Canada To Adopt On-Line Voting? 405
belmolis writes "Here in Canada we have an old-fashioned paper ballot voting system that by all accounts works very well. We get results quickly and without fraud. Nonetheless, Elections Canada wants to test on-line voting. From the article: 'The head of the agency in charge of federal elections says it's time to modernize Canada's elections, including testing online voting and ending a ban on publishing early election results.' Is it worth trying to fix a system that isn't broken?"
Ack! (Score:1, Interesting)
Online voting cannot be secured (Score:5, Interesting)
Hell, didn't anyone learn anything from online banking? It can NOT be made secure. Why? Inherently. Because you would have to trust a machine that is not under your control, as the voting agency: The user's computer. And there is no way to verify that his vote is actually his decision. And I'm not even talking about the guy with the gun pointing at his head telling him how to vote.
Here's a scenario that happened in reality a while ago with online banking. Anyone with half a brain should be easily able to tell how to apply it to online voting. We might have to get someone to explain it to a politician, though.
A piece of malware existed (and still exists), that was developed as a reply to the one time pad banks handed out. Since intercepting and using the user's credentials was useless in such an environment, what they did was to manipulate the user's browser to make the user do the malicious transaction himself. What happened was, essentially, this: The malware manipulated (through a BHO) the input and the reply from the bank. The user entered, e.g. that he wanted to transmit 100 bucks to pay his electricity bill. The malware sent that he wants to send 1000 bucks to a mule. The bank replied that those 1000 bucks will be sent to the mule, which the browser displayed as 100 bucks to electronic provider, asking for the OTP-key. The user, thinking he's paying his bill (and everything he saw reflected this) entered the key.
There is NO way the bank (or, in turn, the election committee) could somehow see that the input was manipulated. And in this case, at least it could be seen on the bank statement. How do you expect to at least NOTICE that your vote was altered in a secret ballot?
Re:Check Estonia (Score:3, Interesting)
It does not work for us, it was challenged in the Supreme Court, but the Justices did not rise to the height of the problem. They ruled that since to their knowledge there had been no actual election fraud, "theoretical" problems like software to modify the actual vote sent (which was created as a proof-of-concept) and spoof the one reported to you did not warrant new elections nor any updates to the system. There was also a discrepancy in vote allocation between votes cast by paper and cast over the Internet. That, however, might be explained with more tech-savvy people in the winners' camp. I am not saying it cannot be done, but Estonia should not be used as an example on how to do it.
Fixing the wrong problem (Score:3, Interesting)
For those who don't know, we just had a federal election up here in May. The conservatives, led by a radical right winger, took absolute power (a majority of seats in the house of commons) with only 39% of the vote. 61% of Canadians voted for more centrist or progressive parties that - for the most part - have a fair amount in common, but because the vote was split between the other parties, the conservatives cleaned up.
The system is utterly broken, but the decline in voting rates over recent decades (mostly in younger voters who recognise how appallingly unjust the system is and are disenfranchised by it) won't improve much with online voting techno-fixes. If you want people to engage in their democracy, we need a proportional representation (or at a minimum a ranked-ballot) voting system that makes people feel like their vote won't be wasted because depending on which party you vote for, or chance of where you live.
Re:Having worked on the software (Score:4, Interesting)
There were primaries in Argentina last week, and I checked the count telegrams (one per booth) that someone from the gov', incredibly and marvelously, published to the public. It was a complete disaster, around 60% of the ones I checked have numbers that didn't match. Errors ranged from 1% to 12% of the total people who used that booth. I hadn't expected humans to be so failure-prone/corruptible.
The main argument against e-voting is the trust ladder. Conversations are usually like this: How can you trust X (e.g. the code is the same in all booths)? Because of Y. But how do you trust Y? Because of Z. And how..., endlessly. Now, instead, I'll just respond with "How can you trust people to count correctly?" or, better yet, "How can you trust people??". That's also the problem of having validation through both electronic and human means: there will be a *lot* of differences, who are you going to trust, the machine or the human? As soon as you pick a favorite, the other one is unnecessary. Clue: you can't trust people over machines on counting.
To go electronic or mixed, we just need full transparency and verification. Access to the source code for everyone. A VM to test the source code for ourselves. The SHA-1 of everything. During the election, the motherboard must be in an acrylic case. The ROMs/PICs must have a display that shows the SHA-1 of the current binary content. The candidates must be randomly distributed. Related to that, the vote and the issuer must be unmarried. Post-election verification of the vote. These are a few things that makes the process transparent. They'll leave out all the corporations, and it's a good thing: we wouldn't want to privatize an activity so vital for democracies.
Re:Ack! (Score:4, Interesting)
Not if you're allowed to vote as many times as you like, but it only counts the last one. You can vote with someone watching, for the candidate that they want, take their money, and then vote again for the other candidate.
The real problem is the lack of transparency. In a democratic system, anyone should be able to verify the security and integrity of the electoral apparatus. With an online voting system, I doubt even 10% of the Slashdot audience could do it, let alone the general population. If you're trusting a magic black box to count your votes, then you may as well trust it to cast the votes in the first place.