Internet voting has been continuously tested and audited by various bodies in the US. This article highlights the security challenges for Internet voting identified by election officials.
Internet voting has been a concept which has been conceptualized and being tested from past few years in the United States of America. However, given the security vulnerabilities and privacy issues, Internet voting has always been a challenge to be developed, tested and adopted by the election officials. The risk factors and the challenges are indeed huge that even a small error could make or break the political leadership of a country. On this front, several boards, foundations and private organizations are working to make Internet voting a reality in the US. Each of these bodies assess the security and privacy factors for Internet voting and publish their research findings to improve the system. In one such study report by the U.S. Vote Foundation titled ‘The Future of Voting: End-to-End Verifiable Internet Voting – Specification and Feasibility Study’, highlights the numerous challenges that are needed to be resolved before Internet voting can be implemented in the US. This report examines the various possibilities of conducting secure Internet voting. Specifically, the report explores whether End-to-End Verifiable Internet Voting (E2E-VIV) systems are viable and responsible alternative to traditional election systems.
In all ways, the report makes an interesting read because it is documented based on the team of experts in election integrity, election administration, high-assurance engineering, and cryptography. Another fact which makes the report interesting is the fact that the report starts from the premise that public elections in the U.S. are a matter of national security. In a statement issued by the U.S. Vote Foundation last month “As election technology evolves and more states evaluate Internet voting, caution on compromises to integrity and security is warranted,”. It further stated “Existing proprietary systems that meet only a subset of the requirements cannot be considered secure enough for use in the U.S.”.
Some of the security challenges and privacy issues addressed in the report are to enable military personnel and American citizens based overseas to participate in the election process. And for that the report identifies that more attention needs to be placed on ensuring speed, security, and integrity of such voting systems. Another concern that is addressed in the report is malware. The report states that voters often may not be aware of malware on their systems that could potentially change the way the ballot is displayed or the way the vote is recorded. Josh Beneloh, Senior Cryptographer at Microsoft, states in the report “Internet voting substantially exacerbates the risk of remote voting by making it possible for small problems to be magnified and replicated on a large scale,”. He adds “Careless or malicious errors, intrusive malware, and unforeseen omissions – all of which can be caused by individuals or very small groups – can cause very large numbers of votes to be changed and the privacy of large numbers of voters to be compromised.”.
The authors of the report includes technologists from Lawrence Livermore, IBM, and NIST and according to them there are 10 technical requirements that need to be addressed for true end-to-end verifiable Internet voting. Some of them identified are: functionality, usability, security, authentication, auditability, and interoperability.
The report on the security and authentication aspect states that a genuine verifiable Internet voting system should ensure that no voting data is ever lost even in the event of a system failure. The Internet voting process should have a way to accurately authenticate voters to ensure that individual person is appropriately identified and to protect against malicious attackers impersonating voters even if the entire database used for authentication is compromised.
The author is a Senior Editor at Bitstream Mediaworks.
He has an active interest in IT Security.