Cold Fusion specifically asked if there are any Internet voting systems being developed in the US? The answer is, yes! Check out http://votehere.net. I work for this company and making the voting system workable on the Internet is my task in life at the moment. The security aspects are a challenge but very doable even at this stage. We have already done trials with several counties in the state of Washington and have more elections coming up soon. These are only trials at this stage, to do an actual vote from a generic remote Internet machine will still require changes to election law.
Many questions are raised about the security. It is important to first make a distinction between the security of the voting system and the security of the Internet site that is hosting it. Our voting system uses cryptography at the client machine to encrypt a voters choices. The encrypted choices are then sent to our server (the ballot box) where they are stored for tabulation. In our system, which is called a "universally verifiable" system, *anyone* can see that a voters ballot sits in the ballot box (along with the encrypted ballot), but *no* one can see that voter's choices. We never decrypt the ballots, they are tabulated in an encrypted fashion. I'll leave that for the cryptologists to explain. But the election system is secure in its own right with the cryptography that is in place. So even if our site was hacked during an election, the data is not at risk to modifications. The real issues are then voter authentication and denial of service attacks on the site itself. Denial of service attacks are the primary worries and an area that we are putting a lot of effort into.
Watch for more information through this upcoming political season, this is a very hot topic right now.
[Shameless plug: We have a position open now for an Information System Security Officer if you are looking for a challenging Internet security position!]
Slashdot Mirror
Cold Fusion specifically asked if there are any Internet voting systems being developed in the US? The answer is, yes! Check out http://votehere.net. I work for this company and making the voting system workable on the Internet
is my task in life at the moment. The security aspects are a challenge but very doable even at this stage. We have already done trials with several counties in the state of Washington and have more elections coming up soon. These are only trials at this stage, to do an actual vote from a generic remote Internet machine will still require changes to election law.
Many questions are raised about the security. It is important to first make a distinction between the security of the voting system and the security of the Internet site that is hosting it. Our voting system uses cryptography at the client machine to encrypt a voters choices. The encrypted choices are then sent to our server (the ballot box) where they are stored for tabulation. In our system, which is called a "universally verifiable" system, *anyone* can see that a voters ballot sits in the ballot box (along with the encrypted ballot), but *no* one can see that voter's choices. We never decrypt the ballots, they are tabulated in an encrypted fashion. I'll leave that for the cryptologists to explain. But the election system is secure in its own right with the cryptography that is in place. So even if our site was hacked during an election, the data is not at risk to modifications. The real issues are then voter authentication and denial of service attacks on the site itself. Denial of service attacks are the primary worries and an area that we are putting a lot of effort into.
Watch for more information through this upcoming political season, this is a very hot topic right now.
[Shameless plug: We have a position open now for an Information System Security Officer if you are looking for a challenging Internet security position!]