Voting, Computers and the Future of Cybersecurity, November 9, 2012
Our Current Voting System is Broken.
Voting can be tedious. Between the “shade in the bubble” process, physical presence, and now, unforeseen natural disasters, actually getting out the vote can be difficult. Voting for a president is one of our greatest rights as American citizens. Today literally millions of us are excluded for the voting process for various reasons— some of course by choice. And while it is time for a change, the technology (or more accurately, the security) is not there yet.
If our intention is to enable more Americans to participate in elections, then the process needs to be quick, convenient and digitized. If we can do our banking online (even from our cell phones), store gigabytes of personal data online, and even conduct multibillion dollar deals online, why are we still voting in person or by using the postal service? The system is antiquated. Computer scientists, cybersecurity specialists, entrepreneurs and innovators need to continue to work together to improve computer and internet security, because we’re definitely not there yet.
Email Voting Begins…
This year we were faced with a natural disaster that prevented hundreds of thousand of people from getting to the polls. The Governor of New Jersey, Chris Christie, made the decision to allow registered voters displaced by Hurricane Sandy to vote electronically— i.e. by email. In a November 3rd statement from the New Jersey State government website, Lieutenant Governor Kim Guadagno is quoted saying:
“This has been an extraordinary storm that has created unthinkable destruction across our state and we know many people have questions about how and where to cast their vote in Tuesday’s election. To help alleviate pressure on polling places, we encourage voters to either use electronic voting or the extended hours at county offices to cast their vote…”
Not quite. Here’s the process:
While on the surface this seems like a tremendous step forward in voting technology, the process is not so simple.
“To vote electronically, displaced voters may submit a mail-in ballot application either by e-mail or fax to their county clerk. Once an application is approved, the clerk will electronically send a ballot to the voter by either fax or e-mail in accordance to the voter’s preference. Voters must return their electronic ballot – by fax or email – no later than November 6, 2012, at 8 p.m.”
…oh, and they forgot to mention the “Waiver of Secrecy” form which also needed to be returned by 8pm on Election day. More recent updates also necessitate that the online voter also send a physical ballot in for verification by Friday…after the election is over…
The voter needs a bunch of things at her disposal in order for this to work: a computer or fax machine, mailbox (or transportation to a public one), printer and quite a bit of time. Not easy if your house is gone, you have kids to take care of and you don’t have a computer or fax machine. While the effort was definitely a step in the right direction—and a decent test for the possibility of E-voting in the future, it was rushed and not sufficient. Countless Americans may have still been blocked from fulfilling their constitutional right to vote.
Why Email, Text or Online Voting Won’t Happen For a Long Time
The problem is that of security…hackers. Minor vulnerabilities in various stages of internet and computer security have major consequences on our ability to protect sensitive data and secure the online voting process (whether through a website, email or text message). Virtually any computer, company or server is vulnerable to cyber attack. Most big, “secure” companies (including banks, government even cybersecurity agencies!) have, or likely soon will be hacked. This is a serious issue. Even the Pentagon is not immune. Online spies have hacked top secret information from the Pentagon’s $300 billion Joint Strike Fighter Project, and even implanted bugs in American drones.
Professor J. Alex Halderman, a computer scientist at the University of Michigan, writes in the Freedom To Tinker Blog about Attacking the Washington, D.C. Internet Voting System Pilot in 2010:
“The specific vulnerability that we exploited is simple to fix, but it will be vastly more difficult to make the system secure. We’ve found a number of other problems in the system, and everything we’ve seen suggests that the design is brittle: one small mistake can completely compromise its security.”
A forum on E-Voting was held at Princeton University where panelists discussed the risks and opportunities associated with e-voting for more than three hours. The primary concern for all parties was security. The consensus? We’re definitely not there yet.
How to Address The Security Problem
“Everything should be made as simple as possible, but no simpler.” ~ Albert Einstein
Unfortunately, we need to reinvent the computer. Peter G. Neumann, a renowned 80-year-old computer scientist at SRI International, reasons that the only viable solution to the computer security crisis is to study all previous research, hand pick the best ideas and systems, and then rebuild something completely new from the ground up.
Is the reinvention of the computer, programing and the internet as we know it going to happen in this lifetime? Probably not. Is it possible? We should hope so.
Right now we need:
- To promote open sharing of cyber vulnerabilities and emerging protective measures for our computers and servers.
- Provide authority to the National Cybersecurity Center to identify and mitigate cyber weaknesses specifically when attacks could result in gross loss of information, money or life.
- Build public-private partnerships and address these issues together
- To ensure that our own personal computers are as secure as possible. The folks at MIT have some good tips, or How to Device Passwords That Drive Hackers Away.
In the long term we need:
- New programming languages
- New security measures
- New innovative systems separating servers from computers from the internet
- Shape-shifting code
- Bold, scientific creativity
- More brilliant programmers working relentlessly on security
- Vigilance; Security is an on-going battle between computer engineers and those looking to capitalize on weak systems.
The consequences of maintaining both our antiquated system of in-person voting, and our current method of writing code using computers, and casually throwing personal data across the internet are serious. Security is at the heart of these issues— your security! This is your finances, personal information and data, emails, pictures, work documents and so much more at risk. Voting is just one more example of an outdated and broken system. The real issue is one of computer and internet security.
Thanks for reading!
Peter Walters & The SendHub Team