Is Arizona's Internet Voting System Safe Enough? 171
JMcCloy writes "Kevin Poulsen, senior editor at Wired News, asks readers 'Is internet voting safe?' and has a poll at the end of the article. So far, 32% responding actually think that internet voting is worth it, risks and all. It is scary how easily people can be persuaded to trust a system that is so vulnerable." The system described, used in Arizona in last year's election process, isn't just checking a box and clicking a button, but Poulsen lays out some scenarios by which it could be subverted.
Safe or not... (Score:3, Interesting)
I already consider online banking to be at least as secure as ATM transactions, and I see no reason why a properly designed online voting system couldn't be the same.
That being said, the current state of the industry is pathetic. For instance, not too long ago a Diebold machine was exploited by its anti-virus software. If you have anti-virus software running on your electronic voting system you're doing it wrong.
why not? (Score:1, Interesting)
Right now computerized voting is a disaster, but it doesn't really *have* to be that way. Given the proper legal underpinnings, enforcing standards that have been created by a group of genuine experts (ie, not lobbyists), sure. On the other hand, traditional voting ain't broke. It takes a matter of hours to get a result in all but the closest elections. The current/old system works just fine, and if more money is spent, it should be on election monitors and the like, to enforce fair voting and fair counting.
Maybe convenience is the stronger factor (Score:1, Interesting)
I have a feeling that the voters think its worth it risks and all because they wont have to leave their desk to vote. Safety comes into conflict with convenience here.
Work in a union shop? (Score:4, Interesting)
You better have voted correctly or you're going to get your legs broken.
Yes we need a secret ballot.
If you are fool enough to trust unions substitute employer, same answer.
Re:why not? (Score:3, Interesting)
Internet voting vulnerable at all ends (Score:3, Interesting)
As others have already pointed out, it becomes impossible to verify that our elections officials are acting honestly. Some do; some don't; most have an unfounded trust in their employees/volunteers (to not assist in fraud). This is the big problem.
There are myriad other problems too. What happens if the polls are closed early by to a DDoS attack? How can you guarantee the server won't be hacked? (It happens to banks sometimes.) What about the machines people are voting from? If they're voting from home (and not a kiosk), you can tell your computer to vote for candidate A, your computer can tell you that you voted for candidate A, but the botnet virus on your machine may have voted on your behalf for candidate B.
We're miles away from free and fair elections, but Internet voting is the wrong direction to travel to get there.
Open source no pancea (Score:3, Interesting)
Re:Full Results of Poll: ' Is internet voting safe (Score:0, Interesting)
There is a solution to ALL election fraud - the Robinson Method.
Read about it here:
http://paul-robinson.us/index.php?blog=5&title=the_robinson_method_a_really_simple_way_&more=1&c=1&tb=1&pb=1
Instant results. No fraud. Huge savings in money and time. Ballot boxes in public view at ALL times, from the beginning of the election when they are empty, to the end of the election, when the winner will be clearly visible to all, the minute the final vote has been cast.
Electronic voting was only brought in so that the FRAUD would be easier.
Ask your representative what they think about the Robinson Method - if they tell you they are against it, you can work out what they believe about democracy.
Re:Full Results of Poll: ' Is internet voting safe (Score:5, Interesting)
I actually have the opposite view. I think the reason electronic voting is being done so poorly is to prevent allowing a true democracy strip the power from the current 2 party system.
While not simple to get right, a effective convenient secure system would make voting too simple. We could actually have more rounds of votes, and eliminate needing just 2 candidates at the beginning of the election. More issues could be voted on, more laws, quicker correction on corrupt politicans, etc, etc. Those in power have much more interest in preventing trust-able e-voting than not.
Good enough isn't good enough here (Score:4, Interesting)
We have to assume that if the Internet is secure enough for us to buy stuff, then it is secure enough for voting.
Not true, for several reasons. There are several additional security constraints on voting. For example, you cannot be allowed to prove how you voted. Therefore, you cannot receive feedback on how you voted. You can't "balance your checkbook", so to speak. They know this and can set the online balance to whatever they choose. That's without hacker involvement. Online purchases are actually much riskier than most people are willing to consider. "Identity theft" has skyrocketed, and compromising online purchases is one way that's done. Sure the transmission may be secure, but either the client or server may be compromised (and are, regularly). Banks have simply decided to live with a particular level of fraud. HTTPS is only a small part in the equation.
From a practical standpoint, only close elections can be stolen anyway.
Again, not true. The public only needs to belive that it was close. That's not too hard, really.
If a close election is stolen, then approximately the same number of persons disagree with the result as if the election were not stolen, so what difference does it really make from the standpoint of quality of outcome?
I see your point from a pragmatic point of view, but I disagree. I don't want to see people with power getting away with abusing us and grabing more power. It's the principle of the thing. Besides, we don't want to encourage corruption. Period.
Re:Vote selling is possible (Score:2, Interesting)
How about in order to cast your vote you actually have to go to a voting registrar, present your voter ID, pay a fee, and pick up a numbered bootable CD, eg a knoppix disk with a custom voting app on it.
And in order to vote, you will have to boot your computer with the CD.
The CD itself contains a pair of unique IDs and client-side SSL certificate that no other CD has. And the public key of that cert will be 'bound' to your voter registration. Until/unless you lose or damage the CD and request a new one, then the new one is bound to your registration.
At the next election, you boot the machine with the CD, it connects to the internet and downloads a small software image to run (the latest version of the voting application), verifies digital signatures, and connects to a "vote server" assigned to you.
Present the ballot, you go through it, submit, submit blah blah.... type a secret PIN number assigned to you, type your voting ID, birthdate, etc.
And your vote's completed.
Since you have to boot the machine from a CD, and the bootable Knoppix distro doesn't allow any inbound access, there's basically minimal malware risk.
The CD has two IDs associated with it, in addition to the public and private crypto key: one of the IDs is used to record the fact in database A that _you_ have voted; so the identity of exactly which voters voted is known.
The other ID is used to record the specific votes that were made using that CD, but not you, so that you can change your vote, but the specific votes cast cannot be traced back to you.
E.g. three specially isolated backend systems keep two independent databases of the votes cast.
And they keep them in a manner that direct manipulation of one database would lead to an inconsistency.
Database B tracks the individual votes for all the candidates by each voting session.
Database A keeps a running tally over certain time periods. And also records what voting sessions exist, a timestamp, and which voter IDs voted.
Database C keeps a second copy of actual votes made, which are cryptographically signed using the Private Key on the certificates of the voters' CDs.
Database D has the records of authorized voter CDs and their public keys. All web service backed by Database D to authenticate voting sessions.
If Database A and Database B do not match, then fraud has occured, and the discrepancy can be calculated using Database C as a guide.
The 3 databases exist at geographically distant locations, are administered by independent groups, and implement certain public interfaces used by the voter software; no other interfaces are allowed, and the communication protocols are defined rigidly.
All require authentication by a validated CD. All transmissions are strongly encrypted.
(The voter CDs have 3 special CA certificates loaded; and each of the 3 authorities has a X509/SSL certificate signed only by the CA designated for that function of the voting process)