Open Government Dialogue
« Back To OpenGov - Open Government Brainstorm

rebecca

User Profile Image rebecca
Member since : May-28-2009 (Verified)
0 Ideas, 3 Comments, 15 Votes

User Activity Stream

Comments Posted

rebecca 9 months ago
COMPUTER TECHNOLOGISTS’ STATEMENT
ON INTERNET VOTING

Election results must be verifiably accurate. But several serious, potentially insurmountable, technical challenges must be met if elections conducted by transmitting votes over the internet are to be verifiable.

There are also many less technical questions about internet voting, including whether voters have equal access to internet technology and whether ballot secrecy can be adequately preserved.

Internet voting should only be adopted after these technical challenges have been overcome, and after extensive and fully informed public discussion of the technical and non-technical issues has established that the people of the U.S. are comfortable embracing this radically new form of voting.

A partial list of technical challenges includes:

• The voting system as a whole must be verifiably accurate in spite of the fact that client systems can never be guaranteed to be free of malicious logic. Malicious software, firmware, or hardware could change, fabricate, or delete votes, deceive the user in myriad ways including modifying the ballot presentation, leaking information about votes to enable voter coercion, preventing or discouraging voting, or performing online electioneering. Existing methods to “lock-down” systems have often been flawed; and even without that problem, there is no guaranteed method for preventing or detecting attacks by insiders such as the designers of the system.

• There must be a satisfactory way to prevent large-scale or selective disruption of vote transmission over the internet. Threats include “denial of service” attacks from networks of compromised computers (called “botnets”), causing messages to be mis-routed, and many other kinds of attacks, some of which are still being discovered. Such attacks could disrupt an entire election or selectively disenfranchise a segment of the voting population.

• There must be strong mechanisms to prevent undetected changes to votes, not only by outsiders but also by insiders such as equipment manufacturers, technicians, system administrators, and election officials who have legitimate access to election software and/or data.

• There must be reliable, unforgeable, unchangeable voter-verified records of votes that are at least as effective for auditing as paper ballots, without compromising ballot secrecy. Achieving such auditability with a secret ballot transmitted over the internet but without paper is an unsolved problem.

• The entire system must be reliable and verifiable even though internet-based attacks can be mounted by anyone, anywhere in the world. Potential attackers could include individual hackers, political parties, international criminal organizations, hostile foreign governments, or even terrorists. The current internet architecture makes such attacks difficult or impossible to trace back to their sources.

Given this list of problems, there is ample reason to be skeptical of internet voting proposals. Therefore, the principles of operation of any internet voting scheme should be publicly disclosed in sufficient detail so that anyone with the necessary qualifications and skills can verify that election results from that system can reasonably be trusted. Before these conditions are met, “pilot studies” of internet voting in government elections should be avoided, because the apparent “success” of such a study absolutely cannot show the absence of problems that, by their nature, may go undetected. Furthermore, potential attackers may choose only to attack full-scale elections, not pilot projects.

The internet has the potential to transform democracy in many ways, but permitting it to be used for public elections without assurance that the results are verifiably accurate is an extraordinary and unnecessary risk to democracy.

-- This statement was endorsed by computer scientists and security experts from top academic institutions and research laboratories across the US. For a full list of endorsers, please see:

www.verifiedvoting.org/downloads/InternetVotingStatement.pdf
rebecca 9 months ago
COMPUTER TECHNOLOGISTS’ STATEMENT
ON INTERNET VOTING

Election results must be verifiably accurate. But several serious, potentially insurmountable, technical challenges must be met if elections conducted by transmitting votes over the internet are to be verifiable.

There are also many less technical questions about internet voting, including whether voters have equal access to internet technology and whether ballot secrecy can be adequately preserved.

Internet voting should only be adopted after these technical challenges have been overcome, and after extensive and fully informed public discussion of the technical and non-technical issues has established that the people of the U.S. are comfortable embracing this radically new form of voting.

A partial list of technical challenges includes:

• The voting system as a whole must be verifiably accurate in spite of the fact that client systems can never be guaranteed to be free of malicious logic. Malicious software, firmware, or hardware could change, fabricate, or delete votes, deceive the user in myriad ways including modifying the ballot presentation, leaking information about votes to enable voter coercion, preventing or discouraging voting, or performing online electioneering. Existing methods to “lock-down” systems have often been flawed; and even without that problem, there is no guaranteed method for preventing or detecting attacks by insiders such as the designers of the system.

• There must be a satisfactory way to prevent large-scale or selective disruption of vote transmission over the internet. Threats include “denial of service” attacks from networks of compromised computers (called “botnets”), causing messages to be mis-routed, and many other kinds of attacks, some of which are still being discovered. Such attacks could disrupt an entire election or selectively disenfranchise a segment of the voting population.

• There must be strong mechanisms to prevent undetected changes to votes, not only by outsiders but also by insiders such as equipment manufacturers, technicians, system administrators, and election officials who have legitimate access to election software and/or data.

• There must be reliable, unforgeable, unchangeable voter-verified records of votes that are at least as effective for auditing as paper ballots, without compromising ballot secrecy. Achieving such auditability with a secret ballot transmitted over the internet but without paper is an unsolved problem.

• The entire system must be reliable and verifiable even though internet-based attacks can be mounted by anyone, anywhere in the world. Potential attackers could include individual hackers, political parties, international criminal organizations, hostile foreign governments, or even terrorists. The current internet architecture makes such attacks difficult or impossible to trace back to their sources.

Given this list of problems, there is ample reason to be skeptical of internet voting proposals. Therefore, the principles of operation of any internet voting scheme should be publicly disclosed in sufficient detail so that anyone with the necessary qualifications and skills can verify that election results from that system can reasonably be trusted. Before these conditions are met, “pilot studies” of internet voting in government elections should be avoided, because the apparent “success” of such a study absolutely cannot show the absence of problems that, by their nature, may go undetected. Furthermore, potential attackers may choose only to attack full-scale elections, not pilot projects.

The internet has the potential to transform democracy in many ways, but permitting it to be used for public elections without assurance that the results are verifiably accurate is an extraordinary and unnecessary risk to democracy.

-- This statement was endorsed by computer scientists and security experts from top academic institutions and research laboratories across the US. For a full list of endorsers, please see:

www.verifiedvoting.org/downloads/InternetVotingStatement.pdf
rebecca 9 months ago
The following is excerpted from a response by Barbara Simons to an article about internet voting. Dr. Simons is computer scientist and expert on electronic voting who serves on the Board of Advisors of the U.S. Election Assistance Commission.

"In response to multiple efforts to allow voting over the Internet in major elections, many of our nation's prominent technology experts have signed a statement cautioning against adopting Internet-based voting systems without first understanding and guarding against the numerous and well-documented dangers. This is not because, as Mr. Contorer suggests, those opposing Internet voting find "[t]he introduction of technology to any process ... scary". The signatories to this statement are not at all intimidated by technology; in fact many are established experts in voting systems who are most certainly aware of the major risks associated with Internet voting.

"The article asserts that since we are able to conduct banking and commerce over the Internet, we should also be able to vote over the Internet. This is a common misconception (or misrepresentation) that is often made when attempting to support Internet-based voting. Banks spend considerable time and money to ensure the security of our assets, yet there are still risks. Identity theft and fraud affect millions of Americans and cost billions of dollars each year. When we can detect such fraud it is because we are able to track our money through each transaction from start to finish, including the people associated with those transactions.

"However, elections by their very definition disallow this type of explicit end-to-end auditing. Voters must cast their ballot in secret and not be able to prove to others how they voted. Election officials must not be able to tie votes to citizens except in very narrow circumstances as carved out by law. The lack of these basic protections make Internet-based voting a dangerous idea and place it so far from the realm of Internet banking or commerce as to make the author's point moot.

"There are significant security issues that any vendor must address before declaring such a system fit for public elections. Yet the author glosses over these security issues raised by Internet voting, referring several times to "military-grade encryption." It is a well-known marketing technique of voting system vendors to tout the strength of their encryption because it sounds impressive. But the fact is that encryption is only a secondary part of any electronic security. It does nothing at all to protect against insider attacks, denial of service attacks, various forms of spoofing, viruses, or many kinds of ordinary software bugs. Even the most secure military computer networks have been compromised, including a recent serious breach of the Pentagon's $300 billion Joint Strike Fighter project.

"Even in the absence of malicious adversaries, software, especially a networked system such as the one E1C sells, is fundamentally difficult to get right. Aviation and military software, written to standards requiring development efforts tens or hundreds of times as costly as voting software, is undergoing constant review and upgrades.

"Americans deserve the best electoral system available. There are many options for making elections more accessible, secure, and efficient, and the Internet will have a role to play. Current possibilities that show promise include the easier maintenance of voter registration records and the distribution of blank absentee ballots. But we should not subject our democracy to the costs or risks of current Internet-based voting schemes. Rather than rushing to implement Internet voting systems because we don't want to be "stuck in the past," we should instead focus on improving our elections using innovations that build upon mature and well-understood technologies. Let's leave the bluster and insults behind, and build a reliable, accurate, and secure electoral system of which we can all be proud."

Read the full article and author bio at:
http://www.huffingtonpost.com/barbara-simons/the-internet-and-voting-w_b_210554.html