By Larry Kovnat, Senior Manager of Product Security, Xerox Global Product Delivery Group
Since the recent election, conversations about online voting capabilities have peaked. Online voting holds out the promise of helping people find an easier and faster way to vote. However the security issues associated with this new voting method should cause one to proceed cautiously.
In order to transition to an online voting system there are specific requirements that must be fulfilled. And yet, they may be difficult to satisfy completely. In order for it to be compliant and secure the system should:
- Protect the privacy of each individual vote so that once cast, a vote cannot be associated with a voter (to protect against voter intimidation after the fact, and also to prevent voters from “selling” their votes)
- Provide verification to the voter that their vote was accurately cast
- Provide assurance that a voter has cast only one ballot
- Keep a record of votes to allow for recounts
- Provide accessibility for the disabled, particularly blind voters
No voting system is perfect. For example, the old mechanical voting machines actually failed to satisfy #4 since they kept a running tally. Recounts could only be made to the level of an individual machine, not to individual votes. It has been proven that the mechanical machines had a non-zero error rate, especially when the party lever was pulled, rather than the individual levers for each race. The problem was that the mechanical linkages would wear out, and in some cases would not increment the tally wheels simply because the metal inside was flexing rather than remaining rigid.
Optical scanners do a pretty good job of meeting these requirements, but obviously they cannot satisfy #5. Special arrangements have to be made to accommodate blind voters.
Voting digitally is much more complicated. Voting by smartphone or through any online app or website will leave an audit trail, thus making it very difficult to fully satisfy #1. Each voter will have to somehow authenticate in order to satisfy #3. But in doing so over an electronic connection, they will create a potential association between their identity and their vote, thus violating #1. Also, if the voter can save an image of the ballot, then they could use it to “prove” how they voted in the hopes of selling their vote.
The security of the entire back-end system should be transparent so that everyone can examine how the system works and gain assurance that there is no way to corrupt the result. That will be very difficult to prove.
Now that we are a couple of months past the heat of the election season, it would be good to consider these issues in time for the next election cycle. Where do you come down on the issue?
Larry,
Good piece. I would add a sixth criteria: equal access to voting. This was a big issue in November last. High tech solutions will be hard to deploy equally across the country where the local and state control of the ballot process have proven a big issue to effective, equal and efficient balloting. And that is a constitutional issue and the practices of 1776 are well below our current expectations.
Hi Peter, great to hear from you! Thanks for the comment – I couldn’t agree more. We should promote accessibility to the polls by doing away with arbitrary and inconsistent rules. We can do better.