Tuesday, November 2, 2010

Who won? I dunno

Today is election day in the US. The polls predict a huge swing against the democratic party, for reasons the democrats don't seem to understand. I can tell them what it is, at least according to everyone I know. They have taken their majority as a mandate to push a social agenda, rather than what it was, a dissatisfaction with the previous administration. The mandatory insurance law they call health care "reform" was wildly unpopular, yet it was pushed through despite the will of the people. Likewise for appointments to offices, such as supreme court justices and federal judges. Likewise for economic policies which, rather than checking the spending of the previous administration, greatly expanded spending and taxation. My hope is that whoever gets elected today doesn't take their election as a mandate to follow their own agenda, but to bring America back to economic sanity, and to restore individual freedoms that have been trampled on in the last 10 (or 50) years.

But I digress. There is a bigger problem with this year's vote. I don't have confidence we'll know who won. Yet another victory for inappropriate technology!

Remember hanging chad? Imagine that times a million. Because this year 33 states will allow "Internet voting". What the perceived need for this is I can't imagine. But I do know it's a bad idea. From "Is it Secret? Is it Safe?":
...Washington, D.C., conducted a pilot project to test its new electronic voting system for the collection of overseas and military absentee ballots. The system was opened to the public to test how secure and usable it was.

Within 36 hours, a team of University of Michigan computer students and teachers had taken it over. They changed votes, "elected" a Star wars robot chairman of the City Council, and installed the school’s fight song, “Hail to the Victors,” which would play 15 seconds after someone voted.
“Without the hacking of the District of Columbia system we would never have known how vulnerable Internet voting systems are,” said John Bonifaz, legal director of Voter Action. 
“It showed that it wasn’t just a domestic problem of vote security but a matter of national security,” he said, referring to a second problem the U. of Michigan hackers discovered as they took over the system.
According to J. Alex Halderman, the professor of electrical engineering and computer science who led the hacking effort, they weren’t alone inside the system. They tracked two other computers trying to hack in -- one that originated in China and another in Iran.
Internet voting is a crazily insecure and unreliable system that most rational computer scientists think is an absurd way to vote,” Boniface [sic] said. [emphasis mine]
I have to disagree with the statement "...we would never have known how vulnerable Internet voting systems are" however. A quick search of just one site yielded dozens of articles, like this one from 2006 "How to Steal and Election by Hacking the Vote". Of course, this article deals with hacking a voting machine at a polling place, but think for a minute. If we can't guarantee the integrity of a vote on a machine that is in a physically secure location, with monitored access and physical human verification of each voter who enters the voting booth, what chance do we have with a machine that is open to the Internet, with no human able to monitor who is doing what to it?

The general public is led to believe that their Internet transactions are secure for purchasing and for banking (they are not), so why not voting? Voting is a much more difficult problem, because not only  must the transaction be secure, it must be secret and tamper proof. If somebody purchases a TV with my credit card online it is detectable and correctable, and in the worst case, I dispute the bill at the end of the month and the credit card company "eats" the cost (e.g. takes it our of profits and adjusts rates accordingly). Similarly for my bank. This is not possible with my vote, however, because (in theory) nobody know which vote is mine, or who it was for. Nobody is going to call me and say "we got a suspicious looking vote from you for the communist party - can you verify it please?"

As the aforementioned article says "I've yet to find a good way to convey to the non-technical public how well and truly screwed up we presently are". I will predict in advance that controversy will ensue from anomalies in this election, and further predict that they will ultimately be ignored.


Post a Comment