Internet Voting

Internet Voting: Not Ready for Prime Time (Yet)Prof. Lance J. HoffmanComputer Science Dept.The George Washington UniversityWashington, DC 20052202 994-4955Hoffman@seas.gwu.eduInternet Voting: Not Ready for Prime Time (Yet)•When willwe be ready?•California Task Force Recommendations•Problems •Policy Issues•Cost Issues •Check-off list for readinessComputer and Internet Voting is Not Ready for Prime Time -YetNecessary ImprovementsIssueTo-day?4 yrs10 yrsAdd’l initialAdd’l annualPrior-ityV1V2V3California Internet Voting Task Force Report Recommendations (January 2000) •Fundamental classification of Internet voting systems: poll site vs. remote–“Poll site” voting controlled by election officials (closed network, public client)•Hardware, operating system, networking, physical surroundings all controlled by election officials–“Remote” voting anywhere, any time, any platform (open network, private client). •Voter or third party controls voting infrastructure. Home, office, school, hotel, etc.•Phase in Internet voting over time–First on Internet-connected computers at voter’s polling place–Then at any polling place in county–Then from county computers or kiosks–Finally from any Internet connection•No remote voter registration until strong online human ID mechanisms are widely available•No digital signatures on initiative, referendum, and recall petitions (no standard method of digital ID (and no Public Key Infrastructure) in place)•No “remote” voting until the malicious code problem is solvedProblems of Internet voting systems•User interface-must be usable by people who have never used computers and by those with disabilities•Security–Voter identification and authentication–Attacks on the system, a natural target for hackers and script kiddies from entire planet•Trojan horse attacks [on CD, disk, or via the Net, possibly preprogrammed; time bombs?]•DDOS attacks causing routers to crash, election servers to be flooded by DDOS attacks, or a large set of hosts (possibly targeted demographically) to cease to function•Targeting DNS server so voter types correct URL but gets fake page and does not vote–Scaling problems: currently, the most secure cryptographic systems may not be able to handle a large election•Audit trails –No Internet voting systems today have an anonymous paper ballot readable by voter before depositing and by officials for recount –If voters will trust a paperless system based on mathematics behind cryptography and vetted computer programming, work needed on nonpaper, human-readable audit logs stored in non-volatile, write-once memory (David Jefferson). •Recounts are handled “by clearing the system and re-tabulating. ….” from VoteHere FAQ –If voters won’t “trust the math” and prefer “ordinary citizen poll-watchers” to “mathematician poll-watchers”, we will need paper as real ballot (each can be watermarked, numbered, counterfeit-proofed, and digitally signed, and have a bar code or equivalent marking for machine readability)–Printers have moving parts that can malfunction•Uncontrolled physical surroundings, leading to vote coercion, vote spying, and vote buying (same problems with absentee ballots)Internet Voting Policy Issues•Tradeoffs between availability, accuracy, security, and privacy–what is relative importance of each?–Registration and universal identifier issue: public key infrastructure issues: who puts the PKI in place? who maintains it? creates and manages certificate authorities?•I-voting may generate demand for alternative voting rules–Preferential voting–proportional representation–vote partial ballot, complete it later–vote more than once, only last one counts–May encourage vote buying or trading (Nader traders , www.voteexchange.org) •Loss of community ritual--nostalgia for a world already passing (absentee ballots, extended voting times, mail balloting) or a serious and unwelcome change in direction?•Digital Divide issues(short term vs. long term) –On Digital Divide, Prof. Michael Cornfield, GWU: [The effects of the 2000 Arizona Democratic primary are] “the equivalent of a literacy test or a poll tax.”Cost Issues (also raise policy issues)•Who pays what?–Some estimates $20M-$50M per large county•Sponsorship–All public funds or private sponsorship also, e.g., outsourced elections “brought to you by” AOL Time-Warner ??? –Permit on-screen electioneering and/or advertising–What if voting system manufacturer sold email address of voters for marketing by third parties? (They could opt-at registration time)•Intellectual property–Open source = computer program visible to all (OK with Safevote)–Security code stronger if many people study it–Non-disclosure agreements are an alternative–Government subsidies in return for open code? (History? Economics?); code could still be copyrighted and patented–Volunteer effort: www.freedevelopers.net(a la Linux)Computer and Internet Voting is Not Ready for Prime Time -YetNecessary ImprovementsStrong IDStrong authenticationPKI in placeRogue-freeDDOS solvedNo DNS spoof OK audit trailUser interface OKOpen source/vetted NDAIssueTo-day?4 yrs10 yrsAdd’l initialAdd’l annualPrior-ityV1V2V3“All members came in withnative enthusiasm, left withprofound caution.”David Jefferson, California Internet Voting Task ForceReferencesLance J. Hoffman and Lorrie Cranor, “Internet Voting for Public Officials”, Communications of the ACM, January 2001, Vol. 44, No. 1, pp. 69-71, http://www.acm.org/pubs/articles/journals/cacm/2001-44-1/p69-hoffman/p69-hoffman.htmlLorrie Cranor, “Voting After Florida: no Easy Answers”, www.research.att.com/~lorrie/voting/essay.htmlAvi Rubin, “Security Considerations for Remote Electronic Voting over the Internet”) http://avirubin.com/e-voting.security.htmlJames Ledbetter, “Net Out the Vote”, The Industry Standard, March 17, 2000, http://www.thestandard.com/article/display/0,1151,13004,00.htmlCalifornia Secretary of State, California Internet Voting Task Force Report, see www.ss.ca.gov/executive/ivote(January 2000)Lorrie Cranor’s e-voting site, www.research.att.com/~lorrie/votingMichael Shamos, “Electronic Voting: Evaluating the Threat”, Proc. 1993 Conference on Computers, Freedom, and Privacy, http://www.cpsr.org/conferences/cfp93/shamos.htmlDouglas W. Jones, “Evaluating Voting Technology”, testimony before the US Civil Rights Commission, January 11, 2001, www.cs.uiowa.edu/~jones/voting/uscrc.htmlRoy G. Saltman, “Effective use of Computing Technology in Vote-Tallying”, NBS Special Publication 500-30, US GPO Stock No. 003-003-01915-1, April 1978