I’m a geek and have, for 25 years, been an early adopter of just about any Internet-based service. (Hell, I had a GEnie account!) But I’m still very reluctant to cast my ballot using anything other than a pencil and a piece of paper. But I am interested in debates on this issue, if only because new technologies may improve voter participation which I think is a good thing. So here’s a couple of opinions, pro and con, from the American debate on Internet voting. (Both culled from computer scientist Dave Farber‘s discussion list). Here’s the argument in favour:
Internet voting is possible and can be done.
And there are several well-reasoned proposals for this. Our own proposal was published in “The Witness-Voting System”, the invited opening chapter in “Towards Trustworthy Elections, New Directions in Electronic Voting”, published by Springer Verlag. Chaum, David, et. al. (Ed.), (c) 2010, pages 1-36. ISBN-10: 1-4020-7301-1.
Yes, voting is a challenging problem, a problem that even school children can understand but that is made harder to solve than traditional computer security by requirements for public verifiability and ballot secrecy.
In our proposal, we present a comprehensive theory of voting, viewed for the first time as a non-classical communication process, even though the results are expected to be deterministic. We consider both passive and active attacks and, for additional fairness assurances, further requirements including that the system must work as desired without insight or ingenuity (i.e., without relying on human input) while it must be fully auditable by a diversity of machines and humans.
Among the many novel and strong results gained from our approach, we show how any type of voting can be as secure as desired while assuring that ballots and voters are unlinkable. The secret ballot is, therefore, not the reason for the failures that we observe in all actual voting systems, so far.
Further, in implementation terms, we show that paper-based voting faces unfavorable scaling with increasing number of voters, while paperless electronic voting and networked voting (networked machines, not necessarily using the Internet) are easier to secure in large scale. The latter being easier to secure than voting with isolated machines.
Of course, the voter demographics will change to a much younger sample — and this seems to be the unsightly elephant in the room.
But it is not true that voters would need to give up the right to vote anonymously. In fact, voters could be more strongly anonymous that today, and yet more strongly identified to have the right to vote.
These points can be mathematically proven and feasibly executed.
Ed Gerck, Ph.D.
CEO, Safevote, Inc.
And against …
In the letter to President Obama we say “Because of multiple intrinsic risks, Internet voting should be forbidden unless and until proposed systems have undergone extensive, independent public review and open testing to ensure that they have solved the fundamental problems of security, privacy, authentication, and verification.”
The system to which Ed Gerck refershas not undergone the open and public review and testing that we call for. Some of the threats against which his system would need to defend are:
1. Election rigging viruses on the voters’ machines that could be spread surreptitiously before the election.
2. The vulnerability of election officials’ servers to being attacked, keeping in mind that the offices of most election officials are underfunded, understaffed, and with little to no security expertise.
3. Targeted (or general) denial of service attacks.
4. Man in the middle, spoofing, phishing, and related attacks.
5. Insider attacks.
In addition, how would [SafeVote] conduct a recount or prove that the declared outcome is correct, if the outcome is challenged? Estonia has been allowing its citizens to vote over the Internet for a while. In the most recent election the Centre Party (the second largest party) received a larger percentage of the paper-based votes than the votes cast over the Internet. While there are possible explanations for the discrepancy, there are members of the Centre Party, including some of the key leaders, who are convinced that the Internet portion of the election was rigged. Whether or not that is true – and it’s impossible to prove either way, since there is nothing to recount – it is not healthy for Estonian democracy for a portion of the electorate to believe that the election was stolen.
Election officials in Washington DC were convinced that the Internet voting system they were planning to use for overseas voters in 2010 was secure. Fortunately, they had the integrity first to run a mock election that anyone could attack. Within a very short period of time, a team from the Univ. of Mich. led by Alex Halderman had completely taken over the DC system. The team even protected the system against probes coming from Iran and China. While these probes probably were not targeting the voting system directly, they illustrate some of the dangers against which any Internet voting system used for a major election would need to defend.
(See Simons Wiki page. She’s past president of the Association for Computing Machinery among many other things and has long been looking at this issue)
Categories: Main Page