32 States Offer Online Voting, But Experts Warn It Isn't Secure

Long-time Slashdot reader Geoffrey.landis writes: According to the Washington Post, 32 states have implemented some form of online voting for the 2016 U.S. presidential election -- even though multiple experts warn that internet voting is not secure. In many cases, the online voting options are for absentee ballots, overseas citizens or military members deployed overseas. According to Verified Voting, "voted ballots sent via Internet simply cannot be made secure and make easy and inviting targets for attackers ranging from lone hackers to foreign governments seeking to undermine US elections."
And yet 39% of this year's likely voters said they'd choose to vote online if given the option, according a new article in the Boston Globe, noting that "All 50 states and D.C. send ballots to overseas voters electronically," with Alabama even allowing them to actually cast their ballots through a special web site. "Security is exponentially increased over any other kind of voting because each ballot, as well as the electronic ballot box, has military-grade encryption," argues the founder of the software company that assures the site's security. "She also claims that Web voting is more accurate," reports the Boston Globe. "No more hanging chads or marks on a paper ballot that may be difficult to interpret. Web systems can also save money and can be upgraded or reconfigured as laws change..."

Threats

[ChrisMaple]

With online voting, it is impossible to prevent coercion.

Re:Threats

[NotInHere]

Its much easier to fake or deanonymize an online vote (undetected) than to do the same with a paper trail based vote.

Voting is one of the areas where I beliveve no computer technology should be used. Computers should be devices that serve us, not devices we use to chose our leaders with.

Re:Threats

[Aighearach]

My State is 100% vote by mail, and we don't have this as a problem.

Online Voting

If this can be made to work, then we no longer need a congress. Everyone can vote directly on every issue.

Re:Online Voting

That would be direct rule, as opposed to a representative democracy. Some may think that is better, I do not.

Our current system of representatives was intentionally chosen by the framers of the US constitution and many of the much-vaulted checks and balances in the US government require separate elected bodies with dissimilar election schedules and dissimilar constituents. They called direct democracy "the Tyranny of the majority"

Direct voting means that 51% of the electorate can vote for incredibly unfair laws targeting the 49%. Representative democracy means that representatives are elected who vye with each other to get laws passed. Compromises are usually necessary and passions of the moment fade before laws wind their way through the system.
Certain values of Gridlock and dysfunction are a feature of US democracy. We actually really don't want to change that.

Re:Online Voting

[Citizen+of+Earth]

"The best argument against democracy is a five-minute conversation with the average voter." -- Winston Churchill

Re: Online Voting

no, there is nothing that says a direct voting system must follow majority vote...just like now Congress needs more than a majority vote to over ride a presidential veto....

Re:The small amount of fraud

[GoChickenFat]

This will result in pales in comparison to the amount of enfranchisement it will create. Every time I've seen someone railing against voter fraud it's always been a transparent attempt to keep some kind of "undesirables" from voting. Usually members of the working class.

Bullshit. I only want people voting who put some effort into it. We're continually throwing away our country by trying to turn elections into zero effort by the voter. In my opinion the two worst things in our elections are open primaries and early voting. Show up the day of the election, darken the oval next the candidate you want and feed it into the electronic counter - an unambiguous paper trail will remain. Save early voting to the true absentee and not leave it open to vote harvesting.

Quibbling

[93+Escort+Wagon]

From TFA: "But experts in computer security maintain that nothing sent over the Internet is secure."

While I agree with the point he's trying to make about the issues with existing online voting systems, this hyperbolic statement is clearly wrong.

It's certainly possible to make Internet voting at least as secure as paper ballots. Heck, it could be made significantly more secure than my state's vote by mail program (which is the only way to vote in Washington state). The problem is, making it secure would also make it extremely inconvenient for each voter, as well as expensive to the state in terms of both money and manpower... so that's not going to happen.

Voter, not ballot, not secure

[Todd+Knarr]

The problem isn't so much that the ballot itself isn't secure, it's that the authentication of the voter isn't reliable so the identity of whoever cast the ballot isn't secure. The only ways to make that authentication reliable involve encoding the identity of the voter into the cast ballot, which blows away the whole idea of secret ballots so nobody can confirm how you voted.

It's possible to do it, but you'd need a) a state-issued smartcard with a unique key-pair assigned to that specific individual capable of encrypting and signing arbitrary blocks of data, and b) a front-end system that'd accept the voter-signed ballot, verify the signature and contents, strip the voter's signature and replace it with one from the election authority, and this system would have to be trusted not to record anything tying voter identities to ballots and verifiable so that anybody could confirm that not only was the system actually trustable but that the running software was generated from the verified code. That's a non-trivial system to set up.

The worst possible thing

[H_Fisher]

Want to end democracy in America once and for all? Then sure, go ahead and move all voting to electronic systems.

Doing so, you eliminate any real citizen oversight — you don't need all those election observers and volunteer pollsters anymore, so that's thousands of people who no longer count ballots, or supervise the machines that scan paper ballots now. Less oversight makes it easier to rig the system — something that's much less plausible now, because we have so many people involved.

Voting needs to happen on paper. Technology can improve our lives the other 363 or so days out of the year, but when it's an election at stake, I want a paper ballot for each and every person who votes. I want a tangible record, no matter how expensive it might be. A paper ballot is not entirely flawless and there are other kinds of fraud that can happen. But I'd prefer the startlingly low incidence of those kinds of issues because this is the only way we can be sure that other, more pernicious, less obvious or even provable types of fraud cannot and are not happening. Electronic voting should be illegal.

Re:The worst possible thing

I have been on duty as an observer on electronic voting in my home country.
If done right, you can have public scrutiny over e-voting as well.

1) Open source everything from code to protocols to procedures.
2) Have both public and commercial security assurance performed on everything.
3) Sign all software, both voter and server side. Use integrity checks everywhere.
4) Deploy physical tamper evidence on all servers and systems.
5) Perform admin tasks only under public scrutiny. There will be enough nerds and enthusiasts who WILL gather to find flaws in your procedures and opsec; use them wisely.

Nothing can be 100% secure, but good oversight CAN be achieved for electronic voting. It needs some fundamental decisions - publishing the code and protocols being the most important one.

Re:The worst possible thing

[fgouget]

1) Open source everything from code to protocols to procedures.

Open-source is useless if you have no way to verify that it is the code being used on the computers on election day.

2) Have both public and commercial security assurance performed on everything.

Elections serve to peacefully overthrow the powers in place. So, as far as elections are concerned the government must never be trusted. So letting the government pick a select few to perform the security checks is no guarantee at all. Furthermore security audits are useless if they don't audit the software and hardware that is actually used on election day. But while it's possible to let a handful of people perform very basic checks on these up to election day, it is impossible to let the voters do so. In other words the voters have no way to verify anything.

3) Sign all software, both voter and server side. Use integrity checks everywhere.

Sign all software, including the signing software. Audit the compiler too, and the compiler's compiler (at the assembly level, not the source level), the operating system, the drivers, etc. If you skip any step it's all for nothing.

Of course on election day you must also verify that the computer is actually running the official software and not just software designed to print the official cryptographic checksums. So start election day by pulling out the hard-drive, putting it in a computer that you trust, and verifying its content with your software. Of course the observer next to you cannot trust your computer and software and thus will need to make the same checks using his own hardware and software, giving him an opportunity to hack the content of the drive after you have checked it.

4) Deploy physical tamper evidence on all servers and systems.

Which is moot due to the point above. Also seals are pretty easy to replace, particularly by the entity that stands the most to gain from a rigged election: the government. Finally seals make denial-of-service attacks trivial: just break the seal. Once someone points out the seal has been broken the computer and software must be thrown away and rebuilt from scratch, delaying the election.

5) Perform admin tasks only under public scrutiny. There will be enough nerds and enthusiasts who WILL gather to find flaws in your procedures and opsec; use them wisely.

Yay, everyone can see the admin typing ls and the expected result being displayed in the terminal. Just ignore the fact that there's a 3G card hidden inside the computer and hacker reconfiguring things remotely. Public scrutiny means nothing.

I have been on duty as an observer on electronic voting in my home country.

You've had the wool pulled over your eyes.

That will never work

[ronmon]

Because then you only get votes from people that are stupid enough to use Facebook.

Re:The small amount of fraud

[Gavagai80]

The "effort" test unfairly favors retired seniors who have a lot more time to waste than someone working long hours. It's not a fair measure of actual interest in voting at all.

Re:Crooked Republicans

[BradMajors]

All of the recent "election stealing" has been done by Hillary. BTW, Hillary is a Democrat.

Re:The small amount of fraud

[AthanasiusKircher]

Oh, and by the way -- if you think that normal U.S. citizens have "the right to vote" today, that's really up to interpretation. For example, you really don't have the right to vote for President of the U.S. You have the right vote in an election, but it's up to your state legislature to decide in what manner the results of your state voting can be tallied to select members of the Electoral College to vote for President on your behalf.

Basically, the Constitution is profoundly undemocratic in sense of "direct democracy." It was designed to have many layers between the votes of the people and the actual officials and laws in the government.

You do realize

[rsilvergun]

you just advocated voter disenfranchisement, right? And what, exactly, do you define as sufficient effort? Here in my neck of the woods voting for Bernie in the primaries was a 3 hour wait. That wasn't an accident, you know. Wasn't there some old saying about coming round for the socialists? I forget how it went, and evidently you did too.

Oh, and only 9% of voters turned out for the Primaries. That's why you get to choose between Fuckface von Clownstick and Wallstreet's Girl.

Re:There is one good thing

[clodney]

Where I live (Minnesota) ballots are physically secured. You fill out your paper ballot, then feed it into the optical scanner. The scanner reads the ballot, and you see the ballot counter change on the machine. The ballot goes directly into a locked container.

If the scanner has been hacked to report incorrect results, the paper ballots can be used as an audit trail.

I don't know all the steps taken to secure the paper ballots, but I know that both major parties have election judges and observers at pretty much every step of the way. Not saying that fraud is impossible by any means, but it is treated as an adversarial system. In the Franken/Coleman recount of 2008 (?), Democrats and Repulicans were involved at every step of the process. At one point I think they even had a webcam on the room containing the ballot boxes, to satisfy people that no tampering was going on.