If the Internet is magic, why can't we vote on it

Regular as clockwork -- just after an election which generated far too many stories of people waiting far too long to vote (and far too many local election officials saying that everything went fine and that there were no problems) -- come the calls for voting via the Internet. The press wonders if we are a third-world country, politicians posture and most security experts say "don't go there."

Some examples:

*A headline in The Washington Post was "Estonia gets to vote online. Why can't America?"

*New Jersey tells people they can vote via email.

*A famed Russian computer security expert is quoted by the BBC saying that "the lack of well-established online voting systems is a real threat to the democratic nations of the Western world" (because kids will not vote if they can't do it online).

MORE: Online voting: A challenge for the tech industry

Anyone who has not been comatose these past few years already knows why we don't vote over the Internet. Most vendors of electronic systems are generically incapable of producing secure ones. Just Google "voting machine security" for many examples, and if that is not enough try "SCADA security."

Most of the articles that ask why we are not doing Internet voting answer their own question. Estonia can do Internet voting because everyone has a government issued scannable ID -- the U.S. does not have such a thing. Apparently the voters in Estonia trust the government to not figure out who voted for whom -- I kinda doubt that the U.S. population would be so trusting of its governments.

An article in The New York Times on the topic of Internet voting quoted MIT's Ron Rivest, observing, "One of the main goals of the election is to produce credible evidence to the loser that he's really lost." A hackable system, as an electronic voting system would inevitably be, would not be able to produce such credible evidence.

I just watched the ending of the History Channel's overly dramatic but still very interesting "The Men Who Built America" series. One of the threads in the episodes shown last night concerned the 1896 U.S. presidential election between William Jennings Bryan and William McKinley. Bryan had spent a lot of time campaigning against monopoly businesses and the exploitation of workers. Among his targets were J.P. Morgan, John D. Rockefeller and Andrew Carnegie -- the main subjects of the series. Morgan, Rockefeller and Carnegie decided that they needed a president who was on their side, so proceeded to essentially buy the election for McKinley.

Buying a president took some work and money in those days. It would not take much of either to buy a president in an environment were we were using Internet voting equipment manufactured by the current set of vendors, who seem to have anti-clue when it comes to security, to select our president.

Fixing the far-too-long lines at some polls would be a good thing to do, but not at the expense of making it probable that some 13-year-old kid in Eastern Europe decides who gets elected.

Disclaimer: Many people at Harvard worry about the fairness of elections, but I have not heard that any of them have expressed an opinion on hackable elections, so the above view is mine.

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags BBCe-votingsecuritywashington postgovernmentindustry verticalsInternet votingLAN & WANevoting

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Scott Bradner

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place