Jeremy Epstein, senior computer scientist at non-profit research institute SRI International spoke to the Computer Weekly Developer Network blog this week to share his views on the possibility of electronic voting security. Epstein says that although some e-voting is happening in the US, Estonia and other countries — this is not *secure* e-voting, it’s just e-voting. Every system developed so far has been found to be insecure. “From a technical perspective, we’re at least 10 years away from secure e-voting, and many experts think we’re 20 or 30 years away,” he said.
Two-factor authentication is important to secure voting, but it is neither necessary nor sufficient (to use a term common in mathematics). Two factor systems still can be vulnerable to malware in the voter’s computer, to attacks on the servers that receive the votes, to bugs in the software that erroneously record the wrong selections even if there is no malicious intent, and many other risks.
Additionally, the methods for distributing two-factor systems nationwide are expensive and complex – unless you already have smartcards distributed through government channels (as in Estonia), how do you securely distribute any two-factor system to an entire nation? And if the two-factor device is only used for elections, what happens to the device when people (inevitably) misplace it between elections that only happen every few years?
Full Article: Secure e-voting: 20 to 30 years away – CW Developer Network.