Slashdot Mirror
Is Arizona's Internet Voting System Safe Enough?
JMcCloy writes "Kevin Poulsen, senior editor at Wired News, asks readers 'Is internet voting safe?' and has a poll at the end of the article. So far, 32% responding actually think that internet voting is worth it, risks and all. It is scary how easily people can be persuaded to trust a system that is so vulnerable." The system described, used in Arizona in last year's election process, isn't just checking a box and clicking a button, but Poulsen lays out some scenarios by which it could be subverted.
Yes 32%
No 22%
Ron Paul 46%
... an Internet poll about the "safety" of Internet polls.
Especially if you are "persuaded to trust" the results and derive some sort of observation from it.
I still refuse to believe that eventually we couldn't make Internet voting more secure than paper ballots.
I already consider online banking to be at least as secure as ATM transactions, and I see no reason why a properly designed online voting system couldn't be the same.
That being said, the current state of the industry is pathetic. For instance, not too long ago a Diebold machine was exploited by its anti-virus software. If you have anti-virus software running on your electronic voting system you're doing it wrong.
If I ever start a dictatorship, first thing I do, is get everybody voting electronically.
Although there are limited data available, all indications are that Internet voting is not hazardous. So far it doesn't seem to be carcinogenic, nor has anyone become pregnant or contracted an STD by Internet voting.
We have to assume that if the Internet is secure enough for us to buy stuff, then it is secure enough for voting. Certainly far more effort will be spent to make transactions involving money secure than to make voting secure. From a practical standpoint, only close elections can be stolen anyway. If a close election is stolen, then approximately the same number of persons disagree with the result as if the election were not stolen, so what difference does it really make from the standpoint of quality of outcome?
Woverly Harris Gooch, IV CTO American Fire and Bomb, LLC
There is a negative correlation between a knowledge of computer security and the desire to introduce Internet voting. The more you have of the first the less you want the second. If crackers can get into the Pentagon computers and when we find the plans of Marine Helicopter One in a Tehran coffee shop, then we should realize that getting into a domestic voting system to alter the results is trivial.
The voting machines are about the same security level as WEP.
Starting one day after computers are granted the right to vote.
Until then let's have people do it. If it's not important enough of an issue for some people to take the time to even count the votes, it's not important enough to put to a vote.
Help stamp out iliturcy.
So far, 32% responding actually think that internet voting is worth it, risks and all. It is scary how easily people can be persuaded to trust a system that is so vulnerable."
So you're saying that an internet poll (something that's guaranteed to have a bias towards everything internet) has a strong majority of people agreeing that internet voting is not worth it, and the conclusion you reach is that "[it's] scary how easily people can be persuaded to trust a system that is so vulnerable?" The numbers seem to suggest that it actually isn't all that easy to persuade people to trust such a system.
Done right, done well (Bruce Schneier outlines a secure voting system in Applied Cryptography), it's essentially the same thing as a mail-in ballot.
Right now computerized voting is a disaster, but it doesn't really *have* to be that way. Given the proper legal underpinnings, enforcing standards that have been created by a group of genuine experts (ie, not lobbyists), sure. On the other hand, traditional voting ain't broke. It takes a matter of hours to get a result in all but the closest elections. The current/old system works just fine, and if more money is spent, it should be on election monitors and the like, to enforce fair voting and fair counting.
Is Arizona's Internet Voting System Safe Enough? ... Thats a trick question lmao its gotta be hahahahahahahahahaha
The spelling and grammar police can kiss my ass
http://en.wikipedia.org/wiki/Radical_transparency
With things like 'registered republican' or 'registered democrat' in place, I see no problem with this.. Majority of people that do vote also do not cover their political views anyway, so do we really need anonymous voting ? E-voting or not, this is the only way for voting to be accountable and truly verifiable.
I have a feeling that the voters think its worth it risks and all because they wont have to leave their desk to vote. Safety comes into conflict with convenience here.
Because our Diebold machines are so accurate...
Whereas "true" Internet voting is a phenomenally bad idea (when implemented in a way that's acceptable to the majority of voters), the Arizona system isn't really Internet voting. It's more "absentee ballots" that use the Internet as the delivery mechanism rather than the normal postal system.
Mail-in ballots are extremely common in Arizona ever since they changed the "absentee balloting" system into a more generic "everybody can use it" system. For instance, I have a ballot automatically mailed to be before every election, no matter how big or small, without me having to do anything but sign up a couple years ago. It's very slick.
The ballot is a normal paper one exactly like those found in the polling place. I fill it out by completing arrows pointing to my choice (easy and not even remotely ambiguous) then put it in a specially coded envelope that I sign and mail in. On the other end, a poll worker opens the envelope, marks that I voted (to prevent multiple votes), saves off my signature, and puts the ballot through the normal recording devices to record my vote. The voter lists in my local polling place have me marked as "mail in" so if I were to drop by on election day, they would accept my ballot but it would only be counted after all other ballots are counted and they can verify that I hadn't already voted.
It's extremely convenient and has made the difference between voting only in the major elections to voting in all of them (and learning a lot more about local candidates in the process). The drawback is that I have to trust that my vote isn't tied with my name. See, when you are at a polling station, then they record that you voted, but your actual ballot isn't in any way tied to you. With the mail-in process, it's possible that that is still the case (maybe the person/system opening the envelopes isn't the one recording the votes)... but you can't know for sure. For all I know, they may have a database mapping people with who they vote for. Honestly, that doesn't bother me at this point. I am pretty vocal about who I vote for and have even publicly posting my voting lists for the world to see before. I guess I would stop the mail-in only if I had reason to believe that my vote wasn't being counted.
Anyway, that's the mail-in system. The "Internet voting" system is effectively that but for people overseas. That option was never available for me since I'm local. The only difference is that instead of putting their ballot into an envelope and signing that, they instead scan it in and upload it to a server. Everything else is identical.
The article does make a few good points on some ways that that system could be subverted. Yeah, there are definitely a few more attack points... but they seem a little far fetched at this point. The level of effort required to implement any of the attack vectors would only be worth it if done at a bigger scale. That is, if this started being available to ALL AZ residents, then it starts to matter. For now... meh.
The last few Federal elections in the USA have revealed significant voting machine flaws (both mechanical and electronic) anyway. Actually, I'm bewildered that the gov't doesn't hire professional designers to clearly lay out printed and electronic ballots. The ones I've seen look like they were designed by the sort of person who self-publishes a conspiracy theory newsletter.
You better have voted correctly or you're going to get your legs broken.
Yes we need a secret ballot.
If you are fool enough to trust unions substitute employer, same answer.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
The bad thing is work can force you to vote there way my makeing you vote at work while they see the why that you are voting.
You have got to be kidding.
Were you watching Minnesota in the last congressional election?
How many ballots have to be 'found' a week after the election to be more then a 'bit of fraud'?
Amazing how they 'found' just enough ballots for their chosen party to pull out the election.
Nothing matters unless they also fix the registration fraud problem anyway.
If you can 'vote early and often' it doesn't matter how you are voting.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
But security isn't the question. The problem is that with secure and anonymous electronic voting there is no outside way to verify that the results reported have anything to do with the votes cast. Whoever controls the system can make it report whatever results they want, and there's no way to tell if they are telling the truth or not. If your first thought is "well, make it open source," think again.
The difference being that the banks (which run both ATMs and online banking sites) don't also control the money supply. If they did (e.g., if they could just create money the way the government does) we'd have a major problem. No matter how secure the process is, once it subsumes enough levels that you have know way of knowing if it's just reporting made-up numbers, you have a problem.
--MarkusQ
...but I haven't voted in the last 3 elections because I simply can't/don't'/won't stand in line at a local elementary school/post office/whatever to cast a ballot. It's time away from work or my family - and I honestly feel like I'm part of the country where my vote doesn't matter (thanks EC).
If I could do my polling online, I would be voting every time, and probably paying more attention to the elections because people like me could vote. Even if I had been blue or red in the last 20 elections, I still wouldn't feel that manually voting was such a waste of time...maybe there's more people like me.
On the flipside, this also opens the gates to shitholes on the internet like 4chan amassing armies to vote for Rick Astley.
From my reading of the description, the system that Arizona has isn't all that much more insecure than the paper system they have. There are a very few more ways to attack it, but I think that to perpetrate a major attack, it would be easier to make the attack on the paper side. Given that, I think the electronic system is "secure enough", at least until they make the paper system more secure.
As others have already pointed out, it becomes impossible to verify that our elections officials are acting honestly. Some do; some don't; most have an unfounded trust in their employees/volunteers (to not assist in fraud). This is the big problem.
There are myriad other problems too. What happens if the polls are closed early by to a DDoS attack? How can you guarantee the server won't be hacked? (It happens to banks sometimes.) What about the machines people are voting from? If they're voting from home (and not a kiosk), you can tell your computer to vote for candidate A, your computer can tell you that you voted for candidate A, but the botnet virus on your machine may have voted on your behalf for candidate B.
We're miles away from free and fair elections, but Internet voting is the wrong direction to travel to get there.
I won't join Slashcott. OTOH, If Beta goes live, I just won't be back until it's fixed. Sorry Dice.
If the US had "proper" laws controlling the press, this might not be a problem. If TV News had a shred of ethics, this might not be a problem. Neither is the case, so we are faced with a very difficult situation.
The TV News is going to announce a winner before everyone goes to bed. In the case of national elections, this pretty much means midnight Eastern time. They have to do this or they lose relevence and people won't bother watching their election coverage. This then directly affects ratings and they lose money. Big money, on the order of millions of dollars. It is also the case in the US that if Station A doesn't announce a winner then Station B will. No getting away from it.
So we can either have made-up results that are based on exit polls, surveys and trends or we can have official results. One way or the other, there will be results. In 2000 Al Gore was announced the winner a few minutes before midnight by CBS. Nobody else went along with it. However, everyone watching CBS who went to be before the 2:00 AM retraction was convinced the next morning that Bush stole the election right out from under Gore.
Can you imagine if CBS had announced McCain the winner at midnight only to retract it later? What about in 2012? Can we have TV News announcing unofficial winners of national elections? Why is it in the US we are doing this when other countries can take a couple of weeks to announce a winner? No, I don't think the US is going to change and I do not think we are going to get laws passed to prevent news organizations from announcing unofficial results. And there is no way the TV News people are just going to wake up and decide that it might be unethical to announce a winner prematurely.
So we better have quick official results. Official. Binding. Maybe not 100% accurate, but quick. This is one of those cases where there needs to be an answer, a final answer, right away. Doesn't have to be the perfect answer, but it does have to be final.
And how do you know that the code running on the server is the same as the code that was opened for public review? How can you ever be sure that an "administrator" (or hacker) hasn't updated values in the database? There are too many possible problems, even running open source. There would need to be a bullet proof algorithm in place, and nobody has proposed one yet (that I've read, and I've looked). I'm willing to admit the possibility, but I think it is impossible.
I won't join Slashcott. OTOH, If Beta goes live, I just won't be back until it's fixed. Sorry Dice.
There is a solution to ALL election fraud - the Robinson Method.
Read about it here:
http://paul-robinson.us/index.php?blog=5&title=the_robinson_method_a_really_simple_way_&more=1&c=1&tb=1&pb=1
Instant results. No fraud. Huge savings in money and time. Ballot boxes in public view at ALL times, from the beginning of the election when they are empty, to the end of the election, when the winner will be clearly visible to all, the minute the final vote has been cast.
Electronic voting was only brought in so that the FRAUD would be easier.
Ask your representative what they think about the Robinson Method - if they tell you they are against it, you can work out what they believe about democracy.
Yeah right - I'm sure that wouldn't end up on the news...
Any change, technological or otherwise, that reduces the influence of the idiots in this state can only be a good thing. Sweet merciful Christ, just look at our senators, our representatives... Napolitano is the first governor in decades that didn't end her term in disgrace or prison, and she gets promoted out-of-state. McCain is our sane senator.
Poulsen's avenue of attack is discussed as if it were an intractable problem of Internet voting. Really, Arizona could defeat this attack with a simple addition to the process: require an additional mailed copy of the ballot. Compare the physical copy with the electronic copy. If anyone's differs significantly, you know there's someone trying to rig the election. As an added bonus, you have a trail for the FBI to follow in determining who's going to spend some quality time in a small room.
I'm a lawyer, but not yours. I wouldn't represent someone who thinks taking legal advice from Slashdot is a good idea.
No, it is illegal to stop someone from going to a polling place to vote if you're an employer, this includes holding it against them or firing them for it. All you can do is refuse to pay them for time spent doing it. Same with if you volunteer to be a poll worker, it's like jury duty...
If every vote were digitally signed, internet voting would be secure. Yes, there would need to be added privacy protections, similar to HIPPA for medical records, to prevent the aggregation of one's voting history, but it would certainly be secure. The simple fact is that it's not *internet voting* that is difficult to secure, it is *anonymous internet voting* that is impossible to secure. People who wish to vote via paper should be able to continue to do so, but if on the internet persons should simply register a X.509 Public Key with their local government to use to validate votes signed with the corresponding Private Key. I for one would welcome internet voting, even at the price of risking my voting history being tracked, because it would INCREASE the voice of the people and DECREASE the voice of corporations and the politicians those corporations support through contributions.
Frankly, the loss of power by the "gatekeepers" of democracy -- political parties and elected politicians -- is the primary reason internet voting will not ever become possible. All the gatekeepers have a strong interest in keeping the cost of consulting the citizens as high as possible. More's the pity.
I actually have the opposite view. I think the reason electronic voting is being done so poorly is to prevent allowing a true democracy strip the power from the current 2 party system.
While not simple to get right, a effective convenient secure system would make voting too simple. We could actually have more rounds of votes, and eliminate needing just 2 candidates at the beginning of the election. More issues could be voted on, more laws, quicker correction on corrupt politicans, etc, etc. Those in power have much more interest in preventing trust-able e-voting than not.
We have to assume that if the Internet is secure enough for us to buy stuff, then it is secure enough for voting.
Not true, for several reasons. There are several additional security constraints on voting. For example, you cannot be allowed to prove how you voted. Therefore, you cannot receive feedback on how you voted. You can't "balance your checkbook", so to speak. They know this and can set the online balance to whatever they choose. That's without hacker involvement. Online purchases are actually much riskier than most people are willing to consider. "Identity theft" has skyrocketed, and compromising online purchases is one way that's done. Sure the transmission may be secure, but either the client or server may be compromised (and are, regularly). Banks have simply decided to live with a particular level of fraud. HTTPS is only a small part in the equation.
From a practical standpoint, only close elections can be stolen anyway.
Again, not true. The public only needs to belive that it was close. That's not too hard, really.
If a close election is stolen, then approximately the same number of persons disagree with the result as if the election were not stolen, so what difference does it really make from the standpoint of quality of outcome?
I see your point from a pragmatic point of view, but I disagree. I don't want to see people with power getting away with abusing us and grabing more power. It's the principle of the thing. Besides, we don't want to encourage corruption. Period.
I won't join Slashcott. OTOH, If Beta goes live, I just won't be back until it's fixed. Sorry Dice.
Marble Cake Also The Game
Which would mean we need this. http://en.wikipedia.org/wiki/Bureau_of_Sabotage
Because the mob can be non-sentient.
I'd go on a Vegan diet but the delivery time from Vega is too long. --brownkitty
Ask your representative what they think about the Robinson Method
lol, wow Mr. Robinson, you're seriously deluded if a) you think posting as AC will fool us and b) you really think anyone would know about your "method", let alone care. You're just a blogger, with everything it implies about how no one cares about whatever you gotta say. Besides, I couldn't bring myself to read your suggestion that would probably fill 20 pages when printed, but it seems very convoluted and basically be not electronic voting. Paper voting works very well, no need for some complicated bullshit.
any place I've submitted it has basically rejected the idea out of hand and has made no comment on it.
Get the fucking hint, if no one cares even to tell you what's wrong with your suggestion, it's probably because they don't consider it even worthy of commenting. Seriously, get the hint. Stop blogging, that shit sucks. Do something worthwhile, like spending time your family, or go to a pub and meet people. Or better yet work out, weighting 400 lbs is hardly healthy.
You just got troll'd!
I am politically active student (Member of the Left Youth of Finland, etc.) in a country that doesn't use two party system and I disagree with all of your points.
I actually have the opposite view. I think the reason electronic voting is being done so poorly is to prevent allowing a true democracy strip the power from the current 2 party system.
Well, I live in a country which has never used electronic voting in electing the parliament. There are currently 14 active political parties in Finland (15 in a few weeks as the Pirate Party recently managed to get enough supporters to register themselves as a party), 8 of which are currently represented in the parliament. (The remaining parties only have representatives at municipal level).
You can't blame the two party system on normal voting being so complicated and electronic voting being the answer or anything. It is political system that has it's merits and flaws but it not only can be but is also very easy to implement even without electronic voting.
While not simple to get right, a effective convenient secure system would make voting too simple. We could actually have more rounds of votes, and eliminate needing just 2 candidates at the beginning of the election.
We have more than two candidates here with still a few rounds of votes. We use this method. Each party has it's own list. Let's say I vote a candidate in the Left Alliance as do 1000 others. The most popular candidate within the left alliance gets 1000 votes, the second most popular within the left alliance gets 500 votes, the third most popular gets 333 votes... After that, candidates from all parties use those numbers to see who gets elected. Again, it has it's flaws but it works quite well.
More issues could be voted on, more laws, quicker correction on corrupt politicans, etc, etc. Those in power have much more interest in preventing trust-able e-voting than not.
Direct democracy is beautiful idea. However... If your problem is that you feel people don't pay enough attention to politics in elections (they don't remember the bad decisions politician have made, etc.) then how do you expect them to pay enough attention that they would have good, well thought out and educated opinion on even more issues?
Also... We aren't talking about electronic voting here. We are talking about internet voting. The kind where violent husband can force his wife to vote for extremist parties because there can not be any precautions to protect from that.
Someone tag it marblecakealsothegame. Not saying that Arizona's voting system would be even remotely as exploitable as Time's.
You just got troll'd!
Phooey. For any such system you can devise, it would be possible to implement a "mock-up" system that appeared to use your clever safe, secure, and trustworthy system but in fact did not (to see this just consider the fact that any software solution could itself be simulated in software). This simulation could be presented to the user while the actual election was run by a guy in another city with a spreadsheet.
If the electronic system encompasses enough of the process and provides perfect anonymity there is no way to be certain that the results are coming from the process you designed and not from some clever simulation of it that looks the same but fudges the results.
-- MarkusQ
...about the secret ballot in the voting booth. It used to be years ago surveillance cameras were rather large and obvious..now...I doubt you'd even see one hidden on the wall behind your secure little cubbyhole stand they provide, or the ceiling overhead. Even if they couldn't get a secure shot of the vote, they could combine your face and persona with an additional TEMPEST rig type thing that was recording the tallies remotely in the next room to be relayed further, etc, and just matching the timestamps then.
Of course, I don't think that is happening much at all (yet), although I would bet there are a few cameras out there in various polling places...
With that said, I don't think the e-vote fraud goes on much at the client/individual voting booth level, it is one step upstream where the tallies occur on that computer, the one hardly anyone ever looks at or thinks about. They want you fixated on YOUR vote being allegedly secure, when the GROSS VOTE COUNTING is the place where big swings could be introduced with far fewer problems or risks to them of being found out.
Last time I voted, I wasn't strip-searched for cameras.
Here's how Tony the Mobster buys your vote: you'll deliver to him a small video of you in the booth, with the ballot clearly made out as a vote for what he wants, and you exiting the booth putting the vote in the urn. The he won't shoot your kneecaps.
He'll probably even help you with a good enough covert camera if your cell phone will attract too much attention.
Anybody got an idea for how to limit this? Tony is a resourceful man, he can send goons to your polling station who'll observe you...
What a brilliant argument. I'm not Mr.Robinson.
But you obviously ARE too stupid to actually read his simple description of a fraud proof, instant result voting method.
How do you KNOW "paper voting works very well"?
"No need for some complicated bullshit"...
Aaahhhh... did the complicated idea bother you?
The Robinson Method is the SIMPLEST voting method possible. And you were too stupid to even understand it, and publicly stated as much! Way to go!
Meanwhile, back in the real world, voting fraud is endemic in so-called 'democracies', just search on Youtube for 'New Hampshire voting fraud'...
Ok, what the hell. The title; "The 'Robinson Method' a really simple way to have trustworthy elections".
Fine. Did you see how long it took to explain? And I thought STV was difficult to explain! Anything that requires 4000+ words to explain is either not simple or badly explained. I suspect in this case it's a little from column a and a little from column b.
All intents and purposes. Not intensive purposes.
The system you linked to has numerous obvious flaws for internet voting, even after skipping over the fact that it isn't intended for use in an unsupervised environment. For example, a compromised machine could simply delay transmission of a ballot it wished to tamper with until after the user had decided to challenge or cast it. Likewise, the central tabulator could still produce bogus results. And there appears to be nothing that would prevent the transmission of phantom ballots for voters who never showed up. And so on.
-- MarkusQ
But security isn't the question. The problem is that with secure and anonymous electronic voting there is no outside way to verify that the results reported have anything to do with the votes cast.
Have a look at this: http://en.wikipedia.org/wiki/End-to-end_auditable_voting_systems
What you might be saying (and what I'll claim) isn't that there is no secure way of implementing the currently implemented protocol. It's that it's the wrong protocol, since it's basically "1. Tell the vote-counter what your vote is; 2. trust the vote-counter to report the correct final tally."
There are ways to remove the trust requirement.
A democracy cannot exist as a permanent form of government. It can only last until the voters discover that they can vote themselves money from the Public Treasury. From that moment on the majority always votes for candidates promising the most benefits from the Public Treasury, with a result that a democracy always collapses over loose fiscal policy, always followed by a dictatorship. The average age of the world's great civilizations has been 200 years. These nations have progressed through the following sequence:
From bondage to spiritual faith;
From spiritual faith to great courage;
From courage to liberty;
From liberty to abundance;
From abundance to selfishness;
From selfishness to complacency;
From complacency to apathy;
From apathy to dependency;
From dependency back into bondage.
Alexander Fraser Tytler - 1805
So where in that cycle do you think we are now?
Edwin
Slash tends to be inhabited by techies who 'get it' but I'm thinking the same thing....
4chan ...
4chan
4chan
4chan
4chan
Can't wait until the first letters of the winners spell MUDKIPS!!
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Well, when moot is elected president in 2012 or something, I guess we'll know if it's safe or not.
Friend: "The NIC is misconfigured..." Me: "No prob, I'll just telnet in and fix it." *Silence*
as if "simple" voting (really? electronic voting is "simple"?) is the only thing keeping the two party system in place
you're an idiot or a troll, and not a very good one at that
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Of course you're not the brilliant Mr. Robinson, you're just one of his numerous avid fans who cruise the interwebs to benevolently spread his word and who coincidentally happen to post on Slashdot just like him.
And like I said, no one cares. Besides it was TL;DR. Anyways, have fun wasting your time fighting windmills, eventually you'll realise that even if you think your idea is the best idea since sliced bread, still no one will care about it.
You just got troll'd!
I'd rather have the sweedish hackers voting for arizona (home of john McCain) than arizona folks. So yes it's safe in that sense.
Some drink at the fountain of knowledge. Others just gargle.
I've been answering this question since I did my master's work on the subject 10 years ago. I commented in particular on an Arizona e-primary trial at one point.
As low-tech as it seems, there really are some useful properties of paper-based systems that seem hard to achieve when the physical tokens are removed.
Here are some recent and not-so-recent posts:
http://slashdot.org/comments.pl?sid=6507&cid=940549 Re:Hrmph. Voting unsafe? July 12th, 2000
http://slashdot.org/comments.pl?sid=27682&cid=2975240 Re:All the arguments against online elections *02:06 PM February 8th, 2002
http://slashdot.org/comments.pl?sid=53211&cid=5263219 Re:Verifiable vote swapping is and should be illeg *05:17 AM February 9th, 2003
http://slashdot.org/comments.pl?sid=70945&cid=6434503 Re:There is always a Way *12:06 PM July 14th, 2003
http://slashdot.org/comments.pl?sid=77420&cid=6901725 Re:Why not use digital cash-like protocols? *01:49 PM September 8th, 2003
http://slashdot.org/comments.pl?sid=605423&cid=24086593 Re:The problem *01:56 PM July 7th, 2008
Finally, I recently had a several post long discussion with a fellow slashdotter underneath this May 29 2009 post:
http://slashdot.org/comments.pl?sid=1249937&cid=28144379
The caveat is that you would have to trust a machine that you cannot trust: The voter's computer.
You would have to send the voter a sealed machine that he MUST NOT BE ABLE to manipulate in ANY way. Not because he could manipulate it, but because it could be manipulated by someone else without the voter's ... but even that wouldn't make it secure... allow me to start at the beginning.
Internet voting suffers from the same problem that internet banking suffers: The (lack of) security on the side of the user. The core problem is that neither you nor the user could verify whether the data sent to you was manipulated or not because you only see what the machine sends you, the user only sees what his machine displays to him. If the machine is compromised, neither you nor the user has a way to detect this. Well, technically the user could, but let's assume the average user and consider him a computer illiterate who couldn't tell a modem from a toaster.
Running a "check" against the machine is pointless as well. You only communicate with the machine you want to check through a defined protocol which can be hijacked as well. It does increase the stakes and it does increase the overhead for a potential attacker, but the "prize" we're talking about is to determine the politics of a county, state or country. I'd say it's usually worth it!
So you could put a tamper-proof machine into your voter's hands. Ok, then the attack has to happen at the ISP level, a DNS cache poinsoning or a reroute through an attacker's machines can at least block the votes that he deems "unfavorable", depending on the protocol it may enable him to actually change votes.
Sorry to burst that bubble. But you can NOT make internet voting safe. And, personally, democracy is IMO too important to trust it to something like the internet. Or machines in general.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I live in California, and we have electronic voting provided by Diebold. I can tell you that it works perfectly here!
Everyone votes, and a Republican or Democrat wins every time. I'm pretty sure that means democracy.
I hold very few opinions. I hold information based on observation and fact. If you wish to disagree, please use facts.
We could actually have more rounds of votes, and eliminate needing just 2 candidates at the beginning of the election
Excellent Idea!! And we could give this process of voting a name to denote its 'first round' qualities... something like 'primaries'. And we could have a really wide variety of positions and viewpoints which we then widdle down to 2.
Now to ensure a diverse set of viewpoints on the ballot these primaries could be broken up into multiple primaries run in parallel. We could call these grouped ideologies "Parties".
I really like this idea! Someone should get on it right away! /Sarcasm
If you ever bothered to actually give a shit about American Politics you might have noticed that we do in fact offer more than 2 choices at the beginning of the election. And that these multiple choices often run the gamut of political ideology. In some ways you might say Gravel was more similar to Ron Paul than they were to people in their own parties especially in viability.
Do you really think there was a large untapped electorate who really wanted to vote for Jon McCain but otherwise would have voted for Dennis Kucinich?
Go participate in primary season if you want more than two choices.
A hundred comments and no-one seems to have mentioned the problem we're seeing in the UK with postal votes: `heads of family' or even `community leaders' using it as an excuse for block voting. Postal voting was made available on demand, rather than requiring a reason, in the UK a few years ago, with the best of intentions. What's happened now is that oppressive fathers, oppressive husbands and in some cases soi-disant `community leaders' are able to force people to apply for a postal vote (or simply apply for a postal vote in their name and rely on their not complaining) and use it themselves. Internet voting has precisely the same problem: I can take my partner's vote, or my children's vote, and use it. We're now seeing horrendous corruption in certain parts of the country --- decency forbids me from saying where, but let's just say ``Inner city areas where every third shops is a sweet centre''.
You say that like it's a bad thing.
I mean, be honest, wouldn't it be fun? It's not like it matters, anyway.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Almost seems like the author has never heard of slugs or counterfeit coins. The only way to eliminate those two would be body cavity searches. Next...
One of these days I'm going to cut you into little pieces. - PF
The City of Halifax (HRM) had their last election via telephone and paper ballot. There were a few articles questioning it before but none after. Nobody questioned the company doing it, their code, any audits, or the cost. The reasoning was that the voter turnout was low and this would increase it. I don't think that voter turnout is a valid goal; in that increasing the quality of the vote might be. So lowering security to increase turnout might very well be lowering the quality of the voting twice. Encouraging lazy people to vote and risking tampering. My question is how to fight electronic voting. It is only a matter of time (if not already) that someone cheats and wins an electronically counted vote. I once worked at a poll. The entire system was set up to audit audit audit with the assumption that people would either try to cheat or at least screw up. So like a real poll where represetatives of each party get to watch the count each party should be allowed access to the code and to audit the system live in action. Minimally I would want a complete tap of the raw feed going into the computers so that I can play back the entire election into my own untampered computers.
Apperently your not talking the USA (must be south american, not aware of those systems.) If you have participated in the US system, then you would know that primaries are not open votes. Some states it takes all day to participate, other states didn't let in people wearing unapproved things, like Ron Paul buttons. Other states didn't get a vote at all, because it was going to cost to much to run a acceptable ballot. Some even going out of their way to make sure certain candidates couldn't get on the ballots in several states primaries.
If you don't think a quick trust-able election would improve turnout, and interest in the system, then we disagree. If you think the USA already has that system, then you should open your eyes a bit and pay attention to the whole USA.
after voting in this, and vote multiple times.
Because dumb questions deserve it.
Billy Brown rides on. Yolanda Green bypasses Gary White.
Seriously, you think this is a real problem? Get real.
For one, mail in voting is totally, 100% optional. You do it if you want, if not you go to the polling place. Hell you can even change your mind and go to the polling place instead of mail in.
As for coersion, ya because that's such a problem in your own home. I suppose your spouse could, in theory, coerce your voting however I'd argue that you shouldn't marry someone like that, and if you are willing to let yourself be pushed around like that, you'll probably do it in the voting booth as well. As for other sources, how are they going to do that? See turns out my house is mine, and I don't let anyone I don't want in. My employer can't barge in any time they feel like. I get to vote in my living room and nobody can watch me. I also don't have to worry about dealing with armed thugs trying to intimidate me (http://www.youtube.com/watch?v=neGbKHyGuHU) because the only armed thug in my house is, well, me.
So I really fail to see the problem here. If you don't think you can vote in privacy at home, then don't, go to a polling place. However if you want to vote at home, then do.
I love it personally. Not only is it easier, but it gives me far more access to information. When I am looking at things like propositions I can call up the full text on the Internet, find out who paid for its placement on the ballot, etc, etc. I have time to do research while voting, rather than trying to remember everything from beforehand.
Primaries are something that *the established parties* do to pick their candidates internally, using their own rules, and only allowing selection from declared members of the party (or possibly some subset thereof). The fact that you think that primaries are run by the state or subject to the same laws as real elections is all the more evidence that the parties are far too entrenched to allow fair elections.
Back in November a few days before elections, one of the group's members Jim March (if you google the name + Diebold, sequioa etc, you see that he is the real deal) sent a request to the group looking for volunteers to help monitor processes in the voting systems which were not being adequately tracked, such as "monitoring the 22 "regional receiving stations" where ballots come in from the field for modem uploads to the central tabulator" and "Those able to pull only a shorter shift can visit a polling place as it closes and photograph the end-of-day vote tallies as they come out of the precinct voting machines...before those votes can be hacked either in-route via memory card manipulation or at the central tabulator's MS-SQL database"
What went on on the list after this was a disturbing expose of the Maricopa County and Pima County arizona electronic voting systems. While these are not of the "download, vote scan and upload" variety, the similarites, and how "secure" voting systems may soon be implemented, raise many questions about the validity and security of using, among other things, unprotected access and ms-sql databases (with a protected front-end, mind you, but they are easily subverted by using Access or direct SQL commands on the databases, with NO PASSWORDS in some cases)
* On election night, observers spotted an MS-Access manual being referred to by the lead operator. MS-Access is banned from voting systems (ain't approved) and the Diebold central tabulator database is in MS-Access format. If you get to it with Diebold's front-end, it looks secure enough. Get to it in Access and all security falls apart completely...you can do anydamnthing you want.
* When we got the audit logs in December 2006, there was what appeared to be data manipulation plus they had peeked into who was winning and losing based on the mail-in vote five days *before* election day. This was illegal as hell, and they did this consistently across most elections - not just the RTA.
* We fought a public records suit, won, and found yet more rotten stuff including a lot of memory card re-uploads, more than any normal election ever. I'll go into details if anybody wants but let's just say, it looked bad.
>> MS-Access is banned from voting
>> systems (ain't approved)
> This is a very refreshing change from the status quo! Out of curiousity,
> what are the approved DBs for voting systems?
You're asking the wrong question :).
ONLY those pieces of software specifically used for elections can be used in elections, in most states anyhow, AZ being one of 'em.
The proprietary database front ends by Sequoia, Diebold and ES&S are approved. Sequoia uses an MS-SQL back end, Diebold uses the MS-Access runtime back end (they're switching to MS-SQL on the back end "soon") and I forget what ES&S is doing. But it's basically the same: proprietary front-end application, likely an MS back end.
In the case of Diebold, the MS-Access front end (the boxed consumer product) can communicate with the existing back-end and back-door the whole election. By diddling with the data files (which are .MDB
extension) in MS-Access, you can tweak the audit log, tweak vote
totals, basically do whatever you want, no password needed, no audit
trail even created.
On a more serious note: banks have procedures to prevent insiders from hacking accounts. You can't absolutely block people from doing it, but you can block people from tampering with the discovery/oversight mechanism. Serious computer accounting takes the term "audit log" seriously.
Diebold put the audit log into the MS-Access database as just another table.
Basically, if you can't trust the physical machines, how on earth will you be able to trust online voting? Sure, it isn't the "download, vote, scan and up
GNU/Linux: Freedom.
Two people have now complained about that specific part but I don't see what's wrong with that. I would appreciate it if you could elaborate further because I seem to simply not get something.
I think it illustrates quite valid point. When voting is done from home, nobody can enforce that everyone votes only for himself or the voting secrecy.
It means violent husbands can vote for their wifes. It means that politically oriented families can pressure their members to vote a certain way. Landlords, neighbors and numerous other groups can force someone to vote a specific way... Though they might not need to, they could likely grab his voting passwords, chip cards or whatever the implemented system is and vote instead of him.
Or was the problem the one specific example I gave to illustrate the point? I thought it worked pretty well to tell people what I meant so I doubt that it was bad just because it is a stereotype. That is just the reason why it works.
No, it's actually:
Yes 32%
No 22%
Cowboy Neal 46%
Just remember:
- Don't complain about lack of options. You've got to pick a few when you do multiple choice. Those are the breaks.
- This whole thing is wildly inaccurate. Rounding errors, ballot stuffers, dynamic IPs, firewalls. If you're using these numbers to do anything important, you're insane.
I am officially gone from
How do they handle the threat of people getting intimidated to vote for someone? If you vote in a regular voting booth noone can ever know who you voted for, but there is no telling if someone isn't forced to vote at gunpoint.
Eventually, perhaps.. but an employer of low paid workers has a lot of power over them - he holds their ability to feed their children in his hand.
Mostly you'd get a couple of allegations and everyone would deny them, fearing for their jobs. By the time it all came out the whole thing would be over and those in power (who benefited from it) would have zero incentive to do anything about it.
The voting boxes will be weighed at ALL TIMES and the weight will be on constant display (a large LCD display in front of the voting podium), so when a voter puts in his token, it will be visible on the screen.
Nice try, but no cigar.
VoteOnDemand.com -- the only internet voting system.
Why bother trying to attack hardened servers run by pros when you can just install an IE plugin that makes it look like you voted for Candidate A and then sends a vote for Candidate B?
So you're saying the vote would be public? That's a FAIL too.
One of these days I'm going to cut you into little pieces. - PF
while I agree with you on the "mob mentality." A majority of people do have a good idea of what is just, and fair (until something like religion is mis-used to manipulate them.) Definitely need a strong legal constitution, and a way to insure a cooling off period to prevent "hot head" laws. Of course the current systems doesn't always do so well on these issues either. IE it is very easy to pass anti gun laws immediately after a shock attack (ah-la Australia) and anti arab/muslim laws would have easily passed after 9/11 (although un-related anti mid-east actions were taken instead.)
Since these things happen equally under all systems ever implemented, I don't think there would be any change, except possibly the speed at which those changes could come about in bad times.
The reason we have a two party system has to do with the mathematics of game theory and first-past-the-post voting. It's not some vast conspiracy, nor is it something that can be changed if we just "try hard enough". If you want multiple parties, you must change the way votes are counted.
I agree 100%. However how we got here, and why there is a large resistance by those in power to any change in the way votes are counted, are completely separate issues.