Slashdot Mirror
Researchers Devise Voting System That Seems Secure, But Is Hard To Use
An anonymous reader writes: According to an article in ReadWrite, a team of British and American researchers have developed a hacker resistant process for online voting called Du-Vote. It uses a credit card-sized device that helps to divide the security-sensitive tasks between your computer and the device in a way that neither your computer nor the device learns how you voted (PDF). If a hacker managed to control the computer and the Du-Vote token, he still can't change the votes without being detected.
I vote yes!
" the oppressed are allowed once every few years to decide which particular representatives of the oppressing class shall represent and repress them in parliament" LENIN
We need a SOVIET AMERICA!
UNITE with the Campaign for a Free Internet because today, our future begins with tomorrow!
Voting must be secure, private, equal, and transparent. If the counting is done by a machine and there is no paper trail then this transparency is not realized. Nice to see that they are able to secure the transmission, but now the devices can still be tampered with. What I do not understand, why is it so important to replace the voting process with an electronic voting process. Voting is an important act in a democracy, therefore, it is also important to give it enough time and ritual to perform it.
The counts can be hacked at the target computer. For example, by the government, by foreign governments or by the company providing the voting systems.
Or are the "electronic votes" counted manually by thousands of volunteers and leave a huge paper trail?
...and that's the point! If it takes longer than 4 years to hack, it's effectively secure for a US Presidential election. By then, the elected official's term will be up, and there will be another election (with different encryption keys) so you will have to start over.
It is conceivable that the World's Cleverest People (WCP) will devise a system that reliably enables people to vote over the internet. And researchers tell us America is no longer a democracy, so I suppose it doesn't really matter that only the WCP will have rational reason to have confidence in the system.
But for those of us who think people should be able to prove to their own satisfaction that their vote was counted as cast, paper inserted into witnessed boxes and then counted in public seems like a better idea. It will never make Microsoft rich, though, so I doubt Microsoft Research will admit this.
Voting should be a low tech process that anybody can understand. Too much technological magic erodes the trust of voters who are capable of understanding it. Simply marking a ballot with a pen is understandable by anyone. Maybe you count them by machine but you always have the fallback of machine counting. I don't trust any voting process that doesn't have that fallback option. If the voting records are only held electronically how can you ever completely trust the results haven't been hacked?
Beside hacking a device to steal votes, there is a number of other concerns about the online voting which cannot be eliminated by any device you can imagine.
For example, how can you be assured the voter has not sell his vote and the buyer can just sit beside him to make sure he is getting what he paid for? How can you prevent someone to impose a candidate to someone else by threatening him/her/them? At a vote poll, you can make sure nobody is intimidated and anyway there is no way someone else can check the vote he tried to steal.
Online voting is a big No-No.
Achille Talon
Hop!
We could print out the ballots on paper, and then instead of using digital or pen signatures, we could use our blood to check the boxes and "sign" the ballots.
Now all we would need is a national DNA registry. This would also solve a whole bunch of problems with needing or not needing to present ID to vote, as you wouldn't need to show an ID card at all (although I honestly don't know why anyone would want someone that may or may not be an American citizen, or even the correct person voting, but this is apparently a thing in some US states).
Stupid and lazy people are kept from voting by having to read instructions and enter numbers into a token. The ones who manage to cast a valid ballot are likely also intelligent enough to understand basic scientific facts and elect politicians capable of cooperating with other humans! Instant fix for American government!
A lot of people think online voting is the next big thing, but the problem is actually very hard to do online.
To do it right requires a "proctored" setting where the person is guaranteed to be alone, and unobserved (including video recording).
If you can't guarantee that the person is alone, then they can be coerced into voting a specific way. If you can't guarantee that the person isn't observed, then the person can sell their vote.
Video recording hasn't been addressed yet, but with the current system a voter can record their vote as proof of how they voted, and so vote selling is possible. It's functionally the same as being observed, just time shifted.
Add in the requirements for recounts and verification, and physical ballots in a proctored environment is the simple solution.
I've seen mathematical solutions that make tampering statistically impossible. The system injects a large portion of non-human votes in a cryptographically secure way such that it doesn't change the actual outcome, but it's impossible for a hacker to change votes due to the statistical likelihood that he'll change one of the non-human votes and be detected.
Even with these systems, you still need a proctored environment that guarantees anonymous and unobserved voting.
Voting is not something we need online. Voting is too sacred or precious or important a right such that I am more than willing to be "inconvenienced" to make voting less capable of being hacked by being online. Voting online would centralize it. The decentralization that already exists by thousands of volunteers nation-wide helps to deter some voting crimes, I would guess.
Ditto the touchscreen voting machines and every other apparatus they come up with in their attempts to do away with the paper ballot, which has worked just fine for over 200 years. Just because it's more modern doesn't make it better.
Better to use paper, and no mail in ballots. Voting is essentially a legal transaction. Mail in voting invites fraud. You should have to present proof of citizenship when you vote as well.
an ill wind that blows no good
Maybe you count them by machine but you always have the fallback of machine counting.
Of course I meant "you always have the fallback of hand counting."
if your threat model is "hackers" you are not to be taken seriously. Might as well say your threat model hinges on "preventing smurfs from smurfing".
I don't think some sort of web voting will ever work. Given that any server can be hacked and many times without anyone finding out. Besides devising a way to make sure you are who you are and only voting once. The sad part is that even if you could vote online it does nothing to improve our election system. In fact because it would be so easy you may actually choose less wisely then voters do now. That's really our electoral problem now. We vote for people for not all the right reasons. A perfect example is ask voters why they voted for a certain person. Many will not be able to provide you with a good answer. Just some lame reason they thought the person was right for the job. Probably could not even name any of their accomplishments. I think we pick people to be on jury's more carefully then any elected official. Changing how we vote, won't change how poorly we vote.
I agree, but however unlikely there's always the chance of some unforeseen exploit remote as it may be. I'd say the biggest risk would be social engineering which is one of the most powerful tools if not the most in a hackers arsenal. The best encryption in the world can be rendered useless by gullibility, greed, or a mixture of both.
Very, very unlikely but possible.
My state's Electoral College votes always to to the same party. I don't like the party that's in charge, but the minority is millions of votes behind, so there's really no reason to vote.
However, I've discovered there's a good reason NOT to vote: if you vote, you WILL get Jury Duty. If you don't vote, you won't get Jury Duty.
Therefore, I don't vote.
p.s. I think it'll be hilarious when some lawyer realizes that 90% of people on juries on this state are from the political party with a 55% majority.
Massachusetts?
No online voting system can eliminate the "over-the-shoulder" problem, where an attacker breaks the "privacy" requirement.
yES!! if the TYPICAL voter does not understand why the vote is secure the method fails. this is virtually the turing rest for any proposed schema.
Someone needs to write one of those form letters we have for why someones proposal to end spam will fail for all these stupid people who think the problem is crytography.
Some drink at the fountain of knowledge. Others just gargle.
Many people thing about electronic voting only for presidential elections and so on, but where I think it could be a game changer is in bringing current democracies on the way to a system closer to what is known as direct democracy where implicated citizens could use their vote in very specific decisions and other people could delegate (temporally , with easy possibility of revocation and discretionally) to political parties or representatives so they could decide for them.
I envision a system with independent census and electoral entities and using smartcard chips with certificates. I just made it up very fast it still has very vague parts, maybe inconsistencies but I feel starting from here it could be a sound system.
The census entity is in charge of providing means to eligible citizens to sign their votes. For instance a smartcard with public private key, a protocol should be established in a way that the census entity knows which certificates has issued but cannot relate them to specific people.
When a poll is called independent parties can apply to become electoral entities for that specific poll, these can be public entities, NGO's, etc... a number of them is somehow certified and chosen.
During the time allowed to vote, each citizen signs his vote using his smartcard and sends it to all or a subgroup of the electoral entities chosen for the poll, independently of this, with his smartcard and any time during or even before the voting time he signs a request to the census entity stating his intention to vote.
At the end of the voting all voting logs are signed by each of the entities and made public, these logs have all the votes, signed with their respective certificates, they've received, also the census entity makes public a log with all the voting requests made.
The result of the election is not actually calculated by these entities but anyone can produce it by processing the logs, a protocol to work out inconsistencies should be designed, but it should be possible to work out given a honest census entity and the nature of public/private key certificates.
If voting is too hard and complicated, the voters in Floriduh will never figure it out. We've been down that road before.
Based on the summary, I'm forced to conclude that it is safe to tampering from male hackers, but that female hackers can safely modify the results!
Bruce Schneier said "a secure Internet voting system is theoretically possible, but it would be the first secure networked application ever created in the history of computers."
Good luck to them.
Most, if not all states now, don't just get jury candidates from voter registration, but also using state issued ids, taxes, and several other things. Even over ten years ago, I got my first jury summons about six months after turning 18 but before registering to vote.
I'm sorry, but please follow the current state of the discussion which probably is the opinion of the constitutional court of Germany.
Essentially they found that it's rather irrelevant how secure it is, what's important is that it's easy to detect fraud. And by being easy they mean that a lay person without any special knowledge can, without a doubt, find out when fraud occurred.
The typical well designed system is the hand marked paper ballot. The technique to check for fraud is trivial. You look into the ballot box before the election to make sure it's empty, you make sure everybody just throws one ballot into the box, you make sure that in the end the number of ballots is equal to the number of people voting, and then you make sure everything is counted correctly. The last part is hard to watch, but since the ballots are stored you can always have a recount.
Compare that to those mathematical systems which, even if you understand the math, require you to actually see what computers are doing. So essentially you need to do a deep forensic analysis on a voting computer checking everything from the firmware to the individual dies of the chips.
Other areas as in banking have it easier. There you can just have audit logs for everything and check against such logs. This cannot be done with elections because of voter privacy which is highly important by itself.
Should be copying Oregon's Vote-By-Mail system instead.
No lines, no having to get across town after or before work, all resulting in better voter turnout, particularly among those with the most trouble accessing the vote (ie, minorities, poor, and low income workers).
Which is precisely why they'll fight it in every other state.
The guy who said the election was rigged won the presidency with the second-most votes.
The harder a security system is to use, the more effort will be put into making it easy by the users. Make the password long and weird enough and they will write it down under their mouse pad. Shortcuts will abound and few will ever bother to either use it at all or use if correctly. User difficulty in using a secure system is due to the lack of creativity, understanding and awareness of the system writers. A secure system works because the easiest way to use it is the secure way. This is a Security 101 awareness failure.
On Battlestar Galactica (the new version) they had a vote, the ballots were all paper and counted manually (admittedly there was fraud, in the form of a ballot box switcheroo, but it got noticed).
It seems that if a world where they have discovered FTL and cyborgs still haven't discovered an electronic voting system that works...
Yes, I know is it fiction, but the point is that even writers that can imagine sentient robots cannot envision a way to do electronic voting that works. The reason is, that electronics are impossible to verify. (Insert link to paper on Trusting Trust.)
This is a stupid idea. The reason we vote in a polling station is to ensure that the vote is done in private, SECRETLY, with no proof of how you voted. This is so you cannot sell your vote, or be coerced into voting a certain way. Congress voted this way until the "sunshine" laws made congressional votes a matter of record in 1970. Now, Congress can no longer vote their conscience and lobbyist have control over the outcomes of votes before they ever get to the floor. They know which representative to lean on to get the outcomes they want. youtube(.)com/watch?v=1gEz__sMVaY
of voters think.