Slashdot Mirror
Prof. J. Alex Halderman Tells Us Why Internet-Based Voting Is a Bad Idea (Video)
On March 2, 2012, Timothy wrote about University of Michigan Professor J. Alex Halderman and his contention that there is no way to have secure voting over the Internet using current technology. In this video, Alex explains what he meant and tells us about an experiment (that some might call a prank) he and his students did back in 2010, when they (legally) hacked a Washington D.C. online voting pilot project. This is, of course, a "professional driver on closed course; do not attempt" kind of thing. If you mess with voting software without permission, you might suddenly find the FBI coming through your door at 4 a.m., so please don't do it.
No, it's a good idea with bad implementations, and little chance of those implementations improving. Using it for an actual election of consequence at this point would be bad. Let's not assume that everything that doesn't work in the foreseeable future is inherently bad, okay?
You do not have a moral or legal right to do absolutely anything you want.
Look at the current primaries for the Republican nomination.
When voter boxes would end up in the river or burned up with paper ballots, all you can do is have somebody proclaimed as the winner such as the example with Maine and Mitt Romney, but the idiots running the show behind the scenes claimed results caught by spam filter should had made Ron Paul the winner in many precincts that did not report data due to the "oops, results went to spambox"
Why is Internet-based voting required anyway? Surely this is a great idea to get those basement dwellers out of the house at least once every four years. There are already systems in place to allow those confined to their homes due to medical circumstances to participate in their democracy. Whether it's done tomorrow or in 30 years time, people will still find ways to break the system. Net result? A colossal waste of money over something that is already in place and works as well as can be expected.
Too Long Didn't Watch; I don't watch video in general. People who can't express themselves in words certainly can't express themselves in video either.
I would assume a much simpler and cheaper and safer way to corrupt internet voting is to internet vote under the watchful eye of your supervisor at work, or the watchful eye of your head of household at home, or maybe your local church could provide internet access to vote, or ... You could work around that bug by bringing internet access to the local elementary school gymnasium (they've probably already got wifi like our schools), placing some superannuated citizens in charge of what to them is incomprehendible technology (in other words anything newer than IBM unit record apparatus from pre-1930), maybe replacing those complicated internet kiosks with a simple paper form and pencils and an instantly reading/verifying optical scanner.. oh wait thats exactly what we have now where I live. Hmm. Sounds like a big waste of money for everyone except the people getting the money... who happen to be campaign donors.. Oh, I see whats happening here.
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
If you mess with voting software without permission, you might suddenly find the FBI coming through your door at 4 a.m., so please don't do it.
It's always 4am or some other idiotic hour. I know it's to intimidate, but seriously, after a while it wears off. Just start arresting people after breakfast.
While I'm on this subject, who came up with the idea of sending 25 armed agents and a small tank to get some geek out of their basement? Heck, for some of these guys you could just write a note, 'report to jail tomorrow and drop your computer off on the way there' and they would do it.
Separate but equal
Is it really a bad idea? This is just the opinion of some researchers, so why don't we vote on it online and see?
I'd argue that it's a fundamentally bad idea, for reasons which have absolutely nothing to do with technology.
It's very simple: If you go to a polling place, you are in a situation where you can be observed by poll workers, who will notice things like somebody standing over your shoulder with either a gun or $10 to get you to vote the way that somebody wants you to. Whereas if you can vote anywhere, it's quite possible for an organization to do those sorts of things.
The same arguments also apply to voting by mail, or over the phone, or absentee ballots. For instance, it was not uncommon for political parties to stop by my grandmother's nursing home to help the residents vote, helpfully filling it out for the voter (including checking the boxes for their preferred candidates).
I am officially gone from
I like them. I trust them. They are their own record. And, if you like, you can spoil them.
In Canada, we have our ballots counted within hours of the polls closing. And you can go back and re-count them if necessary.
Keep it simple!
I've got a bad attitude and karma to burn. Go ahead. Mod me down.
... the media and schools that keep the public purposely uninformed. As long as corporate media can do as they please voting either on the internet or off doesn't mean a lot.
I've always thought the whole issue is pretty clear. Internet voting can never be any more secure than it's weakest link...the end users browser/computer/device. In other words it can never be secure. As far as I'm concerned it's a total non-starter for this reason.
The assumption is always that paper ballot voting is secure. Electronic fraud is somehow more important than paper ballot fraud. President Kennedy wasn't even a legitimate President according to some due to paper ballot fraud and they have a good case. See the "Controversies" section of the Wikipedia article on the 1960 election: http://en.wikipedia.org/wiki/United_States_presidential_election,_1960. No, the whole controversy over the safety of voting is just a reason not to do what is required by a belief in Democracy and what is absolutely necessary in a period of time which illustrates the obsolescence of the old system. The Macroparasites have taken control of our system of government and true electronic democracy is the only way we will get power back into our hands. As for the safety of electronic voting, let me say this: It is safe to do internet banking; it is safe to transfer trillions of dollars of assets around the world daily; but it is somehow not safe to cast a single vote electronically . I don't believe that is the truth. And those who argue against electronic Democracy are merely the familiars of the Macroparasites.
E Proelio Veritas.
"Traditional" voting is as insecure as e-voting, if not more. All it takes is money.
Internet voting and more in Estonia explained here.
Because they sure been doing such a smashing job lately with election integrity.
fbi thru the door at 4 AM is a joke.
We would have already heard about many elections officials arrested.
But the score since 2000 is 3 to zip. three stolen elections to zero integrity
Online voting can and will become the norm in the future. Like anything else we do in our lives, implementation is key and the only thing between success and failure. Perhaps the good professor should look at this: http://www.thestar.com/news/canada/politics/provincialelection/article/1059558--internet-voting-in-advance-polls-a-great-success-in-markham-report-finds
So, I live in DC.
The result quoted in the summary, that DC didn't manage to pull off a secure electronic vote, shouldn't be interpreted as a condemnation of e-voting, for the simple reason that this city couldn't manage to find the exit to a paper bag with a map and GPS. The incompetence around here is hilarious: there's a reason everyone working for the government lives in either Maryland or northern Virginia, since being in DC itself just means you get to hear sirens 24/7.
Everyone's heard of Marion Barry, the crack-smoking mayor? Turns out they elected him mayor again right away when he got out of prison. He mismanaged the city finances so badly that Bill Clinton cut him off from a lot of his authority, and he flounced* from the mayorship -- and got elected to the City Council. Since then he's gone eight years without paying income taxes, driven drunk, and embezzled money. Now he wants to run for mayor again.
The guy is a complete scumbag. The Washington Post said "To understand Washington, you have to understand Marion Barry."
*Flounce: To leave after a post (on the internet) where you proclaim yourself a martyr, with great drama
Even the current system isn't correct. The Republican Party holds voting accuracy as near sacred as part of their party talking points. Take a look at how they handled a primary season where they should have absolute control over the rules:
* Iowa went from Romney to Santorum, though a statistical tie, because someone mistyped a 2 as 22: http://www.usnews.com/news/articles/2012/01/18/rick-santorum-might-have-actually-won-the-iowa-caucuses
* Maine almost didn't even count a whole county: http://abcnews.go.com/blogs/politics/2012/02/maines-miscount-one-county-might-be-included-after-saturday/
* Nobody can seem to make up their minds on what to do about Florida. It is supposed to be, normally, a winner take all state. It moved its primary up and got sanctioned by the party by having its delegates cut in-half. Also, it may or may not be proportional. We'll find out in August: http://www.miamiherald.com/2012/01/26/2610390/fight-looms-over-fla-delegates.html
* Missouri has two elections this year. The first doesn't county, but everyone is assuming it will. The one that was held already was state mandated, but the state Republicans, not wanting to lose half their delegates, have decided that one won't count. They'll have a second one that will really count. Note : http://www.huffingtonpost.com/2012/02/07/missouri-primary-2012-explained_n_1257817.html
* She was allowed to vote once it was all sorted out, but an 84-year-old was initially told she was dead when she appeared at the polls: http://boston.cbslocal.com/2012/03/07/84-year-old-fall-river-woman-tries-to-vote-told-shes-dead/
My apologies to any Republicans I offended with these results. I only used these examples as they are near immediate in time scale.
The current voting system is full of flaws. It has been full of flaws. It will likely remain full of flaws. No need to worry about hackers mucking up an election when a typo can swing an election, and never have gotten caught if someone didn't post an image to FaceBook. So I don't see on-line voting as some type of corrupting influence on a pristine system.
The problem I see here is in the oversight. Considering it took two days for Washington D.C. to notice, I would say the real problem was not so much that the system got hacked, but D.C. didn't care enough about the election to monitor it as it was going on. The same lackluster oversight could still swing *cough*Iowa*cough* a close election.
by Anonymous Coward: I, for one, welcome the shift from car analogies to pizza analogies. um.. overlords?
First, don't use html, browser based voting. Something like this could have a chance. Write a vote gathering program that uses current best practices to secure it, encrypt at the client, send securely to a host, pass it through a few firewalls to a protected processing environment. Write a program for municipalities that lets them input ballots and generate the vote gathering program. Enlist operating system and security vendors to check the vote gathering program for problems. You might need another level of user authentication from public records or possibly banks. You do have to change what the election department does as far as validating the vote. You can't make anything 100%. And in my brief off, the top of my head rant I missed quite a few things that need to be checked. Security researchers will always be able to find holes or potential threats, that's their job. It does not have to be perfect. It has to be dependable, easy and have some way of being audited. I have worked at election sites. If the election people chose to expose the problems with our current system, it might change the professors opinion on whether or not electronic voting its a good idea for democracy.
...but the whole idea of ANONYMOUS voting. Common people, anonymous??? Was not this made a bad word? And just think about, if all the voting is made PUBLIC, then there would not be any chance for false votes, as anyone, at anytime could check and confirm his vote. And as we are grown adults, it is really good to know that your neighbor voted for this "^%$%^$%^$^%$%", and take the appropriate measures of course.....in the good sense of the word of course, and the legal too, and lawful too..
Honestly, is this Professor an expert in computer and internet security? He is telling me that it is 100% impossible which is a highly uneducated answer.
Or does he mean there is no way to do it that will allow the game playing and fudging the current player have enjoyed for decades? That would be more likely.
I could certainly make a system that is significantly hack resistant, and if you did not have anything live on the net until the morning of election you limit the ability for people to attack and find holes.
Multiple layer system. local district servers that only respond to packets from that district,'s ISPs. if you are a "absentee voter" you would have had to submit a request to vote from outside your district. Those report to region servers and up to state servers. Servers are cheap. The whole path from the district is encrypted and stored locally. To verify they take the transmitted results and compare it with the stored result. a manual verification can be done by asking registered voters to input their 22 digit code. the code they got from voting is a hash that contains their info, time they voted, and their vote with a salt chosen just before the polls open.
It can be secured, far more secured than the current voting system where anyone can go in without a photo id and vote.
The problem is that the powers in control do not want it. IF you make it very easy to vote, more will vote. And the elderly rich white Christians dont want that to happen. if 50% of the minorities out there went out to vote they would outnumber the typical voting class 3 to 1.
Do not look at laser with remaining good eye.
Maybe in USA seemed a good idea. Anyone who lives in Italy knows (and not only in Italy, I think) that the "market of the votes" has always (and is) thriving.
Electronic voting just enables vote's buyers, to check if their money have been well spent: it is enough to sit side by side the voters.
I'm pretty sure that such a system can just make easy to export this miserable system that supports oligarchies and criminal liasons.
I saw a clip recently how an Islamic country has combined paper card ballots with thumb prints. I think with that combo there is no room for BS as long as the people push the government to care enough to fairly scrutinize the votes in suspicious situations.
Another bad idea: video as a SlashDot post. Seriously - we're too busy to watch this. Get it down to a paragraph we can scan while we're waiting for something to connect, something to compile or a minion to find an answer for us and maybe.
Of course it could be secure. It just can't be secure *and* secret. So get rid of the secret part. Post all the votes along with names. Fraud goes away. Participation goes up. People who abuse the information are prosecuted just like anyone else who discriminates.
solves all these problems, costs very little, is secure, gives instant results, and is practically fraud proof (depending on the number of people who bother to observe (i.e. video) polling throughout the day.
It's a solution to ALL election fraud.
Read about it here:
http://paul-robinson.us/index.php?blog=5&title=the_robinson_method_a_really_simple_way_&more=1&c=1&tb=1&pb=1
Instant results. No fraud. Huge savings in money and time. Ballot boxes in public view at ALL times, from the beginning of the election when they are empty, to the end of the election, when the winner will be clearly visible to all, the minute the final vote has been cast.
Electronic voting was only brought in so that the FRAUD would be easier.
Ask your representative what they think about the Robinson Method - if they tell you they are against it, you can work out what they believe about democracy.
you could make a hack resistant system at their end, but then you'd be only using that system just as a vote counter...
btw. your manual verification system would turn the whole western voting system on it's head. "come here to redeem your vote-slip for cash".
first thing usa should do would be to move voting to happen on sundays though.
world was created 5 seconds before this post as it is.
For some reason the GOP seems to get away with it.
Provide everyone who wants one with a personal voting terminal. That reduces a lot of the problems with using a user's machine, and allows you to provide some security (include a fingerprint scanner on it, perhaps a flip-up webcam to have someone verify no one is "coercing" you), built in dial-up/cell phone/ethernet/wifi, etc.
A law could be passed specifying how voting packets would be routed by ISP's - you could even say that only secure ISP servers that meet a minimum requirement can pass along that traffic, and that it's mandatory.
At this point, you have lots of possibilities. people at home could sign petitions, for example, in addition to voting.
and this is why as part of said system you have a camera and can pan it about to show them gun toting crazy criminals whom want you to vote for mick romney won't get elected.
If they can secure Banking & Money on the internet. You would think they should be able to do the same with online voting. Its common place to have a debit/credit card machine hooked to the internet for financial transactions in stores, (aka when you buy stuff from a brick and mortar store) So why is it so hard to secure it for 12 hours to allow people to vote. I think in some ways they don't want a system for e-voting as there current systems for vote stuffing might be too traceable. And if a vote is not traceable it should not be valid.
In short you give up a bit of voter privacy for safety.
What problem are they attempting to solve?
The whole idea of having traceable pieces of paper, physical manifestations of the intentions of actual voters, has served us well. Anybody can see it. Anybody can understand how it works. Anybody can observe the process in action. These are good things.
The only issue I have is proportional representation, or the lack thereof. We've had a couple of referenda on the subject here in B.C., both of which have been defeated by massive FUD campaigns.
...laura
Its a sign that somebody doesn't know what he's doing in security if he thinks a problem is easy.
Right now in Canada there is a big "Robocall" scandal where one party automatically called tens of thousands of people affiliated to other parties to tell them that their polling station had moved. The people would either say, "Too far" or not find the non-existent poll and not vote. This proves that there are Canadians who are motivated, funded, and capable to mess with an election using electronic means. What the hell chance do any electronic voting systems have?
Here in Halifax the morons have voting over the phone and are thinking about online municipal voting. They say it increases "Voter participation" basically they are sick of people not giving a crap about their self importance and think that throwing democracy in the toilet is the way to go.
This has political ramifications beyond the obvious, the bad people will always win, scenario. Even if the system was theoretically 100% secure I would never trust any party elected electronically. Thus my confidence in their right to be in power would be zero. What impact would this have on people abiding by laws, paying taxes, and other civic relationships. Take Greece as an example of where this has broken down. People there don't pay taxes because nobody else pays taxes. If you are fool enough to want to pay taxes you will find yourself sucked dry because the system is so screwed up that it has now adapted to the fact that people will cheat 100% of the time.
On top of all that the government insists on keeping these proprietary systems as secret as possible. Every single time the systems have been handed to security researchers they have torn them to shreds.
The only electronic voting that I would like to see is a polling system where you go in, pick your stuff and the computer prints out the results on a ballot you put into the machine. You can then look over your ballot and see that all is good. Worse case if there is a power outage or whatnot you could fill the ballot in by hand. Then you put the ballot into a ballot box which is the primary record of the election. This way the computer is more auditing the election. You would get instant poll results subject to verification by counting. I have worked at a polling station and it is often the first time for everyone so I can see a situation where people might mess up. The computer would not override them but if the computer strongly disagreed (ballot box stuffing) then everything would now be carefully scrutinized. Also the benefits to an electronic voting system of this nature is that it allows for complicated ballots to be filled out correctly. No hanging chads.
The list of major hacks on major companies is just too long. Most companies hope for the best with security and more design for the eventuality that they will be hacked and thus look to quickly mitigate the damage through good backups and whatnot. It turned out that Nortel's computer system was completely pwned for over 10 years. If Google has been hacked by the Chinese then no company in the world can claim to have a secure voting system, full stop.
One last problem is that if one party wins an election through fraud, proving that they are evil, they will now be able to structure the system so that they always win from then on. Thus good government is dead the instant a party wins through electronic fraud as the only party who could beat them would have to be more evil.
People who are scared live in the past. Lots of people now a days don't vote because you can't do it on-line. If they can make banking secure you can make online voting secure. I personally would trust an online secure website more than I trust these current out dated systems.
It's very simple: If you go to a polling place, you are in a situation where you can be observed by poll workers, who will notice things like somebody standing over your shoulder with either a gun or $10 to get you to vote the way that somebody wants you to. Whereas if you can vote anywhere, it's quite possible for an organization to do those sorts of things.
Actually... THAT is not actually a problem.
I see that many here are arguing how "voting from home" would somehow stimulate or facilitate monetary or other influence on the voters.
It is supposed to make it easier for secretive organizations to collect votes from the voters they paid to vote for them.
Which is nonsense. Anyone can already pay anyone else to vote for anyone else. Always could.
There is no way for poll workers to check if voters are actually voting for option X because they think that option X is the best solution or because they've sold their votes to the "Vote X" campaign.
Home/online voting does not facilitate an easier route for the buyers (of votes) to collect the product they bought (votes) from the seller (voter). Telephone did that, and to some extent even a postal system.
It does not even facilitate an easier route for the sellers (voters) to get the money in exchange for their goods (votes) - because online transactions are VERY traceable.
And THAT is why selling/buying votes is not a problem.
Because ONE verified sold vote is enough to bring the whole election AND the election process in question.
Besides, no party would dare to use such a tool.
Not just because it could inevitably cost them the election and even party membership, but also because such voters are inherently unreliable.
Who's to say they won't take the money from both sides and then make their vote invalid by selecting all choices or worse (for the vote-buyers) - vote for some third option?
Issues with online voting are just technical and mostly related to security and verifiability of already cast votes.
First issue could easily be fixed with some reasonably priced hardware which the government could lend the voters for the purpose of holding the elections, or even easier - through the use of modern camera-equipped mobile phones.
Simply issue each voter with a unique ticket, have them read the first part of it to their phone's camera along with their name and other ID data before the vote, give them an encrypted ticket during the vote, and have them read it AND the second part of their unique ticket after they vote.
Encrypt the gathered data (doesn't even have to be the entire video - just the verification gathered from it), ship it and count the votes.
And the voter could check that their vote got counted properly by checking the lists of those unique voter tickets, which should be made publicly available online ensuring greater transparency as a bonus.
Video of voting is an additional verification bonus for the voter, and it can be kept in the phone's memory (card, drive.. whatever).
And to make sure the whole thing is done securely, have the voting software delivered in two steps.
First one makes sure that the phone is secure (no malware, open connections etc.) and makes it secure if it is not (at least for the duration of the vote), followed by the second step where the actual voting software is downloaded.
Mit der Dummheit kämpfen Götter selbst vergebens
There shouldn't be so much at stake on a single election-event. They should be far more frequent, and far more specific. They can be done in real-time, all-year-round, providing a kind of real-time gauge of consumer (government should be a voluntary subscription service) sentiment. They can use "multiple factor" authentication for high-stakes polling, such as using one's online bank, perhaps one's facebook profile, any of countless additional authentication methods.
This is just such an insignificant opinion. If you can do script injection you are dealing with real amateurs. No problem to implement it, we have digital id in Holland, so online voting is real easy..
Fun but a useless opinion. We need digital democracy, it's much beter than slow ballot democracy...
His conclusions suck,
Paper ballots also have the great advantage that _everybody_ can check the election easily. You just make sure the ballot box is empty before they start, then you make sure everybody only throws in one ballot, and that the ballots are propperly counted. It's trivial to understand, and can be done by everybody willing to spend a day at the polling station.
Paper ballots also give you near instantaneous results. You only need to count them, which takes, depending on the size of your polling station and the complexity of the election, from a few minutes to an hour. The polling stations close at 6 and the 8 o clock news already have unofficial end results.
Sony accounts hacked
Steam accounts hacked
Insecure DieBold machines
etc
etc
It seems that government and large entities aren't very good at securing existing high-security infrastructure. So to add to the other issues of eVoting, do you really want to trust that the vote isn't going to be Lulz-hacked once they go online because some idiot forgot to sanitize DB inputs or left the equivalent to register_globals on?
If you can't prove which way your vote was counted, how do you know it was counted the way you intended? If you can prove how it was counted, what prevents someone from buying votes or forcing people to vote a certain way?
His definition is too narrow. As we saw in the flagrantly rigged US elections in 2000 and 2004, ANY computer based voting is open to fraud (not that they even bothered hiding it).
" "come here to redeem your vote-slip for cash"."
No because you need access to the voting system to find out what the hash matches. Hashes contain no information. Kind of how you cant get a password out of a hash.
But the hash will match the record in the DB of the vote.
Do not look at laser with remaining good eye.
The problem IS easy. Simply hire the experts that can do it, spend the money it requires and get it in place.
the HARD PART is getting past the morons that will whine about the money and block the spending, and getting the funding so you are not outsourcing the design to india or china.
Do not look at laser with remaining good eye.
Those of you who believe that in person voting is somehow more secure than remote voting should take a look at a very funny 1940 Preston Sturges move "The Great McGinty".
That's still very flawed (or incomplete) though. When the winning party has a list of all the hashes that voted the right way, anyone who can't produce one to prove they voted the right way goes to prison.
Plus, being able to prove that your vote was counted does nothing to detect all the bogus votes that were also counted.
Socialism: a lie told by totalitarians and believed by fools.
Paraphrasing "My Fellow Americans" .. There is no will of the people, there are three hundred million wills screaming for different things.
Michael J. Ryan - tracker1.info
You happen to believe voting is secure now? I know people that can tell me which graveyards have the most active voters. That alone ought to be a clue that web voting is something worth considering. The biggest problem I see with web voting is that many don't have, or know how to use the web. The potential for someone using mis information to influence the outcome of the election is a very real possibility. Of course we already have that with the advertising done for most any political candidate now.
This already exists with paper ballots. So therefore it happens right now.
There is plenty of paper trail when you vote for someone to find out how you voted if you were the "party in power"
Do not look at laser with remaining good eye.
How so? There's nothing physically written on the ballot to identify you after the fact (not in any location I'm familiar with, anyhow). Sure, areas might be targeted for retaliation.but that's a harder problem.
Socialism: a lie told by totalitarians and believed by fools.
The voting booth curtain and the paper-record are the most advanced and reliable voting technology that we are likely to see in our lifetimes and long after. Personally, I wouldn't be surprised if hundreds of years from now, responsible computer scientists are arguing that we need to preserve the curtain and paper industries if only so that we can use their products for elections.
No matter how far computer technology advances, we won't be able to prove to voters that electronic voting is secure. Yet, voter confidence in the integrity of the vote is the essential element of our society's ability to maintain a democratic form or government. If we use voting technologies that can only be trusted on the basis of arguments from authorities (i.e. some "experts" who say the system is secure...) then the voting system itself speaks against democracy.
With curtains and paper ballots, the people are presented with a system whose security and weaknesses they can understand intuitively. The same will never be true of computer-based voting systems.
bob wyman