SoylentNews is people
SoylentNews
Estonia is the world leader in using online voting for its national elections. Its government has done a great deal to improve the security of the system, which is now used by up to 25% of voters. The country's "I-voting system" is touted by proponents of online voting in the U.S. to claim that secure Internet voting is possible.
It isn't. Early in May an international team of independent security experts accredited by the Estonian government reported severe security vulnerabilities in that country's "I-voting system." Elections, the researchers found, "could be stolen, disrupted, or cast into disrepute."
These results have serious implications for the push to internet voting in other countries, particularly in the U.S.
This discussion has been archived.
No new comments can be posted.
Hack the Vote: The Perils of the Online Ballot Box
|
Log In/Create an Account
| Top
| 22 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Wow! Look!! A stray meatball!! Let's interview it!
(Score: 3, Insightful) by Angry Jesus on Friday May 30 2014, @05:37AM
> allows anyone to ensure their vote was cast correctly.
So, basically get rid of anonymous voting.
(Score: 0) by Anonymous Coward on Friday May 30 2014, @07:09AM
Votes being tied to unique numbers would not require votes to be tied to an individual. The numbers could be randomly generated and never repeated.
(Score: 2) by lx on Friday May 30 2014, @10:44AM
Attention Bitcoin freaks everywhere. Show us how you can use the blockchain to ensure a secure vote.
You know what? That plan is so crazy it might just work.
Votecoin anyone?
(Score: 3, Insightful) by Angry Jesus on Friday May 30 2014, @01:08PM
> Votes being tied to unique numbers would not require votes to be tied to an individual.
Of course they would be tied. Someone pays you or threatens you to make you vote a certain way and requires that you give them your id number so they can verify that you voted as they wanted you to.
(Score: 2) by Geotti on Friday May 30 2014, @05:14PM
Allow for the inclusion of plausible deniability (i.e. give out 10 IDs per person and only you know, which one was actually cast) and this problem is solved.
I disagree with the central database, though (single point of failure/attack). It should be a CRC-checked, verified and vetted distributed system. It seems the bitcoin idea from above has some merit.
(Score: 2) by Angry Jesus on Friday May 30 2014, @06:26PM
> Allow for the inclusion of plausible deniability (i.e. give out 10 IDs per person and
> only you know, which one was actually cast) and this problem is solved.
That's an interesting idea, but I don't think it will scale because of the exponential increase in complexity. Once there are more than 2 different elections on the same ballot, keeping mental track of which ID is "real" is going to move beyond the abilities of the average voter. A mnemonic device like using pictures instead of numbers might bump retention up by a few more races, but I'm guessing that, best case, 5 would still be a limit for a majority of the population.
(Score: 3, Insightful) by Yog-Yogguth on Friday May 30 2014, @08:23AM
And as we all know they would love that since non-anonymous voting is nearly as "good" as no voting when every society in the end runs on an aggregate of social pressures (or much worse). Maybe next the powers that be will decree voting by simple acclamation like some political parties do (particularly so-called labor parties and their myriad of enslaved organizations and unions). I've gotten the impression some cult ideologies made it far enough to achieve specialized styles of clapping, maybe that's still the case in North Korea or Cuba.
There ought to be ways of making it possible for the entire public to validate the entire election process (and not just whatever part they might be helping out with) without connecting specific votes to the individuals who cast them.
I'd have much more confidence in elections if I and everyone else could at least keep constant track of the boxes with votes. Technology ought to be able help with that: as the votes are cast one could constantly publicly surveil the hell out of the boxes they are collected in. But how? What would work? How would one test it and provide working reference implementations? Some kind of open international competition? How would one force working systems onto corrupt politicians with a lot of voters already beaten down into submission, drooling stupidity, or inane Pavlovian and perhaps even hereditary repetition?
Being "paranoid" I have zero confidence in the voting system in my country (and negative confidence about the elections in neighboring countries here in western Europe), even though it's manual and even though it recently gave a change in government at home and political upsets abroad, it's too obscure at a distance and too limited close up. Even the OSCE is becoming a politicized joke these days due to Ukraine, the OSCE monitoring measures are not good enough and have to be deeply flawed when "half of two thirds" of a country are not at all participating in the vote (and that's without considering the turn-out) and it still isn't a problem for the OSCE. That kind of stuff is as ridiculous as Baghdad Bob yet there's no outcry because every power involved cares less about the vote than about forcing the winner to take some shred of responsibility; defendable as a piece of international realpolitik but making fools out of the voters.
Of course I'm setting the bar way too high when people already get away with open political violence and intimidation, and removing the ballot papers for specific political parties. These are examples from multiple "first world" western "democratic" countries, not Pakistan, Egypt, or Syria. Where cast votes end up scattered on the freeway or the dump or voting urns/boxes vanish until the counting is done with feeble excuses of them being sent as normal postage. These are all examples from the western world and in particular Sweden which has become a stinking shithole par excellence as far as these things go (and surveillance as well, glad I don't live there and the US has recently promised not to take action if the Russians liberate them --although that was just an open public attempt at trying to force them into NATO).
Rawr! This world is chock full of shit and stupidity and I have trouble learning not to care #end rant
Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))
(Score: 2) by Magic Oddball on Saturday May 31 2014, @11:56AM
"I'd have much more confidence in elections if I and everyone else could at least keep constant track of the boxes with votes. Technology ought to be able help with that: as the votes are cast one could constantly publicly surveil the hell out of the boxes they are collected in. But how?"
We don't need technology for that -- in California, at least, oversight is rigorous enough (speaking as someone that has volunteered behind-the-scenes for 12 years) that the incidence of voter fraud is negligible. Here is the setup we have:
6:00AM - Team (assigned at random by headquarters) arrives. We set up the equipment, which requires breaking a thick plastic zip-strip lock for anything security-related, documenting the numbers in two places and putting the locks into a plastic bag to be turned in at the end of the day.
7AM - At all voting precincts, the person in charge shows the voters waiting in line that the metal voting box is empty, then pulls out the maroon zip-strip and locks the metal box closed, so the only opening is the slit for ballots. The box is then placed in full view of the check-in table (where 3+ of us sit at all times).
Each voter steps up to the check-in table. We make sure they're assigned to us and aren't listed as a mail-in voter, then have them print and sign their name in the official register & logbook. The person is then handed a set of multiple-choice card ballots & secrecy envelope; when they've voted, they return and they or we place it into the metal box.
If the voter *isn't* one of ours, we give them a phone number to find out where they're supposed to be. If they can't easily get there, we process them as a Provisional Voter: they sign into a special sheet, and must seal their completed ballot into an envelope with their name/street/etc. before putting it in the metal box, so it isn't counted with all other votes. Up at headquarters the next day, the provisional ballots are all sorted to be sure there's only one under each name, that the name wasn't also used to vote normally, and the signatures/info are electronically compared to what the person is registered under. If there's a problem, they manually double-check, and reject the ballot if appropriate.
During the day, we update a reference list every 15 minutes that shows the street address, name and political affiliation of each voter, and put it on display for volunteers from the political parties, journalists, or bored citizens (anyone can also hang out watching everything). We also check to be sure that our two reference indexes (one ordered by name & one by street) have the same ID numbers checked off, that the ID also matches the line numbers in the name register and sign-in sheet -- if anyone tried to sneak a name or whatever in (or more realistically, if one of us goofed) the problem becomes obvious in a hurry!
At 8pm, we process any voters in line or just arriving, then close & lock the doors ASAP. We put equipment away, which means putting (and recording numbers of) new locks on security items. We cut the lock on the metal voting box. We make sure we have the same number of provisional ballots as people signed into the Provisional Roster, put the roster & ballots into a clear bag, write the number down on the outside, and seal that.
We then dump all of the normal ballots onto the working table, pull them from their secrecy envelopes, and start stacking them into groups of 10 with the corner-cut in the same direction. We triple-check, jot the number down, and make sure it matches the number of voters on our regular sign-in roster, name index, etc. We then place them into a special box, put the lid on, lock it with a giant seal (adhesive all the way around, no way to remove it) and have 3 volunteers sign & witness each other's signatures.
One of the papers we write all of this onto goes into that box, while a carbon-copy is torn off and placed in an envelope. The person in charge and one other volunteer then drive the supplies to the election center. A *different* volunteer must seal the envelope and mail it to the election center within 48 hours.
I'm overlooking some of the redundancies (dropping off a mail-in ballot is handled the same way as a provisional but with different paperwork, etc.), but you get the picture: layer after layer of security paired with transparency. In fact, every few elections my own vote-in ballot is rejected because the way I sign one or two of the letters in my name has changed, so I have to turn in a new signature for the future -- it's a pain, but as I've reminded a few voters, it means the system's actually working.