Skip to main content

View Diary: This week in the War on Voting (58 comments)

Comment Preferences

  •  In our household (1+ / 0-)
    Recommended by:
    Liberal Thinking

    a Ph.D student in computer science with specialty in security. Has little to do with passwords. It's perfectly posslble and far more secure than our current electronic voting machines.

    •  How Are These Secured? (0+ / 0-)

      In that case, how do they plan to secure this? I'm very skeptical, since it is so easy to spoof the current system. What is going to prevent the same exploits from being used with online voting?

      •  Moving millions (0+ / 0-)

        How easy is it to spoof SWIFT?

        •  Millions Moving (0+ / 0-)

          How easy is it for us to know who is voting? The reason SWIFT works is because it can depend on working with known entities (banks and financial institutions). You can reliably know the identity of those entities. And they are very unlikely to cheat by passing their credentials off to another institution.

          Besides, you can use expensive security on the transmission, like entangling photons, to ensure that no third party is intercepting the communications and passing on a different message than the one originally transmitted.

          One problem with doing online voting comes in at the front end, where you have to identify the voter and verify their eligibility to vote. You would then give them something to prove who they are. Once you've done that, you can't be certain that the person presenting their credentials is the person you originally identified, because they could pass on those credentials to someone else.

          For a bank you could potentially use an IP address or even the MAC address of their computer to verify that the transaction is coming from the right place. For a voter, they could be at a kiosk anywhere. They might be traveling. So, you can't use the same method to verify where the vote is actually coming from.

          Another problem comes in between the person voting and wherever the vote is being registered. A party could set up shop in between and intercept the vote, then retransmit a different vote.

          For that matter, they might install key stroke recording on the voter's computer and simply send a different vote from it when the user voted. Your security there is only as good as the Windows operating system and the security-consciousness of the user. Many of these people use the word "password" to protect their computer from intrusion!

          So, I think there are a lot of security issues with this. I would love to be able to vote from my computer and not have to mail in a paper ballot. But whatever system we had would have to be iron-clad to reassure me that it was better than what we have now. Ideally it would  use an open source program that I could compile with an open source compiler, presuming you could get me to trust the BIOS chip installed.

          •  Still not making sense (0+ / 0-)

            When you request an absentee ballot, you can "easily pass it on." As a matter of fact, I've talked to dozens of family members at a nearby nursing home who say they regularly fill out the forms for elderly, comatose and demented relatives. In fact, there is nothing that really prevents your county clerk from knowing for whom you voted in that absentee "privacy sleeve" except his/her ethics.

            If your pin had somehow been interecepted and used, you'd know that. The vote would be cancelled and you vote again.

            Getting a pin? For almost all people, pretty easy since you just cross check the databases.

            And expense? Hell, what is the expense of a stolen election? The government doesn't have to develop these systems. BoA already has them.

            •  You Would Never Know (0+ / 0-)

              If a program is running in between you and the board of elections you will never know about it, just like you don't know about virus software that's collecting information when it is installed.  You would never know because it would be talking to you on one side and the election computers on the other. To both sides it would look normal.

              I would love to see this work because it would be more convenient. But it doesn't reason-check. Not only would you get all the security flaws of voting machines, but you'd add on the flaws of Windows (in most cases) and network security as well. Given that we know security there doesn't work very well, how would it work better for online voting?

              And, yes, you can pass on an absentee ballot. But in that case, you have only one sent to a specific address where you know that the voter is a resident there, and you have a physical signature that you can check when it is returned. That, of course, isn't perfect, but it is not only better security but it creates a paper trail at the same time. Plus, it is auditable, because you then have paper ballots sitting somewhere that can be recounted and compared with the vote totals released to the public.

              Where's the audit trail for online voting?

              I think this idea needs a lot of work on the security side. I can just imagine what would happen in disputed election. The losing side would be able to credibly claim vote tampering and it would be very difficult to prove otherwise. The entire legitimacy of the system would be in question.

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site