Slashdot Mirror
Net Voting in California
Myxx sent us an article from Yahoo that talks about online voting and the issues and recommendations reached by a panel in California. The summary is that they suggest waiting and seeing. Apparently the Internet is secure enough for billions of dollars in financial transactions, but not for voting.
In Bruce Schneier's latest Cryptogram, he says online voting scares the hell out of him.
Nick
-- "It's a sad day for American capitalism when a man can't fly a midget on a kite over Central Park" - Jim Moran
Suggesting that we may have an election fraud problem in the good old can't-happen-here-or-at-least-not-these-days USA is a quick way of getting yourself branded a conspiracy nut, but this strikes me as the "innocent until proven guilty" attitude taken to an insane extreme.
I actually think that there are a lot of urban areas in the US with all sorts of election problems. For example, in the last mayoral election in San Francisco, there were a number of disturbing articles about how it's not even possible to check whether the people registered to vote are real people (e.g. if you find a dozen people registered using the address of a bar, you can't dismiss them out of hand, that really may be the closest thing to a stable address that they've got).
And a few years back there was an election that smelled really bad in a number of ways (there's no disagreement that there was some fraud going on, the only question is whether there was enough to swing the election): San Francisco Stadium Election
``Votation.com makes elections more secure than existing election systems currently do,'' company Chief Executive Officer Joe Mohen said
In the UK, we vote by placing crosses on pieces of paper. It may be old-fashioned (and our government are talking about changing it) but I think it has one enormous advantage: it's totally visible. As the count is made, representatives from all the political parties are present. They can see what's going on with their own eyes, verify it, and question it if necessary.
I regard this transparency as a basic democratic safeguard. One doesn't need to trust that the technology is working properly. The accuracy of the result is not in doubt (if it's close, it's recounted, several times if necessary).
(Besides, election night is much more fun as the results come in one-by-one through the small hours of the morning!)
11.0010010000111111011010101000100010000101101000
If internet voting is going to be anything like the deja.com polls, then whoever looks the best in a tight sports bra will win.
Hmmm voters with the power?
How would you vote in these changes?
MANY states do not allow ballot initives. Federal
level certainly doesn't. This means of course that
you have to vote in someone who will do it.
The problem is, you have to vote in enough
people who will do it. Anyone voted in will
immediatly be aproached by the other side with
reasons to change their mind.
What else? well the "Rich Ass People" control the
mass media. They have the ability to pipe their
political views into hundreds of millions of
homes at any time they please.
It is in their best interest to opose the changes
you talk of...and of course to make you "feel"
like you have the power. Voter apathy is what
"They" want.
Unfortunaly...it is deserved. The current system
is so encroached that I fear nothing short of
revolution will fix it. Im just waiting for more
people to realize this.
"I opened my eyes, and everything went dark again"
Online voting isn't yet ready for prime time. I agree that traditional security concerns can be met with existing encryption and security standards. What can't be guaranteed is that your vote will actually be received and counted.
With traditional votes as long as the roads are open and the weather isn't too bad people can make it out to a voting station. The total tally may be larger on nice days than during inclement weather but there will be a respectable cross section of the population who will make the effort to vote. If you make it to the station your vote will be counted.
Votes tend to have geographic biases which is why you have states or municipalities referred to as being 'traditionally democratic' or 'traditionally republican' etc. This could lead to a denial of service attack to alter the outcome of the election. Send out your armed contingent to keep voters from reaching the voting stations. For a variety of reasons this isn't done. It's illegal, frowned upon by the public, tends to get the government pointing its arms at you and so on.
With internet based voting the structure of the internet itself will guarantee that even though some number of voters are at the voting station (their personal computer in this case) but won't be heard during the final tally. Net congestion, ISP problems but we'll assume that their computer is actually working.
A denial of service attack against geographic regions is much easier though and much more anonymous. Just make sure that the traffic in a region is high enough to make voting difficult. Look for misconfigured machines that will allow an avalanche of pings to be sent with information at your local script kiddy database.
You can argue that not allowing online voting will stop some people from casting their vote. To that I say so what? If somebody can't make the effort to make it to the local vote station then they probably aren't concerned enough about what their vote represents to even have formed a real opinion. There are real circumstances such as illness but there is already vote by proxy to cover this.
When the internet has enough bandwidth and redundancy to conceal the effects of net congestion it will be time to look at internet voting for serious elections. Until then all its suited for is informal polls.
How do you detect coerced voting when you don't have poll watchers? The whole idea of the secret free vote goes down the drain. It's a damnfool idea, promulgated by damn fools. Shoot it down whenever you can.
-russ
Don't piss off The Angry Economist
I hate to admit it, but voting is different from financial transactions. The incentive for fraud is greater, and the system is less fault-tolerant because so few people vote. I am more knowledgeable about elections than I am a security guru, so take this w/ a grain of salt, but:
Software systems are much easier to crack than physical systems. At the risk of sounding like the french with their 'visual telegraph' alternative to telephones, there is a comfort in the fact that:
1. Tampering can be limited to people with physical access to the machine which is monitored by ordinary people. Political parties employ 'poll watchers', who are ordinary people who often aren't even politically active, to keep an eye on the machines during the elections process to watch for tampering.
2. If tampering DOES occur, the machine can be examined to determine who did it, and reveal physical evidence. It is much harder to determine that from a compromised system.
3. Financial transactions are time-dependent, whereas election info is useful for years. So I can sniff the encrypted packets today, and decrypt it with tomorrow's techniques.
Besides, I keep hearing from experts that our current systems for financial transaction are insecure and require major overhaul.
People are very passionate about politics-- just read the other posts! There are plenty of people who, given the means, would actively try to disable or disrupt an on-line election. Or try to distort the results. Or use tricky web page scripts to socially engineer a person into voting for other candidates. The point is, this is one of the most vulnerable things to tampering in the real world-- let alone online. We have to be very cautious before we implement it.
1. Only allow registered voters to vote.
2. Only allow voters to vote once.
3. Ensure that those votes are truly anonymous.
4. Ensure that all valid votes are accurately counted.
If you think about it, requirements 1 and 3 seem almost mutually exclusive. I know that there are algorithms that purport to be able to handle this in theory, but rolling on-line voting out to people that don't know how to program their VCR isn't going to be easy. Applied Cryptography by whats-his-name has a fairly good section on voting protocols.
Yup. The net is secure enough for billions of dollars of e-commerce, but not for voting. Here's why:
Fraud on the financial level is easy to detect--somebody is out their money. Someone either has their goods or has their money, and either they have both or they have neither. There's a long paper trail, with *individual* impact on only the two parties involved in the financial transaction.
Fraud on the voting level is so much different, it's scary. Your computer says, "Ah! Vote registered for Mr. Bob", that's it. You're out no money, you've lost nothing if your desktop has been secretly tampered with, there's no paper trail that you're going to have any reason to analyze because you're not going to know anything went wrong. Lets not forget, with nothing written down, there's no physical evidence of the original votes--how can one demand a recount when the servers store the votes? Once the data enters the server, all sorts of unique WORM/cascading signature/etc. methodologies can be applied, but it's gotta get there.
The most insidious part of all of this is that it's not simply the voter that loses out by a falsified vote, but society as a whole. Votes affect everyone; financial deals are limited to those directly transacting.
Maybe something like iButtons, or Amex's Blue might go along way towards increasing my faith in online voting. For now, I just don't think the tech is there for something so critical.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com