• United States

E-voting not ready yet

Jan 28, 20032 mins

* Requirements for secure e-voting

There are security concerns with electronic voting, which has been proposed in a number of precincts in the U.S.

In general, e-voting systems can include any or all of the following functions, each requiring increasing degrees of security:

* Automatic reading and tallying of votes made on paper ballots.

* Accepting votes using electronic input devices such as electric pens, touch-screens, and keyboards.

* Remote voting at a distance.

E-voting systems need to include at least the following security characteristics:

1. Remote voting requires identification, authentication and authorization PLUS guarantees of complete privacy as well as measures to prevent fraudulent exclusion of valid voters and fraudulent acceptance of repeated votes by individuals.

2. Electronic data entry should include all the measures developed in the last 40 years of data processing to reduce the likelihood of user error; such measures include:

a) Feedback to the user to be sure that what was entered was what was recorded.

b) Error checking and alerts to prevent obvious blunders such as voting for two people for the same position if that is not permitted.

c) Provision of overrides so that voters can deliberately spoil their ballot if that’s what they want to do.

3. Fail-safe redundancy is required so that no single point of failure or even widespread denial-of-service attacks could wipe out voter’s intentions.

4. Cryptographically strong local and remote audit trails are needed to keep multiple independent records of all votes; such files could include checksums that are calculated using the preceding record’s checksum as input to the hashing algorithm (to reduce the ease of fraudulent tampering with the records).

One of the most serious questions raised about e-voting is independent of security: it’s the issue of equal access. Will widespread e-voting lead to increased disparity between the voting patterns of richer and poorer people among the electorate? Will e-voting be yet another example of what has been called the “digital divide?”

In the next article in this two-part sequence, I will look at some detailed analyses of e-voting with special attention to security.