The punditry have learned nothing.<p>Help America Vote Act (HAVA) ushered in the touchscreens in a massive turf grab. Insecure, unreliable, untested touch screens were rushed to market.<p>The same forces are now at work pushing vote by mail and then electronic balloting.<p>For the vendors, is about charging for the upgrade and switchover costs. Anything to make a buck.<p>Election integrity is barely considered.<p>During the hearings to permit casting ballots VIA EMAIL in my state, a retired general now lobbying for the vendors claimed "internet security has gotten really good." Well, shit, if a general says it's cool, that's good enough for me. Bill sailed through legislature unanimously. Because its for the children, err, troops.<p>I talked to many of the legislators about electronic voting and casting ballots via the internet. First, they didn't understand that email was delivered via the internet in the clear. Second, if you're explaining, you're losing. Meaning once you start talking policy, their eyes glaze over, oops, sorry, your five minutes are up. Next!<p>The only way the legislators vote against this stuff is if they feel the heat. Meaning stuff the hearings and their inboxes with opposition.<p>I could go on and on, but I have pancakes waiting for me.
The article is just mind-bogglingly silly: The author quotes a number of experts, explaining why it is a really bad idea and why it would compromise the integrity of the election. Then he goes and, around those quotes, puts some fluff where he suggests we should do it anyway, cause he'd find it convenient to vote on his smartphone.<p>Here's a basic check for the author of the article: If you want to demonstrate how online voting is the future, but you can't find any experts supporting your point of view, and don't have anything refuting their serious arguments against it, maybe it just isn't such a good idea after all.
As always, security is intimately tied to economics. How many people are interested in breaking into the Estonian elections, versus how many are interested in gaining power over the US elections? It's quite a stark contrast. This is why you can't lock your Ferrari in an rusty shed with a cheap master lock on it. (Though the shed will probably be excellent security for a 2nd hand bike.)<p>E-voting in Estonia is probably a good idea. E-voting in the US is a catastrophically bad one until we get trusted execution infrastructure as described in Vernor Vinge's sci-fi books. (Yes, that's DRM, but DRM in the hands of individuals is very different from DRM in the hands of governments and large corporations.)<p>EDIT: Right now, we don't need an ID to vote. That's because creating zombie voters isn't yet possible with paper technology, unless you game the counting, which has better security. Keeping such a conspiracy secret would be difficult, though. Gaming the system and getting away with it would be possible with e-voting machines. Given that only a few swing states need to be affected, organizations that can command 100's of millions of dollars could pull such a thing off.
Have to say, I didn't really see any actual point being made by this author. Maybe its just a misleading headline, but as far as I could tell his argument boiled down to 1.) We can't let the Estonians beat us in the election technology race 2.) We live in the future, its time our election system was futuristic. The rest is just quotes from security experts about why he's wrong.
I'll just point out that top security experts like Ronald Rivest (co-inventor of RSA) expressed extreme skepticism that we would be able to implement electronic voting without seriously endangering our elections during the MIT-Caltech voting project. I'm not trying to discourage anyone from working towards it, but it has a lot of issues.
Just use multi-step authentication, one of which is sometime during the year showing up somewhere in person.<p>Let one of the required authentication methods be designating a close friend or relative that is also a voter who can confirm that you actually voted. So they would get an electronic message with a url they would have to click after speaking with you and confirming that you did vote on the day in question.<p>Make it so people have to be home to vote.<p>And if we required the same process to confirm changes in address, we could cut down on identity fraud in general.<p>Using multiple methods will make it harder to game the process. Its very hard to steal someone's password AND steal their phone AND kidnap a relative AND camp out at their house.<p>Those that can't manage all of the required steps can keep voting the way they do now. They'll have much shorter lines to deal without everyone else there.
The solution to the one genuine problem mentioned in the article--that many people don't vote because the logistics are too difficult--is not online voting; it's early voting. (Which, btw, is what I believe President Obama was referring to when he said "we have to fix that" in reference to the long lines at the polls.)<p>The article says the inherent security problems with online voting are "not impossible" to fix. In this sense, it's "not impossible" to keep Windows computers virus-free.
There is 1 good reason for electronic voting (among many reasons against).<p>If electronic voting is implemented then conceivably it would be much easier to convince your base to actually cast their ballots, reducing emphasis on the "ground game" and having a big operation, and thus reducing costs, and more easily allowing third parties to be viable and less well funded candidates to make a bigger impact during primaries.
I believe that the only way that online or electronic voting could work would be as an freely distributed "open source" community built & tested solution. If open source is secure enough to run the Whitehouse website it is likely secure enough to manage recording a vote.<p>Maybe we could engineer a situation where we use thin virtual clients from a master server and the actual "complete operating system" of the voting device could be imaged or have a current snapshot stored on the same media as the vote reciept itself for possible later verification or even independent verification on the spot by interested code developers.
Hey tech community! Remember the time before the eye of Sauron gazed here, demanding a superficial veneer of progress to demonstrate "its" society's advancement? Remember when one informed and well-reasoned opinion was worth more than twenty idiotic and entitled ones? (kind of the opposite of democracy. oops, that wasn't meant to last!) Remember when we dreamed of engineering actual solutions, rather than shoehorning all problems into what can be solved using html+http+database, resultant deficiencies be damned? Well I guess only about a tenth of you do, and of those only a tenth care. sigh.
A series of mock-ups showing one possibility for a policy-making system:<p><a href="http://imgur.com/a/PK69j" rel="nofollow">http://imgur.com/a/PK69j</a>
Voting online would be trivial.<p>I use "trivial" in the hacker sense to mean a problem that, while it might be difficult, large and lengthy, has already been thoroughly explored and a set of solutions and best practices is known, and should easily be accomplished by implementors of average or above skill levels.<p>We do things similar to online voting all the time. When Superbowl or Lady Gaga tickets go on sale, many people flood limited database servers and have to be put in a queue. I can transfer hundreds of thousands of dollars with my smartphone - that's not a problem, but a vote which is worth nothing is going to be a target? When Census forms are sent out, a code is sent by physical mail to addresses - that code, when entered online, can be used to fill out the form. Or just fill out the paper form and drop it in the mail. Trivial either way. For that matter, thousands of organizations, not just Estonia, have binding internet votes every year.<p>When you read about people waiting seven hours in line, it's not unforeseen problems or incompetence; it's malice. If you show me a story about people waiting seven hours in line, I'll show you a Democratic district in a state with Republican, partisan election officials. Every time. Those sorts of problems can't be solved by technology; they're people problems, not tech problems. Right now, internet voting is a people problem, not a tech problem. Internet voting might encourage more people to vote - and that's why Republicans are against it.