T-Systems Online Voting System: Mistakes and Revisions

The T-Systems Online Voting Project observed mistakes with its architecture of its 2001 voting protocol and has taken steps to revise it. The revision process asks us to consider how online voting systems can be improved to become more secure and democratic.

The 2001 T-Systems Protocol used different servers for online voting registration (called the Validator) and the online ballot box. According to researchers from T-Systems, an implication of this arbitrary divide was “redundant data management” and “inconsistency of communication problems.” But more importantly, we can analyze that the separation of servers tears the voter’s identity apart from the vote (the Validator knows the voter’s identity, but the ballot box does not). Consequently, hackers that tamper with the ballot box can distort votes and election commissioners will have no way to verify where the votes came from; a further implication is that it is virtually impossible to recover voting data in case of attacks. Remarkably, T-Systems evaluated the shortcomings of its voting system and decided to take steps to improve it.

Learning that separation between voter identity and and votes was not feasibly secure, T-Systems opted for a more centralized database called The Bulletin Board. According to T-Systems:

“The Bulletin Board:

· is a consistent data base for all participants

· plays an absolutely passive role and is not able to communicate with the other players.

· It has the function as a placard, because after the election the public has the possibility to check if certain votes are counted and if they are counted in a correct manner.”

Although the addition of the Bulletin Board cannot fully eliminate threats from hackers, its role as a centralized database allows for efficient and complete recovery of voting information. However, we can evaluate that an obvious security oversight is that the Bulletin Board lacks a way to determine when attacks have occurred on its system; election officials will have to constantly check for consistency between voter identity and ballot box information, both of which are contained in the Bulletin Board.

Moreover, the Bulletin Board’s use as a placard imbues the system with a strong sense of vertical accountability since citizens can verify if their votes are actually counted. Because vertical accountability is essential for ensuring that governments adhere to the will of the public, the Bulletin Board is breakthrough technology that strengthens the potential link between online voting and democratic procedure. However, the greater lesson manifested in T-System's production of the Bulletin Board is that it both reflected on its mistakes and took innovative measures to rectify them.

Works Cited:

Diehl, Klaus. Weddeling, Sonia."New Developments in the Voting System and Consequently Implemented Improvements in the Representation of Legal Principles." Online Voting Project. T-Systems. August 2006.

Fairness and Security?: Online Voting in Arizona

During the 2008 General Election, the Arizona Department of State opened the option for voting online (election commissioning is a subset of each state’s state department as opposed to a federal responsibility). Despite the Pentagon’s decision to abandon its online voting system for military personnel, the Arizona Department of State became the first state to offer Internet voting in a general election to overseas and civilian families. This poses the question of whether or not individual states ought to possess the power to allow their constituents to use online voting systems in a national election when a) citizens in other states are not permitted to do so and b) when the federal government has not verified the security of the state’s voting system.

Is it fair for citizens of one state to have access to online voting in a national election while those others do not? On one hand, Arizona’s implementation of an online voting system sets a precedent for other states to make voting more accessible for military personnel. Because military personnel are risking their lives under the orders of the executive branch, should they not be entitled to decide on the leaders responsible for those orders? On the other hand, allowing military personnel and overseas citizens from one state to have access to online voting is not considered by the electoral differences between states. That is, even though the Arizona State Department provided overseas citizens and military personnel with voting access and thereby expanding its voting base, the federal government never increased Arizona’s number of electoral votes.

If large security concerns regarding online voting exist, should an individual state be allowed to use an online voting system in a national election while others are not? After all, security lapses will not simply affect votes in Arizona, but in a close general election fraudulent activity could potentially tip the vote in one direction or another. Moreover, because “national news does not cover a lot about what is happening at the state level regarding voting,” there are only few media watchdogs that can scrutinize any irregularities and fraudulent activities in state-run online voting procedures. However, the Arizona Department of State tried to check security issues in a way that even questions whether or not Arizona’s conception of online voting should actually be considered online voting. According to Kevin Poulsen from WIRED,

“In the Arizona system, voters could request an early ballot through a Secretary of State website, and receive it though snail mail. If there’s no time for the postal service, though, the voter gets a PDF of the ballot in e-mail. This is where it gets a little clunky. You can’t fill out the ballot on your computer — you have to print it out, then use your scanner to scan the completed and signed ballot back onto your PC. Then you upload the scanned ballot to the aforementioned “secured system” (it uses SSL).”

Because Arizona’s online voting system is a hybrid of internet and paper use, it is questionable to actually refer to Arizona’s voting system as true internet voting. Poulsen describes how, “Stender, and director of elections Amy Bjelland, said the system wasn’t true internet voting, because you couldn’t just go to a website and click on some radio boxes to choose the next president.” Regardless of what we call the voting system, the fact that it included an online aspect brings into question whether or not the Arizona Department of State can securely implement its voting procedure. Though voters’ handwriting on the PDF provides the department with a way to identify individual voters, there is no solution for the chance that malacious hackers write “a bot that infects unpatched PCs en masse, watches for interactions with the voting website, then changes the votes in the PDF to whatever the malware writer wants.” Consequently, Arizona’s combination of absentee-style paper ballots and online voting serves as a potential way to decrease hacking in online voting, but not to prevent it from occurring on a categorical level.

Works Cited:
Poulsen, Kevin. "Is Internet Voting Safe? Vote Here." Wired. 04 June 09. Accessed 19 October 2009. http://www.wired.com/threatlevel/2009/06/cfp-evote/

The Case of Estonia: The First Country to Use Online Voting for a National Election

A nation striving to diverge from its Soviet past, Estonia allowed online voting for its 2005 local elections and its 2007 Parliamentary Elections. According to John Bordland,

“With his online vote for parliament, the entrepreneur helped make a bit of elections history. This small Baltic country is in the midst of its first -- and the world's first -- national election featuring internet balloting open to all voters”

The real-world implementation of a revolutionary voting medium on a national scale asks us to question whether or not the system is actually consistent with democratic procedure; if a voting system does not accurately account for the will of the people through poor implementation (e.g. security lapses), then it fails to be democratic.

Even prior to the election, computer scientists in more developed countries such as the United States have shown skepticism toward Estonia’s plan to implement online voting. Bordland describes,

“Critics worry that voting systems using ordinary Windows PCs and the open internet could be hacked by unscrupulous outsiders, or subverted insiders. A high-profile United States Defense Department system called SERVE, or Secure Electronic Registration and Voting Experiment, aimed at allowing overseas military personnel to vote was canceled after a 2004 review by computer security experts said it presented an easy target for hackers. Those same concerns apply to Estonia's system, some security experts warn.”

The online voting system, though intended to make voting more accessible for the general public, may just be a little too "accessible." If malicious stakeholders such as power-hungry politicians, special interest groups, and exploitative nations who find it beneficial to rig elections in favor of one candidate or another for economic or national security reasons hack the online voting system, could Estonia justifiably claim that its elections represent the will of the people? If current technology is so susceptible to attack, how can Estonia justifiably rely on it? According to the Estonian National Electoral Committee,

“Besides the main functional tasks the iVote system management is largely focused on the security. The system is only online during ballots and the secrecy of votes is guaranteed by advanced encryption technologies as well as by special operational means…The results of the study concerning the parliamentary elections in March 2007 will be available later this year.”

The National Electoral Committee’s “guarantee” of the secrecy of votes and vague “special operational means” seems mind-boggling, considering that the committee simultaneously admits that the results of its parliamentary elections are not even available; the parliamentary election occurred in 2007 and a legitimate evaluation of the election’s security lapses has not been publically released yet. How can the Estonian government justifiably guarantee the security of online voting when the 2007 election was the very first time any government has ever implemented the voting procedure? Can a government that claims that the implementation of its voting procedure was “successful” without making the security issues of its election transparent to its constituents be trusted with online voting?

Works Cited:

Bordland, John. "Online Voting Clicks in Estonia." Politics: Security. 2 March 07. WIRED. 11 October 09. http://www.wired.com/politics/security/news/2007/03/72846.

Maaten Epp (Estonian National Electoral Committee Vice Chair). "Internet Voting in Estonia." 01 July 2009. National Electoral Committee. http://www.epractice.eu/en/cases/ivote.

Analysis of Online Voting in Halifax's 2009 Municipality Council Election

On September 28th, 2009, Halifax, Nova Scotia implemented online voting as a voting medium (in addition to telephone voting, paper ballots, or electronic voting at the polls). Although Dean Smith, the President of Intelivote Systems, does not shed light on security concerns regarding online voting in his news article "Online Voting Results in Record Number of Voters Participating in Halifax By Election," he attempts to elucidate that online voting can have a positive effect on access to the democratic process.

First, Smith argues that online voting is the most popular form of electronic voting that Halifax has currently implemented. His conclusion is evidenced by his statement, "Of voters who cast their ballot electronically, approximately 80% voted using the web and 20% used their cell or regular telephone to select the candidate of their choice." However, there are a few critical concerns regarding the presentation and acccuracy of the statistical evidence Smith provides. How did Halifax prevent its individual constituents from voting multiple times? Did Halifax ensure that online voters were over the legal voting age?

Second, Smith argues that online voting opens access to democratic procedure by providing exceptional conveniency to certain demographics of voters: "When you have thousands of voters who are comfortable using electronic voting and an event like this runs without any electoral concerns or incidents at all, and it affords disabled voters, military personnel, and students away at school an opportunity to cast their ballot; I'd say that's a very positive step for democracy." The accessibility provided by online voting poses two imperative questions regarding the democratic values and security of online voting. First, is it truly democratic to increase voting accessibility for certain groups (e.g. military personnel, disabled voters, and students) and not others (e.g. people in lower socioeconomic brackets who cannot afford computers, minority groups, senior citizens, etc.)? Second, Smith assumes that online voting "runs without any electoral concerns or incidents at all," but what steps did Halifax take in order to ensure that viruses, malware, and hackers could not interfere with online voting procedure?

Although Smith successfully demonstrates that online voting is both popular (statistically) and accessible among certain demographics (e.g. military personnel, senior citizens, and students), he fails to answer or consider central questions regarding the democratic nature and security of online voting procedure. Without answering these questions, how can citizens be confident that their votes count?










Citations:

Smith, Dean. "Online Voting Results in Record Number of Voters Participating in Halifax By Election." Market Wire. 28 September 2009. Intelivote Systems Inc. 4 October 2009.
http://www.marketwire.com/press-release/Intelivote-Systems-Inc-1050995.html