Electronic Voting for the 21st Century
With the election year ahead it behooves us to take a look at the security of our voting systems and consider new technologies to make voting more accessible. Emerging technologies such as internet voting and mobile voting could help open elections to more people and encourage greater turnout. Both new and existing technologies pose concerns regarding the security of the voting system and voter privacy. The highly publicized, successful attack on the Washington DC internet voting system is a good example. Efforts to ensure the security of these systems include testing of electronic voting machines, penetration testing conducted on the voting systems, and audits of the voting systems after an election. Assuring that the voting system maintains voter privacy and provides an accurate accounting of all votes is of primary importance.
Voter Privacy vs the Security of the Electronic Voting System: Voter privacy is of utmost concern when considering the voting systems that are used; especially in the United States where we utilize secret ballots. Secret ballots ensure that there is no undue pressure once the voter is voting and that there can be no retaliation against the voter for the vote they cast. As a fundamental principle, it makes since to ensure that no one can link the actual vote that is cast to the voter; but in practice this causes unique concerns with electronic voting systems.
The threats to electronic voting systems include advanced persistent threats, malware, insider attacks, compromised voter credentials, denial of service attacks, etc. These threats are not necessarily unique to electronic voting systems. What is unique is that while many companies assume a certain amount of loss from fraud as part of doing business on-line, this is not an acceptable assumption for voting systems. Therefore, these threats need to be adequately addressed while still maintaining the privacy of the voter to ensure the confidentiality, integrity, and availability of the voting system. Electronic voting systems that ensure the voter cannot be linked within the information system to the vote that is cast are needed in order to maintain the privacy of the voter.
Internet and Mobile Voting: Internet voting is an attractive alternative to long lines at the polling stations and absentee ballots. We already do most transactions on-line, including our banking and paying taxes. Unfortunately, internet voting has many obstacles to overcome, including security of web applications, security of the network including the terminal servers and the routers and switches. The highly publicized, successful attack on the Washington DC internet voting system, in which election officials encouraged attempts to hack the system, was fully compromised within 48 hours during a live demonstration of the system. This successful infiltration shows that work needs to be done towards securing these systems before they are used for actual elections.
If voting via your computer sounds like a dream come true, then voting via mobile application would be the paradigm of the voting experience. Along with the same concerns surrounding internet voting, additional security measures would need to be taken with mobile voting to ensure the authentication of the voter prior to allowing a vote to be cast. Increased security is paramount as a lost or stolen smart phone with the voting application already downloaded and installed could lead to fraudulent votes.
Auditing Voting Systems: One of the fundamental concerns with moving to all electronic voting and primarily internet and/or mobile voting is that one cannot go back and independently “recount” or audit the votes that were cast. Therefore, there is no way to determine if votes were changed or in some other way tampered with. There are testing standards for electronic voting systems and laboratories that conduct these tests are accredited by the National Voluntary Laboratory Accreditation Program (NVLAP) and are subject to meet the Voting System Standards of 2002 (VSS-2002). These standards fall short of current technology and have known vulnerabilities. They are, therefore, inadequate for advancing new technologies like internet and mobile voting.
Over the next few months we will take a closer look at these issues and examine what can be done to make improvements to the current system.