Researchers Devise Voting System That Seems Secure, But Is Hard To Use 103
An anonymous reader writes: According to an article in ReadWrite, a team of British and American researchers have developed a hacker resistant process for online voting called Du-Vote. It uses a credit card-sized device that helps to divide the security-sensitive tasks between your computer and the device in a way that neither your computer nor the device learns how you voted (PDF). If a hacker managed to control the computer and the Du-Vote token, he still can't change the votes without being detected.
Only geeks can vote? (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
So - you'll be voting for Clinton?
Transparency (Score:5, Interesting)
Voting must be secure, private, equal, and transparent. If the counting is done by a machine and there is no paper trail then this transparency is not realized. Nice to see that they are able to secure the transmission, but now the devices can still be tampered with. What I do not understand, why is it so important to replace the voting process with an electronic voting process. Voting is an important act in a democracy, therefore, it is also important to give it enough time and ritual to perform it.
Re: (Score:2)
What I do not understand, why is it so important to replace the voting process with an electronic voting process
Because it makes it much easier to rig the elections.
Re: (Score:2)
Because of gerrymandering, the polling station that was selected for me in my district is about 8 miles across a city in a location without a bus stop and the closest public transportation about 3 miles away.
1) Perhaps you could find some sort of way to carpool or even split a cab... what with the entire district having a reason to go there that same day. Not to mention political parties and volunteer groups all over the place running busses etc.
If only there were some sort of alternative like the ability to mail in a ballot... oh... wait. There is.
2) I agree with you gerrymandering ought to be criminal.
Re: (Score:1)
But how would you get politicians to pass such a law?
Re: (Score:2)
The same way the public gets them to pass all the other laws ... oh wait.
Re: (Score:3)
There are many factors that play in low voter turnout but to name the worst offenders here we go:
1. The two party system itself. Having only two nationally recognized parties by the media ignores a very large part of the population that doesn't agree with either of them. This is the primary reason gerrymandering works too.
2. Primaries. Having primaries in the two party system means those that support a candidate that doesn't win the primary feels left out and doesn't see a need to vote in the general electi
Re: (Score:2)
I concur with your points, but have a few corrections to (3) and (4), as the best way to win an argument is to not allow any holes:
The "winner takes all" system means that all of a state's electors are pledged to the winner of the popular vote in that state, regardless of the margin. What happened in 2000 was that Bush won his states by narrower margins than Gore won his states, resulting in the "packing" situation that is the principle argument against an electoral college.
The electors in 2000 all voted as
Re: (Score:2)
I call BS on this.
In the US a national election is not carried out at the district level because it's also an election for at least the State House. Generally states will piggy-back even more election onto it -- back in Michigan you'd vote for Supreme Court, Community College Boards, County elected officials, etc. when you voted for President; the other even numbered years added State Senate and Governor to the mix; now that I'm in Ohio the big change is there's no Community College Board on the ballot.
Sinc
Re: (Score:2)
Strange! Really, do you live in the central Africa? 8 miles to the polling station. That looks like a method to keeping people from voting. I normally have to walk approx 6-8 minutes to the polling station, but even when I lived in a village there was one in the village. Easy to get there. However, 8 miles that is 13 km, by bike this is half an hour. In Germany you would have crossed two more villages.
Re: (Score:2)
Whatevs Pancho Villa.
Re: (Score:2)
Re: (Score:2)
Because two choices which do not represent me are so much better than one choice.
Re:Transparency (Score:4, Funny)
If I wanted ritual in my life, I would have become a priest and pursued my career with extreme political ambition so I could vote for the freaking pope.
I guess you've never read an article in your life about mobilizing the voters who are too lazy (or metabolically downtrodden from their Cheetos and Coke diets) to physically show up at a polling station?
Paper is a physical token. Reliably obtaining exactly one unambiguous, untamperable physical token with confidentiality from each adult member of society—the vast majority of which are collected on the same day—hasn't exactly proven to be an easy problem, especially when broadened to include public trust—that every voter understands and believes the process to have all of these properties (to at least a substantial degree).
Electronic voting vastly reduces the complexity on the collection side, but then the tamperability problem looms supreme, but this could almost be solved with enough crypto cleverness, except that the public trust story then requires a tiny bit of numeracy beyond grade six math.
Ritual, however, is accessible to a four-year old.
The same four-year olds who are unfortunately not yet equipped with fully functioning batshit detectors.
I don't want to abolish ritual. I simply want to reduce it to the size where I can drag it into the bathroom and drown it in the bathtub.
Re: (Score:1)
Electronic voting vastly reduces the complexity on the collection side, but then the tamperability problem looms supreme, but this could almost be solved with enough crypto cleverness, except that the public trust story then requires a tiny bit of numeracy beyond grade six math.
Perhaps an ecosystem of vote verification tools built upon a well-understood verification algorithm with an open-source reference implementation would alleviate the crypto-innumeracy problem. The voter wouldn't have to understand the math; only how to enter a magic number, press a button, and check for the expected result. Multiple implementations help ensure that no one can game the verification process (or just implement the algorithm incorrectly) without being caught out in short order. The verification
Re: (Score:2)
Voting is an important act in a democracy, therefore, it is also important to give it enough time and ritual to perform it.
yet people in the US still have to take time off from work to vote. they need to make it a national holiday if they actually want to increase voter participation.
Re: (Score:2)
Here in Spain elections are always on Sunday. (In fact, we have elections tomorrow). However, I don't imagine that that would be very popular with certain constituencies in the southern U.S.
Re: (Score:2)
They could allow to vote by mail and vote in the city hall. In Germany normally you get your "voting permit" weeks in advance. And you can use that card to vote at the city hall every day before the election. So all those I cannot go to a polling station on Sunday people can vote easily.
BTW: Good look with your election tomorrow.
Re: (Score:2)
Wait, are you saying Spain is less observant of the sabbath that Dixie?
I live in Spain too (though I'm not Spanish) and Jesus is every freaking where. Although to be fair they don't stuff the religion down your throat.
Well, all except the Jehova's Witnesses. I've never seen so many as in Spain.
Re: (Score:2)
Or have elections on the weekend. If you really are wedded to voting on Tuesday we could have four-day elections with voting Saturday, Sunday, Monday, and Tuesday. This would actually make a lot of election administration simpler because if you only have a quarter of the voters per day you need fewer administrators, and if it turns out some great idea you had the day before the election was dumb you can switch on Saturday night and then only 3/4 of the electorate will have to put up with your dumb idea.
In t
Re: (Score:2)
We have our elections on Sunday and the rest can vote via mail or go to the city hall any day and vote there.
Re: (Score:2)
What I do not understand, why is it so important to replace the voting process with an electronic voting process.
Because they're so much easier to tamper with, and any tampering can be blamed on accidental software bugs (because everyone who doesn't use formal methods software knows that all software is inherently buggy)
Re: (Score:2)
Crypto is NEVER the answer if the question is Vote (Score:2)
yES!! if the TYPICAL voter does not understand why the vote is secure the method fails. this is virtually the turing rest for any proposed schema.
Someone needs to write one of those form letters we have for why someones proposal to end spam will fail for all these stupid people who think the problem is crytography.
Re: (Score:1)
When I complained about the political corrupts that rule back where I live, a swiss guy explained me that voting is the least you can do to keep the politicians in check.
If you actually care, you will have to organize with other people to for instance review the public records or financials.
But in the end quick, reliable, evolutive, secure, private, equal, transparent and open source voting is a must for decision making.
So it is important to replace the voting process with the digital age because that will
Re: (Score:2)
So it is important to replace the voting process with the digital age because that will allow faster and more informed decisions.
1) How will replacing the voting system result in faster or more informed decisions by the voters? That's like suggesting making high tech toilets will get people to make better choices about what they eat.
2) What on earth do we need -faster- decisions for? Because having to wait a few hours a few times a decade is the major problem with our system of government?
I for one would replace it with something more 2.0, the sooner the better.
Better how? Fewer people would know how it works. Therefore Few people should trust it. Doesn't sound "better" to me. Election systems need to be s
Re: (Score:2)
Well a Swiss guy would say that. Switzerland is one of the very few countries where the people themselves have a real-time veto on bad laws.
Their votes actually count. They aren't just voting for promises.
Not secure (Score:3)
The counts can be hacked at the target computer. For example, by the government, by foreign governments or by the company providing the voting systems.
Or are the "electronic votes" counted manually by thousands of volunteers and leave a huge paper trail?
Confidence versus rational confidence (Score:5, Insightful)
It is conceivable that the World's Cleverest People (WCP) will devise a system that reliably enables people to vote over the internet. And researchers tell us America is no longer a democracy, so I suppose it doesn't really matter that only the WCP will have rational reason to have confidence in the system.
But for those of us who think people should be able to prove to their own satisfaction that their vote was counted as cast, paper inserted into witnessed boxes and then counted in public seems like a better idea. It will never make Microsoft rich, though, so I doubt Microsoft Research will admit this.
Re: (Score:2)
"World's Cleverest People" is just another way of saying "The Best and the Brightest." [wikipedia.org]
We will never learn.
KISS (Score:5, Insightful)
Voting should be a low tech process that anybody can understand. Too much technological magic erodes the trust of voters who are capable of understanding it. Simply marking a ballot with a pen is understandable by anyone. Maybe you count them by machine but you always have the fallback of machine counting. I don't trust any voting process that doesn't have that fallback option. If the voting records are only held electronically how can you ever completely trust the results haven't been hacked?
Re: (Score:2)
Bingo. You shouldn't have to have an IQ of 300 to understand the process, or to use it. You shouldn't even have to have an IQ of 100. A lot of not-so-bright people live in this country after all. Probably 150 million or more. After all, 100 is the median IQ, right? Half or more of all Americans have IQ's equal to or lower than 100.
Re: (Score:1)
given that IQ of 100 is the average of IQ of the population, in a normal distribution you will have about the same above as below that treshold.
Re: (Score:2)
I bet the parent poster wishes he'd said that.
Re: (Score:3)
Perhaps you meant "fallback of human counting." For simplicity:
1. The voter selects a candidate on a touch-screen tablet.
2. The tablet prints out the vote selection on a piece of paper. This ensures a valid vote has been cast by the voter.
3. Voter deposits paper into a box along with other votes.
4. A computer with a scanner rapidly scans the paper votes after the box is emptied into the counting machine.
5. Humans manually r
Re: (Score:2)
Or how about you use a large-format "scantron". You fill in the bubble, and scan it. The paper copy can be re-counted, but it can be easily electronically calculated. Why do we need the touch screen? It seems like people want to introduce technology just for the sake of introducing technology.
Re: (Score:2)
1. The voter selects a candidate on a touch-screen tablet.
Ah, I see you're building a finger print database. Nice.
Re: (Score:2)
Ah, I see you're building a finger print database. Nice.
<Morbo>Touch screens do not work that way! Good night!</Morbo>
Re: (Score:2)
Touch screens do not work that way! Good night!
Not normally, no, but it could be added as an extra feature.
Re: (Score:2)
Yes, I meant to say "hand counting".
I don't have any problem with using a machine to print out your ballot as long as the voter can hold the printed ballot in their hand and verify it is correct before putting it in the ballot box.
Re: (Score:2)
Yeah, but I don't want to pay for that. You're using a computer and printer to replace a pen.
What's the point of that? To be sure some idiot that can't mark a circle gets to vote? Or maybe you're all paralyzed and parkinsons and really can't mark the circle.
That's why all those old people are hanging around the polling place; they are there to help you. Or you can bring your own help.
There's no good reason to have a computer anywhere near voting. The digital adding machine in a scantron is all we need. (And
Re: (Score:2)
Well, how do propose we avoid a repeat of hanging doors and pregnant chads [ucsd.edu], like in the Bush/Florida election, without computers?
Re: (Score:2)
A pen marking on paper is not the same as having to destroy a small part of the paper. The chad thing is problematic as a design.
Another example of fixing something that wasn't broken.
Re:KISS-errata (Score:2)
Maybe you count them by machine but you always have the fallback of machine counting.
Of course I meant "you always have the fallback of hand counting."
Beside hacking (Score:5, Insightful)
Beside hacking a device to steal votes, there is a number of other concerns about the online voting which cannot be eliminated by any device you can imagine.
For example, how can you be assured the voter has not sell his vote and the buyer can just sit beside him to make sure he is getting what he paid for? How can you prevent someone to impose a candidate to someone else by threatening him/her/them? At a vote poll, you can make sure nobody is intimidated and anyway there is no way someone else can check the vote he tried to steal.
Online voting is a big No-No.
Proctored voting (Score:4, Insightful)
A lot of people think online voting is the next big thing, but the problem is actually very hard to do online.
To do it right requires a "proctored" setting where the person is guaranteed to be alone, and unobserved (including video recording).
If you can't guarantee that the person is alone, then they can be coerced into voting a specific way. If you can't guarantee that the person isn't observed, then the person can sell their vote.
Video recording hasn't been addressed yet, but with the current system a voter can record their vote as proof of how they voted, and so vote selling is possible. It's functionally the same as being observed, just time shifted.
Add in the requirements for recounts and verification, and physical ballots in a proctored environment is the simple solution.
I've seen mathematical solutions that make tampering statistically impossible. The system injects a large portion of non-human votes in a cryptographically secure way such that it doesn't change the actual outcome, but it's impossible for a hacker to change votes due to the statistical likelihood that he'll change one of the non-human votes and be detected.
Even with these systems, you still need a proctored environment that guarantees anonymous and unobserved voting.
Re: (Score:1)
Re: (Score:2)
You do realize that 3 states have already gone entirely vote by mail.
Is your point that some times states do stupid things, and don't learn the lessons of the past?
Re: (Score:2)
In Australia, at least, anyone can apply to vote by mail (which is very useful for the elderly or super-busy), and voting by mail is the only way to vote in things like local council elections. Voting is also compulsory. It seems to work fairly well; I've never heard of a vote-purchasing scandal, and any amount of vote purchasing which was on a large enough scale to influence an election result would be almost guaranteed to be leaked by somebody.
If you can't guarantee that the person is alone, then they can be coerced into voting a specific way. If you can't guarantee that the person isn't observed, then the person can sell their vote.
Every vote counts, for sure, but when your potential voting po
Re: (Score:2)
There are problems with paper voting as well.
oldest trick:
- bad buy gets a blank vote page, somehow.
- bad guys marks the page as he wants, then gives it to voting guy.
- voting guy goes to vote, puts the already marked vote in the box, carries out the new blank vote page.
Loop and repeat.
Or while counting the votes, if a city is expected to have an heavy turnout for the wrong candidate, if you can manage to sneak in a bad guy as the one who parses the ballots, he can have a small piece of pencil under the nai
Re: (Score:2)
Around here, a paper ballot is large, and not easy to conceal. Somebody taking one in or out would be noticed, and since all precincts around here have observers from both major parties somebody would call the police. Also, the voter fills out the ballot and puts it in the tabulating machine, which drops it into the ballot box, with no opportunity for observer tampering. In the event a manual recount is required, I'm pretty sure one of the observers would object to the bad guy. Besides, it's really har
I've got an idea... (Score:1)
We could print out the ballots on paper, and then instead of using digital or pen signatures, we could use our blood to check the boxes and "sign" the ballots.
Now all we would need is a national DNA registry. This would also solve a whole bunch of problems with needing or not needing to present ID to vote, as you wouldn't need to show an ID card at all (although I honestly don't know why anyone would want someone that may or may not be an American citizen, or even the correct person voting, but this is appa
I love it (Score:2)
Stupid and lazy people are kept from voting by having to read instructions and enter numbers into a token. The ones who manage to cast a valid ballot are likely also intelligent enough to understand basic scientific facts and elect politicians capable of cooperating with other humans! Instant fix for American government!
I fail to see why online voting is necessary (Score:2)
Ditto the touchscreen voting machines and every other apparatus they come up with in their attempts to do away with the paper ballot, which has worked just fine for over 200 years. Just because it's more modern doesn't make it better.
Re: (Score:2)
Re: (Score:2)
He's not down modded for this. He's got negative karma, so apparently in the past he's made a big enough negative impact that all posts start at -1 for him.
Over-the-shoulder problem (Score:2)
Open voting logs is the solution (Score:1)
Many people thing about electronic voting only for presidential elections and so on, but where I think it could be a game changer is in bringing current democracies on the way to a system closer to what is known as direct democracy where implicated citizens could use their vote in very specific decisions and other people could delegate (temporally , with easy possibility of revocation and discretionally) to political parties or representatives so they could decide for them.
I envision a system with independe
Re: (Score:1)
I think that scenario would be a lot better of what we currently have, where sometimes only the 0.0001% of the majority can and regularly does things like that.
I think people should believe in their society, a healthy society would most of the time choose the right thing and when it wouldn't it would be their responsibility allowing it to change and improve as a whole.
Also in order to protect minorities (of any kind ethnic, geographical, professional, ...), a system could be devised so minorities could be s
Re: (Score:2)
You make it so that changing something needs substantially more than 50% acceptance. If the vote is close, say between 45%–55%, the law gets sent back to the politicians for revision and revote. Then if it's still close to 50%, status quo reigns. This is how voting works in many specific cases.
Re: (Score:2)
"he"? (Score:2)
Based on the summary, I'm forced to conclude that it is safe to tampering from male hackers, but that female hackers can safely modify the results!
Re: (Score:1)
,,|,
All you are promoting is waste of worlds resources, energy and time
How low is your IQ that you can understand that word "he" in this context applies to all sexes(And not just male,female)
Opinion of the constitutional court of Germany (Score:2)
I'm sorry, but please follow the current state of the discussion which probably is the opinion of the constitutional court of Germany.
Essentially they found that it's rather irrelevant how secure it is, what's important is that it's easy to detect fraud. And by being easy they mean that a lay person without any special knowledge can, without a doubt, find out when fraud occurred.
The typical well designed system is the hand marked paper ballot. The technique to check for fraud is trivial. You look into the b
waste of time (Score:2)
Should be copying Oregon's Vote-By-Mail system instead.
No lines, no having to get across town after or before work, all resulting in better voter turnout, particularly among those with the most trouble accessing the vote (ie, minorities, poor, and low income workers).
Which is precisely why they'll fight it in every other state.
Re:"without being detected"...yet (Score:4, Insightful)
Re: (Score:2)
Bruce Schneier said "a secure Internet voting system is theoretically possible, but it would be the first secure networked application ever created in the history of computers."
Good luck to them.