Dan Geer wrote:
> as it demonstrates in full that, as in all of engineering, the
> heavy lifting is in getting the problem statement right. The
> advocates of Internet voting do not, repeat, do not have the
> problem statement right.
Quite right. Unfortunately, neither does any other party concerned with
elections. (see below)
> There is no doubt whatsoever that the sanctity of a vote once
> cast can be absolutely preserved as it is moved from your house
> to the counting house. What cannot be done, now or ever, is to
> ensure the sanctity of the voting booth anywhere but in a
> physical and, yes, public location attended to by persons both
> known to each other and drawn from those strata of society who
> care enough to be present.
Applied Cryptography by Bruce Schneier lists 6 requirements of voting
(1996, p. 125):
1) Only authorized voters can vote.
2) No one can vote more than once.
3) No one can determine for whom anyone else voted.
4) No one can dispute anyone else's vote.
5) No one can change anyone else's vote without being discovered.
6) Every voter can make sure that his vote has been taken into account
in the final tabulation.
Very few of these are upheld with any serious security measures.
- (2) Where I currently vote (Cambridge, MA), the little old ladies can
barely figure out who I am. They also don't require photo IDs. I could
have easily taken my roommates ID and voted for him, too. (Granted,
this isn't easy to duplicate, because it depends on who's working the
voting booth.)
- (3) Also at my currently polling station is a box into which voting
forms are fed. The fed forms maintain their order, hence, if you know
the order of people voting, you can look up their votes.
- (3) The booths themselves are insecure (someone could install a hidden
video camera. (And the computer could record keystrokes.) This problem
can be solved by voting from your home.
- (5/6) After you walk out of the polling station, you really have no
way of knowing if your vote got counted. It's completely based on trust
of the system.
- Not on the list (although relevant to some elections), is the
requirement that "You can/not tell if someone has voted" (many European
countries either fine non-voters, or attach a stigma to not voting).
Since most (if not all) voters sign in or are checked off at US polling
stations, it is easy to determine who voted.
Arnold G. Reinhold wrote:
> I'm not sure I care for the elitist tone in Dan's posting either, but
> he raises some points that deserve serious consideration. Sure we
> have mail-in absentee ballots now, but the number of people who
> choose to vote that way is small and an absentee ballot split that
> varied markedly from the regular vote would certainly stand out.
The politics of electronic voting are an entirely different story. I
have personally analyzed the Michigan data for some recent elections. (I
minored in poly sci :-) The closest analogy to electronic voting is the
Motor-Voter bill.* It had a negligible effect on presidential
elections, and papers I've read concluded similarly for other federal
elections.
*The Motor-Voter bill allows people to register to vote when they get a
drivers license. The belief was that this would lower the barrier for
registration and allow more people to vote. The common belief prior to
the passage of the bill was that lower income workers and minorities
would now vote more often, and this would help the Democrats.
--Mark
