InnoVote is the working name of my securely-designed election product line. The idea began in late November of 2004 when, in frustration and fury, I scratched a design for a secure electronic voting machine on a piece of yellow legal paper. The idea grew as I realized that securing an election wasn't so simple. The Ohio recount debacle, in which much of the suspected fraud apparently occurred on the counties' central tabulators, further motivated me to design not just a single machine or software product, but an entire product line, to assure the integrity of the data as it moved across communication lines. Thus InnoVote was born.
Learn About the Issue
- A brief introduction and a lot of ranting
- Online election fraud simulation
- The source code for the simulator
Get the Documents
To assist you in finding what you want, I've created a diagram showing how the various InnoVote components interface with each other. Rectangles indicate hardware, ovals indicate software, arrows indicate the flow of information that is possible between two pieces of hardware, and dashed lines surrounding or touching rectangles indicate a private network (i.e., one where the machines on it cannot connect to any machine outside the network.) Labeled components are documented in the PDFs below the image.
Listing of Documents
- InnoVote Systems Overview, 96 KB, 13 pages. Essential reading. Describes all the components and how they work together.
- CardReader Hardware Overview, 71 KB, 15 pages. A description of the CardReader paper ballot-scanning hardware and the necessary functions of its operating system.
- MyVotronic Hardware and OS Overview, 92 KB, 24 pages. A description of the MyVotronic electronic voting machine's hardware and operating system.
- Database Detailed Design, 82 KB, 21 pages. A detailed description of the relational database structure used in all InnoVote products.
- Network Detailed Design, 113 KB, 15 pages. A detailed description of the networks to be deployed with every InnoVote installation, including cryptographic functionality and specific privacy and data authentication policies.
- CardReader Functional Design, 112 KB, 29 pages. A detailed design of the computer software that will store data read by the CardReader ballot-scanning hardware. I should note that the CardReader software product runs on a computer, and the CardReader hardware is connected to the computer.
- ReliaVote Central Server (CS) Functional Design, 115 KB, 30 pages. A detailed design of the computer software that will store data from various precincts or voting sites in an area.
- ReliaVote Precinct Edition (PE) Functional Design, 195 KB, 46 pages. A very detailed design of the computer software that will store data from various MyVotronic and/or CardReader systems in a voting site, and transmit the data to a ReliaVote CS system.
- SecureDRE Functional Design, 120 KB, 29 pages. A detailed design of the application-level (as opposed to operating system-level) voting software running on the MyVotronic electronic voting machine.
- Database Access Matrix, 41 KB, 8 pages. A document with detailed tables describing the operations that each numbered function in the four Functional Design documents is allowed to perform on the database tables. A very important security document.
- Security Analysis of InnoVote Products, 97 KB, 26 pages. A risk analysis and mitigation document about the suite of products.