Slashdot Mirror
Voting over the net?
Alistair Cunningham writes "The Sunday Telegraph is reporting that the British government is planning to allow voters to vote online at the next general election, in 2001. They hope to use this to overcome voter apathy. I wonder how secure this will be?
" I can't wait for this to happen in the US. Voting is
a pain- I want to click my way through the election and
not have to wait in lines.
If you aren't interested enough to vote to go find your local polling place and vote, don't vote. Uninformed voters who vote with their heart instead of their mind are the bane of the democratic process. The founders of this country believed in an educated electorate (I believe this was one of the major arguments behind the public school system) because without an informed populace to decide who rules, the decision is not going to be a good one.
I'll admit that I don't much vote. Often, I don't know enough about what's going on to decide who should be elected to the office, or whether referendum X should be passed, so I don't. At the moment, I'm really too busy to keep up with politics, and I think its best that I be kept out of the voting booth. I'll most likely vote in the 2000 election, but I will have a clue.
If you're not sure, don't go in there and vote the party line! I could imagine that the reason the political parties push for greater voter turnout is that those who fail to vote through laziness tend to be the ones with the most knee-jerk reaction, and will thus tend to vote for their party on a more consistent basis. Vote only if you know what you're doing, and vote only on the issues you know enough about to decide.
Aside from these problems, there's also technical issues here. I assume that an https server isn't going to quite cut the mustard when it comes to something this important. Thus, I assume that custom software is going to be written.
Will this software run on anything besides Windows? Can the people who make the voting software be bothered to make a MacOS or Linux or BSD or Solaris or OS/2 version? Will they make a version that'll run on my 5-year-old PowerBook 165? If this voting software is not created for every single OS that exists today and has the capability of connecting to the internet, then I have a very large problem with it, because you're selectively making things harder for certain people. I wouldn't be surprised if they only made a Windows version, and if they made anything past a Linux and MacOS version, it would astound me.
Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!
With the studies about the gaps in internet use between the haves and the have-nots, I wonder if this would change the face of politics (at least in the US). It seems that by making voting ultra easy to do, the haves would have a greater voice in government. Anybody know where there are breakdowns in voter participation by income levels?
The point is... there may be some resistance to this application of the web from those who represent the have-nots.
The men who hold high places must be the ones who start to mold a new reality... closer to the heart - RUSH
To make it easier to vote is clearly more "democratic" than to make it harder. However, a side effect of having to go to some trouble to vote is that voters tend to be those most interested, and, possibly, most informed.
Of course, this point ignores the possible negative aspects of a system that tends to favor the fanatical over the disinterested.
It will be interesting to see how this experiment plays itself out... A well-publicized security problem could set the concept back a decade. I can imagine scenarios where the Internet itself comes away with a diminished image that could damage electronic commerce as well.
Geeky modern art T-shirts
Don't hold you breath for this in the US anytime soon. If you make it too easy to vote, people will! It still behooves too many candidates (and the Two Parties) to have low voter turn out. They know what the voting demographics are of an area and can target accordingly. This would screw up demographics entirely, especially if people could walk into any library with net access and vote. We should push harder for this here. I'm sure it would be feasible to have at least a test run (even if the results don't count) in 2000.
Some protocols allow multiple votes, although it's usually the last vote that counts. A couple problems:
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
The problem with electronic voting is that anonymous voting is a basic tenet of our democratic system. I don't agree with the cynics who say that the parties depend on voter apathy. Perhaps they do, so we should show them and actually get out and vote! The Dallas Morning News ran a cartoon, showing four panels: Three of which had citizens in other countries demanding their right to vote. The one captioned America has a man at a voting booth saying, "Vote? I thought you were selling lottery tickets."
If you don't have time to take a lunch break or something and go vote, then maybe you don't need to. As a matter of fact, I would prefer it, because then I stand a greater chance of getting my way! Your grocery shopping can wait a couple more minutes (Kroger is open 24 hours, people!), but the decisions made during elections can and probably will affect you for years to come.
If you want electronic voting, then get out and vote for those who will institute it for you. I don't like it and will probably vote against it, but at least we've all had our say when that happens. To the cynics out there: No matter what you say, we do have a republican form of government, where the people can change it. This is how.
Any such system in the US would have to be extremely secure. That includes strong crypto of some sort. That's a munition. So, the government would be arming its citizens with the intent of them replacing the government.
-Imperator
Gates' Law: Every 18 months, the speed of software halves.
David Chaum's ideas can be used to prevent the state from proving a ballot is mine... but since I know my own "blinding" factor (at least for a while, even if the software immediately discards it) I can prove how I voted. I suspect all cryptographic protocols will have the same problem.
I'm not a cryptographic expert, but I worked at DigiCash for a while (founded by David Chaum). One of the cryptographers there was Berry Schoenmakers. He either invented a new voting protocol or extended David's ideas - unfortunately I can't recall which. Check out DigiCash voting protocols for further details. I don't think your assertion is correct, but we'd really need Berry to provide an authoritative answer.
I also believe Berry's implementation was trialled in a recent Dutch election, but I don't have any corroboration.
Outside of the question about cryptographic protocols, this also suggests that any off-site voting, with the possible exception of official "floating" precincts which visit the invalid, may be unconstitutional. With electronic ballots it is certainly within the realm of possibility that some organizations will have "election parties" with incredible social pressure for everyone to publicly vote in the "correct" manner.
If this gets to be a problem, then laws will be written to prevent this behaviour. Current law has never had to deal with this issue. Saying that we should not use the technology because the law hadn't anticipated a potential abuse is not very useful - most technologies in common use today had the same property at their time of introduction. Update the laws - don't ban innovation.
On a personal level, one can always vote _before_ heading to the mandatory voting party. If your vote is already cast, any further attempt to cast a (socially coerced) vote will fail.
I certainly don't see how this would make everyone suddenly pressure others how to vote...
... been to a church lately...
When you're talking about electoral systems, you need to look beyond the next year or two. These systems are expensive to implement and hard to change. Widespread abuse like this may be hard to fathom today, but what about in 20 years? 50 years?
Here's an extremely humbling thought. In the 20's the KKK was the *dominate* political party in several states. All state funding for the University of Colorado was cut for several years after the school refused to comply with the law requiring that professors teach the inherent superiority of the white man. (It survived off of its endowment, and the KKK lost its governor and legislature majority soon afterwards.)
It can happen here. Maybe not this year, but the political climate can change remarkly fast. Did any Eisenhower supporter in 1958 expect the summer of love... and riots at the Democratic convention, 10 years later? Did any faithful (Soviet) Communist Party member in 1980 expect the Berlin wall to come down and the reunification of Germany in the same interval?
I don't think anyone objects to a minister "clarifying" moral issues for his congregation. What many of us find objectionable... and what lead to the IRS recently revoking the tax exempt status of the Christian Coalition... is "voter guides" which explicitly endorse particular candidates.
But even here, it's one thing for a church to allow voter guides to be passed out in the parking lot. It's another for them to hold a prayer meeting before voting, en masse, from the computer in the minister's study. And despite what someone else suggested, I don't think a "oops, I already voted" excuse will care much weight in this environment.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
I did my Master's research on electronic voting. If you do web searches on electronic voting, you can eventually find a lot of good resources (however, I don't want to point out a particular site for everyone to crash :) ).
:) ), and again, the proper infrastructure is not in place (and is not likely to be in place anytime soon).
The current state of the art isn't quite adequate to the task in a "true" sense. Voting over the web the way it is implemented now is probably trustworthy only for a year or two (if that). There are many problems, the most important of which is the absence of a public key infrastructure (PKI) that relates individuals to their public keys in an "official" sense.
Without a PKI, I suspect that the voting systems being put on the web involve the voter registering a password in person at some center of authority. The voter must then trust that the people who tally votes are not correlating votes to passwords to individuals. Additionally, voters must trust that the people running the election do not create bogus votes, nor delete/ignore "undesired" votes, nor issue passwords to people who should not be allowed to vote, nor issue more than one password to anybody, nor allow more than one vote to be associated with any password.
Even if one trusts the motivations of election officials, one might well not trust their abilities in a scheme with so many weaknesses. Conventional voting schemes were simply not designed to withstand the ease with which computers manipulate information. They are "adequately" trustworthy with voting machines or punchcards (and the like), but are not perfect even then. The Kennedy-Nixon election caused a lot of stir, especially in Chicago ("vote early, vote often").
There are encryption tools that show some promise (e.g. do a web search on "blind signatures"). However, schemes that use them are still not perfect (not even my Master's work
Even after there is a PKI and an adequate electronic voting scheme, there are still potential problems. What if you vote from a machine that has been infected by a snooping program (e.g. Back Orifice)? What if the kneecappers insist upon looking over your shoulder while you vote? Letting people vote from anywhere on the web poses problems. Of course, voting booths will be little better (do you trust the manufacturers of the booths?).
This is an important topic to understand, given the growing importance of the Internet in everyday life. Most slashdot readers will probably live to see electronic voting implemented, either well or poorly; it would be best for them to understand the difference between trust that is well distributed, and trust that is not.
IMHO, the experiments that you see on the web now are as much an attempt by election administrators to come to terms with the logistics, benefits, and risks of e-voting as anything else. I wouldn't get too excited about them yet -- unless they start to be commonly and widely adopted, in which case I would get *very* excited about stopping them until the underlying security, privacy, and crypto issues are resolved.
I think that for the next year, all major elections should be hosted by slashdot, so we can see what happens when we get a good, clean, evenly distributed sample of voters ;)
-S
There's are some *huge* differences between demonstration projects on technically selective college campuses and general elections in a population where most people can't figure out how to program their VCR.
....
If this demonstration project failed, it would be newsworthy. If it succeeds, it only shows that this election protocol works with highly educated voters in trivial elections. (What's the worst that could happen with a bad group in the undergrad. assoc.?) What would happen if people were motivated to spend real money to crack the system? Or to compromise the staff? ("Change the vote tally and I'll let you spend the night with these two porn stars!") Or
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
The current system has a large number of delays built into it for a reason. Every direct democracy/demarchy proposal I have seen has removed those delays without acknowledging their role.
As a concrete example of what happens when you remove delays, consider the aftermath of Pan Am 800. A jumbo jet blew up just after leaving New York City. The FBI investigated the possibility it was a terrorist act.
The president, using an executive order, immediately required that all US airports increase their security level. Passengers are now required to provide a photo ID. Luggage is checked more invasively. Etc.
We have now known, for at least a year, that the crash was almost certainly due to an electrical spark in a nearly empty fuel tank. Since the tank held a fuel/air mixture, it exploded. The professionals who actually investigate crashes felt this was the case since shortly after the investigation began, but the political agency (FBI) insisted on pursuing the terrorist angle.
US airports are still at heightened security. I now show my US Passport, *not* my driver's license, and make pointed comments about the internal passports required for travel in the Soviet Union. If Congress debates the issue and decides that such measures are appropriate, fine. But I do not like having these measures shoved down my throat because one person misinterpreted a single event!
If you want to know what direct democracy would be like, multiply that by a thousand fold. There was a shooting at a high school? Quick, outlaw black trenchcoats for teenagers nationwide! They played video games? Quick, outlaw video games! We can't delay a day, some kid's life hangs in the balance!!!
Or, if you're more cynical, remember that most intelligent people have lives and aren't willing to spend 8 hours a day keeping track of the latest political controversy. (Hell, I'm not willing to spend 8 hours/day keeping up on technical debates!) So who will be busy voting in a direct democracy? The people who are sitting at home, unemployed (and unemployable), and enjoying Jerry Springer.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
I've also expanded on David Chaum's ideas to design a cryptographically secure voting system. (In an ironic twist, I even borrowed a key idea from the government's "key escrow" ideas. My design requires "trusted third parties" hold certain critical information until the balloting closes, to prevent the government from "peeking" at the ballots early.)
But my design still used David's blinded key as a voting token. I don't see how you ensure each person votes at most once without tokens, and a token must always be identifiable to someone. Either the state, the voter, or a middleman. If you use a chain of middlemen you can blind that information, but at the cost of making ballot box stuffing trivial.
Finally, I think that off-site electronic ballots are useful in numerous non-governmental elections. (Corporate elections, anonymous performance reviews, etc.) I also think that on-site electronic ballots are workable, and several nations have experimented with such elections. The really nasty problems only come up when you have off-site balloting, something which has not been done in the past.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
The politicians will figure out which would be drawn in greater numbers, and poll further to find out how those specific demographic groups are likely to vote.
For example, if there are (hypothetically) 25 extra Democratic votes, and 20 extra Republican votes, this would become a "huge federal waste that inefficiently spends money on homeless shelters, which is the job of religious organizations". If there are 25 extra Republican votes, and 20 extra Democratic votes, this would become a "needless waste of government spending that should be spent on Social Security first".
Either way, voters are told they only have a choice of two evils. Bleah, silly American sheep.
-Imperator
Gates' Law: Every 18 months, the speed of software halves.
Say...go figure! I'm busy reading that very book (got it as a graduation gift from a friend).
What I don't get is why people need to vote on line. In Canada we consistently have >80% voter turnout for federal elections, and in the 1995 Quebec referendum we had 92% voter turnout (which resulted in 49.4% Yes 50.6% No to separation - a difference of some 40,000 votes). All that is done there is prior to the election, every voting citizen in the country is sent a piece of paper that has the names of all the candidates in the persons' riding, what party they are from and where the voting booth that they are to present themselves to is found. Also, all employers are _required_ to give half a day off to each of their voting age employees so that they can vote.
Seems to make more sense then trying to do it over the internet - as the only way I can see them verifying people is by Social Security Numbers or in quasi-socialist countries MediCare numbers, as a large proportion of the population may not have a driver's lisence.
OFTC: By the community, for the community
To the extent we facilitate anonymous use of tokens that permit me to vote, whether in terms of crypto keys, smart cards or other information not uniquely associated with my body, we facilitate the ready transfer of that token to others. And with that we facilitate the sale of those tokens.
What is to keep the Green party from simply collecting Floppy disks bearing the voters key informtion, paying $5 to $50 per vote for the data?
Requiring physical attendance at the polls protects more than the individual who is voting -- it protects the integrity of the system from outside manipulation. We need to deprive voters from being able to prove how they voted, not for the benefit of that voter, but so to protect the SYSTEM from abuse by unworthy voters and vote-buyers.
I do not see how that can be avoided with existing encryption protocols of which I am aware.
Besides the technical issues, someone identified a Constitutional issue with the entire idea of electronic ballots.
In Colorado, and probably other states, the state constitution requires that ballots be anonymous. It is required that ballots be impossible to tie to any particular voter.
This is not simply a requirement that the state (or anyone else) can't determine how a person voted. The voter himself can't prove how he voted! The reason for this is simple: it prevents vote-selling and coerced votes. That's also the reason why it's a criminal offense for anyone other than the voter to be in the voting booth.
David Chaum's ideas can be used to prevent the state from proving a ballot is mine... but since I know my own "blinding" factor (at least for a while, even if the software immediately discards it) I can prove how I voted. I suspect all cryptographic protocols will have the same problem.
Outside of the question about cryptographic protocols, this also suggests that any off-site voting, with the possible exception of official "floating" precincts which visit the invalid, may be unconstitutional. With electronic ballots it is certainly within the realm of possibility that some organizations will have "election parties" with incredible social pressure for everyone to publicly vote in the "correct" manner.
Imagine voting parties at churches. Vote for Smith or go to Hell!
Or voting parties at your office. Vote for Jones or clean out your desk!
Even if this doesn't happen, the possibility could cripple the electoral system. You voted for Smith but Jones won? Claim that you were coerced to vote for Jones at such an election party! Contested elections today are decided by the legislature (at the state level) or the House (at the national level), but what happens when over half of the elections are contested?
Obviously, this is a dystopic perspective. But the way we handle elections is critical, since it is the only way (short of armed rebellion) to get rid of a corrupt government. We must tread very carefully when changing it.
I'm reminded of Robert Heinlein's "Revolt in 2100." I don't have the book handy at the moment, but it opened with something like
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken