Researchers Devise Voting System That Seems Secure, But Is Hard To Use

An anonymous reader writes: According to an article in ReadWrite, a team of British and American researchers have developed a hacker resistant process for online voting called Du-Vote. It uses a credit card-sized device that helps to divide the security-sensitive tasks between your computer and the device in a way that neither your computer nor the device learns how you voted (PDF). If a hacker managed to control the computer and the Du-Vote token, he still can't change the votes without being detected.

Only geeks can vote?

[linear+a]

I vote yes!

Transparency

[prefec2]

Voting must be secure, private, equal, and transparent. If the counting is done by a machine and there is no paper trail then this transparency is not realized. Nice to see that they are able to secure the transmission, but now the devices can still be tampered with. What I do not understand, why is it so important to replace the voting process with an electronic voting process. Voting is an important act in a democracy, therefore, it is also important to give it enough time and ritual to perform it.

Re:Transparency

[epine]

If I wanted ritual in my life, I would have become a priest and pursued my career with extreme political ambition so I could vote for the freaking pope.

I guess you've never read an article in your life about mobilizing the voters who are too lazy (or metabolically downtrodden from their Cheetos and Coke diets) to physically show up at a polling station?

Paper is a physical token. Reliably obtaining exactly one unambiguous, untamperable physical token with confidentiality from each adult member of society—the vast majority of which are collected on the same day—hasn't exactly proven to be an easy problem, especially when broadened to include public trust—that every voter understands and believes the process to have all of these properties (to at least a substantial degree).

Electronic voting vastly reduces the complexity on the collection side, but then the tamperability problem looms supreme, but this could almost be solved with enough crypto cleverness, except that the public trust story then requires a tiny bit of numeracy beyond grade six math.

Ritual, however, is accessible to a four-year old.

The same four-year olds who are unfortunately not yet equipped with fully functioning batshit detectors.

I don't want to abolish ritual. I simply want to reduce it to the size where I can drag it into the bathroom and drown it in the bathtub.

Re:"without being detected"...yet

[freeze128]

...and that's the point! If it takes longer than 4 years to hack, it's effectively secure for a US Presidential election. By then, the elected official's term will be up, and there will be another election (with different encryption keys) so you will have to start over.

Confidence versus rational confidence

[mtrachtenberg]

It is conceivable that the World's Cleverest People (WCP) will devise a system that reliably enables people to vote over the internet. And researchers tell us America is no longer a democracy, so I suppose it doesn't really matter that only the WCP will have rational reason to have confidence in the system.

But for those of us who think people should be able to prove to their own satisfaction that their vote was counted as cast, paper inserted into witnessed boxes and then counted in public seems like a better idea. It will never make Microsoft rich, though, so I doubt Microsoft Research will admit this.

KISS

[riverat1]

Voting should be a low tech process that anybody can understand. Too much technological magic erodes the trust of voters who are capable of understanding it. Simply marking a ballot with a pen is understandable by anyone. Maybe you count them by machine but you always have the fallback of machine counting. I don't trust any voting process that doesn't have that fallback option. If the voting records are only held electronically how can you ever completely trust the results haven't been hacked?

Beside hacking

[AchilleTalon]

Beside hacking a device to steal votes, there is a number of other concerns about the online voting which cannot be eliminated by any device you can imagine.

For example, how can you be assured the voter has not sell his vote and the buyer can just sit beside him to make sure he is getting what he paid for? How can you prevent someone to impose a candidate to someone else by threatening him/her/them? At a vote poll, you can make sure nobody is intimidated and anyway there is no way someone else can check the vote he tried to steal.

Online voting is a big No-No.

Proctored voting

[Okian+Warrior]

A lot of people think online voting is the next big thing, but the problem is actually very hard to do online.

To do it right requires a "proctored" setting where the person is guaranteed to be alone, and unobserved (including video recording).

If you can't guarantee that the person is alone, then they can be coerced into voting a specific way. If you can't guarantee that the person isn't observed, then the person can sell their vote.

Video recording hasn't been addressed yet, but with the current system a voter can record their vote as proof of how they voted, and so vote selling is possible. It's functionally the same as being observed, just time shifted.

Add in the requirements for recounts and verification, and physical ballots in a proctored environment is the simple solution.

I've seen mathematical solutions that make tampering statistically impossible. The system injects a large portion of non-human votes in a cryptographically secure way such that it doesn't change the actual outcome, but it's impossible for a hacker to change votes due to the statistical likelihood that he'll change one of the non-human votes and be detected.

Even with these systems, you still need a proctored environment that guarantees anonymous and unobserved voting.