Twice again, Internet/online/email voting not a good idea

We have and others said it many times and many ways. Internet/online/voting is not safe for voting and maintaining democracy. Here are just two more articles to explain it again, a variety ways.

Scientific American:  When Will We Be Able To Vote Online? <read>

Sooner or later everything seems to go online. Newspapers. TV. Radio. Shopping. Banking. Dating. But it’s much harder to drag voting out of the paper era. In the 2012 presidential election, more than half of Americans who voted cast paper ballots—0 percent voted with their smartphones. Why isn’t Internet voting here yet? Imagine the advantages! … It’s all about security, of course. Currently Internet voting is “a nonstarter,” according to Aviel D. Rubin, technical director of Johns Hopkins University’s Information Security Institute and author of the 2006 book Brave New Ballot. “You can’t control the security of the platform,” he told me. The app you’re using, the operating system on your phone, the servers your data will cross en route to their destination—there are just too many openings for hacker interference. “But wait,” you’re entitled to object, “banks, online stores and stock markets operate electronically. Why should something as simple as recording votes be so much more difficult?” Voting is much trickier for a couple of reasons…

So how does Estonia do it? It’s a clever system. You can vote online using a government ID card with a chip and associated PIN code—and a card reader for your PC. You can confirm the correct logging of your vote with an app. Parts of the software are available for public inspection. You can change your vote as many times as you like online—you can even vote again in person—but only the last vote counts, diminishing the possibility that somebody forced your selection.

Unfortunately, three factors weaken this system’s importance as a model for the U.S. First, Estonia is a country of about one million eligible voters—not around 220 million. Second, we don’t have a national ID card. Third, security experts insist that just because hackers haven’t interfered with Estonia’s voting doesn’t mean they can’t. In 2014 a team led by University of Michigan researchers found at least two points where hackers could easily change votes: by installing a virus on individual PCs or by modifying the vote-collecting servers. (The Estonian government disagrees with the findings.)

Meanwhile other countries’ online-voting efforts haven’t been as successful.

We do disagree with one point: “security experts insist that just because hackers haven’t interfered with Estonia’s voting doesn’t mean they can’t.”.  We ask “How do they know?  One of the huge problems is that the system could have been compromised undetected by those “virus on individual PCs or by modifying the vote-collecting servers”. This is covered in the second article:

Tech.MIC: Online Voting Is the Future — And It Could Lead to Absolute Disaster <read>

More experts and more reasons its dangerous to democracy:

It’s 2016. Why don’t we have an app on our smartphones that allows us to vote remotely and instantly?…

Why has it taken so long for online voting to enter the election? It’s not government laziness. It’s not that nobody’s trying to realize the promise of online voting. It’s that there’s a concerted effort to make sure online voting never happens…

What’s holding back online voting? In short, security risks. If we’ve learned anything from the past few years of cybersecurity scandals — like the Office of Personnel Management hack, the Sony Pictures Entertainment fiasco or the Ashley Madison breach — it’s that no digital system can be proven to be totally safe.

There’s a common refrain that digital voting experts are tired of hearing: “If I can bank online, why can’t I vote online?” If the internet is safe enough to store our money, shop, file our taxes and perform other sensitive tasks, why can’t it be used to vote?

The truth is, we don’t bank or shop safely online. Major retailers and banking systems deal with hacking, fraudulent charges and identity theft every day. Companies like Amazon are used to a small percentage of transactions being fraudulent. And when fraud occurs in a financial transaction, those problems can be fixed after the fact…

This is the problem voting has that banking and retail do not: the “audit trail.” If something goes wrong with a purchase, you can retrace that purchase between the bank, vendor and customer to see where something went wrong. But voting has to be anonymous: Once a ballot is cast, it can’t be tracked back to the original voter without violating the sanctity of voter anonymity.

“Voting is a situation with two hands,” Ed Gerck, a computer scientist who has been trying to solve the online voting problem from a logistical perspective since the ’90s, told Mic. “In one hand, you know who the voter is; they’re qualified, and they’re allowed to vote. In the other, you have the ballot, which must be correct. But you cannot link the ballot to the voter.”

The hand-off, where a person submits his or her ballot using a phone or a computer and sends it to a digital ballot box, is where mischief can occur, because hackers could theoretically manipulate votes without ever alerting election officials that the system has been compromised…

one reason these systems haven’t yet shown signs of being hacked is because no one cares enough to try. Federal elections don’t rely on them.

“As soon as large numbers of people are allowed to vote online, all of the sudden the attack surface is much greater,” David Jefferson, a computer scientist and digital voting researcher, told Mic. “If I thought we could allow it for a very small number of people who really needed it, I could live with that, but that’s not what people are advocating.”…

Handing over election technology to tech companies surrenders the voting process to private, corporate control. The companies will demand trust without letting the public vet the technology, peek into the source code or see behind the curtain into the inner workings of the programs that count the ballots…

Alabama’s system, Everyone Counts, has been put through rigorous testing from mammoth security companies like PricewaterhouseCoopers. Everyone Counts lets the districts that use it vet the technology themselves or hire an outside contractor to test the security of the system. Alabama’s system, as far as Alabama can discern, has been rock-solid for years. Everyone Counts has never put the system up for a public, free-for-all penetration test, but Merrill says he isn’t worried about a security breach.

The looming hypotheticals and doomsday scenarios are unprecedented in the United States. If there were a breach, it could come from someone outside of of U.S. jurisdiction, even a state-level foreign aggressor. That’s if we could verify it at all. Hackers are tough to track — we’re still left wondering who’s responsible for the 2014 Sony hacking fiasco. And unlike a bank transaction that can be corrected by instant accounting, imagine this same system applying to the presidential election. If Hillary Clinton wins in 2016 and, months later, the discovery of a breach reverses the results, what would happen? It would be a legal nightmare without precedent…

Still interested in risking your vote and your democracy via the Internet? Please read both articles in their entirety.


Leave a Reply

You must be logged in to post a comment.