surely if we feel safe enough to do financial transactions over the net, viable, secure e-voting can’t be too far off…
It’ll never happen.
Possibly losing a few (insured) dollars is a far cry from possibly tampering with an election to determine (what is effectively) the leader of the free world.
never? so electronic transactions will never entirely replace physical ones?
I disagree with DakotaDog - never is a long time. However, we’re still not that close.
The main problem with e-voting is accountability. Let’s say we all go online and cast a vote. A server somewhere tallies all of those votes, and we can get it to tell us the total (in seconds, too - no waiting for hand-counting). But how did those votes get there? Are we sure none of them were double-counted due to a glitch in the program? Are we sure nobody messed with the votes on the way? Are we sure nobody hacked the vote server and changed the totals?
The thing is, all of these can happen in regular paper ballots. You can have hanging chads screw up the count. You can have ballot-box stuffing. You can mis-count, either deliberately or by mistake.
In the cases of people actually trying to change the outcome of a paper election, you’d need some sort of conspiracy. There are too many people involved (election officials) for one person to significantly change the outcome of an election. This is not the case in a computerized election - one skilled and dedicated hacker could change a whole district’s vote, for instance.
I think someday we will be doing all of our voting electronically - either at voting kiosks, or online (or both). But not yet. And I certainly don’t trust Diebold any further than I can throw them.
Secure e-voting systems have been around for a long time. Take a look at Applied Cryptography by Bruce Schneier, Chapter 6, where all the requirements and possible solutions are laid out in gory detail.
These are all valid concerns, and their answers are more than thirty years old. Digital signatures and interlock protocols can protect against man-in-the-middle attacks (messing with the data along the way.) Counting errors can be eliminated with some clever verification or checksuming protocols. Vote totals can be compared against vote records in a secure fashion.
The problem is that properly implimenting a secure voting system takes a lot of work, and it has to be done by people who are experts not only in cryptography, but in secure communications protocols. Additionally, the software must be open source and peer-reviewed. No cryptographic system can be assuredly secure unless you design it with the assumption that the enemy knows exactly how it works. So far, people who build voting machines have been unwilling to do this level of work. (Witness the myriad problems with the Diebold machines over the past few years.)
The fundamental problem with evoting schemes is that there are far too many powerful organizations who have enough of a stake in election outcomes to make it safe. The head of a large corporation can simply buy whatever it takes in terms of computing power and talent to rig the election machinery. The same is true of paper ballots, of course, except that you NEED A LOT OF Co-CONSPIRATORS to fuck up a national election that way, and when you have a conspiracy involving LOTS of people, SOMEONE ALWAYS BLABS.
This tendency for people to run off at the mouth is what has kept our democracy working for lo these many years, and the minute we go over to evoting, we lose it. Simple as that.
“Never” is quite some time away. 30-40 years might be the earliest.
First of all, everything has to completely out in the open. Every line of code, every bit of analysis of security of the code, all the hardware specs, etc.
As friedo points out, it’s trivial to draw a secure system up on paper. Actually doing it is stupendously difficult.
The amazing thing is that there is no real justification whatsoever for e-voting.
Read the latter part of this Cringely article.
You can do old fashioned paper balloting for less money and with more security. The only loss is a couple of hours of time on election night getting the results. That’s it. Americans can’t wait until after the 11:30 news for election results!
(It’s also true that paper ballots are printed by local governments which don’t lobby Congress with millions of dollars of bribes^H^H^H^H^H^H campaign donations unlike voting machine companies.)
but imagine the possibilities if it works! instant feedback on everything via convenient polls, how democratic can you get? what are the percentage turnout on current election polls anyway?
Change “instant feedback” to “instant gratification” and you have the problem that I was complaining about. “Instant gratification” is not a good thing. Especially in such an important matter as the reliability of election results. I’d rather have the right results and wait a week than the wrong results in 5 minutes. (Which puts me at odds with the majority SCOTUS opinion in 2000.)