Writings of a techie wizard
Sun, 11 Nov 2012
The New York Times' "Bits" blog has a post today arguing in favor of digital voting. The main argument is that allowing people to vote via the Internet would increase turnout:
The Times also quotes President Obama, who said regarding the long lines at the polls in the 2012 election, "We have to fix that."
However, the post fails to mention that the President, most likely, was referring to early voting, not Internet voting, as the fix. Perhaps the "Bits" blogger doesn't read other Times blogs and missed this post about President Obama voting early (the first time a President has done so), and encouraging others to do so as well. (My wife and I have early voted in the past three elections; each time there have been more people doing so.)
Furthermore, the Times says that the inherent security issues with online voting are "not impossible" to fix; but it also quotes Ronald Rivest, one of the three inventors of RSA, the most widely used strong encryption scheme today, as saying the opposite:
No further details are given, but it's pretty easy to fill them in. The RSA algorithm works like this: say you want to send me a message in such a way that I can prove that it came from you. You generate two encryption keys, a public one, that you give to me (and anyone else who wants to get digitally signed messages from me), and a private one that you keep secret. The two keys are the inverses of each other: each one decrypts what the other one encrypts. So if you want to send me a digitally signed message, you encrypt it with your private key and send me the encrypted version. I decrypt it with your public key. The fact that I get readable text instead of gibberish proves that it must have been encrypted with your private key.
This system works fine as long as your private key stays private. But it has to be stored somewhere; the most likely place is on your computer (or smartphone, or tablet, or whatever device you want to use to vote). What if that device gets infected with a virus that is specifically designed to change your vote, and do nothing else? You would have no way of knowing it was there; you would use your voting app, cast your vote for Candidate A (you think), and the virus encrypts a vote for Candidate B and sends it to the voting server. To the server, it looks like a valid vote; it's encrypted with your private key. Only you know that you intended to vote for Candidate A, not Candidate B; but you don't see the vote that the server actually counted.
Of course, in principle, a recount could be done by looking at every single vote counted by the server and asking the corresponding voter if it matched his intent, which would show that something fishy was going on. But recounts are not currently done that way; they only look at the ballot itself. And changing voting law to permit recounts to ask voters about their intent would destroy the secrecy of your ballot, not to mention that it would be a huge increase in the time required for a recount. (It would also be tantamount to admitting that online voting was not secure.) The whole point of paper ballots is that you can leave a record of your vote that can be verified without raising all those issues.
By the way, the same issues apply to electronic voting machines at the polling place. I've had the option of choosing electronic or paper ballots in a number of elections now, and I've always chosen paper. The Times mentions that Estonia has more than a million voters who are registered to cast their ballots online, apparently to make the point that the United States should be a technological leader. But leadership means making the right choices, not following every new trend. The United States would do better, in my opinion, to set an example of restraint and proper setting of priorities for voting, not technological faddishness.
As a commenter on the Times blog post said, the voting process is not supposed to be fast; it's supposed to be accurate, to properly capture the vote that you want to cast. We already have a solution for the genuine issue of making it easier for more people to cast their votes: early voting. But it still has to be secure early voting, and that, I submit, means paper ballots, now and for the foreseeable future. If that means we have to wait longer for the results, so be it. For one thing, a lot of pundits would be able to go to bed at a normal hour on election night.
Open Source Projects
Old Open Source Projects
Copyright © 2011-2015
by Peter A. Donis
All Rights Reserved