Estonia is running online elections, where anyone with a national ID card and Internet Explorer can vote online. As usual, the article forgets to mention the single biggest issue with remote voting, whether online or by mail: voter coercion. The point of supervised voting—i.e. voting in a controlled location, inside a private voting booth—is to ensure that no one can coerce the voter. If you vote by mail or over the Internet, it’s trivial for someone to pay you, or threaten your dog, if you don’t vote according to instructions.
And here’s where it gets really worrisome:
“You trust your money with the internet, and you won’t trust your vote? I don’t think so,” said Tarvi Martens, project manager for the country’s e-voting project.
The project manager said this? Compared voting to banking? That’s scary, because it betrays a fundamental misunderstanding of the voting threat model. In the banking world, you expect the bank to know exactly how much money you have, to maintain extensive audit logs of every minute detail. You keep no secrets from the bank. The central goal in an online banking application is to secure the pipe between you and the bank, and that’s it.
In an election, you expect your vote to be secret, even from the government running the election. In addition, once you’re done voting, you should be both confident that your vote counted correctly, yet unable to convince a potential coercer of how you voted. If banks had this same requirement, they would have to produce statements of your account that convince you, but somehow don’t convince your spouse, and they would have to do this without knowing your account balance.
If voting sounds hard, that’s because it is. Compared to banking, it requires a vastly different setting. To equate the two is a rookie mistake, and it is yet another sign of the erosion of the secret ballot.
(It looks like a few people are talking about “erosion of the secret ballot.” I used the term in my PhD thesis, and Ed Felten is using the same terminology. This is good, it’s an important topic that needs a name.)
Benlog 
Comments
8 responses to “On Voting, Banking, and Bad Analogies”
I run a blog on this topic called, No Vote By Mail.
http://www.novbm.com
A lot of us are worried about the move to close all the polls, eliminate the secret ballot, and move to a fully privatized voting system.
Regards,
Gentry
I run a blog on this topic called, No Vote By Mail.
http://www.novbm.com
A lot of us are worried about the move to close all the polls, eliminate the secret ballot, and move to a fully privatized voting system.
Regards,
Gentry
Consider this:
The voter gets his paper ballot, goes to the booth, marks a candidate on the ballot, then PHOTOGRAPHS the ballot with his CELLPHONE, then sends it as an MMS to a buyer, who VALIDATES the vote, then the seller checks his BANK BALANCE via the same CELLPHONE, exits the booth and slids the paper-ballot into a sealed box.
Voila! Internet voting.
Human nature is always more dangerous than technology and only the latter is improving. Isn’t monitoring a few servers easier than monitoring numerous election personnel? What if we put up webcams to monitor the servers, so that whoever in the world could see what is happening to them from setting them up to the actual counting? And I am not suggesting any of these systems should be privately owned.
Oh and of course there would be actual people looking it over too. OSCE said it hasn’t yet enough IT-skilled people.
Consider this:
The voter gets his paper ballot, goes to the booth, marks a candidate on the ballot, then PHOTOGRAPHS the ballot with his CELLPHONE, then sends it as an MMS to a buyer, who VALIDATES the vote, then the seller checks his BANK BALANCE via the same CELLPHONE, exits the booth and slids the paper-ballot into a sealed box.
Voila! Internet voting.
Human nature is always more dangerous than technology and only the latter is improving. Isn’t monitoring a few servers easier than monitoring numerous election personnel? What if we put up webcams to monitor the servers, so that whoever in the world could see what is happening to them from setting them up to the actual counting? And I am not suggesting any of these systems should be privately owned.
Oh and of course there would be actual people looking it over too. OSCE said it hasn’t yet enough IT-skilled people.
The cell phone camera problem is an issue for sure, though I think you’re not really seeing what I’m talking about. It’s not about watching the servers, it’s about watching all the clients. Maybe your spouse is looking over your shoulder as you vote. So yes, in fact, it is much easier to watch polling stations than it is to watch every single home.
The cell phone camera problem is an issue for sure, though I think you’re not really seeing what I’m talking about. It’s not about watching the servers, it’s about watching all the clients. Maybe your spouse is looking over your shoulder as you vote. So yes, in fact, it is much easier to watch polling stations than it is to watch every single home.
Buy viagra online….
Viagra lawyers. Viagra….
[…] online banking. In fact I’ve made many of the original arguments, in my dissertation and on this blog, shooting down the bogus arguments that go something like “hey, we can secure online banking, […]