Online voting: the ultimate hackers’ challenge
TheStar.com – Opinion/commentary – What happens when cynical voters give their authentication and authorization information to everyone who asks?
Aug 01 2013. By: Bob Delaney
“Be careful what you wish for, because you just might get it.” So goes the famous quote. Without very careful study, you might get the wish of Internet voting — and live to regret it.
Your birth certificate and passport are “foundation” documents. You have to show up to get them. You have to show up to get married, and you should have to show up to cast a ballot, both “foundation” activities. Internet voting advocates assume away the large risks — and certainty of abuse — of online voting, not to mention the difficulty and expense of developing the system.
There is no audit trail in an online vote. Physical ballot boxes are sealed in the presence of human witnesses. The individual ballots can be recounted to determine by sight the voter’s intention. The sheer number of human beings physically watching voters makes the integrity of the ballot box difficult to breach, though people try to cheat in every election.
Online voting would be used just once every four years. There is no opportunity to properly debug the system when it goes awry on election day, or between elections, or stress-test the system to determine if it stands up to the server traffic. Enersource’s web servers went down during the July rain storm power outage in the GTA. People got their information from Facebook and Twitter.
Hackers thrive in the years of dark time between scheduled elections. Proponents of online voting point to the ubiquitous use of online banking and other daily Internet transactions. The critical difference is that those other systems are used, debugged, watched and stress-tested each and every day by scores of experts who know them inside out.
Gaining access to the software’s root directory enables a hacker to control the system on election day, and corrupt the outcome. By the time voters see the damage, it is too late.
If a person votes in person and, at about the same time, votes online, the latency of removing that person from the eligible voters list almost certainly means both votes will count. Can software used just once every 1,470 days anticipate that problem? If Mr. and Mrs. Ontario show up at the polls, are told by the returning officer that they’ve already voted online, and kick up a fuss, they will be allowed to vote in person. Both votes will count, including the online ballots perhaps cast by a hacker with their authentication and authorization data.
Online votes instantly become a negotiable commodity. What are a voter’s user ID and password worth? A beer? Ten or twenty bucks? At work, out-of-town on business, or on vacation on election day? Provide your information to your favourite party, and they’ll ensure you vote. For them, of course. What happens when cynical voters give their authentication and authorization information to everyone who asks? When mass rallies or TV infomercials, after pressure-packed propaganda, exhort voters to take out their phones or tablets, and vote online, there is no fact-checking or sober second thought.
At stake is not somebody’s savings account, what classes they take, or how they use their affinity points. Cheating in online voting in Ontario would mean getting hold of the levers of a $125-billion budget, and making decisions that govern 13 million people. With present-day election turnout of half the eligible voters, the theoretical turnout may be 150 per cent, assuming the system is manipulated so that every eligible Ontarian votes online, whether each voter actually cast an online ballot or not. If, on election day, a party that has never elected a single member in Ontario election history forms a strong majority government based on a voter turnout of 115 per cent of the electorate, then what?
I once asked the VP then in charge of Microsoft Windows development, which then employed 7,000 full-time people, how they made on-time decisions to keep product development moving forward. “Decisions,” he said, “are made by people who show up.”
I have pushed the Ontario Legislature hard to use information technology in more areas, and use it better. As an MPP, I raise serious issues about the potential for abuse, and about the integrity of online voting. My advice to Elections Ontario head Greg Essensa when we met was simple: don’t do it! The great risks far outweigh the few perceived benefits. Mine is not a video game democracy. Democratic decisions in Ontario should continue to be made by people who show up. Voting is a foundation activity.
Bob Delaney is the Member of Provincial Parliament for the riding of Mississauga-Streetsville. He is a member of the Ontario Liberal Party.
< http://www.thestar.com/opinion/commentary/2013/08/01/online_voting_the_ultimate_hackers_challenge.html >
Tags: crime prevention, participation, rights
This entry was posted on Thursday, August 1st, 2013 at 10:54 am and is filed under Governance Delivery System. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.
3 Responses to “Online voting: the ultimate hackers’ challenge”
|
Leave a Reply
Recent Comments
Call of Duty 4: Modern Warfare will definitely shake loose your fillings and have you
begging for more. Now go get yourself a copy of GTA V and get into some police chases.
Car prices go up and down faster than you can imagine.
After reading Bob Delaney’s article “Online voting: the ultimate hackers’ challenge”, I found myself questioning which side I more strongly agreed with. After a few minutes of contemplation, I am confident to state that I both agree, and disagree with Delaney’s viewpoints.
On the one hand I feel as though Delaney makes a strong argument in stating that online voting could be extremely hazardous, not only for the election itself, but also for the public at large. People are very uneasy with the idea of their personal and private information being readily accessible, which is understandable; I am one of those people. I also believe that voting online may even be a tad inappropriate for such an important political event. Voting has been an event where one is expected to physically show up to his/her designated poll to cast their vote privately. There is of course the possible threat of the electronic system being hacked, which in turn would cause either an unfair vote, or could cause a disturbance within the public because of the availability of personal and private information being taken.
However, on the other hand, conducting an election using electronics such as computers, Ipad’s and so forth, would allow populations who are unfortunately confined to their homes, or who are physically unable to “show up” to cast a ballot at a poll due to unforeseen circumstances, and who would otherwise be unable to participate, would now be given an opportunity to make his/her voice heard. Although the idea of anonymity is widely acknowledged when it comes to voting, being able to support populations who are physically unable to attend a designated poll, would, in my opinion benefit the overall election. As a future social worker, I feel that it is not only my duty, but also my responsibility to promote ways in which everyone can exercise their right to vote!
I firmly agree with Bob Delaney on this issue of online voting. It is a serious risk to the citizens of our country when there is potentially no security as to how the votes can be manipulated when the parties who have the most money and can hire the most proficient hackers to help rack up votes. The title says it all “Online Voting: the ultimate hackers’ challenge”, like the article stated, this software that will be used every 1, 470 days is going to have some large loops holes in which even the not so skillful hackers’ have a fighting chance of manipulating. I just feel like there is no way to trust this method of voting.
Although I know this method would definitely improve the attendance of voters, especially the younger generations where everything is electronic, it may suffer because the majority of elderly citizens who are not technology savvy are not going to conform now. Another point I would to expand on is Canada’s voting system was based upon anonymity, with a user ID and password there will always be a trail of where the vote came from; whether it be from a computer at home, or at a local library there will always be a way to track it down. As much as I would like to trust society in not hacking into this system and it being a very successful idea, I can’t; as the saying goes “locks are for honest people”.