Hackers To The Rescue? Professor J. Alex Halderman (second from right) and his merry band of hackers showed just how vulnerable online voting is to outside interference. According to Halderman, "it’s going to be decades, if ever, before we’re able to vote online securely".
THE JUNIOR WOODCHUCKS GUIDEBOOK was one of the
comic-book artist’s, Carl Barks’, most prescient gags. Whenever the hapless
Donald Duck’s adventures with his three nephews and his squillionaire Uncle
Scrooge went awry, it was to this extraordinarily handy little book that Huey,
Dewey and Louie – Woodchucks all – invariably turned. You’ve fallen from a
plane without a parachute? Need a quick course in basic Lizard? Want to know
how to lull a dragon to sleep? Then - quick! Consult The Junior Woodchuck
Guidebook!
For those of you wondering what a Junior Woodchuck might be:
they are Carl Barks’ gentle send-up of the American scouting movement. What
makes the master comic-book storyteller’s creation of The Junior Woodchucks Guidebook so prescient, however, is that in
2013, nearly 60 years after its first appearance in 1954, practically everyone
carries the equivalent of the Woodchucks’ Guidebook
in their pocket.
Our smartphones, with their connection to the Internet and
its vast, inexhaustible search-engines, can now transform us, just about
instantly, into experts on just about everything. Who needs The Junior
Woodchucks Guidebook when they’ve got “Google”?
This increasing reliance on the Internet and its wonders is
worrying. Carl Barks may have relied upon The
Junior Woodchucks Guidebook to get himself and his cartoon creations out of
innumerable tight spots, but we would be extremely unwise to do the same.
Writers, dramatists and comic-book storytellers are allowed
to bring in a deus ex machina to keep
the narrative moving along, but politicians and administrators have no such
licence. Though we might be forgiven for thinking otherwise, the conduct of
democratic elections is not the stuff of comic-books or classical Greek tragedies.
And yet we are subjected to constant claims from politicians,
challenged to “do something” about the declining participation-rate in national
and local government elections, that the solution lies “online”.
This is what the Mayor of New Zealand’s largest city, Len
Brown, told reporters on Saturday after being re-elected by barley a third of
Auckland’s eligible voters:
“We will do online voting next time, there is no doubt about
that. I think that maybe postal voting has had its day. People really don’t do
much in the way of sending mail anymore.”
Not a good idea, Len, as a moment’s consultation of your
electronic Junior Woodchucks Guide
would have told you.
According to the Professor of Computer Science specialising
in cyber-security at the University of Michigan, J. Alex Halderman, putting the
electoral process online would be extremely risky:
“In order to vote online safely, we’re going to have to
solve some of the hardest problems in computer security. How do you secure
servers against remote attackers? How do you secure people’s home computers
against spyware? How do you prevent people from being tricked into visiting the
wrong website and giving away their passwords? All of these things are subjects
of active research, but it’s probably going to be many, many years until we
solve them. That’s why I think it’s going to be decades, if ever, before we’re
able to vote online securely.”
And Professor Halderman knows what he’s talking about,
because three years ago he and three of his top computer science graduates
successfully (and perfectly legally) hacked into an online election pilot set
up by the District of Columbia’s Board of Education.
The Board, supremely confident that their online voting
system was secure, cockily challenged anyone who thought they could hack into
their software to go ahead and give it a try. Professor Halderman’s team more
than rose to the challenge. Not only did they successfully hack the Board’s system,
but they also made sure that the test election was “won” by “writing in” the
fictional robot anti-hero, Bender, from Fox-TV’s animated sci-fi series Futurama. (The runners-up were HAL from 2001 – A Space Odyssey and the Master
Control Programme from Tron.)
Those wishing to learn more about Professor Halderman’s
slam-dunk demonstration of the dangers of online voting should watch the YouTube
video – just search “Hacking the Washington DC Internet voting system”. I would
heartily recommend that Mayor Len Brown treat himself to repeated viewings.
And before all the computer geeks out there respond with the
example of Estonia: permit me to point out that the Estonian on-line voting
system relies upon the fact that every Estonian citizen is required to carry an
identity card bearing a unique identity number. Personally, I’m not so sure
that New Zealanders are ready for mandatory identification cards. Not after all
that passionate debate over the GCSB surveillance legislation. But, I could be
wrong.
The other problem with Estonia is this: if the Estonian
government decided to elect its own “Bender” – who would know?
Online voting, warns Professor Halderman, is no different
from any other system reliant upon computer software. (Novopay? WINZ? ACC?) “Small
mistakes” can lead to “huge problems.”
This essay was
originally published in The Press of Tuesday,
15 October 2013.
7 comments:
Agree Chris.
Electronic voting is massively open to fraud. And you may not even know it has happened.
Counting paper ballots is the safest, most open system yet devised.
I say this as a professional software engineer.
Just like the Corbold system used in Florida and we know what happened there!
I love the deflection - Oh people are apathetic, people don't use post, people are lazy. Have political types stopped for one second and thought that maybe people are smarter than they think.
I for one don't vote, because we don't have democracy - and I won't vote till we do.
But for Auckland and it's people the reforms to local government have been a fail. We let those minority mutters from ACT (Who really are looking like crocks and thieves) push the latest round of reforms.
Auckland does not work - my interests in the west are not those of the Shore, nor the East, nor Papakura - and Rodney can burn in hell for all it means for a Westy.
FAIL systems and corruption and anti-democratic forces all have gained the upper hand - and guess what - The people know. And what is left for them to do and say when politicians: lie, cheat and go back on there word.
Not vote - they did that in droves. We need democracy, real democracy not a shallow self interest shell.
Your not Mayor Len. No one is.
Well it would be fair to say, who would trust electronic voting given this Government track record ie the education wage debacle.
Yet, it does have its merits, given robust fail safe certainty, along with the traditional ballot box alternative, for those without the technological means.
Online voting is an invitation to the right-wing to vote fix. The Al Gore / George W Bush fiasco shows how low the right will go to win. The latest example is the Len Brown shenanigans. The right will stop at nothing and online voting will be seized by the right as an easy means to go even lower.
For the local body voting, I want an App that allows me to read through the candidate briefs then as I go tick/cross/maybe all candidates in all sections and maintains a running tally of the 3 categories. That way I can review and adjust my ticks much easier than on paper at present and come back to it 3 days later when I have more time. Then just hit Vote.
Multifactor authentication/verification must be able to resolve some of the worries. Txt back dual factor authentication plus some MAC and or IP Address/ISP provider checking as the vote is cast. If your vote doesn't fit that pattern from when you registered then sorry you'll have to post/booth it. Worried about the privacy of your ISP data, don't use the online system.
oh, excuse me, we have online banking, hello. It IS the way of the future ofcourse combined with your traditional school hall ballot paper and enhanced pre election day voting. Not everyone is going to be able to vote online.
Russell
Post a Comment