Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Devise Voting System That Seems Secure, But Is Hard To Use

Posted by Soulskill on from the find-the-candidate-and-hand-them-your-vote dept.

An anonymous reader writes: According to an article in ReadWrite, a team of British and American researchers have developed a hacker resistant process for online voting called Du-Vote. It uses a credit card-sized device that helps to divide the security-sensitive tasks between your computer and the device in a way that neither your computer nor the device learns how you voted (PDF). If a hacker managed to control the computer and the Du-Vote token, he still can't change the votes without being detected.

12 of 103 comments (clear)

  1. Only geeks can vote? by linear+a · · Score: 4, Insightful

    I vote yes!

    1. Re:Only geeks can vote? by Garridan · · Score: 2

      Probably not. The authors made the newbie mistake of saddling their scheme with purpose-built crypto. They make a slight nod to the danger of this in the appendix, and sweep it under the rug (IND-CPA is nice and all, but it's not a proof of security). Experience says that they're overrating the security of their system, and there's a good chance it's broken. Thus, geeks will think they're voting, but The Man will actually be doing the voting for them.

  2. Transparency by prefec2 · · Score: 4, Interesting

    Voting must be secure, private, equal, and transparent. If the counting is done by a machine and there is no paper trail then this transparency is not realized. Nice to see that they are able to secure the transmission, but now the devices can still be tampered with. What I do not understand, why is it so important to replace the voting process with an electronic voting process. Voting is an important act in a democracy, therefore, it is also important to give it enough time and ritual to perform it.

    1. Re:Transparency by epine · · Score: 3, Funny

      If I wanted ritual in my life, I would have become a priest and pursued my career with extreme political ambition so I could vote for the freaking pope.

      I guess you've never read an article in your life about mobilizing the voters who are too lazy (or metabolically downtrodden from their Cheetos and Coke diets) to physically show up at a polling station?

      Paper is a physical token. Reliably obtaining exactly one unambiguous, untamperable physical token with confidentiality from each adult member of society—the vast majority of which are collected on the same day—hasn't exactly proven to be an easy problem, especially when broadened to include public trust—that every voter understands and believes the process to have all of these properties (to at least a substantial degree).

      Electronic voting vastly reduces the complexity on the collection side, but then the tamperability problem looms supreme, but this could almost be solved with enough crypto cleverness, except that the public trust story then requires a tiny bit of numeracy beyond grade six math.

      Ritual, however, is accessible to a four-year old.

      The same four-year olds who are unfortunately not yet equipped with fully functioning batshit detectors.

      I don't want to abolish ritual. I simply want to reduce it to the size where I can drag it into the bathroom and drown it in the bathtub.

    2. Re:Transparency by penix1 · · Score: 2

      There are many factors that play in low voter turnout but to name the worst offenders here we go:

      1. The two party system itself. Having only two nationally recognized parties by the media ignores a very large part of the population that doesn't agree with either of them. This is the primary reason gerrymandering works too.
      2. Primaries. Having primaries in the two party system means those that support a candidate that doesn't win the primary feels left out and doesn't see a need to vote in the general election.
      3. Winner takes all in national elections. This means that electoral votes get ignored once a majority is achieved. This is how President Obama won.
      4. Using an electoral college. The electoral college made sense when communicating voter wishes meant paper delivered by horse to the capitol. It makes no sense in the age of computers and high speed communications. Also, because there is no real assurance that an elector will vote they way the voters want, you wind up with messes like the 2000 election where the electoral vote did not match the popular vote.
      5. No holiday for election days. Nobody wants to work all day just to have to stand in long lines all night to vote. Let's face it, if a person had all day to vote those lines would be considerably shorter with only the procrastinators being punished.

      Those are just a few off the top of my head. I know there are many more.

      --
      This is a sig. This is only a sig. Had this been an actual sig you would have been informed where to tune for more sigs.
  3. Not secure by aaaaaaargh! · · Score: 2

    The counts can be hacked at the target computer. For example, by the government, by foreign governments or by the company providing the voting systems.

    Or are the "electronic votes" counted manually by thousands of volunteers and leave a huge paper trail?

  4. Re:"without being detected"...yet by freeze128 · · Score: 3, Insightful

    ...and that's the point! If it takes longer than 4 years to hack, it's effectively secure for a US Presidential election. By then, the elected official's term will be up, and there will be another election (with different encryption keys) so you will have to start over.

  5. Confidence versus rational confidence by mtrachtenberg · · Score: 4, Insightful

    It is conceivable that the World's Cleverest People (WCP) will devise a system that reliably enables people to vote over the internet. And researchers tell us America is no longer a democracy, so I suppose it doesn't really matter that only the WCP will have rational reason to have confidence in the system.

    But for those of us who think people should be able to prove to their own satisfaction that their vote was counted as cast, paper inserted into witnessed boxes and then counted in public seems like a better idea. It will never make Microsoft rich, though, so I doubt Microsoft Research will admit this.

  6. KISS by riverat1 · · Score: 4, Insightful

    Voting should be a low tech process that anybody can understand. Too much technological magic erodes the trust of voters who are capable of understanding it. Simply marking a ballot with a pen is understandable by anyone. Maybe you count them by machine but you always have the fallback of machine counting. I don't trust any voting process that doesn't have that fallback option. If the voting records are only held electronically how can you ever completely trust the results haven't been hacked?

    1. Re:KISS by gnupun · · Score: 2

      Maybe you count them by machine but you always have the fallback of machine counting.

      Perhaps you meant "fallback of human counting." For simplicity:
      1. The voter selects a candidate on a touch-screen tablet.
      2. The tablet prints out the vote selection on a piece of paper. This ensures a valid vote has been cast by the voter.
      3. Voter deposits paper into a box along with other votes.
      4. A computer with a scanner rapidly scans the paper votes after the box is emptied into the counting machine.
      5. Humans manually recount votes using paper votes if any discrepancy in the vote count is found.

      The TL;DR version is use printers to cast machine-readable paper votes.

  7. Beside hacking by AchilleTalon · · Score: 5, Insightful

    Beside hacking a device to steal votes, there is a number of other concerns about the online voting which cannot be eliminated by any device you can imagine.

    For example, how can you be assured the voter has not sell his vote and the buyer can just sit beside him to make sure he is getting what he paid for? How can you prevent someone to impose a candidate to someone else by threatening him/her/them? At a vote poll, you can make sure nobody is intimidated and anyway there is no way someone else can check the vote he tried to steal.

    Online voting is a big No-No.

    --
    Achille Talon
    Hop!
  8. Proctored voting by Okian+Warrior · · Score: 3, Insightful

    A lot of people think online voting is the next big thing, but the problem is actually very hard to do online.

    To do it right requires a "proctored" setting where the person is guaranteed to be alone, and unobserved (including video recording).

    If you can't guarantee that the person is alone, then they can be coerced into voting a specific way. If you can't guarantee that the person isn't observed, then the person can sell their vote.

    Video recording hasn't been addressed yet, but with the current system a voter can record their vote as proof of how they voted, and so vote selling is possible. It's functionally the same as being observed, just time shifted.

    Add in the requirements for recounts and verification, and physical ballots in a proctored environment is the simple solution.

    I've seen mathematical solutions that make tampering statistically impossible. The system injects a large portion of non-human votes in a cryptographically secure way such that it doesn't change the actual outcome, but it's impossible for a hacker to change votes due to the statistical likelihood that he'll change one of the non-human votes and be detected.

    Even with these systems, you still need a proctored environment that guarantees anonymous and unobserved voting.