US's First Internet Votes To Be Cast This Friday

longacre writes "If you thought online voting in America was a distant pipe dream (nightmare?), think again: the nation's first Internet-based voting system goes online this Friday, just days after the release of the Damning Report On Sequoia E-Voting Machine Security we discussed yesterday. In the first real world run of the Okaloosa Distance Ballot Piloting (ODBP) test program, election officials from Okaloosa County, Florida have set up kiosks in Germany, the UK and Japan where 600-700 absentee voters — mostly military personnel — are expected to cast ballots. Security experts still have many questions, of course, particularly on the potential for interception of voting data while it travels across oceans (via 'secure VPN'), the security of the kiosks ('hardened laptops' with no hard drives and other sensitive components disabled) and the security of the three data centers (one of which is itself housed overseas, in Barcelona, Spain), not to mention the fact that Florida doesn't exactly have a stellar record when it comes to vote counting. Florida's Dept. of State also has a fairly detailed outline of ODBP's components and processes [PDF]."

Floriduh

[Anonymous Coward]

It's been two election cycles, everyone still thinks Florida is the only state with voting problems. Get over it.

WTF?!??

[jddj]

How can internet voting be both guaranteed "secret" - as in "can't tie the user to the choice of candidate", and at the same time ensure that individuals (never mind bots) aren't casting more than one vote?

security is irrelevant.

[Anonymous Coward]

electronic voting is not bad because of either real or imagined security issues. That is totally irrelevant.

Electronic voting is bad because the procedure can not be verified by any layman. That should be the first requirement for any voting procedure.

Paper ballot procedures are easy to verify and anybody can do it. Simply keep an eye on the ballot box from the initial sealing of the box until the actual voting.

With electronic voting that is not possible. A paper trail comes close, but voters can screw that up by not putting there tag in the box, or any other random piece of paper in its place.

Bottom line: voting is about TRUST in the procedure first, the actual results second.

libertarian

[barv]

If banks can securely (with ~ 99.999% security) transfer thousands of dollars online, then the technology exists to securely permit voting online.

Anything that speeds up voting encourages greater participation. Our present voting system originated in the dark ages. The fastest communication was by horse, it took several days for a horse to get from one side of the USA to the other, or about 2 months by boat to get from UK to Australia.

If the internet had existed in the time of the founding fathers, I feel sure they would have used it to give the people greater oversight of the legislative process.

Re:First?

[clam666]

The fact that government officials are even considering internet voting, e-voting, early voting, or any other changes to voting show how much they want to control people and absolutely remove the concept of a government elected (and deriving it's powers) from the populace via representative government chosen accurately and freely.

We have all sorts of voter fraud, deception, dead people voting, and tampering with a voting system based on paper ballots which could be shoved in a box and counted in front of witnesses, and a solution is to shove MORE of the mechanisms of voting into the shadows? Having the algorithms and technology being used hidden from any eyes and oversight? I'm not talking the "source code" that's shown to people, but what's actually installed on the box. Stuffing 2 paper ballots instead of 1 by a person adds slightly little to the total votes, and to manipulate the vote successfully requires a large number of people, duplicate voters, bussing around people from location to location, etc., which decreases the ability to hide a secret collusion to at least a small degree. To change it so one person can change thousands of votes with a simple UPDATE statement or any other security violation technique required, is a much worse proposition.

This clearly shows to me that both political parties are doing absolutely as much work as possible in order to remove control from the electorate and transfer it to a political class, on the basis that they all support these types of systems and do nothing to secure true votes from the people (with the possibility of it being at the expense of their own power).

I'd like to think that there is a secret altruistic reason for doing this, such as an acknowledgement that when a government falls towards democracy it will inevitably destroy itself and transform into a dictatorship or tiny ruling political class (like an apartheid government). I'd like to think this is a secret attempt to control the voting to a level that would prevent the American republic from falling to a real democracy and mob rule, however this would require me to expect a lot more from the people in government than is possible, including intentions to preserve freedom, altruism, and politicians not spending millions of dollars for a job that pays little and expects bigger quiet "payoffs".

I think the reality is that we've already passed that point, and this is a move straight to a dictatorial style of government, and controlling the vote is, as always, necessary to move to a single party system (to remove any choice by the citizens).

There is no vote-safe electronic/internet voting technology that could be implemented safely and absolutely be correct and not subject to manipulation. Anyone telling you it is possible has an agenda, knows nothing about politics and elections, or is thinking purely in a tiny technology box and not the abuses or security issues of such as system. The only possible way it COULD work would not be electronic voting; it would be electronic creation of the paper ballot for purposes of removing hanging chads, validating that the person didn't vote for two different people for a particular job (which disqualifies a vote currently) , which is printed out and verified by the voter in a human readable form (I voted for "SMITH" for president, yes, that's what I picked), and then submitted to be counted by humans for humans.

Re:libertarian

[enbody]

If banks can securely (with ~ 99.999% security) transfer thousands of dollars online, then the technology exists to securely permit voting online.

No, you miss an important difference between dollars and votes.

If a dollar is lost, it can be replaced by another dollar so banks figure in a loss rate and charge for it somehow.

A vote is unique, secret, and anonymous so if a vote is lost, it cannot simply be replaced by another (because you don't know what the vote was). In addition, a vote should be verifiable, e.g. there needs to be some way to check that the voting method worked (e.g. with a recount).

Internet voting is stupid and unneeded.

[FireStormZ]

Absentee ballots via the US mail work just fine... This is just smoke an mirrors to make people think there has been progress in fixing the American balloting system..

Not an Encryption Problem

[boatboy]

I agree it's possible to separate a user's choice from their identity and still provide an audit trail, but wouldn't any encryption scheme require that the 'user' provide some sort of identity - be it a public key, id #, etc.? Even if that identity was in no way tied to a particular vote, it is still considered a civil rights violation in many states to require id cards/drivers license/etc. In my state, you give your name, which is crossed out in a big book- and efforts to do otherwise have been called "racist" and "voter intimidation". In other words, you get to log in by providing any username and no password. Without reliably establishing identity, you can't verify that a person hasn't voted twice.

Re:Not an Encryption Problem

[pcolaman]

Not requiring an ID in my opinion allows for the realistic possibility of voter fraud on many levels. Who's to say that the person is that name? Who's to say they are a legal US Citizen? Who's to say they have voting privileges (Convicted Felons have their voting privileges taken away for a specific period of time)? Who's to say they haven't voted under 10 names already that day? Having a system where you can categorically say that this person hasn't voted yet and is eligible to vote will allow for a more fair system. Is it fullproof? Nope. Is it better than what you described. Fuck yeah. Crossing names out of books? WTF?! That's just asking for fraud.

Voting should always be done secretly

[shazzle]

Don't forget that after one can vote from home, or better yet, cellphone, votes can be sold MUCH easier. I don't think blackmail is out of question either.

Also, once daddy has made up his mind who the family is voting for, he can observe his family-members vote for the 'right' candidate.

It is still necessary to go to give your vote in a voting booth and for the sake of democracy, I suggest that voting should remain as easy and uncomplicated as it is. This is one of the only things I pride myself on being conservative of.

Fucking Joke

[sexconker]

Why are voting early?
Why are we voting electronically?

Fucking print a form, hand it to people, and have them mark their selections. Later, count them (in parallel).

Re:WTF?!??

[pfbram]

Not really, it's arguably a regressive/recursive problem. Even if the encryption is 100%, the OS could have a back-door and the private key might leak out. There are potential weaknesses at all levels on the layered network model (for instance, the OSI model). I spent some time on this problem myself, designing a concept in which the machines would: (a) print out a receipt to the voter, containing the vote itself -- as well as a unique session/hash number. (b) print the same data on an internal paper-based receipt which is visible through a window (the voter could visually inspect it, and match it with his print-out or complain to the election judge immediately that there was a mismatch). This internal copy/spool would be retained for manual recounts. (c) retain it electronically. But in the end you have a system which is a LOT more complicated and expensive than an ordinary paper-based system, and therefore more easily corrupted in the end anyway. You also have a system which probably can't handle write-ins, without complex handwriting analysis, it would be implemented by a vendor with heavy political connections to the party in charge (basically a truism), etc. I genuinely believe it to be a regressive/recursive human/machine problem.

Re:Cost Effective?

[sumdumass]

It isn't really the costs of the voting at issue here. In the 2000 and 2004 elections, overseas ballots somehow got held up in the mail and even though the postmark was before the deadline, the state already tabulated the votes and didn't want to count the late arriving ones. Most of the over seas ballots are military personnel and for whatever reason, if it is no fault of their own, anyone potentially in harms way should have their votes counted.

So no, the cost isn't as important as counting the votes of the military and civilians in the immediate areas of the military personnel. In the 2000 elections, it actually took a lawsuit to get the voted counted. In 2004, they brought up the results of the 2000 lawsuits to for the count. This wasn't isolated to Florida either and the mail wasn't all held up in the same places. It had more to do with the increased volume of mail then any conspiracy but the result was people who probably should have their vote counted the most (it could literally be life and death for them), ended up almost not having it counted at all. This is an attempt to avoid that situation.

Re:libertarian

[zermous]

Well, we are supposed to assume, as a starting point for these kinds of discussions, that voting is good and that more accurate elections are more good. If this goodness is overwhelmed by the tragedy of the votes being cast by imbeciles for malicious people, then that is a problem to solve another day.

But quite apart from all that, it is also generally assumed that support for an election is more important than which particular candidate is elected. A more accurate election facilitates belief in the democratic process which keeps countries from dissolving into chaos or autocracy.

Re:libertarian

[zippthorne]

I've seen schemes presented to slashdot that would appear to solve the anonymity and verifiability problem. But I haven't seen any that are simple enough for the average voter to understand well enough to be confident that that has occurred.

I say that as an average voter, who's read some of the plans, and after a good deal of thinking couldn't find any holes, but also wasn't positive I just wasn't smart enough to think of 'em.

Re:And if they get 500 votes for Ron Paul ...

[Ungrounded Lightning]

BAD IDEA.

Which? Ron Paul, or Mitnick?

The Internet balloting is primarily servicemen. If there is a way for them to legitimately vote for Ron Paul (either he's on the ballot or there is a way to write him in) they MIGHT get some large number of LEGITIMATE votes for him.

Andrew Appel.

[Irvu]

I would point out that at least one of the systems mentioned on that page has been defeated by Andrew Appel (see here) the author of the top-linked Sequoia study.

And, ultimately, as much fun as these systems are they often ignore the far more real problem of vote observation and intimidation. This isn't an indictment of the algorithms per-se but the reason that we have a closed voting booth is that voting in the open lends itself to voter indimidation (i.e. show me you vote the right way or I'll fire/kill/pay you) which has been a real problem in the U.S. Granted this problem also exists with absentee ballots and "everyone vote absentee" methods like Oregon's Vote By Mail, but in the rush to develop auditable systems this often gets ignored.

Additionally, at least the end-to-end systems that I have viewed suffer from the problem of auditability, no means to confirm the end message with the local understanding, and a problem that the connected server can itself be compromised meaning that wired in votes can be miscounted with no means to audit them.