We have been having an interesting discussion in our village on the feasability of Internet voting for local issues. In general, I am wary of electronic voting systems because they have the potential for manipulation at large scale. I certainly think that the closed source model that has been pursued to date is completely broken. Any effort on the federal and state levels should be open source for sure and will probably be futile until we have a broader crypto infrastructure (if ever).
In the meantime though, the stakes at local elections are generally much lower – it is fairly unlikely that someone will expend a lot of resources to hack the village computer to skew the referendum on whether or not to build an indoor swimming pool. Note that I did not say that folks won’t try. I am sure that some high school kids will see this as a challenge. I am simply assuming that they won’t be able throw a lot at it (although in the age of botnets that might be a wrong assumption). In any case, the dominant security question tends to be one of “inside jobs” – whether willingly so or as a result of some social engineering.
So what could be done at the local level? For starters, I believe that there are quite a few elections locally where anonymity of the vote is not a requirement. In fact, I would go so far as to argue that for local issues it would be better to have votes be public. The general argument for anonymity of votes is that folks should not face recriminations for how they voted. The likelihood that someone would face meaningful recriminations because they voted for or against the local pool strikes me as fairly low. Then again I blog, so my view may not be representative here. If anonymity does not matter, then Internet voting is straight forward with a username/password scheme that let’s folks log in and vote. All the votes will be published on a web page (and for good measure could be reprinted in the local newspaper). The names can be cross checked automatically against registered voters. Each voter can check that their vote was properly recorded and non-voters can check to make sure that nobody voted on their behalf.
If you want anonymity I believe that it is achievable locally through a secure distribution of one-time passkeys. I am still working out the details of the most elegant solution, but using one-way hashes it seems that one can construct a system that is very difficult to manipulate. The system does rely on the ability to get the one-time passkeys in the hands of local residents and therefore would not scale to a national election. Also, the security that it provides would probably not be sufficient for an election that truly matters.
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=fc33f225-6b97-43a8-939c-d340e0ea912e)
