How can we vote on Internet that is unsafe for banks, Canada, and alarms the President?

Recent articles highlight the folly and blind faith in technology leading many to trust voting on the Internet

From the NYTimes:  Obama Had Security Fears on JPMorgan Data Breach <read>

President Obama and his top national security advisers began receiving periodic briefings on the huge cyberattack at JPMorgan Chase and other financial institutions this summer, part of a new effort to keep security officials as up dated on major cyberattacks as they are on Russian incursions into Ukraine or attacks by the Islamic State.

But in the JPMorgan case, according to administration officials familiar with the briefings, who would not speak on the record about intelligence matters, no one could tell the president what he most wanted to know: What was the motive of the attack? “The question kept coming back, ‘Is this plain old theft, or is Putin retaliating?’ ” one senior official said, referring to the American led sanctions on Russia. “And the answer was: ‘We don’t know for sure.’ ”

More than three months after the first attacks were discovered, the source is still unclear and
there is no evidence any money was taken from any institution.

As Roosevelt said “The only thing we have to fear is fear itself.” seems to apply here.  There are real cyber risks, we need to protect or digital assets. Yet it does not help to jump to the conclusion that every breech is the work of our biggest enemy of the moment (e.g. China last year, Putin here, and ISIS last week) when we apparently don’t have a clue.

Just as irrational is the fear in then Connecticut Legislature, (and perhaps in the statehouse) where many voted for Internet voting under the threat of being deemed “unpatriotic”.

Of course, Internet voting is not banking. Internet voting is more vulnerable, and more critical to our Democracy. As highlighted by this recent report:

From  GMA News: Online voting not ready for worldwide roll-out, study concludes  <read>

The research, produced by the Atlantic Council think tank and the online protection firm McAfee, concluded that “security will need to be vastly improved” before it becomes feasible to adopt Internet voting on a large scale.

According to the study, online voting faces more complex obstacles than electronic commerce, where a customer can be reimbursed in the case of fraud or theft.

“Online voting poses a much tougher problem” than e-commerce, the report said.

“Lost votes are unacceptable… and unlike paper ballots, electronic votes cannot be ‘rolled back’ or easily recounted.”

The report said hackers could paralyze an online voting system or, even worse, change the results without being detected.

A major problem of online voting is that any system must verify the identity of the voter, and at the same time guarantee anonymity in the process.

Some experts believe it could be decades before online voting becomes mainstream.
Joseph Hall of the Center for Democracy and Technology said that many security experts believe “the timeline will be 30 to 40 years” before the technological hurdles to online voting are overcome.

One of the problems is the “uncontrolled platform,” in which voting software or computers can be infected, Hall said at a discussion hosted by the Atlantic Council.

Jordi Puiggali of the online voting technology firm Scytl said that while Internet balloting has not been perfect, “we have to consider the risks of voting channels that already exist,” citing practices such as stuffed ballot boxes.

The researchers cited a study released earlier this year by University of Michigan scientists on online voting in Estonia, the first country to hold national elections on the Internet.

That study, which is to be published in a scientific journal next month, revealed vulnerabilities in Estonia’s online voting system.

“Attackers could target the election servers or voters’ clients to alter election results or undermine the legitimacy of the system,” the study said.

Estonian officials have maintained that the system is secure.

Wednesday’s report said that online voting has enormous potential if security can be improved.

“For the digital generation, unsupervised polling via mobile devices may be the ‘killer app’ of e-voting,” the report said, adding that biometric and other security features may need to be perfected.

“Broad adoption of most new technologies generally takes longer than technology optimists hope, but it will happen,” the report added.

“Online voting’s potential benefits in terms of reach, access and participation have the potential to revolutionize the democratic process around the world.”

Count us among the skeptics that Internet voting will be safe in 30-40 years. We say it is a good bet that 20 years from now it it will still be 30-40 years off, and maybe that will be the last we will hear of it.  On the other hand it might be possible with a radical redesign of the underlying Internet.  (Geeks like myself will remember IP 6, which we were all supposed to be using by about 10 years ago. Great news its up to 4% now.)

Like building new civic centers, baseball stadiums, and bankrolling fishing and hunting retailers there is plenty of real world evidence that Internet voting does not work well, yet we persist despite the evidence.  Apparently the technology that actually works to protect Democracy, a technology actually under assault in Connecticut, is Freedom of Information.

From Aljazera: Latest Internet voting reports show failures across the board <read>

Internet voting, a technology often cited as a solution to the United States’ problematic voting machines, received failing security and accessibility grades in the latest in-depth audit conducted by the City of Toronto. Two of the three vendors audited by the city currently have contracts with over a dozen U.S. jurisdictions for similar technologies.

The accessibility report, prepared by researchers at the Inclusive Design Research Centre at OCAD University, and the security report, prepared by researchers at Concordia and Western universities, were obtained by Al Jazeera America through a Freedom of Information Act

Proponents of Internet voting, largely disabilities groups and advocates for military voters overseas, point to the apparent ease-of-use of other Internet-based activities, such as banking, and claim the technology would lead to higher turnout rates.

The reports highlight the difficulty in creating a voting system that isn’t more susceptible to corruption than existing voting technology and that is easy enough to use for voters with a variety of personal computer setups, including those with disabilities who often use alternatives to traditional mice, keyboards and screens.
Got that? Susceptible to corruption. And does not provide expected benefits. Sounds a lot like those civic center, sports stadium, and fishy retail projects! Meanwhile the U.S. Government continues to stonewall:
A nonprofit watchdog group, the Electronic Privacy Information Center, sued FVAP last month to force them to disclose their own audits of Internet voting conducted three years ago. In 2012 the program told Congress it would release the records to the public by the middle of 2013.

Leave a Reply

You must be logged in to post a comment.