Slashdot Mirror

← Back to Stories (view on slashdot.org)

32 States Offer Online Voting, But Experts Warn It Isn't Secure (bostonglobe.com)

Posted by EditorDavid on from the Boaty-McPresident dept.

Long-time Slashdot reader Geoffrey.landis writes: According to the Washington Post, 32 states have implemented some form of online voting for the 2016 U.S. presidential election -- even though multiple experts warn that internet voting is not secure. In many cases, the online voting options are for absentee ballots, overseas citizens or military members deployed overseas. According to Verified Voting, "voted ballots sent via Internet simply cannot be made secure and make easy and inviting targets for attackers ranging from lone hackers to foreign governments seeking to undermine US elections."
And yet 39% of this year's likely voters said they'd choose to vote online if given the option, according a new article in the Boston Globe, noting that "All 50 states and D.C. send ballots to overseas voters electronically," with Alabama even allowing them to actually cast their ballots through a special web site. "Security is exponentially increased over any other kind of voting because each ballot, as well as the electronic ballot box, has military-grade encryption," argues the founder of the software company that assures the site's security. "She also claims that Web voting is more accurate," reports the Boston Globe. "No more hanging chads or marks on a paper ballot that may be difficult to interpret. Web systems can also save money and can be upgraded or reconfigured as laws change..."

8 of 182 comments (clear)

  1. Threats by ChrisMaple · · Score: 4, Insightful

    With online voting, it is impossible to prevent coercion.

    --
    Contribute to civilization: ari.aynrand.org/donate
    1. Re:Threats by NotInHere · · Score: 4, Insightful

      Its much easier to fake or deanonymize an online vote (undetected) than to do the same with a paper trail based vote.

      Voting is one of the areas where I beliveve no computer technology should be used. Computers should be devices that serve us, not devices we use to chose our leaders with.

  2. Re:The small amount of fraud by GoChickenFat · · Score: 4, Insightful

    This will result in pales in comparison to the amount of enfranchisement it will create. Every time I've seen someone railing against voter fraud it's always been a transparent attempt to keep some kind of "undesirables" from voting. Usually members of the working class.

    Bullshit. I only want people voting who put some effort into it. We're continually throwing away our country by trying to turn elections into zero effort by the voter. In my opinion the two worst things in our elections are open primaries and early voting. Show up the day of the election, darken the oval next the candidate you want and feed it into the electronic counter - an unambiguous paper trail will remain. Save early voting to the true absentee and not leave it open to vote harvesting.

  3. The worst possible thing by H_Fisher · · Score: 5, Insightful

    Want to end democracy in America once and for all? Then sure, go ahead and move all voting to electronic systems.

    Doing so, you eliminate any real citizen oversight — you don't need all those election observers and volunteer pollsters anymore, so that's thousands of people who no longer count ballots, or supervise the machines that scan paper ballots now. Less oversight makes it easier to rig the system — something that's much less plausible now, because we have so many people involved.

    Voting needs to happen on paper. Technology can improve our lives the other 363 or so days out of the year, but when it's an election at stake, I want a paper ballot for each and every person who votes. I want a tangible record, no matter how expensive it might be. A paper ballot is not entirely flawless and there are other kinds of fraud that can happen. But I'd prefer the startlingly low incidence of those kinds of issues because this is the only way we can be sure that other, more pernicious, less obvious or even provable types of fraud cannot and are not happening. Electronic voting should be illegal.

    1. Re:The worst possible thing by fgouget · · Score: 3, Informative

      1) Open source everything from code to protocols to procedures.

      Open-source is useless if you have no way to verify that it is the code being used on the computers on election day.

      2) Have both public and commercial security assurance performed on everything.

      Elections serve to peacefully overthrow the powers in place. So, as far as elections are concerned the government must never be trusted. So letting the government pick a select few to perform the security checks is no guarantee at all. Furthermore security audits are useless if they don't audit the software and hardware that is actually used on election day. But while it's possible to let a handful of people perform very basic checks on these up to election day, it is impossible to let the voters do so. In other words the voters have no way to verify anything.

      3) Sign all software, both voter and server side. Use integrity checks everywhere.

      Sign all software, including the signing software. Audit the compiler too, and the compiler's compiler (at the assembly level, not the source level), the operating system, the drivers, etc. If you skip any step it's all for nothing.

      Of course on election day you must also verify that the computer is actually running the official software and not just software designed to print the official cryptographic checksums. So start election day by pulling out the hard-drive, putting it in a computer that you trust, and verifying its content with your software. Of course the observer next to you cannot trust your computer and software and thus will need to make the same checks using his own hardware and software, giving him an opportunity to hack the content of the drive after you have checked it.

      4) Deploy physical tamper evidence on all servers and systems.

      Which is moot due to the point above. Also seals are pretty easy to replace, particularly by the entity that stands the most to gain from a rigged election: the government. Finally seals make denial-of-service attacks trivial: just break the seal. Once someone points out the seal has been broken the computer and software must be thrown away and rebuilt from scratch, delaying the election.

      5) Perform admin tasks only under public scrutiny. There will be enough nerds and enthusiasts who WILL gather to find flaws in your procedures and opsec; use them wisely.

      Yay, everyone can see the admin typing ls and the expected result being displayed in the terminal. Just ignore the fact that there's a 3G card hidden inside the computer and hacker reconfiguring things remotely. Public scrutiny means nothing.

      I have been on duty as an observer on electronic voting in my home country.

      You've had the wool pulled over your eyes.

  4. Re:Online Voting by Anonymous Coward · · Score: 5, Insightful

    That would be direct rule, as opposed to a representative democracy. Some may think that is better, I do not.

    Our current system of representatives was intentionally chosen by the framers of the US constitution and many of the much-vaulted checks and balances in the US government require separate elected bodies with dissimilar election schedules and dissimilar constituents. They called direct democracy "the Tyranny of the majority"

    Direct voting means that 51% of the electorate can vote for incredibly unfair laws targeting the 49%. Representative democracy means that representatives are elected who vye with each other to get laws passed. Compromises are usually necessary and passions of the moment fade before laws wind their way through the system.
    Certain values of Gridlock and dysfunction are a feature of US democracy. We actually really don't want to change that.

  5. Re:The small amount of fraud by AthanasiusKircher · · Score: 3, Informative

    Oh, and by the way -- if you think that normal U.S. citizens have "the right to vote" today, that's really up to interpretation. For example, you really don't have the right to vote for President of the U.S. You have the right vote in an election, but it's up to your state legislature to decide in what manner the results of your state voting can be tallied to select members of the Electoral College to vote for President on your behalf.

    Basically, the Constitution is profoundly undemocratic in sense of "direct democracy." It was designed to have many layers between the votes of the people and the actual officials and laws in the government.

  6. You do realize by rsilvergun · · Score: 4, Informative

    you just advocated voter disenfranchisement, right? And what, exactly, do you define as sufficient effort? Here in my neck of the woods voting for Bernie in the primaries was a 3 hour wait. That wasn't an accident, you know. Wasn't there some old saying about coming round for the socialists? I forget how it went, and evidently you did too.

    Oh, and only 9% of voters turned out for the Primaries. That's why you get to choose between Fuckface von Clownstick and Wallstreet's Girl.

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/