There seems to be a lot of evidence that voting anonymously
(the privacy constraint) and free from fraud or accidental
errors (the authenticity constraint) might not be possible to
do online any better than can be done with paper ballots or
specialized, auditable electronic voting machines. And clearly
the potential for serious abuse is much worse when unauditable
data-processing (such is inherent on the Internet and would be
even if everyone converted to static IPv6 addresses) is used to
the exclusion of truckloads of paper ballots. Stacks of
paper are much more difficult to forge than a series of IP
addresses, and that will remain true for a very long time.
So I've never been a fan of general online voting, and I
hope it is a long time before political elections are performed
with unauditable equipment such as web browsers on wintel PCs.
If that ever happens I expect the temptation of serious fraud
will become too great for those capable of it, and so it
would only serve to discredit other kinds of online democracy,
such as certificate-based petition signing.
Petitioning is the topic of the SmartInitiatives Initiative --
www.smartinitiatives.org -- which fascinates me more all the
time. With online certificate-based petition signing, there
is no need to keep the names of the signers private; in fact
they might necessarily be a part of the public record (I am
not sure about that.) So, with the strict privacy constraint
relaxed, is anyone at all concerned that such authentication
might still be subject to any serious fraud?
The financial services industry uses weaker forms of web-based
authentication all the time for transactions to and from
customer and corporate accounts seemingly without any limits
on the size of the transaction, and other kinds of businesses
do, too. If online brokers let people shuffle million$ from
pork belly futures to and from foreign exchange index options
(and other accounts via wire transfer) all with 56-bit
encryption, I can hardly see any Registrar or Clerk fretting
over a list of certificate-based crypto-signatures as any
worst than the corresponding stack of papers.
After all, election officials (in California, anyway) are
required to take a random sample of the signatures collected
on any official petition and verify them by looking up and
contacting the people who purportedly signed them. Since
most such petitions require thousands of signatures at the
very least, nobody forging any sizable percentage of their
signatures, electronic or not, has any real hope of escaping
the scrutiny of random sample verification, and the penalties
for intentional fraud are very serious. So, while in theory
attempting such fraud might be easier, I don't see how it
could ever work in practice. Can anyone?
So, what I'm getting to is this excerpt from the SmartInitiatives
mailing list message below:
> Here's what the Jones Report (Secretary of State Bill Jones' Internet
> Voting Task Force Report, January, 2000, has to say about the viability of
> digital certificates:
>
> While there are similarities between voting and petition signing, it is
> important to note that the two are not identical and they have somewhat
> different cost and security properties:
>
> Petition-signing is a year-round activity, whereas voting occurs during a
> limited time window. Hence, servers and other infrastructure needed to
> support petition signing would need to be running year-round, instead of
> just during a time window before election day. This may dramatically
> increase the total cost of managing the system. While it is reasonable to
> expect voters, for security reasons, to submit a signed request for
> Internet voting authorization each time before they vote (similar to a
> request for an absentee ballot), it is not reasonable to expect voters to
> submit such request each time they wish to sign a petition. As a result,
> voters who wish to sign petitions electronically would likely have to be
> issued authorization (means of authentication) that are open-ended in
> time. The longer such authorizations are valid, the more likely it is that
> some of them will be compromised, or sold, reducing the integrity of the
> petition-signing system over time. Voters can sign any number of
> petitions in an election cycle. Hence, a compromised authorization to sign
> petitions would be usable for signing any number of petitions, magnifying
> the damage to the system's integrity.
Does that make sense to anyone -- does anyone believe that?
My guess is that some mid-level government official just didn't
want to think it through, especially given the requirement for
random sampling of petition signatures.
THE ONLY PART THAT REALLY BOTHERS ME, is the word "sold". If
I am such a pathetic excuse for a citizen that I decide to sell
my ability to sign petitions to someone else, then of course I'm
not going to give myself away if some Clerk phones me up and
asked if I signed something; of course I'll say I did.
The initiative process is one of the things I think is really
great about California, and if the Internet can support a
paperless form of signing such signatures, I think that would
be the greatest application since HTTP. But, if it can't
overcome the potential serious problems of a black market in
signing ability, then it probably isn't worth it.
So, what solutions are there to the potential for such sales?
Perhaps during verification, the signers being scrutinized
would simply be asked to describe what they signed, or the
date and time they signed, or both? Would that fix the problem?
Cheers,
James
> Date: 18 Jan 2001 04:36:05 -0000
> From: "Smart Initiatives" <[EMAIL PROTECTED]>
> Subject: Seemingly-Contradictory Views from the Same Source
>
> Smart Initiatives
>
> Dear Smart Initiatives Online Newsletter Subscriber,
>
> Washington, D.C., is not the only place where important issues are hashed
> out in hearing rooms. On January 22, 2001, I'll be testifying before the
> Speaker's Commission on the California Initiative Process in Sacramento,
> California. I'll be urging the Commissioners to adopt Smart Initiatives
> for California. Also appearing with me will be the Technical Director of
> the California Task Force on Internet Voting, the report of which comes
> out strongly against Smart Initiatives.
>
> As I pointed out in my last post to this list ("In Defense of Smart
> Initiatives," January 13, 2001), the main excuse cited in this report as a
> reason not to implement Smart Initiatives was the, in my opinion
> erroneous, contention that digital certificates are inadequate and
> insufficient to establish and authenticate the identity of citizens who
> have signed a Smart Initiative. In the report's own words, implementation
> of Smart Initiatives needs to wait for "the development of a system to
> electronically verify identity."
>
> Much of the European Union, the bank consortium Identrus, and the Federal
> Government, among others, already believe, and are acting on that belief,
> that digital certificates and the Public Key Infrastructure they make
> possible can provide very secure means to "electronically verify
> identity." As you will see in the article below, so does the Secretary of
> State of California, only he seems to have forgotten that he does.
>
> Regards,
>
> Marc Strassman
> Executive Director
> Smart Initiatives Project
>
>
>
> Seemingly-Contradictory Views from the Same Source
>
> By Marc Strassman
> [EMAIL PROTECTED]
> Executive Director
> Smart Initiatives Project
> http://www.smartinitiatives.org
>
> January 13, 2001
>
> Copyright 2000, by Marc Strassman, all rights reserved
>
>
> Here's what the Jones Report (Secretary of State Bill Jones' Internet
> Voting Task Force Report, January, 2000, has to say about the viability of
> digital certificates:
>
> While there are similarities between voting and petition signing, it is
> important to note that the two are not identical and they have somewhat
> different cost and security properties:
>
> Petition-signing is a year-round activity, whereas voting occurs during a
> limited time window. Hence, servers and other infrastructure needed to
> support petition signing would need to be running year-round, instead of
> just during a time window before election day. This may dramatically
> increase the total cost of managing the system. While it is reasonable to
> expect voters, for security reasons, to submit a signed request for
> Internet voting authorization each time before they vote (similar to a
> request for an absentee ballot), it is not reasonable to expect voters to
> submit such request each time they wish to sign a petition. As a result,
> voters who wish to sign petitions electronically would likely have to be
> issued authorization (means of authentication) that are open-ended in
> time. The longer such authorizations are valid, the more likely it is that
> some of them will be compromised, or sold, reducing the integrity of the
> petition-signing system over time. Voters can sign any number of
> petitions in an election cycle. Hence, a compromised authorization to sign
> petitions would be usable for signing any number of petitions, magnifying
> the damage to the system's integrity.
>
>
> Here's a press release on the same subject, also available on the
> Secretary of State's official website at:
> http://www.ss.ca.gov/digsig/press1014.htm
>
> FOR IMMEDIATE RELEASE
> Thursday, October 14, 1999
>
> Secretary of State Jones Brings Widespread Expansion
> of E-Government One Step Closer to Reality
>
> Jones Approves VeriSign, Inc. as First Certification Authority Permitted
> to Verify the Integrity of Digital Signatures Used in Electronic
> Communication with State and Local Government
>
> MOUNTAIN VIEW -- With the push of a few keystrokes, California Secretary
> of State Bill Jones digitally signed a proclamation recognizing VeriSign,
> Inc. of Mountain View as the first company authorized to provide digital
> signature certification services to state and local government across
> California. The accreditation of California's first "Approved
> Certification Authority" will dramatically broaden the number of
> government functions that can be conducted over the Internet.
>
> "This is an important step in the march toward electronic government in
> California," said Jones. "The availability of reliable digital signatures
> will go a long way toward improving the number of government transactions
> that can be conducted over the Internet.
>
> "Many government agencies have been hesitant to provide complex services
> over the Internet until they have reliable digital signatures that they
> know will have the full force and effect of law. Today, we have provided
> those agencies with an additional level of security," said Jones.
>
> Jones presented the digitally signed certificate to VeriSign CEO Stratton
> Sclavos during a ceremony at VeriSign's Mountain View, California
> headquarters.
>
> "VeriSign is honored to be the first Certification Authority recognized by
> the State of California," said Sclavos. "We are committed to providing
> state and local government with the services they need to advance
> E-Government here in our home state."
>
> Under the Digital Signature Act of 1995, digital signatures used in
> written communication with California state and local government are only
> valid if they meet criteria outlined in Government Code Section 16.5 and
> regulations adopted by Secretary Jones in 1998. Under those regulations,
> public entities must only rely on digital signature certificates issued by
> an "Approved Certification Authority". VeriSign, Inc. is the first company
> approved to issue certificates for public entities in California.
>
> (--End --)
>
> (For a reiteration of these points in a second press release, announcing
> approval of Digital Signature Trust as a second provider of digital
> certificates for doing business with the State of California, see the
> press release at: http://www.ss.ca.gov/digsig/press1118.htm.)
>
>
> FOR IMMEDIATE RELEASE
> Thursday, November 18, 1999
>
> Jones Approves Second Company to Provide Digital
> Signature
> Services to State and Local Government in
> California
>
> "Digital Signature Trust" Approved to Serve as a Certification Authority
> for Digital Signature Transactions in California
>
> SACRAMENTO -- In a move that will help California state and
> local government regain their leadership role in the use of technology to
> improve government efficiency, Secretary of State Bill Jones today
> announced that Digital Signature Trust (DST) has been added to the
> Approved List of Digital Signature Certification Authorities in California.
>
> "Digital signature technology will help many state and local
> government agencies transition toward a paperless government in
> California," said Secretary of State Bill Jones.
>
> "When we passed California's digital signature regulations we
> knew that government, technology companies and the citizens of the state
> would all have to
> work together to make eGovernment solutions a reality," noted Jones.
> "Today, we are one step closer to a more efficient California government."
>
> DST, based out of Salt Lake City, Utah, is the second company to
> apply and receive approval from the Secretary of State to provide digital
> signature
> Certification Authority services to California state and local government.
> DST became the first licensed Certification Authority in the U.S. when it
> gained its license in the state of Utah in 1997.
>
> Under the Digital Signature Act of 1995, digital signatures used
> in electronically written communication with public entities are only
> valid if they meet criteria outlined in Government Code Section 16.5 and
> regulations adopted by Secretary Jones in 1998. Under those regulations,
> public entities must only rely on digital signature certificates issued by
> an "Approved Certification Authority."
>
> Prior to placement on the Approved List, certification
> authorities must undergo a performance audit to ensure that their policies
> and practices are consistent with the requirements of the Digital
> Signature Act and the regulations adopted by the Secretary of State. The
> complete criteria for certification is available on the Secretary of
> State's Internet site at: www.ss.ca.gov.
>
> -30-
>
>
> Let's review what Secretary of State Jones said on October 14, 1999:
>
>
> "This is an important step in the march toward electronic government in
> California," said Jones. "The availability of reliable digital signatures
> will go a long way toward improving the number of government transactions
> that can be conducted over the Internet.
>
> "Many government agencies have been hesitant to provide complex services
> over the Internet until they have reliable digital signatures that they
> know will have the full force and effect of law. Today, we have provided
> those agencies with an additional level of security," said Jones.
>
>
> Then on November 18, 1999, he said:
>
> "Digital signature technology will help many state and local government
> agencies transition toward a paperless government in California," said
> Secretary of State Bill Jones.
>
> "When we passed California's digital signature regulations we knew that
> government, technology companies and the citizens of the state would all
> have to work together to make eGovernment solutions a reality," noted
> Jones. "Today, we are one step closer to a more efficient California
> government."
>
>
> If digital signatures were such a good way of "helping many state and
> local government agencies transition toward a paperless government in
> California" in November, why were they mainly seen as something capable of
> "magnifying the damage to the system's integrity" in January, two months
> later?
>
> When he said in January 2000, that "The longer such authorizations are
> valid, the more likely it is that some of them will be compromised, or
> sold, reducing the integrity of the petition-signing system over time,"
> had the Secretary forgotten his statement of three months earlier that
> "The availability of reliable digital signatures will go a long way toward
> improving the number of government transactions that can be conducted over
> the Internet"?
>
> He had also said in October that ""Many government agencies have been
> hesitant to provide complex services over the Internet until they have
> reliable digital signatures that they know will have the full force and
> effect of law. Today, we have provided those agencies with an additional
> level of security."
>
> Is that "additional level of security" sufficient for other agencies but
> not sufficient for "government transactions that can be conducted over the
> Internet" by the Secretary's own agency?
>
> In short, how is it possible that digital certificates are IN GENERAL a
> boon to e-government but completely inadequate for electoral purposes,
> including the signing of petitions online?
>
> Is the resolution of this apparent contradiction as simple as realizing
> that electoral functions are not part of "e-government," that
> "e-government" only refers to bidding on contracts with the state and not
> to things as nebulous as, well, elections and initiative petition signing?
> Are digital certificates perfectly acceptable for use in functions the
> Secretary of State believes are worthwhile, or politically expedient, or
> fun to officiate over, but completely unacceptable for functions (like
> initiative petition signing) that he'd just as soon not see happen?
>
> If so, then let him make it clear that e-government has nothing to do with
> how the citizens of the state govern themselves and has only to do with
> how they are administered. Unpleasant as such a realization may be, at
> least it will be, in the words of the Secretary of State himself, "an
> important step in the march toward electronic government in California."
>
> -30-
> ______________________________________________________________________
> To unsubscribe, write to [EMAIL PROTECTED]
