Internet Voting Technology Makes Bid for the Big Time
Just about every governmental and scientific body that has studied online voting, from the California secretary of state to the National Science Foundation, concluded that casting ballots from home and office computers is a prospect riddled with profound security risks inherent in the Internet's essential architecture. "Don't try this at home!" the experts seem to be telling us.
Research continues, however, and a handful of private companies are developing commercial Internet voting technology. Businesses, private groups (including ICANN, the Internet domain-naming organization) and foreign governments (i.e. Sweden) have conducted online elections. And while most of the studies warn readers off home computer voting, they also encourage experimentation in online canvassing from polling places and secured kiosks.
In January, VoteHere, Inc., of Bellevue, Wash., became the first all software, PC-based election system to meet Federal Election Commission standards. A polling place system developed by VoteHere, which partners with Compaq, Cisco Systems and Entrust Technologies, passed independent tests set up by the National Association of State Election Directors (NASED) on the FEC's behalf.
The certification opens the door to public U.S. elections going online as soon as the coming fall, says Eric Peterson, VoteHere's director of strategic technology.
"The existing computer systems are one-off equipment just used for the purpose of voting, whereas our software will run on PCs, tablets, laptops and other platforms," he says.
"We found adding another device like a mouse adds another piece of complexity, and some people are not all that familiar about how to use a mouse," Peterson says.
At any point, the voter can go back and change a selection. At the end, a summary screen shows the voter his ballot, and allows him to make corrections. The system will not allow the voter to choose more than one candidate for a single office, but he can leave ballot slots blank. When the voter is finished, he hits the Cast Ballot button and his results are conveyed to a server. At a second polling place station, the voter plugs in his smart card and is issued a receipt.
"The receipt tells the time you voted, not how you voted," he says. "Most jurisdictions feel the need to have something on hand, because you're voting electronically, that says, 'Yes, I voted.' "
The results are tabulated at the polling sites and burned to CDs, which are transported to the Registrar's office for a final, aggregated count.
The challenge with Internet voting is devising a secret ballot that is also secure. Anonymity is essential to prevent vote-buying and coercion; but officials must know that a voter is properly registered, and casts only one ballot, and that the ballot arrives without alterations.
VoteHere's security system is based on encryption, mathematically based coding that is the modern-day equivalent of sealing an envelope with wax imprinted with the image of the king's ring, Peterson says.
"Essentially there is only one of these rings in the world, and you can tell if the wax seal has been disturbed…What encryption does for us is gives us the ability to look at data we got off the Internet to prove it is unmodified since it was filed by the voter," Peterson says. To ensure public confidence, election results must be open to audit, Peterson adds.
"At the end we put out an election transcript and all the digital credentials so people can verify the results," he says. "The trick is, if all we did was publish ballots and digital credentials we could end up giving away who voted for whom."
To prevent this, VoteHere's encryption stems from a mathematical shuffling concept known as mix nets. (Mix nets were first introduced as a possible voting security solution by Internet pioneer David Chaum, but VoteHere's "specific approaches, algorithms and solutions are completely different from those suggested by David," Peterson says.)
The idea can best be explained by analogy. A ballot reading "yes" is passed to a person who changes it to read "1-2-2." A third person changes the ballot to read "4-5-6," and so on. Each change in the shuffle chain is assigned randomly. Underneath, the ballot still reads "yes."
Cryptographic mathematical proofs show the underlying data didn't change. "You have the voting box of encrypted ballots, and we electronically pass them off to different election officials, the League of Women Voters, outside observers, as many people as you want," Peterson says. "Even if all the people in the shuffle chain colluded, they couldn't change the results and go undetected."
VoteHere's advantage over optical-scan balloting, Peterson says, is that election results come in much quicker, and there are no per-ballot printing costs. And since the system runs on a standard PC platform, an election jurisdiction will save on hardware outlays.
VoteHere is prepared for a nationwide rollout, and expects the company's technology to be in use as soon as the fall 2002 elections.
"What our system does is increases everybody's ability to believe in the results," Peterson comments. "Once you can prove the ballot wasn't modified, you're not a long ways from taking how the ballot was delivered out of the equation."
|†||This site is maintained by the Digital Government Research Center at the University of Southern California's Information Sciences Institute.||" CONTACT " POLICIES||†|