Prof. J. Alex Halderman Tells Us Why Internet-Based Voting Is a Bad Idea

On March 2, 2012, Timothy wrote about University of Michigan Professor J. Alex Halderman and his contention that there is no way to have secure voting over the Internet using current technology. In this video, Alex explains what he meant and tells us about an experiment (that some might call a prank) he and his students did back in 2010, when they (legally) hacked a Washington D.C. online voting pilot project. This is, of course, a "professional driver on closed course; do not attempt" kind of thing. If you mess with voting software without permission, you might suddenly find the FBI coming through your door at 4 a.m., so please don't do it.

Not a "bad idea"

[Sarten-X]

No, it's a good idea with bad implementations, and little chance of those implementations improving. Using it for an actual election of consequence at this point would be bad. Let's not assume that everything that doesn't work in the foreseeable future is inherently bad, okay?

Re:Not a "bad idea"

The problem is that the cost of securing such a system (which has to be accessible to the general populace) is very very high compared to the cost of compromising such a system.

Anyway, I dislike any system where it is not mandatory to enforce the privacy of the voter. One of the main reasons we all have to go into a single person booth is to prevent someone who can *tell* how we voted influencing our vote. This could be as nasty as a someone with a crowbar or insidious as the patriarch of the family making his family vote in the same way.

Re:Not a "bad idea"

[lfourrier]

It's a BAD IDEA!

Every vote that doesn't occur in a supervised place can be sold, extorted, etc... That include correspondance voting, of course, but usually for small numbers unlikely to change the result.
The fact that the transmission is not reliable is nothing compared to the whole mess of distance voting.

Re:Not a "bad idea"

[errandum]

The big problem, unlike the story suggests, it's not security. It is the fact that you cannot guarantee that the vote is coming from whoever is registered. Anyone with a login and password can usurp your vote, so you'll never have a doubt free election ever again.

On the other hand, I do believe that you can design a secure system for voting, as long as you can guarantee that the machines were not tampered with.

Another bad solution to an imaginary problem...

[Theophany]

Why is Internet-based voting required anyway? Surely this is a great idea to get those basement dwellers out of the house at least once every four years. There are already systems in place to allow those confined to their homes due to medical circumstances to participate in their democracy. Whether it's done tomorrow or in 30 years time, people will still find ways to break the system. Net result? A colossal waste of money over something that is already in place and works as well as can be expected.

Re:Another bad solution to an imaginary problem...

[betterunixthanunix]

In the USA, we are lucky if a simple majority of people vote at all. Internet based voting might help with that, since it takes some of the effort out of voting.

Re:Another bad solution to an imaginary problem...

[vlm]

In the USA, we are lucky if a simple majority of people vote at all. Internet based voting might help with that, since it takes some of the effort out of voting.

Actually that's a bug not a feature. Billions of dollars spent on election advertising (by people expecting to be rewarded after the election) and half the population is resistant enough (or intelligent enough) to not bother voting. I can't imagine the politicals being happy about those people being enfranchised, why instead of simple minded TV commercials they'd actually have to win them over using logic, or purchase their votes with programs, or ... How exactly do you control people without simpleminded emotional arguments anyway?

No the real feature is the death of democracy and replacement with feudalism. A "Large Enough" fraction of the population will be doing this online voting under the close eye of their supervisor at work, or their church pastor, or their professor at school, or maybe the landlord's office, or probation officer's office, or their spouse... It's kind of a stealth poll tax such that "the more important people" will be enforcing who votes for who.

Sure, it is true, that technically you can vote for anyone you want, with this new internet voting... all you need is no job or independently wealthy, atheist, non-student, property owner (as opposed to renter), clean criminal justice record, and be an orphan with no immediate family or friends. Everyone else has to vote for who the local alpha male says to vote for.

I can't say as its really going to change anything, because both parties are two sides of the same coin with different marketing messages.

Re:Another bad solution to an imaginary problem...

[vlm]

The effort in voting is not getting off the couch and hauling you fat, lazy ass to a polling station. Rather it is in educating yourself on issues, forming your own opinions on those issues, examining the candidates opinions of those issues, and then communicating with those candidates both by voting for your preferences and by maintaining a dialog with those actually elected to office.

You've gotta be kidding. Its all about who looks better on TV, who is a better public speaker, who tells better lies, which 1%er passes himself off more like a 99%er, which candidate is compatible with my personal selection of imaginary man in the sky, and by far the most significant reason is to vote for the party your male ancestors supported, or depending on family dynamic and youthful rebelliousness, vote for the party your male ancestors did not support.

The other part is 90% of the population blindly follows either party right into hell, only the votes and beliefs of about 10% "swing voters" matter. So you've gotta be crazy enough to get the 45% of your party to nominate you (Palin, Santorum, heck practically every R after Reagan in my opinion) yet be normal enough to get the sane 10% swing voters fooled into voting for you. So its a multiple personality contest, the winner is the one who acts the nuttiest of the nuts to the 45% while simultaneously appearing normal to the 10%. That's about it.

Finally there's a large fraction of the sway voters who simply vote pocketbook... Am I happy today (got some from the wife, sports team won last night, etc) well then the incumbent wins. Am I unhappy today (wife made me sleep on couch, sports team lost last night, etc) well then the challenger wins. Probably 9% of the swing voters vote this way. Smart idea for the R to oppose contraception, no pill = no sex = unhappy 9% swing voters = incumbent fail

Yes, a bad idea

[dkleinsc]

I'd argue that it's a fundamentally bad idea, for reasons which have absolutely nothing to do with technology.

It's very simple: If you go to a polling place, you are in a situation where you can be observed by poll workers, who will notice things like somebody standing over your shoulder with either a gun or $10 to get you to vote the way that somebody wants you to. Whereas if you can vote anywhere, it's quite possible for an organization to do those sorts of things.

The same arguments also apply to voting by mail, or over the phone, or absentee ballots. For instance, it was not uncommon for political parties to stop by my grandmother's nursing home to help the residents vote, helpfully filling it out for the voter (including checking the boxes for their preferred candidates).

Re:Yes, a bad idea

[AdrianKemp]

I was going to suggest the less sinister issue with it, although along the same vein.

If all you have to do is log in and vote from your computer, a small "incentive" could seriously increase the voter turn out. Of course I'm referring to the incentive being provided by a company/party.

Right now, laziness is keeping the vast majority of uninformed dolts away from the ballot boxes. Utter hatred is keeping some informed ones home too but that's a different issue.

Re:Yes, a bad idea

[nedlohs]

That already applies to postal voting, and so as a replacement for postal voting isn't an issue.

Re:Yes, a bad idea

[yakovlev]

Absolutely. This was my first thought.

It's actually quite sinister when you consider that you can combine this with a Super PAC.

A Super PAC is an organization that can get unlimited amounts of money from corporations and has zero legal accountability to the candidate. This means it's perfectly possible for a Super PAC to offer to pay anyone $20 to vote (implied "for their candidate") then include some kind of browser plug-in that actually checks that the voter voted. If it's determined that this is illegal then the Super PAC goes down, but the candidate is squeaky clean. I'm sure they'd portray this as the internet equivalent of driving you to the polling place, though it's obviously much worse.

$20 per person x 300 million people = about 6 billion dollars to pay every man woman and child $20 to vote. It's probably a billion or two cheaper than that when you consider that children can't vote. This means it is well within the abilities of a well-funded Super PAC to offer $20 per vote (technically not necessarily for their candidate) to anyone who will take it.

All I've tried to describe above would likely be considered legal. If they wanted to step a little outside legal, the plug-in could "helpfully" fill out the vote form for the candidates they wanted you to vote for. A little less sinister would be to add a "default vote" or "Vote with Super PAC for Hope!" button to the ballot shown to the voter. Even if they said they would still pay you, some people would vote as directed for fear they would lose the money, and many would vote as directed because clicking the button or just pressing "VOTE" on the form as presented was easier than thinking about the issues. They could go even less sinister than that and just reorder the candidate listings on the ballot, such that their candidates were always on top.

Two words: PAPER BALLOTS

[ArcSecond]

I like them. I trust them. They are their own record. And, if you like, you can spoil them.

In Canada, we have our ballots counted within hours of the polls closing. And you can go back and re-count them if necessary.

Keep it simple!

Weakest link

[digitalaudiorock]

I've always thought the whole issue is pretty clear. Internet voting can never be any more secure than it's weakest link...the end users browser/computer/device. In other words it can never be secure. As far as I'm concerned it's a total non-starter for this reason.

Paper voting is not safe

[Sqreater]

The assumption is always that paper ballot voting is secure. Electronic fraud is somehow more important than paper ballot fraud. President Kennedy wasn't even a legitimate President according to some due to paper ballot fraud and they have a good case. See the "Controversies" section of the Wikipedia article on the 1960 election: http://en.wikipedia.org/wiki/United_States_presidential_election,_1960. No, the whole controversy over the safety of voting is just a reason not to do what is required by a belief in Democracy and what is absolutely necessary in a period of time which illustrates the obsolescence of the old system. The Macroparasites have taken control of our system of government and true electronic democracy is the only way we will get power back into our hands. As for the safety of electronic voting, let me say this: It is safe to do internet banking; it is safe to transfer trillions of dollars of assets around the world daily; but it is somehow not safe to cast a single vote electronically . I don't believe that is the truth. And those who argue against electronic Democracy are merely the familiars of the Macroparasites.

Voting is flawed

[Gideon+Wells]

Even the current system isn't correct. The Republican Party holds voting accuracy as near sacred as part of their party talking points. Take a look at how they handled a primary season where they should have absolute control over the rules:
* Iowa went from Romney to Santorum, though a statistical tie, because someone mistyped a 2 as 22: http://www.usnews.com/news/articles/2012/01/18/rick-santorum-might-have-actually-won-the-iowa-caucuses
* Maine almost didn't even count a whole county: http://abcnews.go.com/blogs/politics/2012/02/maines-miscount-one-county-might-be-included-after-saturday/
* Nobody can seem to make up their minds on what to do about Florida. It is supposed to be, normally, a winner take all state. It moved its primary up and got sanctioned by the party by having its delegates cut in-half. Also, it may or may not be proportional. We'll find out in August: http://www.miamiherald.com/2012/01/26/2610390/fight-looms-over-fla-delegates.html
* Missouri has two elections this year. The first doesn't county, but everyone is assuming it will. The one that was held already was state mandated, but the state Republicans, not wanting to lose half their delegates, have decided that one won't count. They'll have a second one that will really count. Note : http://www.huffingtonpost.com/2012/02/07/missouri-primary-2012-explained_n_1257817.html
* She was allowed to vote once it was all sorted out, but an 84-year-old was initially told she was dead when she appeared at the polls: http://boston.cbslocal.com/2012/03/07/84-year-old-fall-river-woman-tries-to-vote-told-shes-dead/

My apologies to any Republicans I offended with these results. I only used these examples as they are near immediate in time scale.

The current voting system is full of flaws. It has been full of flaws. It will likely remain full of flaws. No need to worry about hackers mucking up an election when a typo can swing an election, and never have gotten caught if someone didn't post an image to FaceBook. So I don't see on-line voting as some type of corrupting influence on a pristine system.

The problem I see here is in the oversight. Considering it took two days for Washington D.C. to notice, I would say the real problem was not so much that the system got hacked, but D.C. didn't care enough about the election to monitor it as it was going on. The same lackluster oversight could still swing *cough*Iowa*cough* a close election.

Fraud Already happening in Canada

[EmperorOfCanada]

Right now in Canada there is a big "Robocall" scandal where one party automatically called tens of thousands of people affiliated to other parties to tell them that their polling station had moved. The people would either say, "Too far" or not find the non-existent poll and not vote. This proves that there are Canadians who are motivated, funded, and capable to mess with an election using electronic means. What the hell chance do any electronic voting systems have?

Here in Halifax the morons have voting over the phone and are thinking about online municipal voting. They say it increases "Voter participation" basically they are sick of people not giving a crap about their self importance and think that throwing democracy in the toilet is the way to go.

This has political ramifications beyond the obvious, the bad people will always win, scenario. Even if the system was theoretically 100% secure I would never trust any party elected electronically. Thus my confidence in their right to be in power would be zero. What impact would this have on people abiding by laws, paying taxes, and other civic relationships. Take Greece as an example of where this has broken down. People there don't pay taxes because nobody else pays taxes. If you are fool enough to want to pay taxes you will find yourself sucked dry because the system is so screwed up that it has now adapted to the fact that people will cheat 100% of the time.

On top of all that the government insists on keeping these proprietary systems as secret as possible. Every single time the systems have been handed to security researchers they have torn them to shreds.

The only electronic voting that I would like to see is a polling system where you go in, pick your stuff and the computer prints out the results on a ballot you put into the machine. You can then look over your ballot and see that all is good. Worse case if there is a power outage or whatnot you could fill the ballot in by hand. Then you put the ballot into a ballot box which is the primary record of the election. This way the computer is more auditing the election. You would get instant poll results subject to verification by counting. I have worked at a polling station and it is often the first time for everyone so I can see a situation where people might mess up. The computer would not override them but if the computer strongly disagreed (ballot box stuffing) then everything would now be carefully scrutinized. Also the benefits to an electronic voting system of this nature is that it allows for complicated ballots to be filled out correctly. No hanging chads.

The list of major hacks on major companies is just too long. Most companies hope for the best with security and more design for the eventuality that they will be hacked and thus look to quickly mitigate the damage through good backups and whatnot. It turned out that Nortel's computer system was completely pwned for over 10 years. If Google has been hacked by the Chinese then no company in the world can claim to have a secure voting system, full stop.

One last problem is that if one party wins an election through fraud, proving that they are evil, they will now be able to structure the system so that they always win from then on. Thus good government is dead the instant a party wins through electronic fraud as the only party who could beat them would have to be more evil.