Secure Online Voting

We’ve got online banking, auctions, and dating. What about elections? I want to vote online to decide who gets to run our country and how it is to be run.

Online voting is a complex problem and I haven’t thought it completely through, but I feel like moving to some type of online system is inevitable and I’m curious how it will happen. Maybe I want to be involved. I love to kibitz about it with friends like Mark and Patrick.

Some points that any online voting system should address:

  • security
    • votes should be untraceable to the voter
    • should be difficult to impersonate a voter and steal their vote
    • should provide an equivalent to “election-day verification” (ala showing your driver’s license and signing a roster)
  • simplicity
    • should be as easy as possible to match a vote to a candidate without compromising security or robustness
  • robustness
    • voters should be able to confirm that their vote was counted, and counted correctly
    • recounts should be possible

But I’m an engineer. Of sorts. So I want to know how it would really work. I feel like it needs to involve some sort of high-grade encryption and should be FLOSS. Beyond simply being implemented as FLOSS, the blueprints of the entity creating the secure online voting system (including business processes involved, like project management, financials, etc.) should be completely transparent. And that’s the extent to which I’ve thought through the problem.

But at least one person has gone further. Check out Alex Weir’s proposal on SMS external encrypted voting. Here are my humble thoughts about it.

  • PROS. The proposal:
    • focuses on elections in developing countries (the “third world”), but there is plenty useful to developed countries as well.
    • employs a one-time pad idea seems pretty dang secure.
    • encourages cell phones be used as the transmission device. Excellent idea since the number of people with cell phones in third-world countries is supposedly booming. If SMS can be used, a Web interface should be pretty easy to tack on.
  • CONS. The proposal:
    • has had little exposure in mainstream media. I imagine his idea isn’t quite “press-ready”.
    • doesn’t adequately address how voter envelopes will be distributed.
    • doesn’t have a replacement for “election-day verification”. Voter envelopes and a cell phone are all that is needed to cast a vote.
    • outlines a poor user interface. The interface needs to be dumb simple, like “click HERE for candidate A, HERE for candidate B”. Not “encode the corresponding numbers in the one-time pad matrix for the candidate of your choice, and decode the response based on the second matrix.” So I’m fudging the description a little. My point is that the voter could be spared the complexity with a FLOSS application running on the cell phone that took care of the encryption. Or something. Perhaps an application running on the phone wouldn’t work because, well, how would you support the one-time pad? The idea of using another piece of paper with holes cut out that can be placed atop the one-time pad matrices sounds like an excellent solution to easing the complexity of encryption/decryption while maintaining security.
    • places too much power and responsibility in the one villager’s hands who happens to own the local cell phone.
    • requires fees of USD 0.001 per vote to Mr. Alex Weir. I don’t know how much is fair, but this just doesn’t feel right.

My feedback and opinions aside, this is a very exciting idea! It should at least provide some starting points for future secure online voting systems. Kudos, Mr. Weir!

One thought on “Secure Online Voting”

  1. Hey Adam,

    I’m now a Senior Engineer at a German-owned Mobile Carrier in the Messaging Systems/Social Networking department.

    Seeing first-hand how we deal with Short Messages, my first question is how we would get past dealing with private mobile carriers. Even if the Mobile Terminating vote ends at a government facility it has to pass through the voters carrier on the way to that endpoint.

    First, most carriers can’t even handle the New Years rush of SMS’s, with statistics at high as a 30% failure rate and delays in the hours to days.

    Second, the point from the phone to the carriers SMSC is completely open to tampering. Also, most carriers rely on a third party to actually hand off the message to a different carrier (or in this case, a government endpoint). That would mean routing all votes through a single point of failure and tampering.

    I understand the desire to enable developing countries to vote, and latching onto the idea of cellphones as they are more ubiquitous than computers, but I think the capacity issues and security issues would make it a near impossibility. I’d rather focus on a per-ward(/district/city) open voting platform with numerous standardized checks and safeguards (all visible, testable, and open to public scrutiny) that is then merged to a main open system and then tallied in real-time to the populace.

Comments are closed.