
Online Voting in U.S., Despite Risks, Should Be Developed - lambtron
http://bits.blogs.nytimes.com/2012/11/11/disruptions-casting-a-ballot-by-smartphone/
======
specialist
The punditry have learned nothing.

Help America Vote Act (HAVA) ushered in the touchscreens in a massive turf
grab. Insecure, unreliable, untested touch screens were rushed to market.

The same forces are now at work pushing vote by mail and then electronic
balloting.

For the vendors, is about charging for the upgrade and switchover costs.
Anything to make a buck.

Election integrity is barely considered.

During the hearings to permit casting ballots VIA EMAIL in my state, a retired
general now lobbying for the vendors claimed "internet security has gotten
really good." Well, shit, if a general says it's cool, that's good enough for
me. Bill sailed through legislature unanimously. Because its for the children,
err, troops.

I talked to many of the legislators about electronic voting and casting
ballots via the internet. First, they didn't understand that email was
delivered via the internet in the clear. Second, if you're explaining, you're
losing. Meaning once you start talking policy, their eyes glaze over, oops,
sorry, your five minutes are up. Next!

The only way the legislators vote against this stuff is if they feel the heat.
Meaning stuff the hearings and their inboxes with opposition.

I could go on and on, but I have pancakes waiting for me.

~~~
dmckeon
On-line voting is not impossible, but people tend to see the "I marked my
ballot" part and ignore the rest of the voting ecosystem.

Registering voters implies maintaining a registration DB, and handling moves,
deaths, changes of name, changes of civil status that may disenfranchise or
re-enfranchise a voter.

Preparing ballots, paper or otherwise, implies matching voters to the
appropriate ballot, precinct, or voting center.

Avoiding or invalidating multi-voting (in the same jurisdiction) implies
knowing whether a voter has or has not voted, and keeping them from voting
multiple times.

Counting paper ballots implies accounting for spoiled and unused ballots and
dealing with faint or unintended marks.

Secrecy of ballot implies that nobody else knows or can find out how a voter
actually voted (currently unless they show someone a mail-in ballot before
mailing it.)

Imagine the result of a smartphone app that wrapped around a voting app, and
offered to pay voters $50 to vote for or against a candidate or ballot measure
- even if the payoff app completely failed to work, just the purported
existence of such a tool might cast doubt on a election result.

Voting online is not a "greenfield" problem - it would have to subsume a lot
of previous experience and knowledge before being thoroughly trusted by its
users.

I would suggest to anyone exploring online voting that they get a grassroots
look at the current process - volunteer to be a elections clerk (judge,
watcher, etc.) at your next local election, and/or become a voter registrar if
your jurisdiction allows citizens to fill that role.

If you'd rather just web-browse, I can recommend
<https://en.wikipedia.org/wiki/Avi_Rubin> as a useful and thoughtful source.

PS - my voting preference is that voters mark scannable ballots, that are
scanned immediately in the voter's presence. You get the persistence of paper,
immediate feedback for mismarks or unscannable ballots, and good
reproducibility of count if needed.

Also, if a surge of people arrives at a polling place, paper ballot marking
can be done in parallel, rather than having a bottleneck of a few (expensive)
machines that all voters must use (registration look-up and ballot scanning
are still bottlenecks).

~~~
specialist
> I would suggest to anyone exploring online voting that they get a grassroots
> look at the current process...

Exactly.

I've worked as poll judge, poll inspector, poll observer, central count
observer. I have yet to work central count, but I have mean colleagues who
have.

When I got started on this issue, I had many many misconceptions about
election administration. I mark my ballot, drop in the mail, it gets counted.
What could be more simple?

Now I know that central count and mail ballot processing is like making
sausage. And that electronic voting requires a religious style belief that
everything just works.

> Secrecy of ballot implies...

Voter privacy has traditionally meant before and after casting one's ballot.
The "before" part is completely ignored by all the proposed online voting
systems. Ditto postal balloting (vote by mail).

The Australian Ballot system permits marking one's ballot in private and
prevents linking that ballot to the voter during counting. It's the gold
standard. We may divine something better. Until then, I'm sticking to what
works.

Like you imply, that's paper ballots cast at poll sites read by mark sense
style optical scanners.

------
anonymouz
The article is just mind-bogglingly silly: The author quotes a number of
experts, explaining why it is a really bad idea and why it would compromise
the integrity of the election. Then he goes and, around those quotes, puts
some fluff where he suggests we should do it anyway, cause he'd find it
convenient to vote on his smartphone.

Here's a basic check for the author of the article: If you want to demonstrate
how online voting is the future, but you can't find any experts supporting
your point of view, and don't have anything refuting their serious arguments
against it, maybe it just isn't such a good idea after all.

~~~
001sky
The issue is the fraud cannot be undone. Unlike your IRS taxes online, there
is no IRS to audit trail the vote. And even if there were (cost/privacy
logistics aside), the harm is irreprable. If the wrong guy is given power for
2-3 years, its too late to then switch over (justice delayed=justice denied).
That is the nutshel of why this "obvious" idea is fatally flawed, IMHO. You
are concentrating political power in a black-box not subject to
checks/balances, etc. Odd, but paper ballots are the simpler/smarter choice.
We just need to lose the clowns administering the elections. Perhaps this
should be handed off to a the judiciary or something? Dunno. A good Compromise
seems to be (1) national holiday to vote (to increase turnout); (2) IDs (to
maintain semblance of legitimacy); (3) simple paper ballot (secure, private,
verifiable); (4) computerized registration (to ensure any problems sorted out
in advance re(#2).

------
stcredzero
As always, security is intimately tied to economics. How many people are
interested in breaking into the Estonian elections, versus how many are
interested in gaining power over the US elections? It's quite a stark
contrast. This is why you can't lock your Ferrari in an rusty shed with a
cheap master lock on it. (Though the shed will probably be excellent security
for a 2nd hand bike.)

E-voting in Estonia is probably a good idea. E-voting in the US is a
catastrophically bad one until we get trusted execution infrastructure as
described in Vernor Vinge's sci-fi books. (Yes, that's DRM, but DRM in the
hands of individuals is very different from DRM in the hands of governments
and large corporations.)

EDIT: Right now, we don't need an ID to vote. That's because creating zombie
voters isn't yet possible with paper technology, unless you game the counting,
which has better security. Keeping such a conspiracy secret would be
difficult, though. Gaming the system and getting away with it would be
possible with e-voting machines. Given that only a few swing states need to be
affected, organizations that can command 100's of millions of dollars could
pull such a thing off.

~~~
rmc
_How many people are interested in breaking into the Estonian elections,
versus how many are interested in gaining power over the US elections?_

You think there is no corruption or organised gangs or corrupt politicians in
Estonia (or any other country)? Anywhere there is political office, someone'll
want to scam their way in.

Yes a small country can be less of a target, but they also need less votes to
swing it, and have less money to protect against it.

~~~
stcredzero
_> You think there is no corruption or organised gangs or corrupt politicians
in Estonia (or any other country)? Anywhere there is political office,
someone'll want to scam their way in._

I never said that. What I'm saying is that the potential payoff is much
smaller.

 _> Yes a small country can be less of a target, but they also need less votes
to swing it, and have less money to protect against it._

There's a big difference between the ROI on the control of Estonia vs. the ROI
on control of the US. The ROI is geometrically greater in the second case,
which means that Estonia can hope to afford to protect itself, whereas it's
probably hopeless for the US.

------
lindowe
Have to say, I didn't really see any actual point being made by this author.
Maybe its just a misleading headline, but as far as I could tell his argument
boiled down to 1.) We can't let the Estonians beat us in the election
technology race 2.) We live in the future, its time our election system was
futuristic. The rest is just quotes from security experts about why he's
wrong.

------
mrgordon
I'll just point out that top security experts like Ronald Rivest (co-inventor
of RSA) expressed extreme skepticism that we would be able to implement
electronic voting without seriously endangering our elections during the MIT-
Caltech voting project. I'm not trying to discourage anyone from working
towards it, but it has a lot of issues.

------
stretchwithme
Just use multi-step authentication, one of which is sometime during the year
showing up somewhere in person.

Let one of the required authentication methods be designating a close friend
or relative that is also a voter who can confirm that you actually voted. So
they would get an electronic message with a url they would have to click after
speaking with you and confirming that you did vote on the day in question.

Make it so people have to be home to vote.

And if we required the same process to confirm changes in address, we could
cut down on identity fraud in general.

Using multiple methods will make it harder to game the process. Its very hard
to steal someone's password AND steal their phone AND kidnap a relative AND
camp out at their house.

Those that can't manage all of the required steps can keep voting the way they
do now. They'll have much shorter lines to deal without everyone else there.

~~~
tallanvor
I'm an expat... Showing up somewhere in person once a year is unlikely to be
an option for me when you take into account that I visit the US every other
year on average. And before you suggest using embassies as an option, you're
assuming you live in a city with an embassy, or that you should be required to
travel to one, regardless of the cost.

How do you guarantee that the mail server will be up after you vote? Or that
the server sending out the email won't be hit by a denial of service attack?

For that matter, how do you determine if someone is at home? --Most people
don't have fixed IP addresses, and they can be spoofed anyway.

Finally, how do you determine that the vote logged in the database is what the
person actually voted for and wasn't changed at a later time? With a paper
ballot, you can always recount. Recounting database information is less easy.

------
pdonis
The solution to the one genuine problem mentioned in the article--that many
people don't vote because the logistics are too difficult--is not online
voting; it's early voting. (Which, btw, is what I believe President Obama was
referring to when he said "we have to fix that" in reference to the long lines
at the polls.)

The article says the inherent security problems with online voting are "not
impossible" to fix. In this sense, it's "not impossible" to keep Windows
computers virus-free.

------
KaoruAoiShiho
There is 1 good reason for electronic voting (among many reasons against).

If electronic voting is implemented then conceivably it would be much easier
to convince your base to actually cast their ballots, reducing emphasis on the
"ground game" and having a big operation, and thus reducing costs, and more
easily allowing third parties to be viable and less well funded candidates to
make a bigger impact during primaries.

------
mickgardner
Paper and pencil based voting, despite the risks, should be developed in USA,
shouldn't take to long.

------
onerealkewlguy
I believe that the only way that online or electronic voting could work would
be as an freely distributed "open source" community built & tested solution.
If open source is secure enough to run the Whitehouse website it is likely
secure enough to manage recording a vote.

Maybe we could engineer a situation where we use thin virtual clients from a
master server and the actual "complete operating system" of the voting device
could be imaged or have a current snapshot stored on the same media as the
vote reciept itself for possible later verification or even independent
verification on the spot by interested code developers.

------
mindslight
Hey tech community! Remember the time before the eye of Sauron gazed here,
demanding a superficial veneer of progress to demonstrate "its" society's
advancement? Remember when one informed and well-reasoned opinion was worth
more than twenty idiotic and entitled ones? (kind of the opposite of
democracy. oops, that wasn't meant to last!) Remember when we dreamed of
engineering actual solutions, rather than shoehorning all problems into what
can be solved using html+http+database, resultant deficiencies be damned? Well
I guess only about a tenth of you do, and of those only a tenth care. sigh.

------
thangalin
A series of mock-ups showing one possibility for a policy-making system:

<http://imgur.com/a/PK69j>

~~~
1qaz2wsx3edc
While I'm all for things like this, locality needs to be addressed. For
instance, my local (city/state) issue, is maybe something the whole (country)
should not vote on.

Then again, baby steps right?

~~~
thangalin
Take a look at the URL in the mock-ups.

------
jellicle
Voting online would be trivial.

I use "trivial" in the hacker sense to mean a problem that, while it might be
difficult, large and lengthy, has already been thoroughly explored and a set
of solutions and best practices is known, and should easily be accomplished by
implementors of average or above skill levels.

We do things similar to online voting all the time. When Superbowl or Lady
Gaga tickets go on sale, many people flood limited database servers and have
to be put in a queue. I can transfer hundreds of thousands of dollars with my
smartphone - that's not a problem, but a vote which is worth nothing is going
to be a target? When Census forms are sent out, a code is sent by physical
mail to addresses - that code, when entered online, can be used to fill out
the form. Or just fill out the paper form and drop it in the mail. Trivial
either way. For that matter, thousands of organizations, not just Estonia,
have binding internet votes every year.

When you read about people waiting seven hours in line, it's not unforeseen
problems or incompetence; it's malice. If you show me a story about people
waiting seven hours in line, I'll show you a Democratic district in a state
with Republican, partisan election officials. Every time. Those sorts of
problems can't be solved by technology; they're people problems, not tech
problems. Right now, internet voting is a people problem, not a tech problem.
Internet voting might encourage more people to vote - and that's why
Republicans are against it.

~~~
spindritf
> We do things similar to online voting all the time.

Name one.

The huge difference between voting and all the other transactions online is
that the ballot is supposed to be secret. A lot of security online relies on
review. That's largely how credit card fraud is being dealt with.

The other reason, why voting online or in any sort of electronic way is less
secure and difficult to be made secure, is that electronic exploits scale
well. Anyone can write a fake ballot but it's very difficult to do in numbers
that can actually sway the elections. Once you break the electronic voting
scheme, you can change thousands of votes at a time.

~~~
RollAHardSix
'the ballot is supposed to be secret'

I'd give up my secrecy for the convenience of casting my vote online. If I had
friends that would judge me for my political beliefs...well, they wouldn't be
my friends very long anyways. :)

This isn't the roaring 20's; Mobsters aren't going to come lean-on me to sway
my vote. I will however, call the police on any who do.

But in all reality, give my IP Address/Identifiable information to the
government to be able to cast my vote online? Yes. In a heartbeat yes. The NSA
& CIA probably already have everything on me anyway. Young, home-owner, broke
as shit just like the rest of the country, average job, average family,
average affiliations, I'm a boring dude-nothing to worry about.

I do agree about security though, some big players would pay to have the
election cracked...and the real stink is all it would take is a politician
complaining about a suspected malfunction and the entire online process is
review'd for WEEKS. Messy, but I'd still vote online if it was available.

~~~
icegreentea
I think you hit it on the head. You are a perfectly down the middle, average,
American. You have time to read and post on HackerNews. You are almost
certainly not in the population to which the secret ballet is most beneficial.

The moment a non-secret ballet becomes a large-scale option, then the most
vulnerable will be targetted. One there is a way to confirm that someone
infact did vote the way you wanted, then you're good to go buying the votes of
those desperate enough. You might be 'broke as shit', but you're also average,
which means you're not -really- broke as shit.

~~~
jellicle
> The moment a non-secret ballet becomes a large-scale option, then the most
> vulnerable will be targetted.

Since voting by mail is available in all 50 states to anyone, this threat you
describe should have materialized, no? But it hasn't. At all. There are zero
cases of it.

------
naturalethic
This already exists. It's call shopping.

