US's First Internet Votes To Be Cast This Friday

longacre writes "If you thought online voting in America was a distant pipe dream (nightmare?), think again: the nation's first Internet-based voting system goes online this Friday, just days after the release of the Damning Report On Sequoia E-Voting Machine Security we discussed yesterday. In the first real world run of the Okaloosa Distance Ballot Piloting (ODBP) test program, election officials from Okaloosa County, Florida have set up kiosks in Germany, the UK and Japan where 600-700 absentee voters — mostly military personnel — are expected to cast ballots. Security experts still have many questions, of course, particularly on the potential for interception of voting data while it travels across oceans (via 'secure VPN'), the security of the kiosks ('hardened laptops' with no hard drives and other sensitive components disabled) and the security of the three data centers (one of which is itself housed overseas, in Barcelona, Spain), not to mention the fact that Florida doesn't exactly have a stellar record when it comes to vote counting. Florida's Dept. of State also has a fairly detailed outline of ODBP's components and processes [PDF]."

Re:WTF?!??

[sakdoctor]

Using encryption, exactly what you asked for can be done.
I suggest you start your reading by looking at blind signatures.

Of course, it won't be implemented correctly, but e-voting is mathematically possible.

Re:WTF?!??

[CaptainPatent]

I think you misinterpret what the intention is. While voting is cast back to the US via the internet, these are still electronic voting machines in a designated location for military serving overseas to vote at. Registration is still subject to the same checking procedure and you can't just do this from home. What the worry is deals with the addition to internet encryption / security and not registration checks.

Re:WTF?!??

[sakdoctor]

More specifically:

http://en.wikipedia.org/wiki/End-to-end_auditable_voting_systems

It's probably better...

[nsayer]

... than the alternative

Re:libertarian

[rtfa-troll]

Two things; a) banks can't. Fraud is a serious problem.

More importantly; b) banks get to try again. Most electronic cash transfers have two ends. It's in the interest of each one to check it goes right. If one end is committing fraud then the other end will complain. You can then reverse the transaction (if you have correctly identified the parties) or at least take security measures so it doesn't happen in future.

Voting is different. In order to avoid vote buying it has to happen in secret and for the most part if you can check your own vote you can also show someone else how you voted. This is much harder than securing most financial transactions.

Re:WTF?!??

[JesseMcDonald]

Well, let's look at how a traditional absentee ballot works:

To begin with, you have a list of eligible voters and some way of identifying each of them. This is easy enough to duplicate with public keys, passwords, whatever.

The ballot itself consists of an inner part, containing the actual selections, and an outer part, containing the voter's ID. The inner part is sealed, and remains that way until the ID portion has been stripped away.

The same thing can be done with encryption. Create the digital equivalent of an anonymous ballot, indicating your preferred candidates. Encrypt that ballot (with a "salt" value to ensure uniqueness) with the public key designated for the purpose. Sign the encrypted ballot with your own public key and submit it.

When the voting authorities receive your ballot they simply validate the signature and store it for later use, still in its encrypted and IDed form. If you change your mind, or the original ballot was submitted under duress, etc., you can submit a new ballot later or show up in person on the day of the vote, and the old ballot will be discarded unopened.

When it's time to count the votes -- after deleting the obsolete ballots of anyone who showed up in person -- the ID information is discarded (permanently) and the raw ballots are decrypted and counted. The tricky part is ensuring the complete destruction, or at least disassociation, of the ID data, but that's just a matter of developing the proper policies. The same concern applies regarding current absentee ballots.