Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security

Researchers Devise Voting System That Seems Secure, But Is Hard To Use 103

An anonymous reader writes: According to an article in ReadWrite, a team of British and American researchers have developed a hacker resistant process for online voting called Du-Vote. It uses a credit card-sized device that helps to divide the security-sensitive tasks between your computer and the device in a way that neither your computer nor the device learns how you voted (PDF). If a hacker managed to control the computer and the Du-Vote token, he still can't change the votes without being detected.
This discussion has been archived. No new comments can be posted.

Researchers Devise Voting System That Seems Secure, But Is Hard To Use

Comments Filter:
  • by linear a ( 584575 ) on Saturday May 23, 2015 @11:45AM (#49758997)
    I vote yes!
    • Probably not. The authors made the newbie mistake of saddling their scheme with purpose-built crypto. They make a slight nod to the danger of this in the appendix, and sweep it under the rug (IND-CPA is nice and all, but it's not a proof of security). Experience says that they're overrating the security of their system, and there's a good chance it's broken. Thus, geeks will think they're voting, but The Man will actually be doing the voting for them.
    • by Meski ( 774546 )
      Hard to use has a certain attraction.
  • Transparency (Score:5, Interesting)

    by prefec2 ( 875483 ) on Saturday May 23, 2015 @11:57AM (#49759049)

    Voting must be secure, private, equal, and transparent. If the counting is done by a machine and there is no paper trail then this transparency is not realized. Nice to see that they are able to secure the transmission, but now the devices can still be tampered with. What I do not understand, why is it so important to replace the voting process with an electronic voting process. Voting is an important act in a democracy, therefore, it is also important to give it enough time and ritual to perform it.

    • by itzly ( 3699663 )

      What I do not understand, why is it so important to replace the voting process with an electronic voting process

      Because it makes it much easier to rig the elections.

    • by epine ( 68316 ) on Saturday May 23, 2015 @12:30PM (#49759203)

      If I wanted ritual in my life, I would have become a priest and pursued my career with extreme political ambition so I could vote for the freaking pope.

      I guess you've never read an article in your life about mobilizing the voters who are too lazy (or metabolically downtrodden from their Cheetos and Coke diets) to physically show up at a polling station?

      Paper is a physical token. Reliably obtaining exactly one unambiguous, untamperable physical token with confidentiality from each adult member of society—the vast majority of which are collected on the same day—hasn't exactly proven to be an easy problem, especially when broadened to include public trust—that every voter understands and believes the process to have all of these properties (to at least a substantial degree).

      Electronic voting vastly reduces the complexity on the collection side, but then the tamperability problem looms supreme, but this could almost be solved with enough crypto cleverness, except that the public trust story then requires a tiny bit of numeracy beyond grade six math.

      Ritual, however, is accessible to a four-year old.

      The same four-year olds who are unfortunately not yet equipped with fully functioning batshit detectors.

      I don't want to abolish ritual. I simply want to reduce it to the size where I can drag it into the bathroom and drown it in the bathtub.

      • Electronic voting vastly reduces the complexity on the collection side, but then the tamperability problem looms supreme, but this could almost be solved with enough crypto cleverness, except that the public trust story then requires a tiny bit of numeracy beyond grade six math.

        Perhaps an ecosystem of vote verification tools built upon a well-understood verification algorithm with an open-source reference implementation would alleviate the crypto-innumeracy problem. The voter wouldn't have to understand the math; only how to enter a magic number, press a button, and check for the expected result. Multiple implementations help ensure that no one can game the verification process (or just implement the algorithm incorrectly) without being caught out in short order. The verification

    • Voting is an important act in a democracy, therefore, it is also important to give it enough time and ritual to perform it.

      yet people in the US still have to take time off from work to vote. they need to make it a national holiday if they actually want to increase voter participation.

      • by pjt33 ( 739471 )

        Here in Spain elections are always on Sunday. (In fact, we have elections tomorrow). However, I don't imagine that that would be very popular with certain constituencies in the southern U.S.

        • by prefec2 ( 875483 )

          They could allow to vote by mail and vote in the city hall. In Germany normally you get your "voting permit" weeks in advance. And you can use that card to vote at the city hall every day before the election. So all those I cannot go to a polling station on Sunday people can vote easily.

          BTW: Good look with your election tomorrow.

        • Wait, are you saying Spain is less observant of the sabbath that Dixie?
          I live in Spain too (though I'm not Spanish) and Jesus is every freaking where. Although to be fair they don't stuff the religion down your throat.

          Well, all except the Jehova's Witnesses. I've never seen so many as in Spain.

      • Or have elections on the weekend. If you really are wedded to voting on Tuesday we could have four-day elections with voting Saturday, Sunday, Monday, and Tuesday. This would actually make a lot of election administration simpler because if you only have a quarter of the voters per day you need fewer administrators, and if it turns out some great idea you had the day before the election was dumb you can switch on Saturday night and then only 3/4 of the electorate will have to put up with your dumb idea.

        In t

      • by prefec2 ( 875483 )

        We have our elections on Sunday and the rest can vote via mail or go to the city hall any day and vote there.

    • What I do not understand, why is it so important to replace the voting process with an electronic voting process.

      Because they're so much easier to tamper with, and any tampering can be blamed on accidental software bugs (because everyone who doesn't use formal methods software knows that all software is inherently buggy)

    • It's not private. It requires that a 'secret' value (named 'k' in the paper) be sent to the voter in the device. The server needs to know that value to decrypt the vote, thereby being able to identify the voter.
    • yES!! if the TYPICAL voter does not understand why the vote is secure the method fails. this is virtually the turing rest for any proposed schema.

      Someone needs to write one of those form letters we have for why someones proposal to end spam will fail for all these stupid people who think the problem is crytography.

    • When I complained about the political corrupts that rule back where I live, a swiss guy explained me that voting is the least you can do to keep the politicians in check.
      If you actually care, you will have to organize with other people to for instance review the public records or financials.
      But in the end quick, reliable, evolutive, secure, private, equal, transparent and open source voting is a must for decision making.
      So it is important to replace the voting process with the digital age because that will

      • by vux984 ( 928602 )

        So it is important to replace the voting process with the digital age because that will allow faster and more informed decisions.

        1) How will replacing the voting system result in faster or more informed decisions by the voters? That's like suggesting making high tech toilets will get people to make better choices about what they eat.

        2) What on earth do we need -faster- decisions for? Because having to wait a few hours a few times a decade is the major problem with our system of government?

        I for one would replace it with something more 2.0, the sooner the better.

        Better how? Fewer people would know how it works. Therefore Few people should trust it. Doesn't sound "better" to me. Election systems need to be s

      • Well a Swiss guy would say that. Switzerland is one of the very few countries where the people themselves have a real-time veto on bad laws.
        Their votes actually count. They aren't just voting for promises.

  • by aaaaaaargh! ( 1150173 ) on Saturday May 23, 2015 @11:57AM (#49759051)

    The counts can be hacked at the target computer. For example, by the government, by foreign governments or by the company providing the voting systems.

    Or are the "electronic votes" counted manually by thousands of volunteers and leave a huge paper trail?

  • by mtrachtenberg ( 67780 ) on Saturday May 23, 2015 @12:08PM (#49759103) Homepage

    It is conceivable that the World's Cleverest People (WCP) will devise a system that reliably enables people to vote over the internet. And researchers tell us America is no longer a democracy, so I suppose it doesn't really matter that only the WCP will have rational reason to have confidence in the system.

    But for those of us who think people should be able to prove to their own satisfaction that their vote was counted as cast, paper inserted into witnessed boxes and then counted in public seems like a better idea. It will never make Microsoft rich, though, so I doubt Microsoft Research will admit this.

  • KISS (Score:5, Insightful)

    by riverat1 ( 1048260 ) on Saturday May 23, 2015 @12:10PM (#49759107)

    Voting should be a low tech process that anybody can understand. Too much technological magic erodes the trust of voters who are capable of understanding it. Simply marking a ballot with a pen is understandable by anyone. Maybe you count them by machine but you always have the fallback of machine counting. I don't trust any voting process that doesn't have that fallback option. If the voting records are only held electronically how can you ever completely trust the results haven't been hacked?

    • Bingo. You shouldn't have to have an IQ of 300 to understand the process, or to use it. You shouldn't even have to have an IQ of 100. A lot of not-so-bright people live in this country after all. Probably 150 million or more. After all, 100 is the median IQ, right? Half or more of all Americans have IQ's equal to or lower than 100.

    • by gnupun ( 752725 )

      Maybe you count them by machine but you always have the fallback of machine counting.

      Perhaps you meant "fallback of human counting." For simplicity:
      1. The voter selects a candidate on a touch-screen tablet.
      2. The tablet prints out the vote selection on a piece of paper. This ensures a valid vote has been cast by the voter.
      3. Voter deposits paper into a box along with other votes.
      4. A computer with a scanner rapidly scans the paper votes after the box is emptied into the counting machine.
      5. Humans manually r

      • by quetwo ( 1203948 )

        Or how about you use a large-format "scantron". You fill in the bubble, and scan it. The paper copy can be re-counted, but it can be easily electronically calculated. Why do we need the touch screen? It seems like people want to introduce technology just for the sake of introducing technology.

      • by itzly ( 3699663 )

        1. The voter selects a candidate on a touch-screen tablet.

        Ah, I see you're building a finger print database. Nice.

        • by Jeremi ( 14640 )

          Ah, I see you're building a finger print database. Nice.

          <Morbo>Touch screens do not work that way! Good night!</Morbo>

          • by itzly ( 3699663 )

            Touch screens do not work that way! Good night!

            Not normally, no, but it could be added as an extra feature.

      • Yes, I meant to say "hand counting".

        I don't have any problem with using a machine to print out your ballot as long as the voter can hold the printed ballot in their hand and verify it is correct before putting it in the ballot box.

        • Yeah, but I don't want to pay for that. You're using a computer and printer to replace a pen.

          What's the point of that? To be sure some idiot that can't mark a circle gets to vote? Or maybe you're all paralyzed and parkinsons and really can't mark the circle.

          That's why all those old people are hanging around the polling place; they are there to help you. Or you can bring your own help.

          There's no good reason to have a computer anywhere near voting. The digital adding machine in a scantron is all we need. (And

    • Maybe you count them by machine but you always have the fallback of machine counting.

      Of course I meant "you always have the fallback of hand counting."

  • Beside hacking (Score:5, Insightful)

    by AchilleTalon ( 540925 ) on Saturday May 23, 2015 @12:22PM (#49759161) Homepage

    Beside hacking a device to steal votes, there is a number of other concerns about the online voting which cannot be eliminated by any device you can imagine.

    For example, how can you be assured the voter has not sell his vote and the buyer can just sit beside him to make sure he is getting what he paid for? How can you prevent someone to impose a candidate to someone else by threatening him/her/them? At a vote poll, you can make sure nobody is intimidated and anyway there is no way someone else can check the vote he tried to steal.

    Online voting is a big No-No.

    • Proctored voting (Score:4, Insightful)

      by Okian Warrior ( 537106 ) on Saturday May 23, 2015 @12:47PM (#49759271) Homepage Journal

      A lot of people think online voting is the next big thing, but the problem is actually very hard to do online.

      To do it right requires a "proctored" setting where the person is guaranteed to be alone, and unobserved (including video recording).

      If you can't guarantee that the person is alone, then they can be coerced into voting a specific way. If you can't guarantee that the person isn't observed, then the person can sell their vote.

      Video recording hasn't been addressed yet, but with the current system a voter can record their vote as proof of how they voted, and so vote selling is possible. It's functionally the same as being observed, just time shifted.

      Add in the requirements for recounts and verification, and physical ballots in a proctored environment is the simple solution.

      I've seen mathematical solutions that make tampering statistically impossible. The system injects a large portion of non-human votes in a cryptographically secure way such that it doesn't change the actual outcome, but it's impossible for a hacker to change votes due to the statistical likelihood that he'll change one of the non-human votes and be detected.

      Even with these systems, you still need a proctored environment that guarantees anonymous and unobserved voting.

      • You do realize that 3 states have already gone entirely vote by mail. So, proctored environments clearly aren't that big of an issue.
        • You do realize that 3 states have already gone entirely vote by mail.

          Is your point that some times states do stupid things, and don't learn the lessons of the past?

      • In Australia, at least, anyone can apply to vote by mail (which is very useful for the elderly or super-busy), and voting by mail is the only way to vote in things like local council elections. Voting is also compulsory. It seems to work fairly well; I've never heard of a vote-purchasing scandal, and any amount of vote purchasing which was on a large enough scale to influence an election result would be almost guaranteed to be leaked by somebody.

        If you can't guarantee that the person is alone, then they can be coerced into voting a specific way. If you can't guarantee that the person isn't observed, then the person can sell their vote.

        Every vote counts, for sure, but when your potential voting po

    • There are problems with paper voting as well.

      oldest trick:
      - bad buy gets a blank vote page, somehow.
      - bad guys marks the page as he wants, then gives it to voting guy.
      - voting guy goes to vote, puts the already marked vote in the box, carries out the new blank vote page.

      Loop and repeat.

      Or while counting the votes, if a city is expected to have an heavy turnout for the wrong candidate, if you can manage to sneak in a bad guy as the one who parses the ballots, he can have a small piece of pencil under the nai

      • Around here, a paper ballot is large, and not easy to conceal. Somebody taking one in or out would be noticed, and since all precincts around here have observers from both major parties somebody would call the police. Also, the voter fills out the ballot and puts it in the tabulating machine, which drops it into the ballot box, with no opportunity for observer tampering. In the event a manual recount is required, I'm pretty sure one of the observers would object to the bad guy. Besides, it's really har

  • by Anonymous Coward

    We could print out the ballots on paper, and then instead of using digital or pen signatures, we could use our blood to check the boxes and "sign" the ballots.

    Now all we would need is a national DNA registry. This would also solve a whole bunch of problems with needing or not needing to present ID to vote, as you wouldn't need to show an ID card at all (although I honestly don't know why anyone would want someone that may or may not be an American citizen, or even the correct person voting, but this is appa

  • Stupid and lazy people are kept from voting by having to read instructions and enter numbers into a token. The ones who manage to cast a valid ballot are likely also intelligent enough to understand basic scientific facts and elect politicians capable of cooperating with other humans! Instant fix for American government!

  • Ditto the touchscreen voting machines and every other apparatus they come up with in their attempts to do away with the paper ballot, which has worked just fine for over 200 years. Just because it's more modern doesn't make it better.

  • No online voting system can eliminate the "over-the-shoulder" problem, where an attacker breaks the "privacy" requirement.
  • Many people thing about electronic voting only for presidential elections and so on, but where I think it could be a game changer is in bringing current democracies on the way to a system closer to what is known as direct democracy where implicated citizens could use their vote in very specific decisions and other people could delegate (temporally , with easy possibility of revocation and discretionally) to political parties or representatives so they could decide for them.

    I envision a system with independe

  • Comment removed based on user account deletion
  • by TMB ( 70166 )

    Based on the summary, I'm forced to conclude that it is safe to tampering from male hackers, but that female hackers can safely modify the results!

    • ,,|,

      All you are promoting is waste of worlds resources, energy and time
      How low is your IQ that you can understand that word "he" in this context applies to all sexes(And not just male,female)

  • I'm sorry, but please follow the current state of the discussion which probably is the opinion of the constitutional court of Germany.

    Essentially they found that it's rather irrelevant how secure it is, what's important is that it's easy to detect fraud. And by being easy they mean that a lay person without any special knowledge can, without a doubt, find out when fraud occurred.

    The typical well designed system is the hand marked paper ballot. The technique to check for fraud is trivial. You look into the b

  • Should be copying Oregon's Vote-By-Mail system instead.

    No lines, no having to get across town after or before work, all resulting in better voter turnout, particularly among those with the most trouble accessing the vote (ie, minorities, poor, and low income workers).

    Which is precisely why they'll fight it in every other state.

Fast, cheap, good: pick two.

Working...