California � http://www.votesite.com/CIVI.PDF This initiative by the Attorney General of California aims to make California safe for Internet voting by creating an ad hoc validity for Internet voting while vacating current laws (including the California Constitution) and even theoretically possible laws that could impede the use of Internet voting in California. The initiative, like the now failed federal initiative H.R. 1714 for digital signatures, seems however to have been drafted far too broadly. The provisions miss several requirements in the �Voting System Standards� of the Federal Election Commission in regard to registration, authentication, auditing, delivery and processing. The initiative seems to intend to provide security by criminalizing fraud, an approach however that has not been very successful in reducing fraud � as well-known in the very field of public elections � and which runs counter to the current perception of a steady increase in fraud schemes in spite of laws (http://www.mcg.org.br/dtrep.htm). The initiative thus uses concepts of digital signatures but is actually counter to the idea behind digital signatures (viz. to make fraud technically impossible). The initiative centrally uses terms yet technically undefined, for example in Section 16956 that requires Internet voting to �Provide support for non-repudiation of all electronic electoral transactions (including voter registration, the signing of petitions, and the casting of ballots) between and among voters, elections officials, and electoral jurisdictions.� � notwithstanding the fact that �non-repudiation� and supporting services are yet utterly unresolved matters in technical IETF PKIX Workgroup discussions, also in other security groups. Indeed, various Internet technical groups are making progress in resolving these issues -- but one should not require the unknown in a public initiative, since the scope can easily become unreasonably broad. And unreasonably broad scope was one of the main reasons for the recent fall of H.R. 1714 (the �electronic signature� bill in the House of Representatives) � for example, Commerce Department General Counsel Andrew J. Pincus declared (Washington Post 10/29/99) that �unscrupulous people� would be able to use the broad bill to their advantage by preying on online consumers, leading to a loss of consumer confidence in the Internet. In other words, flawed public initiatives in Internet voting pose a risk of possibly discrediting Internet voting technology in general, even before the technology has a chance to mature, and may decrease public trust on the very market that law seems to try to create � whereas law should regulate. Perhaps, this is the answer that Internet stakeholders can help provide to the Attorney General of California and to the authors of similar initiatives, that is not the lack of laws that is preventing Americans from keeping pace with the Information Age and Internet voting, but rather the lack of technology � which is a market opportunity for whoever arrives first. However, I note that these comments do not intend to be a dismissive treatment of the California Internet voting initiative, which can be very useful as a prototype for a �wish list� of Internet voting properties, especially when seen in conjunction with other requirements (e.g., the FEC�s �Voting System Standards�) and what is provided by current cryptographic protocols. Comments are welcome. Cheers, Ed Gerck
