You can do basically anything online. From booking a flight to securely transmitting medical records to your doctor, from buying groceries to managing your bank account, the web supports all sorts of complex transactions. But one common task has firmly resisted the lure of online convenience: voting. At least mostly. There is actually some online voting already happening in very limited ways. At least 32 states and the District of Columbia will allow military or overseas voters to return absentee ballots via email, fax or an Internet portal, in effect offering a form of remote electronic voting to some segment of the population. But for the majority of voters, a trip to a polling place will be necessary to cast a vote in this year’s election. Why is that? Surely, if engineers can figure out how to safeguard your medical records or transfer large sums of money over the Internet, beaming a vote from your living room should be a piece of cake. That’s a popular refrain among proponents of Internet voting systems, and on the surface, it makes sense. If security-obsessed industries like banking and medicine have embraced the Internet, why is voting still stuck in the relative dark ages? As with most things, the reality is a bit more complicated. According to VerifiedVoting.org, a non-profit organization dedicated to ensuring the “accuracy, integrity and verifiability” of elections in a digital age, all voting systems should have a few key components. First, there needs to be a fully auditable, preferably voter-verifiable paper trail that maintains the integrity of the secret ballot. Second, voting systems need to have in place strong mechanisms to prevent any undetected changes to votes. Third, systems should not be easily subject to wide-scale service disruptions. Indeed, the Help America Vote Act (HAVA), passed in 2002 as a response to the Florida recount debacle of 2000, requires some of these provisions under the law.
From a strictly engineering standpoint, none of those problems seem impossible to overcome. So why did VerifiedVoting.org board member and Lawrence Livermore National Laboratory computer security expert David Jefferson tell attendees at the RSA Security Conference in March that the very concept of Internet elections is “unfixably broken?” Let’s dig into each of VerifiedVoting.org’s requirements for a voting system and how they might be achieved via the Internet. Both critics and proponents of online voting agree that it is important for all votes in an election to be counted as cast. Where they disagree is how best to make that happen. The voting system standards laid out in the Help America Vote Act require that all voting systems “produce a record with an audit capacity for such system,” or in other words, votes can be recounted for verification purposes.
For traditional voting systems, that usually means votes are cast by some method that involves making a permanent mark on paper, like punching a hole through a card or marking a box with a pen, and then dropping those ballots into a box to be manually counted, or feeding them into some sort of electronic counting machine. Electronic systems used at polling places often create a printed receipt that details the vote you just cast. Online voting critics argue that this paper record is the most reliable way to ensure votes can be verified in the face of a discrepancy or too-close-for-comfort results.
Pamela Smith, president of VerifiedVoting.org, says that audit trails should create an “indelible record, not something that’s ephemeral, like bits and bytes.” And some in the government seem to agree. A 2011 study from the National Institute for Standards and Technologies concluded that online voting systems weren’t ready for prime time, in part because “Internet voting systems cannot currently be audited with a comparable level of confidence in the audit results as those for polling place systems.”
Full Article: How Close Are We to Internet Voting?.