Slashdot Mirror
Net Voting in California
Myxx sent us an article from Yahoo that talks about online voting and the issues and recommendations reached by a panel in California. The summary is that they suggest waiting and seeing. Apparently the Internet is secure enough for billions of dollars in financial transactions, but not for voting.
Throw in the fact that most browsers use 56-bit encryption, no host authentication and no user certificates, the level of trust you can put into who is sending the data is amazingly low.
Add in the fact that server certificates are often granted with minimal (or no) real checks by the issuer, and voters can't be sure if they're sending to the real site or a hijacked one.
Add in the number of sites that clone title pages, to fool search engines, the ease with which crackers can break in & insert redirect tags, and the zero understanding most admins show of even the mose basic security issues, it's a wonder anyone trusts the network with so much as an e-mail, let alone major financial dealings or voting systems.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Apparently the Internet is secure enough for billions of dollars in financial transactions, but not for voting.
Well if that's not stupid little soundbite of attempted irony... There are some many reasons why not instituting online voting right now is a good idea. Actually, I can only think of one obvious pro why online voting would be good, and that is because it would increase voter participation.
Now let's enumerate why it's bad. First, did you ever stop to look at the demographics of American internet users? Three words: white, young, males (Just you like, and me, and everyone else here.) So by instituting internet voting, you're actually giving this sect increased democratic power, which is a really dumb idea because white males have the highest voter turnout anyways. If I were to consider any form of election reform, my top priority would be involving the underrepresented minorities more before I thought about sending a couple million extra white guys to elect some other white guy to become president. I know any non-felonius citizen is free to vote, but if internet voting does happen, you will have a much higher turnout rate of the aforementioned, and most people aren't going to care enough to compensate by turning out in the polls, especially not in the first election year. It's the whole "times are good, I've got my IPO and a quad-Athlon, who cares about politics" mentality.
Second, and most important, internet authentication is a joke. Honestly, I can't think of any system of verification out today that couldn't be cracked. Personal digital certs are great, until you find out that person's password, and then, voila, you're him. Now, think back to 1996, when the White House fundraising scandal broke. People went apeshit because foreign owned corporations were donating money to American political campaigns. Seemed pretty mundane to me. What child's play that is compared to the potential that lies here. Who needs to risk money on the chance that your guy might not be elected when you can just elect him yourself? Do you really think that it would be that hard for any first- or second- world country to cull their cracking resources and seamlessly throw a few million votes to this candidate or that one if ivoting (forgive me, typing sucks) were implemented today? Of course not. And that, friends, is a threat to national security, democracy, and our way of life ().
Biometric authentication, or anything close to reliable would be great, but those are all many years down the road. I think facts like that are what prompted the commission to say the same thing about voting online, and personally, I couldn't be happier with that decision.
--
I think there is a world market for maybe five personal web logs.
With 'hard copy voting', you have to go to some effort to make a significant difference to an election - you'd have to rig many voting booths, have physical access to the boxes, probably buy off the officials and vote counters ... etc
With online voting, you would only have to change a couple of numbers (assuming that you could hack past the security and get away undetected).
Unlikely that someone could hack past the security? Maybe, but there are enough stories in the media about stolen credit card numbers and hacked web sites for the general public to have a real fear about the security of online voting.
And to cast additional fear upon the populace, if it is 'easy' to hack the vote computer, it is even easier to change the whole result of the vote with a single click.
This may not be true in reality, but that is what the general public believe ... and try convinving them otherwise.
Nope. While systems may be ready to handle online voting, the public is not.
Well, unless you can ensure two things: non-repudiation (can't claim they didn't) and authenticity (they are who they say they are) online voting can't happen. Period. Just remember: Texas was the first to start using digital signatures as legally binding. =)
You need some way of ensuring that each registered voter votes once and only once, and that only registered voters vote. The obvious way to do that is to give each voter an identifying secret of whatever kind.
The problem is that the correspondance between the voter's electronic identities and their real identities has to be broken in some gauranteeable and visible way, or unscrupulous persons can use the same information thats needed for security to trace people's voting records.
The worse thing that can happen to a bank is for their customers to lose confidence in how safe their funds are. But I think most people -- at least in the US -- have already lost confidence in the gov't, so it's not like the gov't would care as much about that risk.
"Wait and see" sounds like a good idea to me.
Besides, if people aren't sufficiently motivated to get off their butts and go somewhere to vote, I'm not sure I'd want them to vote.
you have to vote for someone. Your only option if you don't like any
of the candidates is to stay at home
Or you can write-in a vote. It's less convenient than punching out the little holes with the pin, but then a few minutes out of your life for the sake of democracy isn't such a big deal...
Recursive: Adj. See Recursive.
They have to believe that
corruption is beatable. Right now, even I have a hard time believing that.
rent "All the President's Men". Ironically, the reason so many people are distrustful of government, while also being the single greatest example of how -- no matter how powerful you think you are -- your dirty laundry will eventually be aired.
Recursive: Adj. See Recursive.
"The latest results in the race for the presidency show Al Gore with 20% of the vote, George W. Bush with 28%, Jesse Ventura with 3%, and someone named 'Hemos Sucks' with a whopping 49%..."
--
Mod up a post Rob doesn't like and you'll never mod again
11.0010010000111111011010101000100010000101101000
I have yet to see a viable solution to the ballot secrecy problem. Votation's site includes the following amusing assurance:
Why should I believe this?
Until someone can answer this question for me, I'm left wondering what problem online voting is a solution to.
Is it a cure for voter apathy? Of course not. Apathetic voters stay home because they don't think voting is important, not because they think it's too hard.
Does the current system make it hard to get to the polls? Preposterous. Most Americans live within walking distance of their polling place. True, physical disabilities may keep some people from the polls, but absentee balloting and free rides to the polls offered by both major parties and many other organizations are already available.
So just why is it that we're trying to create a whole new balloting infrastructure?
On the contrary, I assert that the only reason that we have gotten where we are today is the fact that so few have historically voted. Take a walk down a city street sometime and look around you. How many people do you see who should be allowed to vote, i.e. to determine the very future of our nation?
The common man is a fool. He is easily swayed by advertisements. He does not care about issues so much as he cares about bread and circuses. As long as the politicians keep him distracted he is happy. There's nothing wrong with this; not everyone needs to have control over the government not everyone needs to be in charge. But our nation (the US, in my case, and most other modern nations) is founded on the fundamentally incorrect premise that every man's opinion is equally correct (i.e. it has an equal chance of being correct). This is demonstrably wrong.
As for myself, I do not vote. I find the system of universal suffrage to be an insult to all, learned and unlearned. What this country needs is fewer, not more, voters. I also have no desire to be part of ruling class; I have no wish to be responsible for wars (even though I generallt support them), executions (even though I support capital punishment), imprisonments and the rest of the sordid business of governance. I wish merely to live my life under the rulers who have been set over me. In this country the rulers are all those who vote.
Mabey that's because voting is much, much, much more important that billions of dollars in financial transactions.
This isn't a very convincing argument -- after all, the current voting arrangements make it considerably easier for non-workers than for regular 9-5 types. (Somehow, I doubt that NPR spent any time complaining about that....)
The really strong arguments against Internet voting are:
Privacy: How do you prevent people from watching over the voter's shoulder? Political machines could even arrange parties with goodies and Net terminals -- perhaps it would be illegal to tell you how to vote, but there would be obvious pressures.
Security: Other messages here have commented on this problem.
Public Confidence: This is related to the previous issue. As long as the Internet has security holes, people are going to wonder about a Votescam scenario every time an election "upset" occurs.
Civic Engagement: Let's face it, the chance that your vote will decide any election above the dog-catcher level is about equal to your chances of winning the lottery. The excersize is more symoblic than substantive, and clicking a mouse just doesn't cut it for most people.
Voter Standards: If people aren't sufficiently interested to physically visit the polls (or send in the form for a mail-in ballot if they cannot do so), they probably aren't sufficiently interested to educate themselves on the issues.
/.
/. If the government wants us to respect the law, it should set a better example.
There are a lot of issues at stake with internet voting, and just because some people can make simple credit card purchases over the net doesn't mean something important like voting can just pop into existence without a lot of thought.
/.ers and any other rational person. It will require mailing a physical token to each registered voter who signs up for web-voting, at a minimum.
:-) That is why there is a physical voter list at each polling station and a requirement that the numbers balance with the number of ballots in the box.
/.ers are certain that data would be mis-used at some point, its guaranteed to be abused if money is involved.
:-)
There are issues with ensuring only registered voters get to cast votes. Any simple system (SS number and Drivers License number) would be trashed in an instant by
There are issues ensuring a registered voter only votes once, and their first vote stands. Vote early and vote often is humour everywhere outside of Chicago
Then there is the issue of anonymity. What happens if someone manages to collect a copy all the incoming votes, and can make a match between a vote and a person? It doesn't matter how strong the encryption is, at some point it has to be decrypted to be counted.
Lets say someone compiles a list of all the people who voted one way on an emotional issue like a new imigration law, or a business issue like insurance reform, and then sold that list to insurance companies, employers, or credit research companies. All
I think there will eventually be technical solutions to every one of the problems on the list, but it will take time to create good stable systems to withstand fraud and abuse. I agree that large scale internet voting should take a wait-and-see attitude, lets start with a few small municipal elections and thoroughly debug everything over a long period of time, then make it easier and easier to use before rolling it out.
the AC
Must hit submit now, there is a woman in the next office building doing a strip-tease, and a large crowd is forming around my desk. Who's got a digital camera when you need one?
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
"3. Ensure that those votes are truly anonymous."
Huh? Why? You need to be the exact opposite of that. You need to be identifyable. Not so the government can print in the papers "Joe Schmoe voted for a 'looser'", but so people can be accountable.
Wouldn't PKI be the perfect solution in this case? With their voter id card, give em their key, with which they can use to vote exactly once.
Jazilla.org - the Java Mozilla
It's 10 PM. Do you know if you're un-American?
Personally, I think that online voting should require various amounts of platform information to be made available. Furthermore, I would want to require a random 3-4 question quiz on each canidate. This way, we are ensuring that more educated are voted. This would be a wonderful way of raising the bar for voting.
This is probable not such a hot idea: The south used to require people to be able to read becuase they did not want blacks to vote. These were called Jim Crow Laws and were a very bad thing. It is really a tough choice: on one extream we have Oz where every moron is required to vote, but on the other extream we have places which descriminate. I feal comfortable with the gov. adding a technelogical option to voting which make voting easier for serton segments of the population, but not with telling serton segments they can not vote,
I think a good compramize that might fix many problems in america today would be: if your org. runs some kind of score card or votes guide and you can get enough signatures then you can be linked to from some the voting site. This would make doing candidate research easy.
Jeff
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
If you think about it, requirements 1 and 3 seem almost mutually exclusive. I know that there are algorithms that purport to be able to handle this in theory
:)
I think theree are really good algorithms anonymous authentication (we have anonymous curency system could do this job), but I doubt they will work through HTTP as it currently stands, so people would need to download a plugin.. which is not too difficult. There are also neet ideas like leting lots of independent groups countthe votes, i.e. your computer sends out the anonymous but authenticatable vote t hundreds of machines.
The only real problem for online voting is the poor control of the enviroment, i.e. your parents / spouce looking over your sholder to make shure you voted "correctly." This is a VERY big problem, but there are way to solve it.. including criminal penalties for menipulating someone else's vote like this and restrictng the voting to things like cell-phones, i.e. truely *personal* computers (note: those are crappy solutions). I guess you could say it is easy to be anonymous from big brother but not from your real big brother..
There is also some concern about viruses which hang out until voting time and then vote for specific parties/people. Still there are many advantages to online voting like: higher precentages of more educated people vote (remember, you can find out all sorts of things about the candidates online that you never hear from main stream news and you can get the opinion of importent groups like the ACLU) and people can vote more oftin since it is less hassel.
Jeff
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
> If you think that both major parties aren't
> worth voting for, such that you're considering
> not voting at all, why not find whichever
> minority party you most agree with and voting
> for them?
Well...at this stage in the game, about the
only "Party" that might come close to advocating
what I stand for would probably be the US
Socialist party or the "Labor Party". However,
they don't seem to be a "third party" with much
support.
At the heart tho, I have some severe philosophical
problems with "representative democracy".
The first being that it reduces the people's
involvment in government down to a popularity
contest, no more mature or meaningful than some
high school student body election. "Hair, Teeth,
smile" are the holy trinity of the political
scene.
Secondly it puts a small elite in power. People
who can be easily corrupted, and rewarded richly
for their corruption (even if it were illegal,
they could still take direct bribes through
more round about and covert channels)
Thirdly, and perhaps worst of all, it gives the
people a false sense of power. every election
year you hear people saying "Don't throw your vote
away" and that "We have the power", however no
REAl change ever comes of it.
All this sense of power serves to do is make
the poeople too complacent to revolt. It gives
them a feeling as if they can work through the
system for change, when in truth, the current
system is so dug in that it just isn't going
to happen.
If you have any doubt, listen to Jesse Venturas
story. When he ran for mayor, both the Democrats
and Republicans in his town joined forces against
him. They said that he was the worst thing that
could happen to the city, and painted him as
a clown.
After he got elected, both sides aproached him
seprately and asked him to join up with them.
No morals have these people. How many people
without the Unique mixture of fame and hard nose
personality could have got in against that
oposition? How many could have resisted the
temptation after getting in?
Sure, he makes for a symbol of hope. However, it
would take hundreds of men like him to cause even
the beginings of change.
In the end, all people lik ehim could acomplish
is short term gains. In the end, the system is
made to support corruption and traditional
politics. That I fear, is not fixable.
"I opened my eyes, and everything went dark again"
> Huh? Why? You need to be the exact opposite of
> that. You need to be identifyable. Not so the
> government can print in the papers "Joe Schmoe
> voted for a 'looser'", but so people can be
> accountable.
Accountable? um no
The idea is to have it be identifiable that
Only an identified person could have voted but
there should be NO way at all to deterime what
their vote was.
> Wouldn't PKI be the perfect solution in this
> case?
Actually... Applied Cryptography has a few
interesting protocols for Secure Anonymous
Voteing. Its interesting because (I don't have the
book with me here) it can provide a way to verify
that only allowed people can vote, and also make
sure that it is impossible to correlate votes
with individuals.
Personally I would be alot more interested if
instead of working on better ways of voteing,
the worked on ways to give you something
worthwhile to vote for.
When its a vote to decide WHICH corrupt
authoritarian asshole will be fucking me over
for at least the next 2-4 years, there is not
much incentive to vote at all.
Might as well let them decide by a best 2 out of
3 competition of Rock Paper Scissors, the result
would be the same.
"I opened my eyes, and everything went dark again"
> What's needed is for the youth of this country
> to be shown, not told, how the government
> works. They have to believe that corruption is
> beatable. Right now, even I have a hard time
> believing that.
Well...why should we teach that "Corruption is
beatable". IS it more important to teach things
that make you feel good about the system rather
than the truth?
Personally, I do not think corruption is beatable.
I AM apathetic about voteing. I have never in my
life voted. I will never vote an individual into
office (I do plan to vote for a certain voter
ballot initiative in my state....but thats a
differnt matter..I will not vote for a candidate
into office).
As long as the system is being setup, and
trampling upon my rights as an individual, and
forcing me to pay them money, why should I care
who is doing it?
All voteing boils down to is deciding whose
bank acount the special interest money goes into.
"I opened my eyes, and everything went dark again"
It's actually secure enough for billions of dollars in transactions, huh? Gee, that's a news flash, if I ever did see one.
Sarcasm aside, it's easy to justify eCommerce over net voting. The potential for profits for eCom vastly outweigh any risks, in the minds of investors. They'll take the risk with eCom, and hope nothing happens. If something bad does happen, then they'll deal with it at that time.
This statement by CmdrTaco gives me the impression that he either has been living in seclusion for the past couple of weeks, or he just ignores the recent events with credit card number thefts.
I believe California is completely justified in taking this position, and would personally expect nothing less from any Gov't.
Voting is a much more serious issue. It's something where the risks definitely outweigh any benefits.
The main danger would be Students would't have to leave their bedrooms to vote, thus they might actually bother and then we could be in a whole world of pain.
I just had to cancel my credit card because that schmuck in Russia stole the number and red flags went up all over. I don't think we want to be rushing into anything. Besides, the democratic process is supposed to be one of thought and rational decision, not convenience. Not everything needs to be as quick and easy as possible.
In Bruce Schneier's latest Cryptogram, he says online voting scares the hell out of him.
Nick
-- "It's a sad day for American capitalism when a man can't fly a midget on a kite over Central Park" - Jim Moran
Suggesting that we may have an election fraud problem in the good old can't-happen-here-or-at-least-not-these-days USA is a quick way of getting yourself branded a conspiracy nut, but this strikes me as the "innocent until proven guilty" attitude taken to an insane extreme.
I actually think that there are a lot of urban areas in the US with all sorts of election problems. For example, in the last mayoral election in San Francisco, there were a number of disturbing articles about how it's not even possible to check whether the people registered to vote are real people (e.g. if you find a dozen people registered using the address of a bar, you can't dismiss them out of hand, that really may be the closest thing to a stable address that they've got).
And a few years back there was an election that smelled really bad in a number of ways (there's no disagreement that there was some fraud going on, the only question is whether there was enough to swing the election): San Francisco Stadium Election
``Votation.com makes elections more secure than existing election systems currently do,'' company Chief Executive Officer Joe Mohen said
In the UK, we vote by placing crosses on pieces of paper. It may be old-fashioned (and our government are talking about changing it) but I think it has one enormous advantage: it's totally visible. As the count is made, representatives from all the political parties are present. They can see what's going on with their own eyes, verify it, and question it if necessary.
I regard this transparency as a basic democratic safeguard. One doesn't need to trust that the technology is working properly. The accuracy of the result is not in doubt (if it's close, it's recounted, several times if necessary).
(Besides, election night is much more fun as the results come in one-by-one through the small hours of the morning!)
11.0010010000111111011010101000100010000101101000
If internet voting is going to be anything like the deja.com polls, then whoever looks the best in a tight sports bra will win.
Hmmm voters with the power?
How would you vote in these changes?
MANY states do not allow ballot initives. Federal
level certainly doesn't. This means of course that
you have to vote in someone who will do it.
The problem is, you have to vote in enough
people who will do it. Anyone voted in will
immediatly be aproached by the other side with
reasons to change their mind.
What else? well the "Rich Ass People" control the
mass media. They have the ability to pipe their
political views into hundreds of millions of
homes at any time they please.
It is in their best interest to opose the changes
you talk of...and of course to make you "feel"
like you have the power. Voter apathy is what
"They" want.
Unfortunaly...it is deserved. The current system
is so encroached that I fear nothing short of
revolution will fix it. Im just waiting for more
people to realize this.
"I opened my eyes, and everything went dark again"
Online voting isn't yet ready for prime time. I agree that traditional security concerns can be met with existing encryption and security standards. What can't be guaranteed is that your vote will actually be received and counted.
With traditional votes as long as the roads are open and the weather isn't too bad people can make it out to a voting station. The total tally may be larger on nice days than during inclement weather but there will be a respectable cross section of the population who will make the effort to vote. If you make it to the station your vote will be counted.
Votes tend to have geographic biases which is why you have states or municipalities referred to as being 'traditionally democratic' or 'traditionally republican' etc. This could lead to a denial of service attack to alter the outcome of the election. Send out your armed contingent to keep voters from reaching the voting stations. For a variety of reasons this isn't done. It's illegal, frowned upon by the public, tends to get the government pointing its arms at you and so on.
With internet based voting the structure of the internet itself will guarantee that even though some number of voters are at the voting station (their personal computer in this case) but won't be heard during the final tally. Net congestion, ISP problems but we'll assume that their computer is actually working.
A denial of service attack against geographic regions is much easier though and much more anonymous. Just make sure that the traffic in a region is high enough to make voting difficult. Look for misconfigured machines that will allow an avalanche of pings to be sent with information at your local script kiddy database.
You can argue that not allowing online voting will stop some people from casting their vote. To that I say so what? If somebody can't make the effort to make it to the local vote station then they probably aren't concerned enough about what their vote represents to even have formed a real opinion. There are real circumstances such as illness but there is already vote by proxy to cover this.
When the internet has enough bandwidth and redundancy to conceal the effects of net congestion it will be time to look at internet voting for serious elections. Until then all its suited for is informal polls.
How do you detect coerced voting when you don't have poll watchers? The whole idea of the secret free vote goes down the drain. It's a damnfool idea, promulgated by damn fools. Shoot it down whenever you can.
-russ
Don't piss off The Angry Economist
I hate to admit it, but voting is different from financial transactions. The incentive for fraud is greater, and the system is less fault-tolerant because so few people vote. I am more knowledgeable about elections than I am a security guru, so take this w/ a grain of salt, but:
Software systems are much easier to crack than physical systems. At the risk of sounding like the french with their 'visual telegraph' alternative to telephones, there is a comfort in the fact that:
1. Tampering can be limited to people with physical access to the machine which is monitored by ordinary people. Political parties employ 'poll watchers', who are ordinary people who often aren't even politically active, to keep an eye on the machines during the elections process to watch for tampering.
2. If tampering DOES occur, the machine can be examined to determine who did it, and reveal physical evidence. It is much harder to determine that from a compromised system.
3. Financial transactions are time-dependent, whereas election info is useful for years. So I can sniff the encrypted packets today, and decrypt it with tomorrow's techniques.
Besides, I keep hearing from experts that our current systems for financial transaction are insecure and require major overhaul.
People are very passionate about politics-- just read the other posts! There are plenty of people who, given the means, would actively try to disable or disrupt an on-line election. Or try to distort the results. Or use tricky web page scripts to socially engineer a person into voting for other candidates. The point is, this is one of the most vulnerable things to tampering in the real world-- let alone online. We have to be very cautious before we implement it.
1. Only allow registered voters to vote.
2. Only allow voters to vote once.
3. Ensure that those votes are truly anonymous.
4. Ensure that all valid votes are accurately counted.
If you think about it, requirements 1 and 3 seem almost mutually exclusive. I know that there are algorithms that purport to be able to handle this in theory, but rolling on-line voting out to people that don't know how to program their VCR isn't going to be easy. Applied Cryptography by whats-his-name has a fairly good section on voting protocols.
Yup. The net is secure enough for billions of dollars of e-commerce, but not for voting. Here's why:
Fraud on the financial level is easy to detect--somebody is out their money. Someone either has their goods or has their money, and either they have both or they have neither. There's a long paper trail, with *individual* impact on only the two parties involved in the financial transaction.
Fraud on the voting level is so much different, it's scary. Your computer says, "Ah! Vote registered for Mr. Bob", that's it. You're out no money, you've lost nothing if your desktop has been secretly tampered with, there's no paper trail that you're going to have any reason to analyze because you're not going to know anything went wrong. Lets not forget, with nothing written down, there's no physical evidence of the original votes--how can one demand a recount when the servers store the votes? Once the data enters the server, all sorts of unique WORM/cascading signature/etc. methodologies can be applied, but it's gotta get there.
The most insidious part of all of this is that it's not simply the voter that loses out by a falsified vote, but society as a whole. Votes affect everyone; financial deals are limited to those directly transacting.
Maybe something like iButtons, or Amex's Blue might go along way towards increasing my faith in online voting. For now, I just don't think the tech is there for something so critical.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com