Thursday, May 23, 2019

Tech Experts Can't Guarantee Online Voting is Safe

Online Voting sounds like an idea we should be able to make work. After all, we do so much Online already, and we routinely transmit Sensitive Data such as Financial or Medical Records by Encrypting them. Further, there are Cryptographic methods, called End-to-End Verifiability, that promise Citizens that their Votes are recorded as they intended: that each Vote is Counted and that the Final Count is the Total of All the Ballots. Plus the Convenience of Online Voting may spur more Participation in Elections.

A good place to try Online Voting is Switzerland, where People Vote Early and Often. Although Switzerland has a traditional Parliament, many Consequential Decisions are Voted on Directly by the People. This results in lots of Elections. In 2018 the Swiss held 10 different Referendums on a variety of topics. Voting that much makes the Swiss even more sensitive to Electoral convenience.

There are already Limited Online-Voting in some Swiss County Districts called Cantons, using two separate Certified systems. The Government says two-thirds of those eligible have chosen this option, attesting to the Demand. When the County decided recently to try to dramatically expand Online Voting, they proceeded methodically in true Swiss fashion. The First step was to hold a Mock Referendum and invite the World's White Hat Hackers, Security Researchers who expose Vulnerabilities so that they can be fixed, to Infiltrate the system, offering $150,000 in Rewards and Bragging Rights.

The Rewards were swiftly calmed. Three independent Teams showed that Hackers could Alter Vote Results Undetected, the Worst-Case Scenario. The Flaw pertains to the way that the system Shuffles the Encrypted Votes to protect Voter Privacy before Tallying. This is Fixable. But even if it's fixed, how can Voters be fully assured that they should Trust the new system

And therein lies the Biggest Flaw in all E-Voting schemes: the ones that don't employ Cryptography cannot provide the crucial guarantees of Secret Balloting and Verification of Tallies. And those that do use Cryptography schemes require that the Voters Trust the Experts. Estonia, a Country that has used Online Voting since 2005, is a case of the latter. A team of Researchers at the University of Oxford that examined Estonia's system in 2016 praised many of the Safety Procedures but noted that because of the Country's small size, Officials also rely on building Trust among People who run their elections through interpersonal relationships. Estonians seem to think that's good enough, but it's not an easy model to export.

Another thing that distinguishes Estonia is a Mandatory Digital ID system: Every Estonia Citizen is issued a Card with Cryptographic Keys widely used for both Public and Private Sector functions. While that solves one problem, how to identify Voters and prevent Double Voting, it creates another, such systems can also function as a vast Tracking and Surveillance system that other Countries may not be comfortable with.

Digital IDs can create a Third problem: in 2017 a weakness was found in the Hardware of Estonia cards, potentially allowing Identity Theft, the very thing the card is supposed to prevent. Officials quickly replaced the cards and upgraded their systems, but a real crisis was averted only because the flaw wasn't actually exploited. Next time, that might not be the case.

In the end, the biggest Flaw in even the most Secure Online Voting system is: Trusting the Experts isn't supposed to be how Voting works. It's true that Voter Fraud and Errors can occur in a variety of systems, but Electronic Voting lowers the bar for both Stealth and Scale. Paper Ballots can definitely be Corrupted, but that requires organizing lots of People in a secret scheme that is hard to keep under wraps. And if Fraud is suspected, you can just do a Recount in the presence of eagle-eyed Observers.

Trust in Election Results is the Bedrock of any Democratic Government's Legitimacy. Online Voting systems cannot fully assure Citizens that there are no Trapdoors, Backdoors, Bad Implementations, or Weaknesses. Instead of Online Voting systems Democracies could focus on making Voting Convenient through other Measures: National Holidays on Election days, Increase the number of Polling sites, sufficient Numbers of Voting machines to Decrease lines, Transportation to the Polling sites for People who need it, and more.

Voting is too Important for systems that rely on Trust the Experts schemes.

My solution to Online Voting requires a number of steps:

1. Need for an ID: This could be accomplished by sending the Voter, through Snail Mail, a Random-Generated Voting ID Number using their Data in the State's Voter Database.

2. A Secure Website or Phone App: Will require a User Id, Password, and the Random-Generated Voting ID Number to Verify the Voter and display the Ballot.

3. Submit the Vote: The submitted Voter then is Encrypted and sent to the correct Board of Election site.

4. Create Ballot Image: The Encrypted Ballot then is transferred into a Scanned Ballot format.

5. Ballot Counted: The Ballot can now be Counted and if a Recount, Printed for Visual Review. This will also allow the Comparison of the Original File Data, the Converted Image File Data, and the Printed Ballot.

NYC Wins When Everyone Can Vote! Michael H. Drucker

No comments: