Security management Toolkit

Online voting can't be trusted on standard PCs

Tags:
E-voting

John Pescatore and Christopher H. Baum Gartner

Published: 08 Mar 2004 12:35 GMT

Temporary solutions
Online voting can be done using several methods that involve various degrees of cost and intrusion into voters' PCs to ensure security (see Note 1 for examples of online voting pilot programmes).

Smart cards -- Voters are issued smart cards that can execute voting software on the card, as well as store identification information. Voters must be given smart-card readers or use alternative approaches, such as Universal Serial Bus connections.
"Scan and block" -- Online voting systems download an applet to the voter's PC that scans the PC for known or suspected hostile software. This approach won't detect all forms of hostile software and is subject to many forms of attack (see "Scan, Block and Quarantine to Survive Worm Attacks").
"Portable sandboxes" -- Online voting systems require the voter to download a voting application to his or her PC that implements a virtual secure operating environment ("sandbox"). This limits most forms of attack, but leaves openings for sniffer software that could monitor keyboard input.
"Precinct in a box" -- As a compromise to totally remote voting, inexpensive commercial off-the-shelf machines could be hardened and distributed in secured locations. Ballots for appropriate jurisdictions are securely transmitted to the machines, and voters retrieve only the ballot for their districts of record. This method is particularly suited to military users -- a PC in a US military compound in Baghdad could record ballots for voters from Portland, Maine, to Portland, Oregon. The votes are then securely transmitted and distributed to the appropriate jurisdictions.

The limitations of the standard Windows-based PC platform that have made it impossible to prevent software, music and video piracy, also make it impossible to provide the high level of security required for online voting.

Open review
A more general requirement for voting systems is transparency and trust. Voters must believe that the government running the election system can't sway its results. Physical voting systems have poll-station monitors, proctors and citizen involvement during elections, which gain such trust. Online voting systems will use technology that is opaque to voters. Expert review and source code escrow must be enforced to ensure that voting results are not compromised by voting system manufacturers, election officials or others.

The open-source review of online voting systems should be mandatory to provide the transparency necessary to avoid vote-rigging claims. Although few ordinary citizens have the expertise to review source code meaningfully, privacy and activist groups could sponsor such testing. Many security consultancies will do it for free. Open review will increase trust in the online voting system and quickly ensure its security.

Key issues
What are the most-effective technologies and best practices to protect networks, systems, applications and data?

What technologies may expose enterprise IT systems and data to damaging security breaches?