Net Voting in California 143
Myxx sent us an article from Yahoo that talks about online voting and the issues and recommendations reached by a panel in California. The summary is that they suggest waiting and seeing. Apparently the Internet is secure enough for billions of dollars in financial transactions, but not for voting.
Re:Security on-line (Score:1)
Most intelligent post so far (and from another AC, no less). Easy vote-buying schemes are the FUNDAMENTAL problem with Internet voting, and are a problem which cannot be fixed through technology. Any proposal which allows voters to connect to the system in a private place (such as the home), rather than a scrutinized, public place (polling station) will have this problem, and it *IS* a serious enough problem that internet voting should be rejected as a means of deciding serious political questions such as the election of representatives. A democratic election system for public elections must not merely allow, but REQUIRE anonymity for it to be acceptable.
Of course, the Yahoo article completely misses this important point, along with a few others:
``The Internet has the potential to bring a record number of low propensity younger voters into the democratic process for the first time,'' California's Secretary of State Bill Jones said in a statement announcing the report.
Rubbish. Voter turnout in the U.S., Canada and Great Britain is low because the underlying voting method is so poor. Under the simple-minded plurality ("first-past-the-post") voting systems these countries use, most votes are wasted (that is, they have no effect on the outcome), so many people have little incentive to participate. Votes for minority parties are completely wasted, so people are forced to vote for broad, meaningless, "lesser-evil" coalitions (Democrats, Republicans) to have any hope that their vote will count in some vague way. In contrast, most other countries use some form of proportional representation, and have much higher voter turnout. Malta, for example uses one of the best systems of PR (the Single Transferrable Vote, or STV), and has probably the highest voter turnout in the world (recently greater than 95%, and rising!) Most parts of continental Europe use the slightly inferior Party List systems of PR, and also have good participation rates (better than 80%, generally). Tinkering with the technical mechanisms of voting (Internet vs. polling booth), rather than the underlying system of counting votes is simply rearranging the deck chairs on the Titanic.
If a voter knows that their vote is going to be wasted, due to how it is going to be counted, it makes absolutely no difference how easy you make it to cast votes -- the rational voter will do nothing anyway, and short of unobtrusive mind-reading techniques you will never get their opinion.
``Unfortunately, the threat of computer virus and other technological attacks on personal computers make Internet voting from the home or office an unsecure and unwise practice at this time.''
More rubbish. These are minor technical problems that *do* have technical solutions. Throwing these issues up as the "problem" of Internet voting merely creates a smokescreen for the *real* problems, which are conspicuously absent from the discussion. Publicising these problems simply makes it easier for the public to swallow the idea of Internet voting once these small technical problems are miraculously "solved" through technological advance. People should wise up and refuse to participate in this phony debate. For example:
``Votation.com makes elections more secure than existing election systems currently do,'' company Chief Executive Officer Joe Mohen said.
``The security techniques and technologies than we use are far more secure than those that are used to transfer millions of dollars out of bank accounts over the Internet today.''
This of course is probably true but irrelevant. Here we are invited to discuss whether or not the protocols used to transfer votes are sufficiently secure from tampering, without considering whether the votes themselves are meaningful, and if the votes are NOT meaningful, then the technicalities of collecting the votes are relatively unimportant. Why bother to create an elaborate, technologically sophisticated system to collect and process junk data, when we already have a simple paper-based system that can do the same thing? Internet voting is NOT a solution to the problem of low voter turnout. This problem is fundamentally a social one with political solutions that cannot be solved using technological quick fixes (I know, this is surely heresy on SlashDot!).
According to a poll by the Public Policy Institute of California, voters under age 24 were three times more likely to support the idea of e-voting than those aged over 65.
OK, so we can conclude that younger people who ARE going to vote are more likely to do so via the internet than older people, or support that as an option for voters, but the question they should have asked but apparently didn't is:
are YOU going to vote if Internet voting is available as an alternative to the polling booth?
I guess it's best not to ask the questions you don't want the answers to.
Re:Security on-line (Score:1)
"Vote early, vote often!"
Re:Eh? (Score:1)
Re:Schneier agrees (Score:1)
--
Re:Coerced votes?? (Score:1)
Coerced votes are not unique to online voting. Absentee ballots have the same potential for coercion, for the same reasons, and it has turned out not to be too much of an issue. See the letters at the end of the last issue of Crypto-Gram here [counterpane.com].
In short, absentee ballots account for as much as 35-50% of the vote in some elections, certainly enough to change the outcome of an election, and they continue to be used despite the possibility of coercion.
Of course, online voting has many, many other problems. I just don't think coercion is one of them.
Untrusted clients (Score:1)
Again: as long as home computers are an untrusted platform, any information coming out of them is suspect.
Hell no! (Score:1)
The Internet is NOT secure enough for billions of dollars worth of transactions; exploits are too regular an occurrence, and snake oil is too profitable (vendors are either glossing over vulnerabilities or trying to peddle crap technology). Cracking "Internet voting" (whatever that is this week) has the potential to cause even more damage than cracking business databases or financial transactions---the corruption of a society and its system of law, not just to Joe Smoe's Visa account.
Rev. Dr. Xenophon Fenderson, the Carbon(d)ated, KSC, DEATH, SubGenius, mhm21x16
Ooh yeah. Time to get the cluster warmed up... (Score:1)
Who want's to be the next president of the USA? Only $1 per vote (Special introductory offer).
Limited Time Window (Score:1)
Digressing I think that we really need to look long and hard at good crypto solutions. Right now people can steal anything, and they do, from people's social security to my CC the other day on CD Universe. You can't make anything good without breaking a few things in the making, and people continually think that it has to be 100% or nothing when most of us live in an 80% (if that) world. I think there are only two main issues. How do we keep the transaction secure, and how do we know you are you. Solutions for these are wide ranging and I'm sure others are covering them well in these threads.
I'd like to see a faux voting for a year. I really want to see some official idea count on how many people would vote. Besides just thinking for us normal two legged healthy people, think of the handicap/disabled people that could vote. You can bring out a lot more of the populous if it were available.
We're not ostriches, so lets keep our heads out of the sand,
Malachi
Re:Schneier agrees (Score:1)
I see no meat though.. he's afraid, and by rights so because who knows how much research went into the idea et al. I'd like to see a thurough summary done by him though.
Keep'n it real,
Malachi
Security and Integrity (Score:1)
XenoWolf
Yes! Internet voting has a devastating flaw (Score:1)
Russ Nelson is absolutely correct. I mentioned the same argument against internet voting, too, when the internet voting issue came up some time last year.
Forget the technological issues. Assume they are perfectly resolved.
There is no way to assure that the voter isn't being coerced into casting a certain vote.
There is a reason that we use curtained voting booths and poll watchers. It is to prevent these social means of altering votes, rather than to prevent technical ones.
I understand why some people think internet voting is a great way to revolutionize democracy. I felt the same thing for a long time, too. Do not let the apparent elegance of voting from your home computer cloud your judgement, though... internet voting from the home is inherently flawed.
Before continuing, I should comment on absentee ballots. There is an outward similarity between absentee ballots and internet ballots, and I can not recall a big case where absentee ballots were coerced. Let me simply say that the absence of a documented attack exploiting a given security hole does not mean that the hole does not exist!
Actually, I am personally against mail in absentee ballots, too, since they may also be coerced. It probably hasn't become a problem because, in general, absentee ballots are only a small fraction of the votes case it most elections. (I believe one or two states have recently allowed wide spread mail-in voting, though.)
While I am opposed to voting over the net from home, I am not opposed to voting over the net from public polling places. In fact, if the polling places were wired to each other, it might allow a voter registered in Florida to vote from a booth in New Hampshire, removing some of the need for absentee ballots as an added bonus. This, I believe, is an excellent use of technology in voting.
The social issues surrounding voting can not (as far as I can see) be addressed by any implementation of internet voting from home. Internet voting is a dangerous idea. Please don't let your local legislatures implement it.
John Karcz
The thing is.... (Score:1)
It's not just making sure that the correct votes are cast, but htat those people who still don't bother (tsk... some people) don't have their votes appropriated.
Voting is easy (Score:1)
Voter turnout in my district is so heavy that they ran out of ballots in the last Congressional elections!
America will fight online voting for the same reason it will profess support for the family farm - going to the polls is part of our national identity. Sure, the future may be megafarms and evoting, but you can be damned sure a lot of us are going to fight it tooth and nail.
Don't hold your breath. (Score:1)
All sarcasm aside, I think online voting is inevitable, but it will be interesting to see what entities drag their feet over this because they fear the kinds of change this would bring.
This must never happen (Score:1)
The whole idea behind this is to allow THE SYSTEM to remain, and get BIGGER, which is what Americans do not want, exept for some jerks who currently hold presidentcy.
Re:Why not use bank's ATM? (Score:1)
Re:Why not use bank's ATM? (Score:1)
Cool (Score:1)
Too bad I don't live in CA.
-mark
Re:Against Internet voting (Score:1)
My question is, do we want to further enfranchise those who don't care enough to go to the polls now?
J.
Re:Against Internet voting (Score:1)
What if the government were to pay for special employees whose job it was to go to the homes of rich retired men (but not women) and ask them for their votes. This sounds very undemocratic while making it easier for a certain segment to vote. Unless there was some kind of female backlash to counteract this policy (backlashes and protests being a whole different kind of evil), these rich old men would end up with a larger share of the vote.
It is undemocratic to make a special effort for certain segments of the population while not making a similar effort for others. Other issues notwithstanding, perhaps Internet voting would make sense if there were simultaneous outreach programs to those who aren't connected.
Against Internet voting (Score:1)
Re:Against Internet voting (Score:1)
Re:Security on-line (Score:1)
I had an uncle who lived in Chicago. He voted Republican until the day he died -- then he started voting Democrat.
</JOKE>
--
Re:Going slow is probably good (Score:1)
Unless you can't even find a "third party" candidate you could accept, of course.
Someone made a good point to me once (Score:1)
There is also the possibility of a loss of anonymity with online voting, as you could have 20 people in the room with you at the time or the protocol/whatever could be snooped if not done properly.
If they do this I hope they consult the more knowledgeable crypto people in the field and work out a solution everyone is happy with. Just because you CAN do it doesn't mean you SHOULD. Though I agree that it would get people voting more frequently.
Bah, humbug! (Score:1)
If those kids can't bother to get off their asses and get out into their communities to vote, why should they even bother being involved in the political process at all?
Not really (Score:1)
Security on-line (Score:1)
Re:Couldn't Agree More (Score:1)
Why not use bank's ATM? (Score:1)
"I think, therefore I am."
Philip Apostol
Re:Why not use bank's ATM? (Score:1)
Voter apathy (Score:1)
What's needed is for the youth of this country to be shown, not told, how the government works. They have to believe that corruption is beatable. Right now, even I have a hard time believing that.
Technology shmecnology, online voting will happen. It's not a matter of when or even how. It's still an issue of voter apathy.
The Divine Creatrix in a Mortal Shell that stays Crunchy in Milk
Re:Voter apathy (Score:1)
Somebody back me up here!
The Divine Creatrix in a Mortal Shell that stays Crunchy in Milk
Re:issues with identification (Score:1)
issues with identification (Score:1)
Re:Why not use bank's ATM? (Score:1)
Re:Limited Time Window (Score:1)
Matt
Slow change (Score:1)
In another sense, electronic voting may be what finally restores the electoral process to a more popular state. When I consider the number of people who never write letters, yet have become compulsive emailers, it seems a similar phenomenon may be in store for political invovlement.
Whether that, in the end, is a positive or negative effect (people wouldn't have to care enought to get out to the polls in order to be counted) is another issue entirely.
Re:mob rule (Score:1)
necessary that all have an equal chance in
EVERY method, so long as it is plausible
(e.g. putting booths in subway maintenance
tunnels is NOT valid) for eligible voters
to vote.
2. Most voters don't spend much effort, anyway.
Fewer voters cite policy issues compared to
personality or physical appearance.
3. Legally, there's no stipulation that voting
be either easy or difficult so long as folks
can plausibly do it.
It doesn't really matter, anyway, as long as there's no separation of powers. For all practical purposes, the Executive has usurped much of Legislative authority; we now have presidential candidates talking about what executive orders they'd issue, after all. First, get a Congress that's willing and able to fight the Prez...
Re:On-line voting only has one minor problem.. (Score:1)
Still there are many advantages to online voting like: higher precentages of more educated people vote (remember, you can find out all sorts of things about the candidates online that you never hear from main stream news and you can get the opinion of importent groups like the ACLU) and people can vote more oftin since it is less hassel.
Personally, I think that online voting should require various amounts of platform information to be made available. Furthermore, I would want to require a random 3-4 question quiz on each canidate. This way, we are ensuring that more educated are voted. This would be a wonderful way of raising the bar for voting.
Ya, ya, how horrible that I would want people to educate themselves prior to voting instead of letting someone else do the thinking for them. Obviously this isn't fool proof, but I think it beats our existing system. Why would I want this? Well, imagine a day when everyone has a computer and online voting is the norm. As it is, people have to make an effort to go vote. This implies some level of civic responsibility. I don't want voting to be on the same level of thought as changing the channel on our remote controls. I want people to have to make an effort for society. I want people to vote for whom they think is best for the job and not because their brother's cousin's wife's uncle decided that this who they should vote for.
Re:The reality is... (Score:1)
Throw in the fact that most browsers use 56-bit encryption, no host authentication and no user certificates, the level of trust you can put into who is sending the data is amazingly low.
Except, you made the assumption that online voting would be performed through your web browser and/or use the same security facilities that are used for online purchases. This is, of course, wrong. A better way to do it would be to send each person a serialized application when they register. Furthermore, this application would implement the "secure/anonymous" crypto-algos.
I've worked with ATMs, credit card systems (private lable and otherwise), debit systems, EBT, etc. None of these systems are designed to prevent fraud!!!! They are all designed for fraud detection and to create enough of a audit trail to catch the guilty. I don't think we want to follow this trend in voting. As such, obviously different technologies are required.
Since when? (Score:1)
Re:The thing is.... (Score:1)
So which side is spreading the most FUD nowdays? Microsoft or Linux advokiddies?
How much is a vote worth? (Score:1)
Specifically, individuals are constrained to vote in physical enclosures that provide them with the ability to cast their votes anonymously.
My biggest concern with online voting is not with individuals maliciously cracking the system. Rather I worry that it would become practical to purchase votes en-mass.
With an online voting system, it becomes possible for the local ward boss to watch people as they cast their votes. (In a worst case scenario, the boss provides a computer, individuals line up to vote, and are paid $25 dollars a head for making the "proper choice")
Look at the enormous amount of money that the candidates have been spending during the caucuses and the days leading up to the primaries. Candidates such as Forbes are rumored to be spending upwards of a 100 dollars per vote on this event. I'm willing to bet that it would be MUCH cheaper to bribe the populace directly.
Richard
Security Through Obscurity (Score:1)
If you scan through the California report [ca.gov], it's interesting to note that one of the "possible approaches to the problem of malicious software" which they list is security through obscurity [ca.gov] (bottom of page, section titled 'Obscurity/complexity').
They speak of how "voting software may be kept secret prior to the election" so that "potential authors of attack software may not have enough time to develop and distribute it during the election window".
I'm not sure I'd count on that. Really motivated hackers/crackers can come up with stuff pretty darn quick.
Open-Source Voting Software (Score:1)
The TechnoDemocracy Project [technodemocracy.org] was recently started to create open-source voting software. Open review of the TDP code should make it more secure than the closed-source/proprietary approach traditionally used & recommended by the California task force.
Perhaps not quite ready for prime time, but... (Score:1)
Voting through the Internet cannot yet replace physical voting, for all the reasons that others have noted; however, I don't see any reason why voting through the Internet cannot be introduced as an alternative to an absentee ballot. How is an absentee ballot any worse than an electronic ballot?
The security on an absentee ballot (at least where I live) involves registering as a voter in person and mailing a request for an absentee ballot, in response to which an absentee ballot is mailed to your house and your request is noted. In other words, next to none.
Is this any more secure than using public key cryptosystems to authenticate voters online? You have to initially verify that the person that has the private key is really the person that he claims to be, but once this initial step is carried out (which can be done at voter registration), what prevents secure absentee voting? This would make life much easier for citizens living abroad, in remote areas, etc.
Privacy, security, reliability, and public confidence cannot be provided any better by postal services than by strong encryption. As for anonymity, absentee ballots can't expect anonymity anyway. For those who write, "If people aren't sufficiently interested to physically visit the polls (or send in the form for a mail-in ballot if they cannot do so), they probably aren't sufficiently interested to educate themselves on the issues:" In that case, why not reestablish the poll tax or the literacy test? After all, if people aren't sufficiently interested to pay a poll tax or learn to read, they probably aren't sufficiently interested to educate themselves on the issue. Physical ballots are no more difficult to "lose" than electronic ballots. There are no measures against coerced or bribed voting in absentee ballots; why expect them in electronic ballots? As for those who do not have or do not want computers, I ask, "What about those who live too far from a poll booth and don't have any means of transportation? Should poll booths be eliminated?"
Since absentee ballots suffer from all the problems that electronic ballots suffer, should we eliminate those too?
Daniel J. Peng [mailto]
do we really want to see political banner ads? (Score:1)
Why drag those heels? (Score:1)
So why are ALL governments dragging their heels on implementing this?
Well, the instant you have online voting, the next obvious question to ask is:
Hey, why don't we use this all the time, instead of just for elections?
Instant polling of the electorate's opinions would render large areas of Government redundant (or maybe obviously redundant *smiles*). Consider...
Ban abortion YES/NO
Invade Iraq YES/NO
The funniest aspect for me is wondering what the 4 million Sun readers in the UK would vote for. (For those who don't know, The Sun defines tabloid journalism in the UK).
Re:Why drag those heels? - create a new system! (Score:1)
If, and only if, evoting was ubiquitous, more polls could indeed be organised. But, while low response to polls is a problem already, more polls would decrease public interest even further (germans learned this through lots of plebiscites(?) in the Weimar Republic 1919-1933...)
Most people cant, or dont want to, stay up to date on all the topics raised in parliament, as they should have to, in order to place an optimal vote. However, many people are informed on certain topics that touch their interests enough. Some can even cover it all.
Divide up political topics into 10-20 categories, and over time I could name people whose opinion in one or more of those fields I would trust to the extent of having them vote for me in polls regarding this respective field of politics, adding weight to their vote by my confidence.
This way I could, with minimal effort (just being informed about "my own" field(s) and people I personally know), make sure that my vote is far better than it would be if I had to do it all myself.
It might be something to replace political parties, abolishing all the trouble associated with them.
Food for thought provided by
Kiwaiti
Interesting item from the article (Score:1)
Despite being non-sensical (virus attacks?), this is well-taken. CmdrTaco brings up the point that $billions are floating around on Internet transactions, but voting is not done online. Even though it seems when you go to the polling place that security is _weak_, it still requires some hard-to-defeat methods that make widespread voting fraud hard (at the voter end-- counters can cheat all they want if there's no oversight).
The problem is that voting in elections is the basis for creating the infrastructure (contract law, the courts, determining and collecting taxes, etc...) that allows Internet transactions to be conducted. This is a sensitive process and any chance to undermine it (and how fast could a beowulf cluster on a bunch of those new weather computers fraudulently vote?) has to be avoided.
Much as I would love to vote online, I just don't think that we're there yet
Anonymous voting? (Score:1)
My own thoughts are that the kind of online identification required to do online voting would destroy online anonymity. Any ID for this purpose would soon be exploited. Think not? Social Security numbers were specifically NOT for identification purposes. And look at them now. Everybody wants them. So, do you REALLY want to vote online?
UK point of view (Score:1)
As a brit - I cant really comment on the Calafornia issue but I think the idea behind online voting could be beneficial.
I agree wholeheartedly that the governmetn (be it our or yours) tend to take a " lets wait and see" point of view on things especially if its something that other people may understand better than they do ...
if the governemnt is keen on attracting people to online commerce (which I know the uk one has been pushing for) maybe a step forward and backing online voting would increase consumer confidence?
As long as the service was guaranteed to be secure I dont think people would have a problem with it.
Re:Against Internet voting (Score:1)
Sounds like NPR didn't read the report and is working towards a media frenzy.
While urging short-term caution, the California task force, which included election officials and data security experts, said the longer-term outlook for e-voting was good, and that Internet voting could prove particularly attractive to 18-24 year olds, one group of potential voters with a poor turnout at the polls.
Call me cynical, but I don't believe for a second that the politicians want anything to do with a system that increases voter turnout.
Online voting can give us a true democracy with no need for representatives (that don't represent us). We can vote for ourselves! Close the House! Close the Senate! Shut down the Electoral College!
Oh, it's unconstitutional? Of course it is. The founding fathers never saw this coming.
cheers,
Re:Online Voting--Why? (Score:1)
How many people do you see who should be allowed to vote, i.e. to determine the very future of our nation?
The answer is simple, ALL OF THEM.
Amendment XV
Section 1. The right of citizens of the United States to vote shall not be denied or abridged by the United States or by any state on account of race, color, or previous condition of servitude.
But our nation (the US, in my case, and most other modern nations) is founded on the fundamentally incorrect premise that every man's opinion is equally correct (i.e. it has an equal chance of being correct). This is demonstrably wrong.
What do you propose? A test? Some sort of credentials that you must acquire before you are qualified to vote? That's the ticket. Don't allow the uneducated to vote. Most of them are poor anyway. They don't count.
That's absolutely obscene. How long do you think that will last before the unhappy, unrepresented poor overthrow your elitist government?
cheers,
Re:Net Voting & Security (Score:1)
You make it sound as if the current system cannot be hacked.
From the article: ``Votation.com makes elections more secure than existing election systems currently do,'' company Chief Executive Officer Joe Mohen said.
cheers,
Net Voting & Security (Score:1)
Putting effort into hacking e-commerce will get you some credit card numbers and therefore a bit of cash.
Putting effort into hacking electronic vote-stuffing can make you leader of the free world.
Do you still believe enough in net security?
Ken
mob rule (Score:1)
Re:Online Voting--Why? (Score:1)
However, you are incorrect on one point: the US is not founded on the premise that every man's opinion is equally correct. Back when this country was formed, you basically had to be a white male land-owner to be able to vote. Also, remember that the popular vote DOES NOT determine the president - it is the electoral college that does. Even the Founding Fathers didn't trust the general populus.
The technology is there (Score:1)
take what u want from that
Hopefully someone else has already said this while the article was being hit most
secure!=secure (Score:1)
It is one thing if someone steals a million
dollars and a different one if he forges a hundred
votes, because of the influence this can have in a
country's destiny and the actual restriction of
rights this means.
just my opinion,
rmstar
slashdot and the decline of social justice (Score:1)
rob, you have absolutely no right to post comments on the main page after the artice title. if you have a personal opinion on the article, post a comment, like we all do.
your sarcastic remark shows that you disregard the priveledge of owning computers that you and i share. i know you live in some praerie in middle america in a nice place with "cool" computers and an aibo, but not everyone has these things, yet everyone must be able to vote. please think about the impact your snide remarks will have upon your image as a logical human being.
The reality is... (Score:2)
Throw in the fact that most browsers use 56-bit encryption, no host authentication and no user certificates, the level of trust you can put into who is sending the data is amazingly low.
Add in the fact that server certificates are often granted with minimal (or no) real checks by the issuer, and voters can't be sure if they're sending to the real site or a hijacked one.
Add in the number of sites that clone title pages, to fool search engines, the ease with which crackers can break in & insert redirect tags, and the zero understanding most admins show of even the mose basic security issues, it's a wonder anyone trusts the network with so much as an e-mail, let alone major financial dealings or voting systems.
Pbbt - no comparison b/t votes and shopping (Score:2)
Well if that's not stupid little soundbite of attempted irony... There are some many reasons why not instituting online voting right now is a good idea. Actually, I can only think of one obvious pro why online voting would be good, and that is because it would increase voter participation.
Now let's enumerate why it's bad. First, did you ever stop to look at the demographics of American internet users? Three words: white, young, males (Just you like, and me, and everyone else here.) So by instituting internet voting, you're actually giving this sect increased democratic power, which is a really dumb idea because white males have the highest voter turnout anyways. If I were to consider any form of election reform, my top priority would be involving the underrepresented minorities more before I thought about sending a couple million extra white guys to elect some other white guy to become president. I know any non-felonius citizen is free to vote, but if internet voting does happen, you will have a much higher turnout rate of the aforementioned, and most people aren't going to care enough to compensate by turning out in the polls, especially not in the first election year. It's the whole "times are good, I've got my IPO and a quad-Athlon, who cares about politics" mentality.
Second, and most important, internet authentication is a joke. Honestly, I can't think of any system of verification out today that couldn't be cracked. Personal digital certs are great, until you find out that person's password, and then, voila, you're him. Now, think back to 1996, when the White House fundraising scandal broke. People went apeshit because foreign owned corporations were donating money to American political campaigns. Seemed pretty mundane to me. What child's play that is compared to the potential that lies here. Who needs to risk money on the chance that your guy might not be elected when you can just elect him yourself? Do you really think that it would be that hard for any first- or second- world country to cull their cracking resources and seamlessly throw a few million votes to this candidate or that one if ivoting (forgive me, typing sucks) were implemented today? Of course not. And that, friends, is a threat to national security, democracy, and our way of life ().
Biometric authentication, or anything close to reliable would be great, but those are all many years down the road. I think facts like that are what prompted the commission to say the same thing about voting online, and personally, I couldn't be happier with that decision.
--
Public attitudes is the limiting factor (Score:2)
With 'hard copy voting', you have to go to some effort to make a significant difference to an election - you'd have to rig many voting booths, have physical access to the boxes, probably buy off the officials and vote counters ... etc
With online voting, you would only have to change a couple of numbers (assuming that you could hack past the security and get away undetected).
Unlikely that someone could hack past the security? Maybe, but there are enough stories in the media about stolen credit card numbers and hacked web sites for the general public to have a real fear about the security of online voting.
And to cast additional fear upon the populace, if it is 'easy' to hack the vote computer, it is even easier to change the whole result of the vote with a single click.
This may not be true in reality, but that is what the general public believe ... and try convinving them otherwise.
Nope. While systems may be ready to handle online voting, the public is not.
Eh? (Score:2)
This looks like a serious problem (Score:2)
The problem is that the correspondance between the voter's electronic identities and their real identities has to be broken in some gauranteeable and visible way, or unscrupulous persons can use the same information thats needed for security to trace people's voting records.
Re:Security on-line (Score:2)
The worse thing that can happen to a bank is for their customers to lose confidence in how safe their funds are. But I think most people -- at least in the US -- have already lost confidence in the gov't, so it's not like the gov't would care as much about that risk.
"Wait and see" sounds like a good idea to me.
Besides, if people aren't sufficiently motivated to get off their butts and go somewhere to vote, I'm not sure I'd want them to vote.
Re:Paper is good (Score:2)
of the candidates is to stay at home
Or you can write-in a vote. It's less convenient than punching out the little holes with the pin, but then a few minutes out of your life for the sake of democracy isn't such a big deal...
Re:Voter apathy (Score:2)
corruption is beatable. Right now, even I have a hard time believing that.
rent "All the President's Men". Ironically, the reason so many people are distrustful of government, while also being the single greatest example of how -- no matter how powerful you think you are -- your dirty laundry will eventually be aired.
The slippery slope (Score:2)
Re:Online voting: not ready for prime time (Score:2)
What problem are we trying to solve? (Score:2)
I have yet to see a viable solution to the ballot secrecy problem. Votation's site includes the following amusing assurance:
Why should I believe this?
Until someone can answer this question for me, I'm left wondering what problem online voting is a solution to.
Is it a cure for voter apathy? Of course not. Apathetic voters stay home because they don't think voting is important, not because they think it's too hard.
Does the current system make it hard to get to the polls? Preposterous. Most Americans live within walking distance of their polling place. True, physical disabilities may keep some people from the polls, but absentee balloting and free rides to the polls offered by both major parties and many other organizations are already available.
So just why is it that we're trying to create a whole new balloting infrastructure?
Online Voting--Why? (Score:2)
On the contrary, I assert that the only reason that we have gotten where we are today is the fact that so few have historically voted. Take a walk down a city street sometime and look around you. How many people do you see who should be allowed to vote, i.e. to determine the very future of our nation?
The common man is a fool. He is easily swayed by advertisements. He does not care about issues so much as he cares about bread and circuses. As long as the politicians keep him distracted he is happy. There's nothing wrong with this; not everyone needs to have control over the government not everyone needs to be in charge. But our nation (the US, in my case, and most other modern nations) is founded on the fundamentally incorrect premise that every man's opinion is equally correct (i.e. it has an equal chance of being correct). This is demonstrably wrong.
As for myself, I do not vote. I find the system of universal suffrage to be an insult to all, learned and unlearned. What this country needs is fewer, not more, voters. I also have no desire to be part of ruling class; I have no wish to be responsible for wars (even though I generallt support them), executions (even though I support capital punishment), imprisonments and the rest of the sordid business of governance. I wish merely to live my life under the rulers who have been set over me. In this country the rulers are all those who vote.
Voting needs a higher standard than cash. (Score:2)
Mabey that's because voting is much, much, much more important that billions of dollars in financial transactions.
Re:Against Internet voting (Score:2)
This isn't a very convincing argument -- after all, the current voting arrangements make it considerably easier for non-workers than for regular 9-5 types. (Somehow, I doubt that NPR spent any time complaining about that....)
The really strong arguments against Internet voting are:
Privacy: How do you prevent people from watching over the voter's shoulder? Political machines could even arrange parties with goodies and Net terminals -- perhaps it would be illegal to tell you how to vote, but there would be obvious pressures.
Security: Other messages here have commented on this problem.
Public Confidence: This is related to the previous issue. As long as the Internet has security holes, people are going to wonder about a Votescam scenario [copi.com] every time an election "upset" occurs.
Civic Engagement: Let's face it, the chance that your vote will decide any election above the dog-catcher level is about equal to your chances of winning the lottery. The excersize is more symoblic than substantive, and clicking a mouse just doesn't cut it for most people.
Voter Standards: If people aren't sufficiently interested to physically visit the polls (or send in the form for a mail-in ballot if they cannot do so), they probably aren't sufficiently interested to educate themselves on the issues.
/.
Re:Couldn't Agree More (Score:2)
There are issues with ensuring only registered voters get to cast votes. Any simple system (SS number and Drivers License number) would be trashed in an instant by
There are issues ensuring a registered voter only votes once, and their first vote stands. Vote early and vote often is humour everywhere outside of Chicago
Then there is the issue of anonymity. What happens if someone manages to collect a copy all the incoming votes, and can make a match between a vote and a person? It doesn't matter how strong the encryption is, at some point it has to be decrypted to be counted.
Lets say someone compiles a list of all the people who voted one way on an emotional issue like a new imigration law, or a business issue like insurance reform, and then sold that list to insurance companies, employers, or credit research companies. All
I think there will eventually be technical solutions to every one of the problems on the list, but it will take time to create good stable systems to withstand fraud and abuse. I agree that large scale internet voting should take a wait-and-see attitude, lets start with a few small municipal elections and thoroughly debug everything over a long period of time, then make it easier and easier to use before rolling it out.
the AC
Must hit submit now, there is a woman in the next office building doing a strip-tease, and a large crowd is forming around my desk. Who's got a digital camera when you need one?
Re:The slippery slope (Score:2)
Hemos the Hamster
who just beat out Hank, the Angry, Drunken Dwarf, by 1.2% of the vote
Bwahahahahahahahaha
Ok, someone has to get back to work now
the AC
There's never enough moderator points around for all the good humourous posts
Re:This looks like a serious problem (Score:2)
identities has to be broken in some gauranteeable and visible way, or unscrupulous persons can
use the same information thats needed for security to trace people's voting records."
Why? What "unscrupulous persons" besides the government even has access to that info? It's not like the government is selling voting info. But yes, I agree that it is probably best that even the government
Jazilla.org - the Java Mozilla [sourceforge.net]
Re:Going slow is probably good (Score:2)
Huh? Why? You need to be the exact opposite of that. You need to be identifyable. Not so the government can print in the papers "Joe Schmoe voted for a 'looser'", but so people can be accountable.
Wouldn't PKI be the perfect solution in this case? With their voter id card, give em their key, with which they can use to vote exactly once.
Jazilla.org - the Java Mozilla [sourceforge.net]
Re:On-line voting only has one minor problem.. (Score:2)
This is probable not such a hot idea: The south used to require people to be able to read becuase they did not want blacks to vote. These were called Jim Crow Laws and were a very bad thing. It is really a tough choice: on one extream we have Oz where every moron is required to vote, but on the other extream we have places which descriminate. I feal comfortable with the gov. adding a technelogical option to voting which make voting easier for serton segments of the population, but not with telling serton segments they can not vote,
I think a good compramize that might fix many problems in america today would be: if your org. runs some kind of score card or votes guide and you can get enough signatures then you can be linked to from some the voting site. This would make doing candidate research easy.
Jeff
On-line voting only has one minor problem.. (Score:2)
I think theree are really good algorithms anonymous authentication (we have anonymous curency system could do this job), but I doubt they will work through HTTP as it currently stands, so people would need to download a plugin.. which is not too difficult. There are also neet ideas like leting lots of independent groups countthe votes, i.e. your computer sends out the anonymous but authenticatable vote t hundreds of machines.
The only real problem for online voting is the poor control of the enviroment, i.e. your parents / spouce looking over your sholder to make shure you voted "correctly." This is a VERY big problem, but there are way to solve it.. including criminal penalties for menipulating someone else's vote like this and restrictng the voting to things like cell-phones, i.e. truely *personal* computers (note: those are crappy solutions). I guess you could say it is easy to be anonymous from big brother but not from your real big brother..
There is also some concern about viruses which hang out until voting time and then vote for specific parties/people. Still there are many advantages to online voting like: higher precentages of more educated people vote (remember, you can find out all sorts of things about the candidates online that you never hear from main stream news and you can get the opinion of importent groups like the ACLU) and people can vote more oftin since it is less hassel.
Jeff
Re:Going slow is probably good (Score:2)
> worth voting for, such that you're considering
> not voting at all, why not find whichever
> minority party you most agree with and voting
> for them?
Well...at this stage in the game, about the
only "Party" that might come close to advocating
what I stand for would probably be the US
Socialist party or the "Labor Party". However,
they don't seem to be a "third party" with much
support.
At the heart tho, I have some severe philosophical
problems with "representative democracy".
The first being that it reduces the people's
involvment in government down to a popularity
contest, no more mature or meaningful than some
high school student body election. "Hair, Teeth,
smile" are the holy trinity of the political
scene.
Secondly it puts a small elite in power. People
who can be easily corrupted, and rewarded richly
for their corruption (even if it were illegal,
they could still take direct bribes through
more round about and covert channels)
Thirdly, and perhaps worst of all, it gives the
people a false sense of power. every election
year you hear people saying "Don't throw your vote
away" and that "We have the power", however no
REAl change ever comes of it.
All this sense of power serves to do is make
the poeople too complacent to revolt. It gives
them a feeling as if they can work through the
system for change, when in truth, the current
system is so dug in that it just isn't going
to happen.
If you have any doubt, listen to Jesse Venturas
story. When he ran for mayor, both the Democrats
and Republicans in his town joined forces against
him. They said that he was the worst thing that
could happen to the city, and painted him as
a clown.
After he got elected, both sides aproached him
seprately and asked him to join up with them.
No morals have these people. How many people
without the Unique mixture of fame and hard nose
personality could have got in against that
oposition? How many could have resisted the
temptation after getting in?
Sure, he makes for a symbol of hope. However, it
would take hundreds of men like him to cause even
the beginings of change.
In the end, all people lik ehim could acomplish
is short term gains. In the end, the system is
made to support corruption and traditional
politics. That I fear, is not fixable.
Re:Going slow is probably good (Score:2)
> that. You need to be identifyable. Not so the
> government can print in the papers "Joe Schmoe
> voted for a 'looser'", but so people can be
> accountable.
Accountable? um no
The idea is to have it be identifiable that
Only an identified person could have voted but
there should be NO way at all to deterime what
their vote was.
> Wouldn't PKI be the perfect solution in this
> case?
Actually... Applied Cryptography has a few
interesting protocols for Secure Anonymous
Voteing. Its interesting because (I don't have the
book with me here) it can provide a way to verify
that only allowed people can vote, and also make
sure that it is impossible to correlate votes
with individuals.
Personally I would be alot more interested if
instead of working on better ways of voteing,
the worked on ways to give you something
worthwhile to vote for.
When its a vote to decide WHICH corrupt
authoritarian asshole will be fucking me over
for at least the next 2-4 years, there is not
much incentive to vote at all.
Might as well let them decide by a best 2 out of
3 competition of Rock Paper Scissors, the result
would be the same.
Re:Voter apathy (Score:2)
> to be shown, not told, how the government
> works. They have to believe that corruption is
> beatable. Right now, even I have a hard time
> believing that.
Well...why should we teach that "Corruption is
beatable". IS it more important to teach things
that make you feel good about the system rather
than the truth?
Personally, I do not think corruption is beatable.
I AM apathetic about voteing. I have never in my
life voted. I will never vote an individual into
office (I do plan to vote for a certain voter
ballot initiative in my state....but thats a
differnt matter..I will not vote for a candidate
into office).
As long as the system is being setup, and
trampling upon my rights as an individual, and
forcing me to pay them money, why should I care
who is doing it?
All voteing boils down to is deciding whose
bank acount the special interest money goes into.
Secure Enough?!? Really? (Score:2)
Sarcasm aside, it's easy to justify eCommerce over net voting. The potential for profits for eCom vastly outweigh any risks, in the minds of investors. They'll take the risk with eCom, and hope nothing happens. If something bad does happen, then they'll deal with it at that time.
This statement by CmdrTaco gives me the impression that he either has been living in seclusion for the past couple of weeks, or he just ignores the recent events with credit card number thefts.
I believe California is completely justified in taking this position, and would personally expect nothing less from any Gov't.
Voting is a much more serious issue. It's something where the risks definitely outweigh any benefits.
Re:Don't hold your breath. (Score:2)
Secure my ass (Score:2)
Schneier agrees (Score:3)
Re:Paper is good (Score:3)
Nick
Need to compare risks with non-computer fraud (Score:3)
Suggesting that we may have an election fraud problem in the good old can't-happen-here-or-at-least-not-these-days USA is a quick way of getting yourself branded a conspiracy nut, but this strikes me as the "innocent until proven guilty" attitude taken to an insane extreme.
I actually think that there are a lot of urban areas in the US with all sorts of election problems. For example, in the last mayoral election in San Francisco, there were a number of disturbing articles about how it's not even possible to check whether the people registered to vote are real people (e.g. if you find a dozen people registered using the address of a bar, you can't dismiss them out of hand, that really may be the closest thing to a stable address that they've got).
And a few years back there was an election that smelled really bad in a number of ways (there's no disagreement that there was some fraud going on, the only question is whether there was enough to swing the election): San Francisco Stadium Election [brasscheck.com]
``Votation.com makes elections more secure than existing election systems currently do,'' company Chief Executive Officer Joe Mohen said
Paper is good (Score:3)
In the UK, we vote by placing crosses on pieces of paper. It may be old-fashioned (and our government are talking about changing it) but I think it has one enormous advantage: it's totally visible. As the count is made, representatives from all the political parties are present. They can see what's going on with their own eyes, verify it, and question it if necessary.
I regard this transparency as a basic democratic safeguard. One doesn't need to trust that the technology is working properly. The accuracy of the result is not in doubt (if it's close, it's recounted, several times if necessary).
(Besides, election night is much more fun as the results come in one-by-one through the small hours of the morning!)
A boost for women in government? (Score:3)
Re:Voter apathy (Score:3)
How would you vote in these changes?
MANY states do not allow ballot initives. Federal
level certainly doesn't. This means of course that
you have to vote in someone who will do it.
The problem is, you have to vote in enough
people who will do it. Anyone voted in will
immediatly be aproached by the other side with
reasons to change their mind.
What else? well the "Rich Ass People" control the
mass media. They have the ability to pipe their
political views into hundreds of millions of
homes at any time they please.
It is in their best interest to opose the changes
you talk of...and of course to make you "feel"
like you have the power. Voter apathy is what
"They" want.
Unfortunaly...it is deserved. The current system
is so encroached that I fear nothing short of
revolution will fix it. Im just waiting for more
people to realize this.
Online voting: not ready for prime time (Score:4)
With traditional votes as long as the roads are open and the weather isn't too bad people can make it out to a voting station. The total tally may be larger on nice days than during inclement weather but there will be a respectable cross section of the population who will make the effort to vote. If you make it to the station your vote will be counted.
Votes tend to have geographic biases which is why you have states or municipalities referred to as being 'traditionally democratic' or 'traditionally republican' etc. This could lead to a denial of service attack to alter the outcome of the election. Send out your armed contingent to keep voters from reaching the voting stations. For a variety of reasons this isn't done. It's illegal, frowned upon by the public, tends to get the government pointing its arms at you and so on.
With internet based voting the structure of the internet itself will guarantee that even though some number of voters are at the voting station (their personal computer in this case) but won't be heard during the final tally. Net congestion, ISP problems but we'll assume that their computer is actually working.
A denial of service attack against geographic regions is much easier though and much more anonymous. Just make sure that the traffic in a region is high enough to make voting difficult. Look for misconfigured machines that will allow an avalanche of pings to be sent with information at your local script kiddy database.
You can argue that not allowing online voting will stop some people from casting their vote. To that I say so what? If somebody can't make the effort to make it to the local vote station then they probably aren't concerned enough about what their vote represents to even have formed a real opinion. There are real circumstances such as illness but there is already vote by proxy to cover this.
When the internet has enough bandwidth and redundancy to conceal the effects of net congestion it will be time to look at internet voting for serious elections. Until then all its suited for is informal polls.
Coerced votes?? (Score:4)
-russ
Voting IS different. (Score:4)
I hate to admit it, but voting is different from financial transactions. The incentive for fraud is greater, and the system is less fault-tolerant because so few people vote. I am more knowledgeable about elections than I am a security guru, so take this w/ a grain of salt, but:
Software systems are much easier to crack than physical systems. At the risk of sounding like the french with their 'visual telegraph' alternative to telephones, there is a comfort in the fact that:
1. Tampering can be limited to people with physical access to the machine which is monitored by ordinary people. Political parties employ 'poll watchers', who are ordinary people who often aren't even politically active, to keep an eye on the machines during the elections process to watch for tampering.
2. If tampering DOES occur, the machine can be examined to determine who did it, and reveal physical evidence. It is much harder to determine that from a compromised system.
3. Financial transactions are time-dependent, whereas election info is useful for years. So I can sniff the encrypted packets today, and decrypt it with tomorrow's techniques.
Besides, I keep hearing from experts that our current systems for financial transaction are insecure and require major overhaul.
People are very passionate about politics-- just read the other posts! There are plenty of people who, given the means, would actively try to disable or disrupt an on-line election. Or try to distort the results. Or use tricky web page scripts to socially engineer a person into voting for other candidates. The point is, this is one of the most vulnerable things to tampering in the real world-- let alone online. We have to be very cautious before we implement it.
Going slow is probably good (Score:4)
1. Only allow registered voters to vote.
2. Only allow voters to vote once.
3. Ensure that those votes are truly anonymous.
4. Ensure that all valid votes are accurately counted.
If you think about it, requirements 1 and 3 seem almost mutually exclusive. I know that there are algorithms that purport to be able to handle this in theory, but rolling on-line voting out to people that don't know how to program their VCR isn't going to be easy. Applied Cryptography by whats-his-name has a fairly good section on voting protocols.
Couldn't Agree More (Score:5)
Fraud on the financial level is easy to detect--somebody is out their money. Someone either has their goods or has their money, and either they have both or they have neither. There's a long paper trail, with *individual* impact on only the two parties involved in the financial transaction.
Fraud on the voting level is so much different, it's scary. Your computer says, "Ah! Vote registered for Mr. Bob", that's it. You're out no money, you've lost nothing if your desktop has been secretly tampered with, there's no paper trail that you're going to have any reason to analyze because you're not going to know anything went wrong. Lets not forget, with nothing written down, there's no physical evidence of the original votes--how can one demand a recount when the servers store the votes? Once the data enters the server, all sorts of unique WORM/cascading signature/etc. methodologies can be applied, but it's gotta get there.
The most insidious part of all of this is that it's not simply the voter that loses out by a falsified vote, but society as a whole. Votes affect everyone; financial deals are limited to those directly transacting.
Maybe something like iButtons, or Amex's Blue might go along way towards increasing my faith in online voting. For now, I just don't think the tech is there for something so critical.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com