Electronic Voting: The Other Side of the Story

_randy_64 writes "We've all read about the perils of online voting. But in an article in MIT's Tech Review, noted technologist Simson Garfinkel looks at the other side of the story and comes away thinking that e-voting might not be so bad, if done properly. He mentions several ways that traditional ballot voting is just as 'hackable' as the electronic version."

Why not use digital cash-like protocols?

[astrashe]

I don't understand why a cryptographic protocol using a blind signature can't be used to make an auditable voting system.

To me it seems like it could be a special case of the digital cash problem that guys like David Chaum worked on. You give everyone a single vote that they can cast -- a blob of data with a blinded digital signature. Then you let them spend them (vote) however they want.

You could even let candidates set up their own sites to collect their own votes. So someone could give Dean or Bush their vote, and then Dean or Bush could turn them into the election commision. It wouldn't be necessary to do that -- a central site makes more sense -- but wouldn't it be secure enough to let the candidates collect their own votes, with a realtime online election commision protecting against double voting?

If DigiCash is secure (and although it's been dead for a long time, I think it was considered secure), it seems like this should be secure.

The article is right when it points out that we have a lot of election fraud now -- it ought to be possible to improve things substantially.

Re:Why not use digital cash-like protocols?

[Mr.+Darl+McBride]

I think you've hit the nail on the head. The problem is that the new election systems are trying to mimic the old systems. Votes are accumulated and summed locally, and nothing but a number is sent upstream.

This model should be put to rest and replaced by something more secure, and more tuned to the technology we have today that wasn't available thousands of years ago when paper ballots were first put to use.

If the vote is trackable through the system today, but only by the originating party, then fraud would be rapidly exposed. If the voter's ballot is a key countersigned by the party receiving the vote upon voting, then anonynimity is protected, and all votes are provable in both directions.

Paper ballot problems

[Mr.+Darl+McBride]

It's not something that gets widely publicized, but it's pretty much the rule that paper elections have their problems -- S. Garfield could have spoken a bit more about this. Political analysts like to quote that for any election within 10% of a tie, it's a coin toss as to who really won.

Not to beat a dead horse, but this was very much the issue with the 2000 presidential election. When it became clear that Florida needed to be counted more carefully, it was discovered that boxes of ballots had been damaged, left in insecure locations, lost, or in one case even stolen. The large delays weren't on account of time needed to actually recount, but to establish how to compensate for the above, and for the fact that many boxes were discovered to never have been counted in the first place!

Election engineers constantly vow to correct these problems, but for 200 years, we've been having the same problems over and over. At times it almost seems like some parties simply don't want the problems solved!

voting customs make voting insecure

[commrade]

The mechanism of voting must be ethically secure from all forms of fraud. Currently, there is no standard voting mechanism. Paper voting machines, long the standard, are cumbersome and inefficient. Electronic voting mechanisms are prone to fraud from outside interestes or from internal corruption.

To solve the problem of voting fraud at a mechanical level, many would seek to improve the mechanism. These voting machines are, at their core, computers. From touchscreens to punchcards to beans in a hat, voting machines are all computational devices. There are limits to the security/infallibility of any secret voting machine. The mechanism can be tampered with at too many levels. Any mechanism installed to monitor another anti-fraud mechanism could be tampered with as well.

The only solution that comes to mind is public voting. Public voting would be the case that you let your vote be associated with you. No more voting anonymously. This may seem like a great loss of freedom, but consider the increased power it gives the public. Votes could be counted and recounted by several independant parties after and during the vote. Being responsible and accountable for the vote that you make might seem like a liablity, but it may be a small price to pay for equal and accurate representation.

There is a reason we have 3 branches of government

[StillNeedMoreCoffee]

Our forefathers didn't trust each other. They knew that opposing interests and herd behavior were dangerous things and devised a three part government that allowed things to go slowly enough and within sight of all (for the most part) as checks and balances to loosing our freedoms (current government take note).

One of the most successful business technologies in the past few centuries, that made business possible, was the creation of double entry bookkeeping, with its built in checks and balances. But even that is not enough, companies are audited by independent auditors (we usually independent, see what happens when they are not).

Without these transparancies of process and independent oversight we would have many more, Savings and Loan scandals, or Enron's or WorldComs. Even with those in place, greedy people will be constantly trying and finding ways around those controls.

So let's have a non-transparent centralized computer tally of votes. Lets require that citizens understand and or have the electronic technology to vote. We don't need to maintain our freedoms that badly do we?

Today they annouced another round of hackable exploits to Microsoft Office software. Also, today Taiwan is being attacked digitally from China.

Electronic technology itself isn't the answer. Encryption does not protect against attack, it only slows it down. Case in point, I have heard it said that the DES standard was adjusted to be fewer bits so only the large NSA computers could crack it. The government is nervous about any technology that prevents them the ability to spy on information or individuals. So then only the holders of the most computer resources could crack your vote. Do you trust who is in control of policy there now? Or more importanly do you trust who is going to be in control of those resources in the future. That is the fundemental pessimism that was built into our three branches of government for good reason. Any solution to the voting problem, and we do have a serious voting problem as exhibited by the last presidential election, needs to include transparent checks and balances, needs to be simple and non-technological for the voter, and needs to have the eyes of many people of differing views watching the process like a hawk. Our very future is at stake and we can't let it be controlled out of sight or hackable, by anyone.