Online Voting?

Colin Winters asks: "While listening to NPR this morning, I heard that the Reform Party is going to have online voting this year. Does anyone know how are they setting this up? What kind of security measures to protect against fraud are they using? It seems that if this works for the Reform Party, it could also work for both the Democratic and the Republican parties, as well." A good and timely question considering that once again it's an Election Year. If online voting is to become a thing of the future, these issues and others will need to be dealt with if it is to be effective (and fair).

Details on the online voting at RPC

[Photon+Ghoul]

A very small amount of effort brought me to this press release by eBallot.net. They're the ones taking care of the voting.

Not much information on their site about the technical details - I would be interested in knowing how they maintain security while keeping the voting of individuals private.

A great step in the right direction

[vertical-limit]

Online voting really needs to become a staple of democracy if we're going to do anything to reduce the trend towards non-voting. I remember reading that something like 50% of the U.S. population is registered to vote, and, of those, only 25% actually bothered to vote. That might not sound bad, but think about it: only one in every six people is actually trying to make a difference.

These days, it seems most voters are too apathetic about the country (at least in the U.S.A.) to spend times researching the issues, reading the voter's manual, and then actually driving out to the polling place to vote. For people who never trust the government, there doesn't seem to be much reason to put any effort into the process -- but with online voting, all they have to do is skim one page and click to make their voice heard. It's hard to imagine that very people wouldn't vote if it was that easy.

Let's face it: most of the people that vote are either radicals or rich white guys. Middle America, as well as people like you and me -- cynical outsiders -- just don't bother to vote. And yet, these people are often the most vocal when it comes to what should be done about various issues. Online voting could finally give the people the power they wish they had -- there wouldn't be such a wide schism between policy and popular opinion.

Sure, true online voting may be a few decades off still, as there's still numerous security hassles and other issues to iron out. But it's exciting to see that we may finally be able to fulfill the promise of democracy at last.

Re:A great step in the right direction

[Pentagram]

If someone can't even be bothered to walk down to a polling station to vote, I don't think s/he has the intelligence to understand the issues anyway. I'm not sure we /should/ make it any easier for people to vote anyway. This is also the reason why I'm against fines for people who don't vote.

Re:A great step in the right direction

[Hewligan]

I work for a students' association, and I remember a coouple of years back we tried a form of electronic voting - in this case using a telephone system rather than the internet.

We'd always had low turnouts for elections, and it was hoped that by being more convenient this would improve the situation. Quite the opposite, in fact. The turnout was one of the lowest in the student union's history. Worse yet, a large proportion of the people screwed it up and didn't get their votes counted at all.

I realise it's not quite the same thing, but the principle's the same. People don't trust that new-fangled technology bollix, and when they use it they screw it up.

And when you throw in the fact that students tend to be more technically literate than most...

Most people can handle the technology behind a felt tip pen. Let's not confuse them.

Social Underclass?

[Tom+Badran]

If online voting takes over completely, then the goverments surely will have to put measures in place that allow 100% of the voting population to gain access to a computer connected to the internet. Obviuosly the simple solution is to have polling stations like now just with computers in instead. It does however mean that the rich are more likely to vote and the poor maybe less likely, shifting the balance of power. Ill stop ranting now.

Reform party? it's a simple system . . .

[Money__]

. . .That only have to count 3 votes. ;)

Online Voting vs. Online Shopping

[krystal_blade]

The context of Online voting came up a while ago, as soon as secure online shopping was a reality. The comparisons of the two are fairly similar to comparing apples to oranges (or, to the geeks, like comparing Crosswords to Sapphire encryption)

Online voting has the ability to be corrupted in several ways. First, and foremost, most people assume that a "one social, one time" style system could work, since anyone logging into an electronic voting booth would be required to give his/her voter info (some states have codes, others mimic SSN's) once a particular code, or SSN was given, and voting completed, that person would not be allowed to vote again.

There are a few major problems with this though. Quite a few Americans do not vote. While I am not going to go into the psychology, and ramifications of NOT voting, I will say that not participating is their right, and should not be violated. Electronic Voting "could" easily circumvent someones wishes simply because there are sites that have information on them that are more or less unsecure. I'm not saying someone with a couple kiddie scripts could do it, but a true cracker out to "change" the system would probably find it fairly easy.

IMO (which I do not consider humble, by the way) Not voting is extremely stupid. I defend it, but I don't personally think it's right. I also firmly beleive that stealing someone elses vote is criminal, much worse than that person not voting at all.

While there are security items that can cure this, they are still a long way in coming. Retinal Scans, SSN's and hard encryption, along with fingerprint scanners are one way to go. They already exist, and are becoming more mainstream every day. These will make online voting a reality, and a secured one at that.

There will always be ways to circumvent a system. There always were, even in the old "click and pull the lever" systems. Forged Voters ID cards, fake documents, phony voters lists, and multiple voting are a few. The problem was that with these, 1. A person had to physically be there to vote, which took time. 2. Someone had to come up with a voters list, which took time. 3. Documents had to be forged, which took time.

By allowing electronic voting, you can speed up the above three things to damn near instantaneous. A small group of people playing over a large field could have a exponentially more significant impact on the final tally than before.

I would approach electronic voting with eyes open, alert, and fully concious of the ramifications of getting it wrong the first time. After all, the people we chose to lead, lead us to where THEY want to go; pray you chose someone you can stand to follow.

krystal_blade

Ross, Pat, and Greg

[ekmo]

Pat: Okay Ross, I got pat-or-ross-2000.com all setup and ready to go...
Ross: Can we take a look at how many votes we are each getting?
Pat: That is weird. No votes are coming in for either of us; it must not be working.
Ross: Maybe out friends at Columbia Internet can help. (dialing telephone...)
Greg: Hello this is Greg.
Pat: Why is not our site working?
Greg: Give me a minute, I have to finish installing Linux before Daemon comes back.
Pat: Hurry up!
Greg: The site seems to be working just fine; I just cast my test vote.
Ross: I see that, ONE VOTE FOR YOU!
Pat: Do you think you could do that a couple more times?
Daemon: What os going on here!

Booths

[um...+Lucas]

Voting booths, and their amazing low-tech privacy method (a cloth drawn behind you), literally beat the socks off of anything available in the digital world... Right now husbands and wives can cast separate votes on issues and not have it thrust in their faces, so they get by. What happens when voting is done from the den, with one person sitting right next to the other? What if they've been arguing about an issue for hours and one party just wants to get to sleep so they cast their vote, in plain site of the other, for something they don't necessarily agree with?

Aside from all the verification and other security concerns, confidentiality is one that had better not get overlooked.

The impossibility of Online Voting

[jd]

Whilst I firmly believe that computers and technology are vital in a modern society, I do not see any place for them in voting.

Why is this?

Well, here are a few of my reasons:

• Impossible to verify the person. You can verify a computer (X.509 certificates, public key encryption, IPSec, etc), but verifying a person is simply not possible. Once something is stored on a computer, it can be copied =EXACTLY= to another computer, as many times as you like. Here, if you have biometric capture and key capture, a malicious person could replay exactly what you enter, fingerprints, retina prints and all. There would be NO way for the voting system to tell which was the real person and which was a replay attack.
• Voter fraud within the existing system is rampant, with companies exercising "block votes" for their employees. If there's a general unwillingness to secure the existing manual voting system, and there are significant numbers of fraudulant voters, changing the system won't change the attitudes. There is no "quick fix" here. You have to change the attitudes FIRST, and THEN change the methods.
• Lastly, electronic voting won't encourage any more people to vote. Many people are apathetic for a number of reasons, not least that ALL the candidates are seen as corrupt and degenerate. Allowing someone to vote online won't change that. Adding a RON entry (Re-Open Nominations) might. If voters have the option of rejecting ALL candidates, then negative campaigning, slick sales-talk and promotional campaigns will be less effective and much less popular. We might see some reality for a change. After all, if RON keeps winning, the parties will be faced with two possibilities. Give the people a =responsible= candidate, or face anarchy. To quote Servalan, from Blake's 7: "I will NOT be president of a ruined empire!"

the web isn't the answer to everything!

[jesterzog]

I know it's good for a lot of things, and maybe voting on small things can be one of them under certain circumstances. I don't think I'll ever believe that the net (as it is today) is anywhere near an ideal infrastructure for voting in major and important elections.

Even if all the encryption and validity and security and anonymity issues were worked out, there's nothing to guarantee that a neighbour hasn't walked into my home, pointed a gun in my face and ordered me to vote for someone.

The net could play a role in some areas, but allowing people to vote from places where the environment isn't controlled is a bad thing. Allow this and there's no way to guarantee that voters are voting at their own free will.

===

Reform Party

[Wellspring]

I think the other posts are covering online voting's problems and advantages pretty well, so I'll write about the other half of the question: the Reform Party and what the web can do for them. Disclaimer: I don't like them, but I will try very hard to be impartial.

The Reform Party is falling apart. Two years ago, when Governor Ventura was elected, the Reform Party was deeply divided between Ross Perot's people (pro-balanced budget, protectionist) and Jesse Ventura's faction (basically libertarian). Governor Ventura's campaign team made heavy use of the Web and email to organize his campaign, and received no help from the national Reform Party. Ventura felt that Perot was trying to dictate everything to his party.

Eventually, everything came to a head during the race for a Reform Party Chairman. Ventura and Perot each had their favorite guy, and Ventura's won. Perot spent about a year undermining him, and then his faction organized a 'surprise general meeting' where only Perot people managed to show up. They voted the chairman out, over objections that the convention had been illegally called. At one point, the situation at the meeting was so strong that the police had to be called to break up a fight. Ventura quit the party, saying the party was dead.

That's when Pat Buchanan showed up. His views are very different from Perot's. He believes in a national industrial policy, heavy protectionism, opposes immigration, etc. In many ways, he is the opposite of the Libertarians-- a liberal radical on economics, and a conservative radical on social issues.

He ran for President, and this time, Perot laid low. I don't know if he is trying to get out of politics (realizing that the Reform Party is pretty much dead) or if he is just trying to let the party onto its own feet (I think the Ventura thing killed the possibility of that happening).

Perot's faction, though, is pissed. Buchanan won the primary, but they say that he used non-Reform Party voters to do it (the point of a primary is to let a party know who its members support-- there isn't much point in having one if many of the voters will jump off the ticket if their man loses). Buchanan says he has expanded the appeal of the Reform party. The dispute got so tough that apparantly, the two factions are each holding their own convention, have nominated their own candidates, and each claim that they are the One True Reform Party.

Whichever party is the One True Reform Party is entitled to fifteen million dollars in federal campaign funds, so this question will probably end up in the courts. Ultimately, the Reform Party still isn't sure just what it actually stands for. It originally tried to be a vote for a moderate in a time when the Two Big Parties were seen as radical, ideological opposites who couldn't agree on anything. Now, people are more worried that the parties look too much the same. That pretty much squeezes the Reform Party out.

Now, at last: how will this affect on-line voting? Well, I'm not sure what they will be voting for at this stage-- they have their candidates (in fact, they have too many candidates!) and they have had their convention, such as it is. The web might have been a good forum for them to reconcile their differences, or hammer out a set of guiding principles. But their problem is that they are not a community.

Everyone on Slashdot starts with a certain level of similarity-- RMS and ESR (to shamelessly pick at a longstanding political feud) are still very similar in many ways. I don't know that Reform Party members have anything in common other than a feeling that they don't like where the country is going. They have formed into cults of personality which all have radically different views on what the party should be. And so, to be honest, I don't think that the internet can band-aid over all these differences and make their party work.

I think that Perot hung on for too long, and by not allowing the party to digest his views and Governor Ventura's, he turned the party politics into an adversarial mess. Parties are built on compromise and dialogue-- Perot basically destroyed the faction which didn't agree with him. I think the party is now suffering for it, and will finish flying to pieces this year. Add to that that people want the major parties to be more, not less, radicalized this year (that's why the Greens and Libertarians are doing so well), and you pretty much leave no place for Perot's people.

"Both" Reform Parties Nix E-Votes

According to an AP wire story on Yahoo, "both" Reform parties have rejected the electronic votes, charging fraud. Not a very promising start.

I personally do not trust politicians to manage any type of electroinc voting. Bill Clinton, uses "Buddy", the name of his dog, as the pass phrase for his smart card ID system. I know this because he told the national press, while using this pass phrase to sign a digital signature bill into law. Here as elsewhere, Clinton sets the best example he is capable of...

If I had to design an "e-voting" system, I would require a fingerprint-verified PGP key from every e-voter, and accept only PGP signed documents that validate correctly. The overhead on checking the keys would be signifigant: At minimum I would require a notarized statement bearing the user's key fingerprint, and random spot checks of at least 5% of these fingerprints via mail or phone, to detect organized fraud.

My system would leave anyone who can't or won't comply, out in the cold where they belong. No one who can't be bothered to install a secure open-source crypto app, can be trusted to maintain even tne most primitive safeguards against the theft of their certificates & passwords. E-voting must be treated as a privelige earned by compliance to security requirements, not some sort of "right" that We The Consumers were born with.

How it can be made to work...

[evanbd]

OK, in a brief crypto class I took we produced an online voting algorithm. Here's the way it works:

Through normal channels, each person gets their voter registration card. This card has a unique number on it, very long to reduce chance of being able to guess one correctly. Person goes to computer, sets up key pair, connects to central server, and encrypts and signs their number + ID info (name, age, etc). This proves that key pair belongs to person. Then comes the actual voting protocol. Let's assume for simplicity only one thing to vote on (Pat v. whoever).

I create 10 votes for pat and 10 votes for Ross (I am pretty sure it's not him but I don't remember the real guy's name; I'll use Ross). Each vote consists of a GUID, and who the vote is for. The GUID is a long number (128bit; longer if neede to prevent collisions) that is randomly generated. However, each Ross vote is paired with a Pat vote (same GUID). I then Blind the votes with a blinding function -- need the blinding factor to get the vote out. This is actually just multiplication by a large number; DES or equiv doesn't work here. I then sign each vote and encrypt to central office.

Central office gets all the votes, picks one to make valid, and asks for the blinding factors for the rest. It then decrypts, verifies, and unblinds these. It then checks that each is a valid vote and that the GUIDs come in pairs. For the last vote it decrypts, verifies, signs with a DIFFERENT KEY PAIR, encrypts to voter, and returns the vote (both of them). The voter then decrypts the vote, unblinds it, picks one, and sends it in to vote. This last step (submission) is not connected to the others; I could put my vote on a disk and take it to the library to vote if I'm paranoid.

So, this meets all the needed requirements:

One person, one vote: registration + GUID (can't submit vote more than once; central office won't sign more than one.
Anonymous: when I send in my vote, it no longer has my key connected to it, and the central office doesn't know the GUID.
can't be faked: partly in the registration, partly in the crypto.
Third party can't see: its encrypted
Third party can't change: same
I can cverify that I voted and who I voted for: I can send a request "who did this GUID vote for" to office, and it can tell me. If I'm paranoid, I worry about the central office tracking IPs and such, so I don't ask or ask from a library etc.

Did I miss anything?

---

Re:How it can be made to work...

[evanbd]

Depends on the number of voters/district :)

Basically, I wrote a (poorly optimized) Java program that did crypto. It couldn't do this, but I think I could have made it do it in about 30s/vote; Now, that is Sun Java 1.2 compiler and VM, which isn't fast, so I would assume about 5 s/vote on my PII-350. A few thousand (hundred thousand?) votes would probably need some sort of clustered thing. Now, if you put in special hardware to do the RSA, like say a 256-bit integer multipier chip, it gets much faster. The chip could be very deeply pipelined and run very fast, because there are lots of independent multiplications to do. But then, that's expensive too. So, I think it owuld be somewhat expensive, but not TOO much more so than what's currently used.

---