TIL response: e-voting should never, ever, ever become a thing! Complete lack of transparency, ease of abuse, and susceptibility to glitches, all leaving the democratic process in the grubby hands of software developers (no offense) and machines! MACHINES!
Real life example: https://www.youtube.com/watch?v=lt27p7XtEDEreddit thread: http://www.reddit.com/r/politics/comments/12q6wu/2012_voting_machine_altering_votes/c6x8sbiSimpsons did it 4 years earlier: https://www.youtube.com/watch?v=IoWJkrlptNs
Let me start by saying that paper systems also come with their own problems, like votes going missing like in this case in WA, or missing votes, votes in wrong boxes and potentially multiple votes from a single person like in this case from SA. If you involve humans in the process, then you introduce the potential for human error - maybe the election official had just worked a long day, is getting the same questions over and over about which box to put which form in, and they just reply without thinking, only it was dark now, and the white form looked a little green-ish so he told her to put it in the small box, and pointed to the big box for the other form.
The great thing about computers is they tend to be deterministic: repeated runs of a particular situation should result in the same outcome each time. And before you say, "But what about CD-key generators, I get a new one each time?" the outcome is still the same - you get a CD-key that matches some particular set of criteria. Voter #7 who wants to know which box to put their papers in will be treated exactly the same as Voter #92874 who wants to know which box to put their papers in. I say they tend to, because sometimes it doesn't behave as you'd expect, but that's usually a sign of a bug somewhere in the software, or a hardware failure.
However, saying that there are issues with paper ballots doesn't immediately prove that e-voting is fine. I agree that there is a long way to go before e-voting can be accepted for widespread use. But I see some of the issues GP raised as challenges, rather than reasons not to do it (sounds so kiss-assy when I put it like that though).
Verifiability
You need to be able verify that what you voted for is what gets stored, and eventually counted.
Note: Our current system does not allow you to do this. Once your paper goes into a box, it goes into some void, and you just have to hope that it gets to its destination in the state that you put it in. However, since we need to get a higher adoption rate for e-voting, this is one of the features that the system should have, just to add peace of mind.
One system that I heard about was to have a PIN assigned to you, and you can call a number which reads out your vote to you. That's not very private though, because you could find out what number your mum was assigned and call up to find out who she voted for.
Another system that I heard about was to have all the candidates ordered randomly, and you get a stub which is a copy of your vote, plus some sort of key which corresponds to your stub. You can log in to a website, type in your key, and look at the stub that was sent. As long as your stub matches the one that was sent, you know your vote was correct. Nobody else knows who you voted for, because only you know which order the candidates were on your sheet. Of course, the system will also need to store the order, but that will be encrypted.
Privacy
I touched on this a little earlier, but some people believe that voting should be anonymous, and that everyone has a right to cast a vote without having to tell others who they voted for. This is probably more important in countries where corruption is a huge factor, and there may be people pressuring you to vote a particular way, even threatening you if you didn't vote how they wanted. For instance, the mafia might tell you that you have to vote for Fred, and if they are able to sit there and watch you vote to make sure that you do vote for Fred, then it means this system is not private.
Also, if you have some sort of receipt verifying who you voted for, then the mafia can simply wait outside the polling booth and check your receipt to see that you did as you were asked. It's a tricky one to implement (though the second solution described above does manage it), but I think it's important because people need to feel comfortable saying what they want without fear of repercussions. Plus, it makes it less likely that people will try to buy votes, because you can tell someone that you'll vote for Fred if they pay you $200, there's no guarantee that you actually did.
Transparency
This is probably the hardest challenge an e-voting system has. How do you prove that the mechanisms behind the e-voting software actually does what it says it does? How do I know that voting 1 for Mary will result in a 1 vote being counted? To be honest, I don't think this issue has been solved. One of the most popular solutions is to say, "Here's our source code, you can take a look at it if you want to, and if you find any bugs, we'll fix them." Except a large proportion of the population doesn't have the technical skill to be able to work out whether the software is any good or not. You are basically asking them to trust that those who do have the technical prowess have been as thorough as they can.
Not only that, but even if it does get the thumbs up from every single security expert in the world, there is no guarantee that the code that's running on the machines at the venue is the same code that they released for inspection. If you were to detect a difference, what can you do? They could just say, "LOL, you caught me, it's OK, I have the real software on this USB, let me just quickly install it now." You could tell them that you'll compile the software yourself and run it off your machine, and you'll be laughed out of the polling booth, because who is going to let you use your unsecured laptop on their hopefully secure network running some code that you claim is what they released, but could be anything in reality? It's a Mexican standoff, as you don't trust them, and they don't trust you, so how can you go about establishing mutual trust?
Breaches
As with any computerised system, there is a risk of security breaches. I don't really have the expertise to address anything really, but I'll list some of the ones that could happen.
- vote flooding: as happened with the MTV Best Act Ever award in 2008, where multiple scripts were created to vote for Rick Astley. I doubt MTV cared that many people voted more than once, but for a national election, being able to verify the identity of your voters to make sure that they haven't already voted is really important. But then, that clashes a bit with the desire for privacy - how do yo guarantee that the system isn't storing your credentials against your vote?
- vote integrity: making sure that the votes are as they were cast, and that no votes were removed, nor extra votes added.
- vote security: I don't know how important this one is, but I imagine you really don't want people to have free access to all of the voting data. Or maybe you do, because then everyone (with the required expertise) can run their own implementation of the vote-counting software to verify the results. Who knows?
Quality
How do you know the software works? There is an entire field dedicated to testing software, and the various methods and tools used to do it. That's not to say that they're perfect, but the ideal e-voting system will need to be very thoroughly tested. And probably audited by a heap of independent companies.
Usability
How do you make your software easy enough for everyone to use? Again, an entire field dedicated to user interface design. The system needs to take into consideration people with various disabilities, people who may have little or no computer experience, people who just like to try and break things (I'm looking at you, darkpast), fat people, skinny people, tall people, short people, people who don't speak English, people who hate voting, people who might want to do an invalid vote. Lots of cases!
OK, so all I really did was list a heap of reasons why we shouldn't have e-voting, but as I said before, I don't think these issues are impossible to overcome, and there are lots of clever people working on it, including Vanessa Teague, who I heard about a lot of this from. e-voting does bring with it some positives - faster vote tallying, the ability to randomise the placement of candidates on a ballot (though technically you could do that with paper voting), depending on your security model, the ability to vote anywhere which would remove the need for polling stations which would also mean less harassment from parties telling you how to vote and less lines, less room for human error, huge paper savings.
I'm not quite ready to give up on e-voting, and I hope that if it ever does roll around, the public perception is a bit better.
----------------------------------------------------
Today I learned that the country code for the UK is +44, which I only learned because someone sent me a text message from a number with that code, and I'm guessing it's spam of some sort.
No comments:
Post a Comment