32 States Offer Online Voting, But Experts Warn It Isn't Secure

Long-time Slashdot reader Geoffrey.landis writes: According to the Washington Post, 32 states have implemented some form of online voting for the 2016 U.S. presidential election -- even though multiple experts warn that internet voting is not secure. In many cases, the online voting options are for absentee ballots, overseas citizens or military members deployed overseas. According to Verified Voting, "voted ballots sent via Internet simply cannot be made secure and make easy and inviting targets for attackers ranging from lone hackers to foreign governments seeking to undermine US elections."
And yet 39% of this year's likely voters said they'd choose to vote online if given the option, according a new article in the Boston Globe, noting that "All 50 states and D.C. send ballots to overseas voters electronically," with Alabama even allowing them to actually cast their ballots through a special web site. "Security is exponentially increased over any other kind of voting because each ballot, as well as the electronic ballot box, has military-grade encryption," argues the founder of the software company that assures the site's security. "She also claims that Web voting is more accurate," reports the Boston Globe. "No more hanging chads or marks on a paper ballot that may be difficult to interpret. Web systems can also save money and can be upgraded or reconfigured as laws change..."

Re:The small amount of fraud

[AthanasiusKircher]

Oh, and by the way -- if you think that normal U.S. citizens have "the right to vote" today, that's really up to interpretation. For example, you really don't have the right to vote for President of the U.S. You have the right vote in an election, but it's up to your state legislature to decide in what manner the results of your state voting can be tallied to select members of the Electoral College to vote for President on your behalf.

Basically, the Constitution is profoundly undemocratic in sense of "direct democracy." It was designed to have many layers between the votes of the people and the actual officials and laws in the government.

You do realize

[rsilvergun]

you just advocated voter disenfranchisement, right? And what, exactly, do you define as sufficient effort? Here in my neck of the woods voting for Bernie in the primaries was a 3 hour wait. That wasn't an accident, you know. Wasn't there some old saying about coming round for the socialists? I forget how it went, and evidently you did too.

Oh, and only 9% of voters turned out for the Primaries. That's why you get to choose between Fuckface von Clownstick and Wallstreet's Girl.

Re:The worst possible thing

[fgouget]

1) Open source everything from code to protocols to procedures.

Open-source is useless if you have no way to verify that it is the code being used on the computers on election day.

2) Have both public and commercial security assurance performed on everything.

Elections serve to peacefully overthrow the powers in place. So, as far as elections are concerned the government must never be trusted. So letting the government pick a select few to perform the security checks is no guarantee at all. Furthermore security audits are useless if they don't audit the software and hardware that is actually used on election day. But while it's possible to let a handful of people perform very basic checks on these up to election day, it is impossible to let the voters do so. In other words the voters have no way to verify anything.

3) Sign all software, both voter and server side. Use integrity checks everywhere.

Sign all software, including the signing software. Audit the compiler too, and the compiler's compiler (at the assembly level, not the source level), the operating system, the drivers, etc. If you skip any step it's all for nothing.

Of course on election day you must also verify that the computer is actually running the official software and not just software designed to print the official cryptographic checksums. So start election day by pulling out the hard-drive, putting it in a computer that you trust, and verifying its content with your software. Of course the observer next to you cannot trust your computer and software and thus will need to make the same checks using his own hardware and software, giving him an opportunity to hack the content of the drive after you have checked it.

4) Deploy physical tamper evidence on all servers and systems.

Which is moot due to the point above. Also seals are pretty easy to replace, particularly by the entity that stands the most to gain from a rigged election: the government. Finally seals make denial-of-service attacks trivial: just break the seal. Once someone points out the seal has been broken the computer and software must be thrown away and rebuilt from scratch, delaying the election.

5) Perform admin tasks only under public scrutiny. There will be enough nerds and enthusiasts who WILL gather to find flaws in your procedures and opsec; use them wisely.

Yay, everyone can see the admin typing ls and the expected result being displayed in the terminal. Just ignore the fact that there's a 3G card hidden inside the computer and hacker reconfiguring things remotely. Public scrutiny means nothing.

I have been on duty as an observer on electronic voting in my home country.

You've had the wool pulled over your eyes.