Secure Online Voting

We’ve got online banking, auctions, and dating. What about elections? I want to vote online to decide who gets to run our country and how it is to be run.

Online voting is a complex problem and I haven’t thought it completely through, but I feel like moving to some type of online system is inevitable and I’m curious how it will happen. Maybe I want to be involved. I love to kibitz about it with friends like Mark and Patrick.

Some points that any online voting system should address:

  • security
    • votes should be untraceable to the voter
    • should be difficult to impersonate a voter and steal their vote
    • should provide an equivalent to “election-day verification” (ala showing your driver’s license and signing a roster)
  • simplicity
    • should be as easy as possible to match a vote to a candidate without compromising security or robustness
  • robustness
    • voters should be able to confirm that their vote was counted, and counted correctly
    • recounts should be possible

But I’m an engineer. Of sorts. So I want to know how it would really work. I feel like it needs to involve some sort of high-grade encryption and should be FLOSS. Beyond simply being implemented as FLOSS, the blueprints of the entity creating the secure online voting system (including business processes involved, like project management, financials, etc.) should be completely transparent. And that’s the extent to which I’ve thought through the problem.

But at least one person has gone further. Check out Alex Weir’s proposal on SMS external encrypted voting. Here are my humble thoughts about it.

  • PROS. The proposal:
    • focuses on elections in developing countries (the “third world”), but there is plenty useful to developed countries as well.
    • employs a one-time pad idea seems pretty dang secure.
    • encourages cell phones be used as the transmission device. Excellent idea since the number of people with cell phones in third-world countries is supposedly booming. If SMS can be used, a Web interface should be pretty easy to tack on.
  • CONS. The proposal:
    • has had little exposure in mainstream media. I imagine his idea isn’t quite “press-ready”.
    • doesn’t adequately address how voter envelopes will be distributed.
    • doesn’t have a replacement for “election-day verification”. Voter envelopes and a cell phone are all that is needed to cast a vote.
    • outlines a poor user interface. The interface needs to be dumb simple, like “click HERE for candidate A, HERE for candidate B”. Not “encode the corresponding numbers in the one-time pad matrix for the candidate of your choice, and decode the response based on the second matrix.” So I’m fudging the description a little. My point is that the voter could be spared the complexity with a FLOSS application running on the cell phone that took care of the encryption. Or something. Perhaps an application running on the phone wouldn’t work because, well, how would you support the one-time pad? The idea of using another piece of paper with holes cut out that can be placed atop the one-time pad matrices sounds like an excellent solution to easing the complexity of encryption/decryption while maintaining security.
    • places too much power and responsibility in the one villager’s hands who happens to own the local cell phone.
    • requires fees of USD 0.001 per vote to Mr. Alex Weir. I don’t know how much is fair, but this just doesn’t feel right.

My feedback and opinions aside, this is a very exciting idea! It should at least provide some starting points for future secure online voting systems. Kudos, Mr. Weir!