Friday, June 24, 2016
Internet voting magnum opus by Eric Geller
The Daily Dot - Online voting is a cybersecurity nightmare - June 10, 2016
Also available in the Internet archive - https://web.archive.org/web/20160611131517/http://www.dailydot.com/politics/online-voting-cybersecurity-election-fraud-hacking/
“We do not know how to build an internet voting system that has all of the security and privacy and transparency and verifiability properties that a national security application like voting has to have,” said David Jefferson, a researcher at the Center for Applied Scientific Computing at Lawrence Livermore National Laboratory and vice-chair of the board of directors at Verified Voting.(You can see Jefferson present at length about Internet voting in one of my videos of the week.)
Internet voting advocates often say things like, “If you can bank online, you should be able to vote online.” But banks provide receipts for transactions, letting every party verify that deposited or withdrawn money went through the system correctly. You can ask your bank to investigate a bad transaction, just as your credit card company might call you to verify a suspicious one, but only because money tied to your identity is tracked through the global financial system.(For a further expansion of this theme, see my blog post if I can do X online, then why not voting.)
Unlike in banking, where fraud is detectable because money either lands in the appropriate place or disappears, and in paper voting, where physical evidence must be tampered with to rig the results, technology lets people do things while leaving literally no trace.
It’s well known that malware lets thieves pilfer people’s financial and health data and helps hackers lock users’ files until they pay a ransom. But criminals can also use malware to tamper with the process of internet voting—and the more places adopt internet voting, the more enticing it becomes for a hacker to write malware aimed at interfering with specific platforms.(This recognition that Internet voting is a national security issue prompts quotes in other publications such as “We believe that online voting, especially online voting in large scale, introduces great risk into the election system by threatening voters’ expectations of confidentiality, accountability and security of their votes and provides an avenue for malicious actors to manipulate the voting results." by Neil Jenkins of the US Department of Homeland Security, quoted in the Washington Post - More than 30 states offer online voting, but experts warn it isn’t secure - May 17, 2016)
This interference won’t be limited to lone script kiddies, activists flamboyantly trying to highlight the system’s flaws, or anarchist groups like Anonymous. Given what researchers say about the ease of covertly tampering with some online-voting systems, foreign governments are likely to want in on the action too.
For more references about this topic, see my post on Internet voting risks.