Slashdot Mirror

← Back to Stories (view on slashdot.org)

Online Voting Should Be Verifiable -- But It's a Hard Problem

Posted by timothy on from the you-did-or-didn't-vote dept.

An anonymous reader writes with a link to a pithy overview at The Conversation of recent uses of (and nagging difficulties with) online voting and asks Regular 'internet voting too risky' arguments don't take some approaches into account like verifiability of votes by voters, observers, and international media. Could we have end-to-end verifiable online voting systems in the future? What are the difficulties? Where is it being done already? From the linked article (which provides at least some answers to those questions), one interesting idea:Another challenge to designing verifiability in online voting is the possibility of malware infection of voters' computers. By some estimates between 30%-40% of all home computers are infected. It’s quite possible that determined attackers could produce and distribute malware specifically designed to thwart or alter the outcome of a national election – for example undetectably changing the way a user votes and then covering its tracks by faking how the vote appears to have been cast to the voter. Whatever verifability mechanisms there are could also be thwarted by the malware.

One way to try to prevent this kind of attack is to make voters use several computers during the voting process. Although this is hardly convenient, the idea is to make it more difficult for an attacker to launch a co-ordinated attack across several computers at once.

12 of 258 comments (clear)

  1. You cannot know *WHO* is voting by whoever57 · · Score: 4, Informative

    Just like postal voting, Internet voting is a bad idea.

    In a family group, you simply don't know who is really voting. Yes, the correct person may be marking the postal ballot, or clicking the votes, but a dominant family member can be looking over the voter's shoulder, making sure the vote corresponds to the dominant family member's preferences.

    --
    The real "Libtards" are the Libertarians!
    1. Re:You cannot know *WHO* is voting by Shakrai · · Score: 5, Insightful

      End the antiquated requirement for anonymous ballots
      Coercing or discriminating against someone for their vote needs to become a serious crime

      I like how you point out the most important reason for the anonymous ballot while simultaneously calling for its end. Hint: It's already a crime to try and coerce someone's vote. It's also a very difficult crime to prove, which is why it's simpler to just say, "Your boss can't go into the booth with you." than "Tell is if your boss is trying to intimidate you."

      If Democracy is worth anything it's worth an hour of your fucking time once a year to go a polling place. Online voting is a solution looking for a problem. Absentee ballots are a necessary evil for people (the handicapped and those unavoidably out of town) who legitimately can't make it to the polling place. They do not need to be and should not be the new normal.

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    2. Re:You cannot know *WHO* is voting by FunkSoulBrother · · Score: 3, Insightful

      Not racist so much as classist. It just so happens that we have a very but not exclusive racial disparity when it comes to social class in this country.

      As long as the government fully subsidizes identification cards for the entire populace, makes them non mandatory, and gives a legally-protected full day's floating vacation to be used to procure and update said cards, then i really have no problem with voter ID.

    3. Re:You cannot know *WHO* is voting by DarkOx · · Score: 4, Insightful

      I also agree with you. I do think we need to make a couple more considerations though.

      First "those unavoidably out of town" should not be an excuse unless the distance between postal zip codes is greater than say 200 miles, and if the post marks indicate otherwise your ballot is invalid. That is the only way to prevent abuse.

      Second right now it is possible for your boss to intimidate you into not voting and certain companies probably have a pretty good idea of the voting blocks their employees fall into. We need to be fair and make election day a National Holiday! So that everyone has the day off. We probably need to make exceptions for the groups for which anti-strike laws already exist, Health, Safety and infrastructure folks who potentially have to work the holiday. There also needs to be some kind of penalty for employees who try to ignore election day like its just another MLK day have have nonessential personnel work anyway.

      I agree the only way to ensure any sort of integrity is to have people GO to the polls, but we need to make sure everyone can.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    4. Re:You cannot know *WHO* is voting by ultranova · · Score: 3, Interesting

      End the antiquated requirement for anonymous ballots, and the technical solution becomes very easy.

      End anonymous ballots and you end democracy.

      But neither should you be able to check an individuals vote anonymously. Coercing or discriminating against someone for their vote needs to become a serious crime before any of this could be put into place though.

      How do you prove you were "encouraged" to vote a certain way? You can't, and even an attempt to sue for example your employer will affect your future in sufficiently negative way to make the prospect daunting. Nor can you prove someone wasn't so influenced. So the election result has zero credibility, thus delegitimazing the entire system. Which, of course, is the goal of various non-anonymous voting schemes that people suggest from time to time.

      --

      Forget magic. Any technology distinguishable from divine power is insufficiently advanced.

  2. Online voting is easy by amorsen · · Score: 4, Insightful

    We are really really good at handling online transactions of various kinds. Voting is easy. You just have to give up the secret ballot...

    Anonymous secure verifiable voting is a bad joke.

    --
    Finally! A year of moderation! Ready for 2019?
  3. Or... by Anonymous Coward · · Score: 3, Insightful

    Or we could just use paper ballots that simply work.

    Why the need to push technology into places where it is not needed and it doesn't improve the process?

    1. Re:Or... by pixelpusher220 · · Score: 4, Interesting

      Indeed and I give you 3 words for needing a paper trail.

      National Security Agency.

      They hack everything already. You do NOT want them hacking the votes. Given the complete lack of oversight and their already loose definition of 'legal' and 'overseas'...it sets up a perfect storm of an unanswerable rogue agency wagging the dog to get the pro-forma oversight they 'want'.

      --
      People in cars cause accidents....accidents in cars cause people :-D
  4. Security - physical, network, machines by IamJaxn · · Score: 4, Insightful

    We can't even get voting machines that are secure and verifiable. We contract companies with no accountability to make these, and they don't even listen to third party researchers, or calls for open reviews. Why on earth would we think we could secure it on a public network, with umpteen more attack vectors?

  5. IEEE 1622 by vikingpower · · Score: 4, Interesting

    I am a ( small ) contributor to the future IEEE 1622 standard. We chose not to deal with the security problem, and to tackle only the electronic interchange format. Security, in electronic voting, seems too hard a problem to solve right now.

    --
    Religous speak to God. Insane are spoken to by God. When all shut up, one can finally hear Shostakovich in peace
  6. This Plus by s.petry · · Score: 3, Insightful

    The same thing they claim on-line voting has problems with, is the exact same thing we have problems with using boxes. Every election there is somehow missing ballots, and don't even get me started on dangling chads, absentee ballots, and how many dead people are voting every election.

    No system is perfect, but what they have currently can't be any worse than on-line voting.

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

  7. The Ghost of 2000 echoes --20 mins into the future by Etcetera · · Score: 3, Insightful

    Democrats, hipsters, and neo-technotards, please give it up.

    There's absolutely nothing wrong with paper ballots that reminding people to double-check the accuracy of wouldn't solve. It's worked forever, reduces security to the (relatively known problem to solve) of physical security of a location and transit -- something banks have done for centuries. For voter verification, require Photo IDs from a recognized entity, and/or "vouching" similar to what's done now in many states when needing to notarize something from someone with insufficient ID.

    Make ballot-by-mail and online voting special-case-only (eg, registered expats; those on deployment; etc.) and such a small scope that it's not worth the coordinated, targeted investment in massive hack schemes, then secure using the best, reasonable internet-encrypting technology.

    Stop trying to re-invent things that aren't really that broken to begin with. And sorry Millennials, the inability to vote by app from your cell phone is a feature not a bug.

    In related news: I wish more people would go watch Max Headroom again. Sometimes I feel we're living about 15 of those 20 minutes into the future

    --
    Hire a Linux system administrator, systems engineer,