officials. Voters must be identifiable as eligible and allowed to vote only once. In addition, it must be impossible to identify them with their particular votes. Election officials must be able to prove that an election has been conducted properly.
M -- Models, patterns, standards that apply or that are needed.
EML is a standard for building an election process. Creating an election process that uses EML also ensures that it meets the EML standard for validity. An important caveat is that, since EML focuses on data exchange between components of the election system, the internal workings of voting machines are beyond its scope. However, the document exchange process is handled by EML, ensuring that all ballots can be accounted for. This eliminates one source of error or tampering.
E -- Enterprises and ecosystems (trading communities, standards bodies, other standards that help scope the case study).
In developing EML, OASIS has collaborated with hardware and software suppliers, including EDS, IBM, Oracle, and Sun Microsystems, and international government agencies, such as the Council of Europe. Governments have a clear interest in promoting trust in the electoral systems. An important benefit for suppliers is the cost saving achieved through standardization.
N -- The needs (business case) driving the enterprise(s).
Elections are central to democracy and political stability. In recent years, paperless “electronic” voting has emerged as a successor to error-prone paper-based voting systems. However, the possibility of undetectable error or tampering in current “touch screen” voting systems removes the elements of auditability and trust that are crucial to the election process.
T -- Technology constraints and opportunities.
One of the major objections to current electronic voting systems is that their code is proprietary and secret, making audits a challenge. The use of an open standard like XML simplifies election auditing. The fact that XML is human-readable means that the results of an audit are more likely to be trusted.
- Jim Miller
E-voting home page at OASIS will tell you about its membership and you can see the specification that they developed. One thing to note is that while the story mentions EDS, Oracle, IBM, and Sun, this is because OASIS policy is to mention only its "big members" (i.e, the ones who pay the highest dues) in press releases announcing things like this. In fact, there are people from UC Berkeley on this committee, including Joe Hall, a PhD student at the School of Information, who is doing a dissertation on e-voting.