Wednesday, April 20, 2011
if I can do X online, then why not voting
Let’s boost participation by allowing online voting
Canada.com - April 15, 2011
And this is a kind of typical "hey our government cybersecurity research lab was hacked" story
Top Federal Lab Hacked in Spear-Phishing Attack
Wired Threat Level - April 20, 2011
Because the answer is, you don't bank online securely. People's online banking is hacked ALL THE TIME. Everyone's systems, including national cybersecurity facilities in the US and Canada, get broken into by determined, sophisticated attackers.
Let me make it clear, I respect Ms. Almeida's question. It is not at all obvious to someone who hasn't stepped through the properties of our current paper-based system one-by-one, and who hasn't analysed the risks of a purely Internet-based system, why online voting shouldn't be as simple as filing your taxes online.
What you CAN do with banking is have their experts follow a forensics trail, undo the unauthorized changes, and return your account to its correct state. As happened to me recently when my credit card number was stolen.
But you CANNOT DO THIS WITH A ONE-TIME, ONE-VOTE, ANONYMOUS ELECTION.
If your vote is reversable 1) it has to be personally identifiable 2) ANYONE with technical knowledge can reverse it.
So that's why you can't vote online. It's not a technical problem. There are no technical barriers to voting online. Amongst many, many other things it's a security problem. Even if you can solve the security problem, you still can't verify what code is running (so open source doesn't help). Even if you could solve the security AND the code verification problems, you still can't stop someone standing over you at home as you vote, and threatening you if you don't vote the correct way (the coercion problem). Or someone can just steal someone's voting credentials and skip the bother of threatening them (the authentication problem).
Hackers will attack your vote, it's just a question of whether they succeed. And the company or individuals writing the code could be malicious, corrupted or threatened. Or the company making the servers. Or the people in the server room. Or actively malicious insiders anywhere along the network chain. Or citizens can be systematically intimidated into voting a certain way. Or the voting credentials of huge numbers of people who don't bother to vote can simply be stolen (e.g. monitoring the mailboxes of students and other young people for convenient mailings with PIN numbers that are unlikely to be used).
Oh, and even if someone miraculously everyone involved in the long chain between you and your vote being recorded on a distant server is trustworthy and not malicious, the software can still have bugs. In fact it's pretty much guaranteed to have bugs. Bugs which may not show up until millions of real users start hammering the real system on election day. So it can still fail spectacularly. Or even worse, fail silently and undetectably, misrecording or losing votes.
But other than that, online voting is a great idea.
PS If you think the TV shows have mastered this problem, I suggest googling so you think you can dance vote hacked or head right to
How the 'Dancing' vote was hacked - MSNBC Cosmic Log - November 19, 2010