Slashdot Mirror

← Back to Stories (view on slashdot.org)

Online Voting Should Be Verifiable -- But It's a Hard Problem

Posted by timothy on from the you-did-or-didn't-vote dept.

An anonymous reader writes with a link to a pithy overview at The Conversation of recent uses of (and nagging difficulties with) online voting and asks Regular 'internet voting too risky' arguments don't take some approaches into account like verifiability of votes by voters, observers, and international media. Could we have end-to-end verifiable online voting systems in the future? What are the difficulties? Where is it being done already? From the linked article (which provides at least some answers to those questions), one interesting idea:Another challenge to designing verifiability in online voting is the possibility of malware infection of voters' computers. By some estimates between 30%-40% of all home computers are infected. It’s quite possible that determined attackers could produce and distribute malware specifically designed to thwart or alter the outcome of a national election – for example undetectably changing the way a user votes and then covering its tracks by faking how the vote appears to have been cast to the voter. Whatever verifability mechanisms there are could also be thwarted by the malware.

One way to try to prevent this kind of attack is to make voters use several computers during the voting process. Although this is hardly convenient, the idea is to make it more difficult for an attacker to launch a co-ordinated attack across several computers at once.

7 of 258 comments (clear)

  1. You cannot know *WHO* is voting by whoever57 · · Score: 4, Informative

    Just like postal voting, Internet voting is a bad idea.

    In a family group, you simply don't know who is really voting. Yes, the correct person may be marking the postal ballot, or clicking the votes, but a dominant family member can be looking over the voter's shoulder, making sure the vote corresponds to the dominant family member's preferences.

    --
    The real "Libtards" are the Libertarians!
    1. Re:You cannot know *WHO* is voting by Shakrai · · Score: 5, Insightful

      End the antiquated requirement for anonymous ballots
      Coercing or discriminating against someone for their vote needs to become a serious crime

      I like how you point out the most important reason for the anonymous ballot while simultaneously calling for its end. Hint: It's already a crime to try and coerce someone's vote. It's also a very difficult crime to prove, which is why it's simpler to just say, "Your boss can't go into the booth with you." than "Tell is if your boss is trying to intimidate you."

      If Democracy is worth anything it's worth an hour of your fucking time once a year to go a polling place. Online voting is a solution looking for a problem. Absentee ballots are a necessary evil for people (the handicapped and those unavoidably out of town) who legitimately can't make it to the polling place. They do not need to be and should not be the new normal.

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    2. Re:You cannot know *WHO* is voting by DarkOx · · Score: 4, Insightful

      I also agree with you. I do think we need to make a couple more considerations though.

      First "those unavoidably out of town" should not be an excuse unless the distance between postal zip codes is greater than say 200 miles, and if the post marks indicate otherwise your ballot is invalid. That is the only way to prevent abuse.

      Second right now it is possible for your boss to intimidate you into not voting and certain companies probably have a pretty good idea of the voting blocks their employees fall into. We need to be fair and make election day a National Holiday! So that everyone has the day off. We probably need to make exceptions for the groups for which anti-strike laws already exist, Health, Safety and infrastructure folks who potentially have to work the holiday. There also needs to be some kind of penalty for employees who try to ignore election day like its just another MLK day have have nonessential personnel work anyway.

      I agree the only way to ensure any sort of integrity is to have people GO to the polls, but we need to make sure everyone can.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
  2. Online voting is easy by amorsen · · Score: 4, Insightful

    We are really really good at handling online transactions of various kinds. Voting is easy. You just have to give up the secret ballot...

    Anonymous secure verifiable voting is a bad joke.

    --
    Finally! A year of moderation! Ready for 2019?
  3. Security - physical, network, machines by IamJaxn · · Score: 4, Insightful

    We can't even get voting machines that are secure and verifiable. We contract companies with no accountability to make these, and they don't even listen to third party researchers, or calls for open reviews. Why on earth would we think we could secure it on a public network, with umpteen more attack vectors?

  4. IEEE 1622 by vikingpower · · Score: 4, Interesting

    I am a ( small ) contributor to the future IEEE 1622 standard. We chose not to deal with the security problem, and to tackle only the electronic interchange format. Security, in electronic voting, seems too hard a problem to solve right now.

    --
    Religous speak to God. Insane are spoken to by God. When all shut up, one can finally hear Shostakovich in peace
  5. Re:Or... by pixelpusher220 · · Score: 4, Interesting

    Indeed and I give you 3 words for needing a paper trail.

    National Security Agency.

    They hack everything already. You do NOT want them hacking the votes. Given the complete lack of oversight and their already loose definition of 'legal' and 'overseas'...it sets up a perfect storm of an unanswerable rogue agency wagging the dog to get the pro-forma oversight they 'want'.

    --
    People in cars cause accidents....accidents in cars cause people :-D