Is Arizona's Internet Voting System Safe Enough? 171
JMcCloy writes "Kevin Poulsen, senior editor at Wired News, asks readers 'Is internet voting safe?' and has a poll at the end of the article. So far, 32% responding actually think that internet voting is worth it, risks and all. It is scary how easily people can be persuaded to trust a system that is so vulnerable." The system described, used in Arizona in last year's election process, isn't just checking a box and clicking a button, but Poulsen lays out some scenarios by which it could be subverted.
Irony is... (Score:3, Insightful)
... an Internet poll about the "safety" of Internet polls.
Especially if you are "persuaded to trust" the results and derive some sort of observation from it.
Recipe for pseudo democracy (Score:4, Insightful)
Internet Voting (Score:4, Insightful)
There is a negative correlation between a knowledge of computer security and the desire to introduce Internet voting. The more you have of the first the less you want the second. If crackers can get into the Pentagon computers and when we find the plans of Marine Helicopter One in a Tehran coffee shop, then we should realize that getting into a domestic voting system to alter the results is trivial.
The voting machines are about the same security level as WEP.
Let the computers count the votes (Score:2, Insightful)
Starting one day after computers are granted the right to vote.
Until then let's have people do it. If it's not important enough of an issue for some people to take the time to even count the votes, it's not important enough to put to a vote.
Re:Safe or not... (Score:4, Insightful)
For me, the biggest problem with e-voting isn't the level of security you can achieve, it's the amount of damage someone can do once they're 'in'. Sure there's bits of fraud and error here and there with conventional ballots, but to guarantee a result requires a lot of suspicious activity. Right now even the military, DoD, etc... can't seem to keep hackers out all the time. Imagine what a back door to an election would be worth on the black market.
Re:Recipe for pseudo democracy (Score:5, Insightful)
bits of fraud and error? (Score:3, Insightful)
You have got to be kidding.
Were you watching Minnesota in the last congressional election?
How many ballots have to be 'found' a week after the election to be more then a 'bit of fraud'?
Amazing how they 'found' just enough ballots for their chosen party to pull out the election.
Nothing matters unless they also fix the registration fraud problem anyway.
If you can 'vote early and often' it doesn't matter how you are voting.
Re:Safe or not... (Score:5, Insightful)
I still refuse to believe that eventually we couldn't make Internet voting more secure than paper ballots.
Your physical security is also an issue.
If you go to a polling station then you can be sure no one will force you to cast your vote on his preferred candidate.
But if you vote from your home via the internet then members of the local mafia can stand behind your back while you're voting and they can force you to vote on the politician who pays them.
How could you fix this "security hole" in the internet voting scheme?
Security isn't the question though... (Score:5, Insightful)
But security isn't the question. The problem is that with secure and anonymous electronic voting there is no outside way to verify that the results reported have anything to do with the votes cast. Whoever controls the system can make it report whatever results they want, and there's no way to tell if they are telling the truth or not. If your first thought is "well, make it open source," think again [bell-labs.com].
The difference being that the banks (which run both ATMs and online banking sites) don't also control the money supply. If they did (e.g., if they could just create money the way the government does) we'd have a major problem. No matter how secure the process is, once it subsumes enough levels that you have know way of knowing if it's just reporting made-up numbers, you have a problem.
--MarkusQ
Re:Not much different than mail in ballots (Score:5, Insightful)
The flaw of mail-in voting is it's not secret. Your spouse, priest, employer -- name-power-trip-here -- can make sure you are voting "right". Only the booth secures that it is your own private decision.
Speaking as a citizen of Arizona (Score:3, Insightful)
Any change, technological or otherwise, that reduces the influence of the idiots in this state can only be a good thing. Sweet merciful Christ, just look at our senators, our representatives... Napolitano is the first governor in decades that didn't end her term in disgrace or prison, and she gets promoted out-of-state. McCain is our sane senator.
Re:Safe or not... (Score:2, Insightful)
Your physical security is also an issue.
If you go to a polling station then you can be sure no one will force you to cast your vote on his preferred candidate.
But if you vote from your home via the internet then members of the local mafia can stand behind your back while you're voting and they can force you to vote on the politician who pays them.
How could you fix this "security hole" in the internet voting scheme?
Allow the user to change his vote until the poll closes. It may not be perfect but the mob has a set limited amount of resources and to make a large enough impact they must move on to other homes.
Is that even a legit concern? That sounds like more of a social problem than a technical issue.
Re:bits of fraud and error? (Score:4, Insightful)
Were you watching Minnesota in the last congressional election?
which is the entire point. You could watch it because physical ballot papers had to be found. If you are right that it was fraudulent, and I have no idea, then the fraudsters put themselves at a much greater risk. The ballot papers they added could have their genetic material or chemical contamination or many other signs of tampering. With an e-voting system there will be nothing to tell you that there was fraud and they won't have to wait until afterwards to know whether they need to "just add a few more fraudulent ballots". They'll add just enough to be safe (e.g. avoid a recount; avoid a suspicious miscount etc.).
Try not to think about what you could do to make a safe voting system. Instead think "how could I manipulate an e-voting system". When you think about it, you'll find lots of ways to do it for fun and profit. I recommend that everybody in the USA with the opportunity starts trying to fix ballots to go to third parties (even if you support the Republicrats or Democans). That will get e-voting off the agenda quicker than you can possibly imagine.
No, no, no (Score:5, Insightful)
I am politically active student (Member of the Left Youth of Finland, etc.) in a country that doesn't use two party system and I disagree with all of your points.
I actually have the opposite view. I think the reason electronic voting is being done so poorly is to prevent allowing a true democracy strip the power from the current 2 party system.
Well, I live in a country which has never used electronic voting in electing the parliament. There are currently 14 active political parties in Finland (15 in a few weeks as the Pirate Party recently managed to get enough supporters to register themselves as a party), 8 of which are currently represented in the parliament. (The remaining parties only have representatives at municipal level).
You can't blame the two party system on normal voting being so complicated and electronic voting being the answer or anything. It is political system that has it's merits and flaws but it not only can be but is also very easy to implement even without electronic voting.
While not simple to get right, a effective convenient secure system would make voting too simple. We could actually have more rounds of votes, and eliminate needing just 2 candidates at the beginning of the election.
We have more than two candidates here with still a few rounds of votes. We use this [wikipedia.org] method. Each party has it's own list. Let's say I vote a candidate in the Left Alliance as do 1000 others. The most popular candidate within the left alliance gets 1000 votes, the second most popular within the left alliance gets 500 votes, the third most popular gets 333 votes... After that, candidates from all parties use those numbers to see who gets elected. Again, it has it's flaws but it works quite well.
More issues could be voted on, more laws, quicker correction on corrupt politicans, etc, etc. Those in power have much more interest in preventing trust-able e-voting than not.
Direct democracy is beautiful idea. However... If your problem is that you feel people don't pay enough attention to politics in elections (they don't remember the bad decisions politician have made, etc.) then how do you expect them to pay enough attention that they would have good, well thought out and educated opinion on even more issues?
Also... We aren't talking about electronic voting here. We are talking about internet voting. The kind where violent husband can force his wife to vote for extremist parties because there can not be any precautions to protect from that.
Re:bits of fraud and error? (Score:3, Insightful)
What you describe is pretty small time, most of the time. Yes when an election is close you can game the system right now, but for most elections, ones where a candidate is ahead by at least a percentage point, fraud on that scale would be too damned obvious.
With internet voting, where a .01% change and a 1% change require the same amount of effort, swinging an election via fraud becomes much easier.
Lack of paranoia (Score:3, Insightful)
Phooey. For any such system you can devise, it would be possible to implement a "mock-up" system that appeared to use your clever safe, secure, and trustworthy system but in fact did not (to see this just consider the fact that any software solution could itself be simulated in software). This simulation could be presented to the user while the actual election was run by a guy in another city with a spreadsheet.
If the electronic system encompasses enough of the process and provides perfect anonymity there is no way to be certain that the results are coming from the process you designed and not from some clever simulation of it that looks the same but fudges the results.
-- MarkusQ
Re:Safe or not... (Score:3, Insightful)
That's a reaction to a symptom, and not a solution. Much more likely is that many controlling spouses will force their partners to vote a certain way. Or would vote for their elderly relatives. And yes, even though this is a social problem, it's not a new one. The privacy of the voting booth was designed to avoid exactly this issue.
In the US, where you can register with a party to get the right to vote, this is a problem, and I'm convinced that it would become FAR worse if people were allowed to vote from home.
VoteBox (Score:3, Insightful)
The system you linked to has numerous obvious flaws for internet voting, even after skipping over the fact that it isn't intended for use in an unsupervised environment. For example, a compromised machine could simply delay transmission of a ballot it wished to tamper with until after the user had decided to challenge or cast it. Likewise, the central tabulator could still produce bogus results. And there appears to be nothing that would prevent the transmission of phantom ballots for voters who never showed up. And so on.
-- MarkusQ
Re:Security can be had. (Score:3, Insightful)
Agreed. Specifically, the anonymity "requirement" means that you're left with nothing but trust, because ultimately you'll want to address problems of the form "These N people voted for X yet X only got N-1 votes" and you can't do that unless you have "These N people" to start with. Otherwise, as long as each candidate that anyone votes for is given at least one vote in the final tally, you're stuck with trust.
-- MarkusQ
P.S. Even that low standard has been failed, as in the case of the guy who objected because he officially got zero votes even though he had voted for himself.