Voting and managing software are distributed with a full Linux operating system which is installed on the booths from scratch. ClearVoting distributions are obviously fully debugged and tested by the Bipartisan Commission before they are actually distributed to polling rooms. Since booths have no networks by which viruses, trojan and attacks could come, ClearVoting distributions are not expected to have problems during real elections.

ClearVoting's applicative software, that is the voting and the managing applications, is really short. Infact voting and managing applications are WEB applications written in the high level language PHP which also takes care of all I/O. This avoids applications the need of having coded in themselves tedious and very long instructions to read from / write to files/touchscreen.
Having short code it's very important because short code is easy to check and debug and this makes highly improbable that pieces of malicious code illicitly inserted there would not be discoverd.

At boot time, when the freshly installed operating system starts, on each booth is automatically started a web browser (Firefox, Mozilla, Opera ...) having a simplified aspect since it lacks unnecessary buttons ("new window", "exit", "back"...) and toolbars. It cannot be moved, resized, iconized nor quitted (booths have no keyboard nor mouse) thus it stays there from the boot of the booth (!) until the end of voting. The browser points to the required application (polling applications on polling booths and managing applications on managing booths).

Voters and poll workers access their application watching the web page shown on their web broswer and make their choices touching the desired hyperlinks ("href" html tags)

Each web browser is locally served by a web server running on the same booth.

Polling application need to contact the managing application running on the managing booth only rarely. Managing application need to contact polling applications running on polling booths every time a new voter enters them (to allow the booth to take voter's vote). All the above communications use the only available network, the (no wireless) LAN connecting each managing booth with its polling booths (all in the same polling room). No other communications ever occur.

Counters keeps the count of the votes received in the booth by each candidate. Counters are simply integer numbers initially set to zero and they are incremented by one each time the candidate receives a vote.

As a Proof of the above concepts I made a few short PHP programs that simulate the voting procedure for electors.

Propbably your screen is not a touchscreen, thus you must click your choices with the mouse. In real voting you would use your fingers instead because each booth has a touchscreen with a web browser that "talks" to the web server that's running on the booth itself.
The web browser would have a simplified aspect since it lacks unnecessary buttons ("new window", "exit", "back"...) and toolbars. It would not possible to icon it, nor to close it, nor to move it. It would stay on the touchscreen from the boot of booth (!) until the end of voting (remember the booth wouldn't have keyboard nor mouse).

The proof of concept is made of the following small php programs:

• config.php    (9 lines of code)
• index.php    (57 lines of code)
• vote_confirm.php    (48 lines of code)
• ballotpaper_verify.php    (54 lines of code)
• ballotpaper_badlyprinted.php    (47 lines of code)
• vote_count.php    (48 lines of code)

As you can see voting software is made of a few lines of code. Real voting application will of course need more code, but it will always be small enough to be fully checked by single person.

Of the above programs the only code that could make fraud are those 2 or 3 lines of PHP that increment the counter of the voted candidate (program vote_count.php). Any other malfunctioning would result at worst in VVBP wrongly printed, but that would be noticed by electors.

To avoid the risk that the PHP interpreter of the Linux operating system downloaded from the Internet could have been hacked to "help" some candidate, the bicameral technical commission can download PHP source, check it hasn't any undesired code (that is a refererence to any candidate), compile it and include in the ClearSoftware distribution the new PHP interpreter instead of the old one.

I didn't use any database in this Proof of Concept. In fact to store a single integer number is enough a very small (20 bytes) text file. The files are located in the filesystem of the voting booth and are writable by the web server (see vote_count.php).

index.php e vote_count.php: the $lockfile is a mechanism used to allow each voter to cast only a vote. Voting in a booth is possible only if it exists a special file $lockfile. Each time a vote is confirmed and counted the voting booth is "paused" deleting the file $lockfile. Voting can only be manually "waked up" by Poll Workers at the managing booth recreating the file $lockfile in the voting booth. Since managing booth is not yet involved in this early stage of the PoC, in the above codes the $lockfile is always created in the first page of voting (index.php) just before checking its existance.

vote_count.php: in real voting, after having verified a VVBP you would exit the booth and the web browser would go to the first page of voting that it would be inaccessible until unblocked by poll worker. Since now we are in a PoC you are showned the number of votes of your candidate and you have to click to go to first page of voting (index.php) which is not even blocked since the managing booth is not yet in this proof of concept