Video Prof. J. Alex Halderman Tells Us Why Internet-Based Voting Is a Bad Idea (Video) 264
Video no longer available.
On March 2, 2012, Timothy wrote about University of Michigan Professor J. Alex Halderman and his contention that there is no way to have secure voting over the Internet using current technology. In this video, Alex explains what he meant and tells us about an experiment (that some might call a prank) he and his students did back in 2010, when they (legally) hacked a Washington D.C. online voting pilot project. This is, of course, a "professional driver on closed course; do not attempt" kind of thing. If you mess with voting software without permission, you might suddenly find the FBI coming through your door at 4 a.m., so please don't do it.
Internet voting and more in Estonia explained (Score:2, Informative)
Internet voting and more in Estonia explained here [slashdot.org].
Uh... this is DC. (Score:4, Informative)
So, I live in DC.
The result quoted in the summary, that DC didn't manage to pull off a secure electronic vote, shouldn't be interpreted as a condemnation of e-voting, for the simple reason that this city couldn't manage to find the exit to a paper bag with a map and GPS. The incompetence around here is hilarious: there's a reason everyone working for the government lives in either Maryland or northern Virginia, since being in DC itself just means you get to hear sirens 24/7.
Everyone's heard of Marion Barry, the crack-smoking mayor? Turns out they elected him mayor again right away when he got out of prison. He mismanaged the city finances so badly that Bill Clinton cut him off from a lot of his authority, and he flounced* from the mayorship -- and got elected to the City Council. Since then he's gone eight years without paying income taxes, driven drunk, and embezzled money. Now he wants to run for mayor again.
The guy is a complete scumbag. The Washington Post said "To understand Washington, you have to understand Marion Barry."
*Flounce: To leave after a post (on the internet) where you proclaim yourself a martyr, with great drama
What's the problem? (Score:4, Informative)
What problem are they attempting to solve?
The whole idea of having traceable pieces of paper, physical manifestations of the intentions of actual voters, has served us well. Anybody can see it. Anybody can understand how it works. Anybody can observe the process in action. These are good things.
The only issue I have is proportional representation, or the lack thereof. We've had a couple of referenda on the subject here in B.C., both of which have been defeated by massive FUD campaigns.
...laura
Re:Not a "bad idea" (Score:4, Informative)
But WHY would it be so expensive? See here is what I've never gotten
It's not expensive like a luxury car is expensive. It's expensive because despite decades of research verifiable anonymous electronic voting, and even more so internet voting, is an unsolved problem.
and maybe I'm missing something but we've had smart cards for a pretty damned long time, so why not use them? Put a 512bit key, one for each person in America and hand them out with a USB reader, one per household.
What could go wrong you ask?
First distributing hundreds of millions of keys is no small undertaking. The government would have to keep a database of the public keys assigned to every voter. It would have to handle lost keys: invalidate them and reassign a new one. If it's a per-state affair then they would have to handle people moving out of state, and back in, etc.
The government would obviously use your public key so they can decode and tally your encrypted vote. That also means the government computer would know exactly how you voted (and have cryptographic proof of it). At that point you have absolutely no proof that they wouldn't store that information elsewhere. It also means anyone hacking the system like these researchers did would also know how you voted (and could resell that information or your public key).
With the kind of access these researchers had, another attack would be to decode your ballot and discard it before it's even been tallied if you voted the wrong way.
Someone could impersonate you and claim to have lost their voting key. Your key would then be invalidated thus making you unable to vote. But with access to the server another attack would be to change your public key in the government database. You would then be unable to vote until the database has been restored from backup (likely after the election). A variant would allow them to replace your ballot with a new one signed by the corresponding private key. Given that you would not be allowed to verify your vote anyway (to prevent the sale of votes), you would have no way to know this happened and no chance to complain. Even if you did you would have no proof of the hack.
If someone gets hold of the smart card, USB key or CD containing your private key, then they would be able to vote in your place. They could also simply steal or confiscate it to prevent you from voting.
Heck, you present generating secure keys as if it was something trivial. But even that can easily go wrong: you suggest a 512 bit key but a 768 bit RSA key [wikipedia.org] has already been broken, just see the Debian SSL/SSH key debacle [slashdot.org], the recent discovery that about 2 out of 1000 RSA keys is a dud [slashdot.org]. Then there's all the encryption systems that have been cracked over the years like WEP, CSS, etc. What makes you think the encryption used for your vote will fare any better. And more to the point, how will a layman be able to verify by himself that it will?