This post first appeared on the Ferenstein Wire, a syndicated news service; it has been edited. For inquires, please email author and publisher Gregory Ferenstein.
A team of British and American researchers have developed a hacker resistant process for online voting (PDF) called Du-Vote. The technique could theoretically allow citizens to securely cast online ballots in public elections, even if their computer is infected with malicious software.
The development is be a significant step forward for the prospect of secure online voting, one of those ideas that seems like a no-brainer until you start thinking about how to ensure that the system couldn’t be tampered with. (Say what you like about paper ballots, at least they can be recounted.)
The specific method used by Du-Vote, however, is clearly a first-generation prototype that’s cumbersome and thus possibly not well suited for general use.
How To Get Out The Du-Vote
Du-Vote, which stands for “Devices that are Untrusted used to VOTE,” relies on dividing knowledge of a citizen’s votes between multiple devices, each with its own unique security. Election authorities would run a voting website containing the names of candidates, and would distribute a hardware token—in this case, a pin-pad device that never connects to the Internet—to voters. The token would contain a list of secret digits associated with each candidate name.
To vote for a particular candidate, a user would go to the website. Instead of just punching a button for a candidate, though, the voter would input a secret code from the Du-Vote token. Even if a hacker completely controlled a citizen’s computer and could change the name of a candidate entered on a website unbeknownst to the user, the malicious software wouldn’t know which digits to enter.
“In simple terms, the credit card sized device helps to divide the security sensitive tasks between your computer and the device in a way that neither your computer nor the device learns how you voted,” research team member Gurchetan Grewal told me via email.
What If A Hacker Controls The Token?
The Du-Vote is protective against a variety of nightmare scenarios, including if hackers manage to infiltrate both the Du-Vote token and a user’s computer.
The process includes a 100% hacker-proof technique: a coin flip. On the voting website, citizens are given two columns of random digits to choose from and asked to flip a coin, which decides which column of digits they enter into the DuVote token. For instance, if a coin flips heads and the citizen wants to elect Alice, she inputs all of the digits in column A into the DuVote and just top right cell of Column B “7970” (and vice-verse if it lands tails).
If a hacker managed to control the computer and the DuVote token, the malicious software still wouldn’t know the outcome of the coin flip and could end up guessing the wrong column. “That will cause the vote to be rejected,” explained co-author Mark Ryan. So, the vote gets rejected and it could alert authorities to tampering.
And Now Some Challenges
You can already imagine some of the problems that might result from trying to enact Du-Vote in, say, the U.S. For starters, you have to figure out how to send every registered voter a secure voting token. That’s no easy project in a population as large, diverse and geographically dispersed as in the U.S.
Then you’d need a process for handling cases where people lose or misplace their tokens. And for reporting tokens lost so they’re not misappropriated.
Finally, you’d have to have faith that people would be willing to enter strings of numbers into both a handheld token and the online electoral website. Not to mention the fact that the system’s security also depends on voters’ willingness to flip a coin and take action based on the result. If in practice most people just entered the “column A” digits out of habit, that would undermine the system’s reliability.
There are already a few countries with online voting, most notably Estonia. But Estonia has a national ID system that allows the federal government to regularly correspond with its citizens on a variety of sensitive issues. Americans are hesitant to adopt a federal national ID, making secure government interaction more difficult.
Short of adopting a national ID, the DuVote could be an alternative, and bring us one step closer to online voting.
Lead photo courtesy of Shutterstock