Slashdot Mirror

← Back to Stories (view on slashdot.org)

Net Voting in California

Posted by CmdrTaco on from the stuff-to-think-about dept.

Myxx sent us an article from Yahoo that talks about online voting and the issues and recommendations reached by a panel in California. The summary is that they suggest waiting and seeing. Apparently the Internet is secure enough for billions of dollars in financial transactions, but not for voting.

5 of 143 comments (clear)

  1. Online voting: not ready for prime time by substrate · · Score: 4

    Online voting isn't yet ready for prime time. I agree that traditional security concerns can be met with existing encryption and security standards. What can't be guaranteed is that your vote will actually be received and counted.

    With traditional votes as long as the roads are open and the weather isn't too bad people can make it out to a voting station. The total tally may be larger on nice days than during inclement weather but there will be a respectable cross section of the population who will make the effort to vote. If you make it to the station your vote will be counted.

    Votes tend to have geographic biases which is why you have states or municipalities referred to as being 'traditionally democratic' or 'traditionally republican' etc. This could lead to a denial of service attack to alter the outcome of the election. Send out your armed contingent to keep voters from reaching the voting stations. For a variety of reasons this isn't done. It's illegal, frowned upon by the public, tends to get the government pointing its arms at you and so on.

    With internet based voting the structure of the internet itself will guarantee that even though some number of voters are at the voting station (their personal computer in this case) but won't be heard during the final tally. Net congestion, ISP problems but we'll assume that their computer is actually working.

    A denial of service attack against geographic regions is much easier though and much more anonymous. Just make sure that the traffic in a region is high enough to make voting difficult. Look for misconfigured machines that will allow an avalanche of pings to be sent with information at your local script kiddy database.

    You can argue that not allowing online voting will stop some people from casting their vote. To that I say so what? If somebody can't make the effort to make it to the local vote station then they probably aren't concerned enough about what their vote represents to even have formed a real opinion. There are real circumstances such as illness but there is already vote by proxy to cover this.

    When the internet has enough bandwidth and redundancy to conceal the effects of net congestion it will be time to look at internet voting for serious elections. Until then all its suited for is informal polls.

  2. Coerced votes?? by Russ+Nelson · · Score: 4

    How do you detect coerced voting when you don't have poll watchers? The whole idea of the secret free vote goes down the drain. It's a damnfool idea, promulgated by damn fools. Shoot it down whenever you can.
    -russ

    --
    Don't piss off The Angry Economist
  3. Voting IS different. by Wellspring · · Score: 4

    I hate to admit it, but voting is different from financial transactions. The incentive for fraud is greater, and the system is less fault-tolerant because so few people vote. I am more knowledgeable about elections than I am a security guru, so take this w/ a grain of salt, but:

    Software systems are much easier to crack than physical systems. At the risk of sounding like the french with their 'visual telegraph' alternative to telephones, there is a comfort in the fact that:

    1. Tampering can be limited to people with physical access to the machine which is monitored by ordinary people. Political parties employ 'poll watchers', who are ordinary people who often aren't even politically active, to keep an eye on the machines during the elections process to watch for tampering.

    2. If tampering DOES occur, the machine can be examined to determine who did it, and reveal physical evidence. It is much harder to determine that from a compromised system.

    3. Financial transactions are time-dependent, whereas election info is useful for years. So I can sniff the encrypted packets today, and decrypt it with tomorrow's techniques.

    Besides, I keep hearing from experts that our current systems for financial transaction are insecure and require major overhaul.

    People are very passionate about politics-- just read the other posts! There are plenty of people who, given the means, would actively try to disable or disrupt an on-line election. Or try to distort the results. Or use tricky web page scripts to socially engineer a person into voting for other candidates. The point is, this is one of the most vulnerable things to tampering in the real world-- let alone online. We have to be very cautious before we implement it.

  4. Going slow is probably good by beff · · Score: 4
    I haven't read the full Californian report, but I can understand from a security perspective why going slow would be a good idea. Online voting is much more complicated than online shopping. A good online voting system will have to:

    1. Only allow registered voters to vote.

    2. Only allow voters to vote once.

    3. Ensure that those votes are truly anonymous.

    4. Ensure that all valid votes are accurately counted.

    If you think about it, requirements 1 and 3 seem almost mutually exclusive. I know that there are algorithms that purport to be able to handle this in theory, but rolling on-line voting out to people that don't know how to program their VCR isn't going to be easy. Applied Cryptography by whats-his-name has a fairly good section on voting protocols.

  5. Couldn't Agree More by Effugas · · Score: 5

    Yup. The net is secure enough for billions of dollars of e-commerce, but not for voting. Here's why:

    Fraud on the financial level is easy to detect--somebody is out their money. Someone either has their goods or has their money, and either they have both or they have neither. There's a long paper trail, with *individual* impact on only the two parties involved in the financial transaction.

    Fraud on the voting level is so much different, it's scary. Your computer says, "Ah! Vote registered for Mr. Bob", that's it. You're out no money, you've lost nothing if your desktop has been secretly tampered with, there's no paper trail that you're going to have any reason to analyze because you're not going to know anything went wrong. Lets not forget, with nothing written down, there's no physical evidence of the original votes--how can one demand a recount when the servers store the votes? Once the data enters the server, all sorts of unique WORM/cascading signature/etc. methodologies can be applied, but it's gotta get there.

    The most insidious part of all of this is that it's not simply the voter that loses out by a falsified vote, but society as a whole. Votes affect everyone; financial deals are limited to those directly transacting.

    Maybe something like iButtons, or Amex's Blue might go along way towards increasing my faith in online voting. For now, I just don't think the tech is there for something so critical.

    Yours Truly,

    Dan Kaminsky
    DoxPara Research
    http://www.doxpara.com