Computer programs are made up of complex code. Computer programs that perform sensitive operations related to running an election must run correctly, or the success and legitimacy of an election could be jeopardized. For example, should an intruder breach security and get access to a program's code, changes could be made that alter the computer-reported results of an election, in a way that would be very difficult to detect.
Code security therefore is another line of defence in the battle to ensure electoral technology is kept secure.
External auditors can scrutinise the code used in electoral computer systems and verify that it performs appropriately. Computer code that has been externally audited can then be 'escrowed,' or kept in secure off-site storage in an independent authority's control. This allows for the escrowed version to be compared to the 'live' version of the code used for an electoral event.
In this way, it becomes possible not only to verify that computer code is free of any hidden flaws or deliberate attempts at manipulation, but also to verify after the code has been used that it has not been changed or tampered with since it was audited.
This level of security may not be necessary for all code used by election management bodies, however it is highly useful for crucial systems such as electronic voting and electronic vote counting systems.
Another way of proving the integrity of computer code is using 'open source' code rather than proprietary code. Where proprietary code is generally not openly published, open source code is publicly available, so that external programmers can audit the code and satisfy themselves that it performs properly. This may be desirable where competing political participants wish to independently verify code used for electoral purposes. Whether the advantages of providing code openly outweigh the risks of identifying areas of weakness will be a matter of judgement in each particular case.
See Evaluation and Audit for more information on auditing functions.
