Slashdot Mirror
Pentagon Cancels Internet Voting System
Ben B writes "The Pentagon won't use an Internet voting system for overseas U.S. citizens this fall because of concerns about its security, an official said Thursday. The official, who requested anonymity, said Deputy Defense Secretary Paul Wolfowitz made the decision to scrap the system because Pentagon officials were not certain they could 'assure the legitimacy of votes that would be cast.' Computer security experts who last month reviewed the Secure Electronic Registration and Voting Experiment, or SERVE, had urged the Pentagon to scrap the system, saying it was too vulnerable."
The projects home page states that it "will let eligible U.S. citizens vote from any Windows-based computer with Internet access" WHAT? Making it harder for linux users to vote? (and as a result having less of them represented) Supporting Microsoft?
I don't see how this got so far already.
Today I drop my ballot in the mailbox (I live in a mail-in ballot state) and just have to trust everything is on the up and up from there.
What I would like instead is to have every voter to get a receipt when they vote, that uniquely identifies their precinct and vote, and shows a unique number for that vote/voter combo. Something like:
Vote #: 54353654354 Precinct: 58 Voted for: Mickey Mouse (or whoever)
Then I'd like those all those numbers published somewhere after every election so that anybody can download it. Note that my vote is still anonymous, nobody knows who vote 54353654354 is because of the nature of one way functions.
Any voter could go look at the published list to see that their vote was counted correctly. If it was counted incorrectly (I.e. the count showed my vote to be for Dopey instead of Mickey Mouse), then I could step forward with my biometric data to prove it. If enough people step forward, the election was clearly bogus and needs to be redone.
Any voter could download the entire list and count the votes for themselves, at least minimizing the chances of large #s of votes appearing out of thin air in any particular precinct, and making counting of votes very clear and open to all to verify.
Is it foolproof? Nope, but it is a lot more transparent process than we have today, where I have no visibility whatsoever into my vote being counted, what the real totals where, etc.
Actually, I do have a partial solution to spam, but in involves changing the email protocol to require the SENDER to store the email, rather than the receiver. The current protocol was devised in uucp days, when it was common to store-and-forward email over several dial-up hops to it's destination. These days, everybody that has an email server also has a web server. If you sent only a URL and (optional) encryption/access key via the old protcol, then retrieved the rest of the message from the URL, this would elimate spoofing and put more of the burden on the sender and less on the receiver. It would also be more efficient -- currently, if I send the exact same message to 100 people, it uses up 100 times the size of the message in disk space on the receiver's servers. But if was stored on the sender's server, it could use the same copy for everybody! Yes, there is some additional overhead to track whether specific addressees have downloaded the message and determine when to delete it, but I think with some work it could be turned into a useful system -- certainly an improvement over the current system.
"Freedom means freedom for everybody" -- Dick Cheney
Yes. You are missing something. The fundamental problem with internet voting is that it needs to be able to assure three things:
First, that the person voting is eligible to vote. This is not too hard to do. We know how to verify identity, though there are a few issues with this that are not present in a financial relationship.
Second, that the person's vote is anonymous. Anonymous voting is trivially implmented. There is a problem when you combine the above verification requirement with the need to keep a given person's vote secret.
Third, that the election be auditable. THere was yeling and finger-pointing in the last American presidential election. Could you imagine what it would be like if votes just suddenly marterialized out of the ether with no way to audit them?
Combine all three of the above requirements and you have a very tough problem at hand. We don't want to be able to have some political hack analyze the raw vote data and b able to say "Joe Blow voted for candidate X, as this could, for various reasons result in repercussions of one kind or another on Joe, thus allowing others to intimidate his vote.
This is one reason why I really dislike mail-in ballots. Mail ballots allow an agent of Party y to hand an absentee ballot to Joe, make sure he marks for the 'correct' candidate, and then mail it in, assured of the vote rendered. It is a also a sitation custom made for fraud on a massive scale. With in-person voting, party X can pay Joe $5 dollars to vote, but when Joe deposits the ballot in the box, there is no way to guarantee that Joe voted "correctly".
Now, there some bright fellows have proposed cryptographic protocols that solve the problems mentioned above. Unfortunately, you are dealing with an electorate too stupid to figure out how to punch holes in a ballot reliably. The Protocols for secure, anonymous internet voting are far too complex to ever be used in the real world.
This is an ex-parrot!
Back in the day people were ignorant and there were far fewer voters to persuade in order to determing an election by a) buying votes or b) forcibly compelling them.
In the present day there are millions of voters and we have very good methods of criminal science and investigation to deter lawbreakers. (Now this may not be relevant to regional elections as the number of voters as well as imperative to dissuade criminal activities are lessened.)
SO if someone did want to buy off an election how much would they have to spend to get even 2% of the vote? The CIA factboook says there are a little over 290 million people in the USA, around 60% of whom are of voting age... minus inelligibles, lets say 45% just to be safe, that's a little over 130 million people, lets say that 10% actually vote.. 13 million. 2% of that is 260,000 people for a presidential election. I don't know anyone who'd sell their vote for $10 but just for the hell of it... that would cost 2.6 million dollars to buy 2% of current voters. Now if you brought in all the non-voting but elligibles... the chances are greater that more people would sell their votes but the percent of total voters would change accordingly, meaning that the more voters there are, the less an individual vote counts, so it would take even more money to buy 2%.
Granted that 2.6 million isn't a lot compared to how much the candidates or their parties spend already... but it is illegal, so they would have to somehow pay off that number of people for that large sum of money AND hide it all from the government, the people, the media, etc.
This assumes that people would be willing to commit fraud a federal crime for $10 and risk going to federal prison for any number of years (I don't know the penalties).
As far as extortion goes, extortion is a crime. How many lackeys are really willing to put pressure on people for this? Knowing that they personally can't possibly convince enough people to make a difference.
The question is... do we really need an anonymous vote in the present day? SO what if your friend give you a hard time, you probably already tell them who you voted for anyways and already suffer the ridicule or whatever. We have anti-descrimination laws already on the books that could be extended to cover this as far as your job or any other official relationship is concerned.
Why not have your vote tied to you? The biggest drawback I can see is that you'll open yourself up to election related spam and direct mail campaigns every 4 years.
I'd like to hear about other real concerns and why we still need anonmous voting. bring it.
A fool throws a stone into a well and a thousand sages can not remove it.