Regular as clockwork — just after an election which generated far too many stories of people waiting far too long to vote (and far too many local election officials saying that everything went fine and that there were no problems) — come the calls for voting via the Internet. The press wonders if we are a third-world country, politicians posture and most securityexperts say “don’t go there.” Some examples: A headline in The Washington Post was “Estonia gets to vote online. Why can’t America?“ New Jersey tells people they can vote via email. A famed Russian computer security expert is quoted by the BBC saying that “the lack of well-established online voting systems is a real threat to the democratic nations of the Western world” (because kids will not vote if they can’t do it online).
Anyone who has not been comatose these past few years already knows why we don’t vote over the Internet. Most vendors of electronic systems are generically incapable of producing secure ones. Just Google “voting machine security” for many examples, and if that is not enough try “SCADA security.”
Most of the articles that ask why we are not doing Internet voting answer their own question. Estonia can do Internet voting because everyone has a government issued scannable ID — the U.S. does not have such a thing. Apparently the voters in Estonia trust the government to not figure out who voted for whom — I kinda doubt that the U.S. population would be so trusting of its governments.
An article in The New York Times on the topic of Internet voting quoted MIT’s Ron Rivest, observing, “One of the main goals of the election is to produce credible evidence to the loser that he’s really lost.” A hackable system, as an electronic voting system would inevitably be, would not be able to produce such credible evidence.