Slashdot Mirror

← Back to Stories (view on slashdot.org)

Online Voting Should Be Verifiable -- But It's a Hard Problem

Posted by timothy on from the you-did-or-didn't-vote dept.

An anonymous reader writes with a link to a pithy overview at The Conversation of recent uses of (and nagging difficulties with) online voting and asks Regular 'internet voting too risky' arguments don't take some approaches into account like verifiability of votes by voters, observers, and international media. Could we have end-to-end verifiable online voting systems in the future? What are the difficulties? Where is it being done already? From the linked article (which provides at least some answers to those questions), one interesting idea:Another challenge to designing verifiability in online voting is the possibility of malware infection of voters' computers. By some estimates between 30%-40% of all home computers are infected. It’s quite possible that determined attackers could produce and distribute malware specifically designed to thwart or alter the outcome of a national election – for example undetectably changing the way a user votes and then covering its tracks by faking how the vote appears to have been cast to the voter. Whatever verifability mechanisms there are could also be thwarted by the malware.

One way to try to prevent this kind of attack is to make voters use several computers during the voting process. Although this is hardly convenient, the idea is to make it more difficult for an attacker to launch a co-ordinated attack across several computers at once.

25 of 258 comments (clear)

  1. You cannot know *WHO* is voting by whoever57 · · Score: 4, Informative

    Just like postal voting, Internet voting is a bad idea.

    In a family group, you simply don't know who is really voting. Yes, the correct person may be marking the postal ballot, or clicking the votes, but a dominant family member can be looking over the voter's shoulder, making sure the vote corresponds to the dominant family member's preferences.

    --
    The real "Libtards" are the Libertarians!
    1. Re:You cannot know *WHO* is voting by Shakrai · · Score: 5, Insightful

      End the antiquated requirement for anonymous ballots
      Coercing or discriminating against someone for their vote needs to become a serious crime

      I like how you point out the most important reason for the anonymous ballot while simultaneously calling for its end. Hint: It's already a crime to try and coerce someone's vote. It's also a very difficult crime to prove, which is why it's simpler to just say, "Your boss can't go into the booth with you." than "Tell is if your boss is trying to intimidate you."

      If Democracy is worth anything it's worth an hour of your fucking time once a year to go a polling place. Online voting is a solution looking for a problem. Absentee ballots are a necessary evil for people (the handicapped and those unavoidably out of town) who legitimately can't make it to the polling place. They do not need to be and should not be the new normal.

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    2. Re:You cannot know *WHO* is voting by FunkSoulBrother · · Score: 3, Insightful

      Not racist so much as classist. It just so happens that we have a very but not exclusive racial disparity when it comes to social class in this country.

      As long as the government fully subsidizes identification cards for the entire populace, makes them non mandatory, and gives a legally-protected full day's floating vacation to be used to procure and update said cards, then i really have no problem with voter ID.

    3. Re:You cannot know *WHO* is voting by DarkOx · · Score: 4, Insightful

      I also agree with you. I do think we need to make a couple more considerations though.

      First "those unavoidably out of town" should not be an excuse unless the distance between postal zip codes is greater than say 200 miles, and if the post marks indicate otherwise your ballot is invalid. That is the only way to prevent abuse.

      Second right now it is possible for your boss to intimidate you into not voting and certain companies probably have a pretty good idea of the voting blocks their employees fall into. We need to be fair and make election day a National Holiday! So that everyone has the day off. We probably need to make exceptions for the groups for which anti-strike laws already exist, Health, Safety and infrastructure folks who potentially have to work the holiday. There also needs to be some kind of penalty for employees who try to ignore election day like its just another MLK day have have nonessential personnel work anyway.

      I agree the only way to ensure any sort of integrity is to have people GO to the polls, but we need to make sure everyone can.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    4. Re:You cannot know *WHO* is voting by bigpat · · Score: 2

      Online voting is a solution looking for a problem.

      I mostly agree with this. But I do see an opportunity for more participatory government if there is a way to vote online on local issues.

      I live in a Town with an open meeting form of local government. That means anyone can show up and vote on items that are on the agenda. Our votes are not anonymous because anyone can look around the room and see who is voting which way on what.

      Specific votes by individuals are not officially recorded, but they could be recorded by anyone. If you give up on the idea of online elections, and focus instead on online town meeting voting on particular bylaws or local spending, which doesn't need to be anonymous, then I think you could really increase participation in local issues.... which are the kinds of issues that count in people's day to day lives and where a few votes really do matter.

      Even if you show up, you don't find much democracy in national or even state elections... your vote is just too watered down to really matter in most elections and even if it did matter, the people elected are beholden to the organizations and parties that got them elected. So, I'd rather see more participation in local issues, than worry about the mostly symbolic voting people do in state and national elections.

    5. Re:You cannot know *WHO* is voting by ultranova · · Score: 3, Interesting

      End the antiquated requirement for anonymous ballots, and the technical solution becomes very easy.

      End anonymous ballots and you end democracy.

      But neither should you be able to check an individuals vote anonymously. Coercing or discriminating against someone for their vote needs to become a serious crime before any of this could be put into place though.

      How do you prove you were "encouraged" to vote a certain way? You can't, and even an attempt to sue for example your employer will affect your future in sufficiently negative way to make the prospect daunting. Nor can you prove someone wasn't so influenced. So the election result has zero credibility, thus delegitimazing the entire system. Which, of course, is the goal of various non-anonymous voting schemes that people suggest from time to time.

      --

      Forget magic. Any technology distinguishable from divine power is insufficiently advanced.

    6. Re:You cannot know *WHO* is voting by jythie · · Score: 2

      On the other hand, one of the big 'battle grounds' with voting right now are conflicts regarding how narrow those windows are for casting a ballot, with a focus on decreasing availability to populations based on, well, who they tend to vote for.

      One major advantage of postal and internet voting is they both are things that individuals can take steps to access on their own schedules, while polling places require enough community organization to counter decisions being made by other organizations. Individuals have little say.

    7. Re:You cannot know *WHO* is voting by sycodon · · Score: 2

      makes them non mandatory,

      Which makes the entire exercise pointless.

      --
      When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
    8. Re:You cannot know *WHO* is voting by TheRaven64 · · Score: 2

      I'm not sure about the 'Left', but the Democratic party in the USA tends to have more support among people with the technical ability to rig elections if they were held online. The Republican party tends to have the support of the people who own the companies that can rig them if they're not. With this in mind, it doesn't seem surprising that neither party is in favour of paper ballots.

      --
      I am TheRaven on Soylent News
    9. Re:You cannot know *WHO* is voting by TsuruchiBrian · · Score: 2

      There are levels of anonymity.
      1. The ballots are anonymous as long as the voter wishes to keep it anonymous.
      2. The ballots are anonymous regardless of whether the voter wishes to reveal their vote.

      I think just having level 1 is probably fine. Plus having level 2 means that a voter can;t check that his/her vote was counted correctly.

    10. Re:You cannot know *WHO* is voting by Cinnamon+Beige · · Score: 2

      ... really I have no issue with mandatory voter ID -- you just need to severely over-engineer the solution to ensure it's not a burden on those in society with the least time/money/options/eduction.

      And the fact that these voted ID laws never include proactive provisions to get IDs into the hands of all voters for free reveals their true intent quite clearly. Heck, Ohio is trying to enact a poll tax (banned explicitly by the Constitution, 24th Amendment) by requiring a voter ID card that you must pay for.

      False: North Carolina's voter ID law does exactly that and even lets you do one-stop shopping--you can register to vote at the same time.

      The thing you should be complaining about is that providing free photo IDs is not already legally required--when you have to present them to make it inside a courthouse, which you do because of security, I think it's hit the point where the state ought to not charge you for the basic version.

  2. Online voting is easy by amorsen · · Score: 4, Insightful

    We are really really good at handling online transactions of various kinds. Voting is easy. You just have to give up the secret ballot...

    Anonymous secure verifiable voting is a bad joke.

    --
    Finally! A year of moderation! Ready for 2019?
  3. Or... by Anonymous Coward · · Score: 3, Insightful

    Or we could just use paper ballots that simply work.

    Why the need to push technology into places where it is not needed and it doesn't improve the process?

    1. Re:Or... by WillAdams · · Score: 2

      Agreed.

      Paper ballot --- if need be a scanning machine, but there _has_ to be a physical audit trail verifiable w/o the use of a machine.

      --
      Sphinx of black quartz, judge my vow.
    2. Re:Or... by pixelpusher220 · · Score: 4, Interesting

      Indeed and I give you 3 words for needing a paper trail.

      National Security Agency.

      They hack everything already. You do NOT want them hacking the votes. Given the complete lack of oversight and their already loose definition of 'legal' and 'overseas'...it sets up a perfect storm of an unanswerable rogue agency wagging the dog to get the pro-forma oversight they 'want'.

      --
      People in cars cause accidents....accidents in cars cause people :-D
  4. Security - physical, network, machines by IamJaxn · · Score: 4, Insightful

    We can't even get voting machines that are secure and verifiable. We contract companies with no accountability to make these, and they don't even listen to third party researchers, or calls for open reviews. Why on earth would we think we could secure it on a public network, with umpteen more attack vectors?

  5. IEEE 1622 by vikingpower · · Score: 4, Interesting

    I am a ( small ) contributor to the future IEEE 1622 standard. We chose not to deal with the security problem, and to tackle only the electronic interchange format. Security, in electronic voting, seems too hard a problem to solve right now.

    --
    Religous speak to God. Insane are spoken to by God. When all shut up, one can finally hear Shostakovich in peace
  6. This Plus by s.petry · · Score: 3, Insightful

    The same thing they claim on-line voting has problems with, is the exact same thing we have problems with using boxes. Every election there is somehow missing ballots, and don't even get me started on dangling chads, absentee ballots, and how many dead people are voting every election.

    No system is perfect, but what they have currently can't be any worse than on-line voting.

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

  7. Voting is a responsibility by omnirealm · · Score: 2

    I don't want people who aren't invested enough* to go to a poll to decide policies that affect my life.

    (*modulo people with disabilities or who have work conflicts, but we already have mechanisms in place to account for that -- I'm talking about the general issue of lowering the bar too much)

    --
    An unjust law is no law at all. - St. Augustine
  8. More voters voting is not better in itself by magarity · · Score: 2

    Why have online voting? Really, voting in person means people who are interested enough bestir themselves to do so. And if they are interested enough to go vote, presumably they at least know the candidates' names ahead of time and hopefully something of the issues. Until you can guarantee there are no ultra-low information voters then universal turnout is not good. Otherwise might as well turn voting over to Mechanical Turk.

  9. Matters not by Moof123 · · Score: 2

    By time we get to the polls we get to choose between Kang and Kodos. The real choosing has been done in back rooms by power brokers and billionaires. Low voter turn out is in part fueled by the apathy that comes from only getting to choose between two pre-selected options by those with very different morales and priorities from the rest of us. The candidates on the ballot only got their by becoming indebted to those power brokers and rich, meaning they have to be corrupted as a per-requisite.

  10. Re:Why does it even have to be anonymouS? by tnk1 · · Score: 2

    Some people will actually support one side socially, and vote for the other in the ballot box. The reason for doing that is your friends and popular culture might think you're a "socialist" or you're "intolerant" if you vote one way or another.

    While it is better to be fully out there with your beliefs, its not always an option. What if you were a closeted gay individual in the Deep South who feared complete ostracism or even physical harm, but definitely wanted to vote for a candidate who would support gay rights? What if you were a member of an unpopular religion who tries to keep their beliefs private, but now has them on display for people who refuse to be tolerant.

    You know as soon as it would become public record, that some asshole is going to put your vote and you on a map using Google Maps and spread it around. We've already seen that with gun license owners.

  11. The Ghost of 2000 echoes --20 mins into the future by Etcetera · · Score: 3, Insightful

    Democrats, hipsters, and neo-technotards, please give it up.

    There's absolutely nothing wrong with paper ballots that reminding people to double-check the accuracy of wouldn't solve. It's worked forever, reduces security to the (relatively known problem to solve) of physical security of a location and transit -- something banks have done for centuries. For voter verification, require Photo IDs from a recognized entity, and/or "vouching" similar to what's done now in many states when needing to notarize something from someone with insufficient ID.

    Make ballot-by-mail and online voting special-case-only (eg, registered expats; those on deployment; etc.) and such a small scope that it's not worth the coordinated, targeted investment in massive hack schemes, then secure using the best, reasonable internet-encrypting technology.

    Stop trying to re-invent things that aren't really that broken to begin with. And sorry Millennials, the inability to vote by app from your cell phone is a feature not a bug.

    In related news: I wish more people would go watch Max Headroom again. Sometimes I feel we're living about 15 of those 20 minutes into the future

    --
    Hire a Linux system administrator, systems engineer,
  12. Re:It's weird... by vux984 · · Score: 2

    And yet, we don't feel we are secure enough to allow people to vote? How the fuck does that make any sense?

    Voting should be simple. And by simple I mean low-tech. Canada's system is nearly perfect. Everyone can understand it. Everyone can see how the votes are counted. An observer can watch the voting, can watch the counts. Recounts are easy.

    As soon as you make it online, it becomes inscrutable. Even if you design a system with open hardware, open software, etc most people still can't understand it, and can't verify it. And even if they verify the software and hardware, they can't know that's the software and hardware that was actually used, or that it wasn't remotely patched with new software the day of the election, and then patched back after the election. There are ways of securing it... but they are themselves inscrutable, crytopgraphy, digital signatures, ... might as well be using more magic to show the original magic was right. The system should be something everyone can understand intuitively.

    Paper voting is that. You have X paper ballots, each person is handed a ballot, person goes into a booth marks it, and then turns it in. You can see for yourself that the number of voters matches the number of ballots. You can see for your self that the voter puts the ballot in the box. You can watch the box yourself to see its not tampered with. At the end you can watch them take the ballots out of the box, you can watch them be counted, and recounted.

    Democracy should be THAT transparent.

    NOTHING beats the ease-of-use of and time saving of online voting.

    But why on earth would "ease of use" and "time saving" be the most important aspects of choosing the system by which we select our governement?

    You propose giving up a voting system even a child can understand and verify for a system that only the elite could even begin to understand, and which would be all but impossible to prove was operating correctly on election day.

  13. Re:I object to 200 miles by mcl630 · · Score: 2

    While I disagree with Shakrai, you point about college students isn't valid--college students can register at their college address or their home address. If you can't make it home, register at your college address.