I came up with the idea of voting on the Internet all by myself. I really did. It was about 1994, and some new fangled browsers supported things called “forms” where they could accept input data from the end user and do something with with.
I also came up with the idea that internet voting is bad, all my myself. That was in 1994, about 20 minutes after I came up with the idea for internet voting.
But after all these years, “smart” people are still coming up with the idea, over and over again. The latest debacle is here. Voting by email? That’s worse than web voting! When will people realize that the internet is not secure? Sure, you can encrypt, you can obfuscate, you can encode, but at the end of the day, data is travelling over a long distance, and in a situation like voting, where the Bad Guys know where, when, and what type of data it is, it’s just crying out for a lawsuit. And in that lawsuit, no intelligent technologist is going to day “there’s absolutely no way it could have been tampered with”.
Someone needs a smackdown.
As I began reading your post, I thought I knew the direction you were going to head. You then surprised me by decrying something I consider to be a minor issue: tampering. There are a number of processes and technologies that make tampering with the content of a message pretty darn hard. By “pretty darn hard” I mean that the cost of tampering any one message would far exceed the value derived. (For example, if you can alter one message at a cost of $300k, but you could swing 100 votes by putting that same cash into local advertising, why would you try to tamper? Tampering with one vote does NOT mean you can then tamper with all votes; the algorithms don’t work that way.) Technical and mathematical proofs
exist which would allow experts to say a message is temper-evident “beyond a reasonable doubt.” Is that an absolute, perfect guarantee? No, but neither do the courts require such a thing.
The harder problem to solve is non-repudiation. How do you know that the person who sent the vote is the entitled person? Even properly signed, what assurance do you have that someone’s 10 year old didn’t know mommy’s password, or that a network admin at work took an educated guess that people use the same passwords at home and work? How in the heck do you acertain identity in the first place?
I wasn’t saying you’d alter any votes to trick people into thinking fake votes were real, I was thinking that someone could cast into doubt 50,000 votes. Or even all of them.
That could be done without doing anything at all technologically, simply by casting into doubt the repudiation issue. It’s just too shaky.