Well, it’s been an interesting election on that account… People waiting for the computer to boot after a major crash ( 2h… now that’s what I call a loooooong boot process. And to think I get cranky if it takes more than 10 minutes (including the disk check)… ), lost votes (as if you could get 0 votes in an election… I guess some people are so altruistic that they don’t even vote for themselves), etc…
To get a roundup on the topic, take a look at Bruce Schneier’s Crypto-Gram. He explains in great details what went wrong, sometimes why, and advances a couple of solutions from the security point-of-view. Highlights include:
Last week in Florida’s 13th Congressional district, the victory margin was only 386 votes out of 153,000. There’ll be a mandatory lawyered-up recount, but it won’t include the almost 18,000 votes that seem to have disappeared. The electronic voting machines didn’t include them in their final tallies, and there’s no backup to use for the recount. The district will pick a winner to send to Washington, but it won’t be because they are sure the majority voted for him. Maybe the majority did, and maybe it didn’t. There’s no way to know.
I guess democracy is great, but fast is the key here : people want fast results, fast votes, fast everything. In my opinion, some things can’t or shouldn’t be rushed. I want to be sure, sometimes.
Just like every computer “power user” (whatever that might be… I choose to think it means someone who uses a computer, and understands at least broadly how it works), Bruce Schneier wants to go back to paper. Why in the world would someone who relies daily on computers (such as he, or myself) wouldn’t trust the electronic critters?
A stack of paper is harder to tamper with than a number in a computer’s memory. Voters can see their vote on paper, regardless of what goes on inside the computer. And most important, everyone understands paper. We get into hassles over our cell phone bills and credit card mischarges, but when was the last time you had a problem with a $20 bill? We know how to count paper. Banks count it all the time. Both Canada and the U.K. count paper ballots with no problems, as do the Swiss. We can do it, too. In today’s world of computer crashes, worms and hackers, a low-tech solution is the most secure.
That’s right. Paper is verifiable. Computers are very good for personal security, because they can obfuscate data very efficiently (think PGP or GnuPG). If the data is altered or the key is lost, there’s only a small amount of loosers, the people who were supposed to get the data. The sender can retry again later, and all is lost is some time. Here, we are talking about security in a broader sense. We don’t want privacy, we want certainties.
Yes, I know, there are some programs that generate a signature, to authenticate a document, or an email. That way, the recipient can open it and say “yes, I’m sure this has been signed using his private key”. However, voting is not like sending a secure message. First, there has to be a trace that this is you voting. If you could give a unique key and impossible-to-find password for the key to each and every voter, do you really think it would be fair to assume that everyone is skilled enough to understand cryptography, rich enough to have a personal computer, have a good enough memory to remember his/her password, and trust him not to share it? I thought so…
Second, the vote is anonymous. That is the case to prevent anyone from pressurizing you into voting for their candidate of choice. With a private key, you loose anonymity. It is secure, but doesn’t fit the goal either.
So, we go around and around, and we always find that the easiest way really is to get the voters down to the polls. Anonymity can be provided easily enough there. As for verifiability, voters have to be able to check things out, and officials have to be able to count accurately the votes. Paper it is then.
By the way, I know French are not fashionable everywhere these days, but we do paper as well as the British, Canadian, and Swiss ;)