Slashdot Mirror

← Back to Stories (view on slashdot.org)

Online Voting Should Be Verifiable -- But It's a Hard Problem

Posted by timothy on from the you-did-or-didn't-vote dept.

An anonymous reader writes with a link to a pithy overview at The Conversation of recent uses of (and nagging difficulties with) online voting and asks Regular 'internet voting too risky' arguments don't take some approaches into account like verifiability of votes by voters, observers, and international media. Could we have end-to-end verifiable online voting systems in the future? What are the difficulties? Where is it being done already? From the linked article (which provides at least some answers to those questions), one interesting idea:Another challenge to designing verifiability in online voting is the possibility of malware infection of voters' computers. By some estimates between 30%-40% of all home computers are infected. It’s quite possible that determined attackers could produce and distribute malware specifically designed to thwart or alter the outcome of a national election – for example undetectably changing the way a user votes and then covering its tracks by faking how the vote appears to have been cast to the voter. Whatever verifability mechanisms there are could also be thwarted by the malware.

One way to try to prevent this kind of attack is to make voters use several computers during the voting process. Although this is hardly convenient, the idea is to make it more difficult for an attacker to launch a co-ordinated attack across several computers at once.

3 of 258 comments (clear)

  1. IEEE 1622 by vikingpower · · Score: 4, Interesting

    I am a ( small ) contributor to the future IEEE 1622 standard. We chose not to deal with the security problem, and to tackle only the electronic interchange format. Security, in electronic voting, seems too hard a problem to solve right now.

    --
    Religous speak to God. Insane are spoken to by God. When all shut up, one can finally hear Shostakovich in peace
  2. Re:Or... by pixelpusher220 · · Score: 4, Interesting

    Indeed and I give you 3 words for needing a paper trail.

    National Security Agency.

    They hack everything already. You do NOT want them hacking the votes. Given the complete lack of oversight and their already loose definition of 'legal' and 'overseas'...it sets up a perfect storm of an unanswerable rogue agency wagging the dog to get the pro-forma oversight they 'want'.

    --
    People in cars cause accidents....accidents in cars cause people :-D
  3. Re:You cannot know *WHO* is voting by ultranova · · Score: 3, Interesting

    End the antiquated requirement for anonymous ballots, and the technical solution becomes very easy.

    End anonymous ballots and you end democracy.

    But neither should you be able to check an individuals vote anonymously. Coercing or discriminating against someone for their vote needs to become a serious crime before any of this could be put into place though.

    How do you prove you were "encouraged" to vote a certain way? You can't, and even an attempt to sue for example your employer will affect your future in sufficiently negative way to make the prospect daunting. Nor can you prove someone wasn't so influenced. So the election result has zero credibility, thus delegitimazing the entire system. Which, of course, is the goal of various non-anonymous voting schemes that people suggest from time to time.

    --

    Forget magic. Any technology distinguishable from divine power is insufficiently advanced.