Menu
Why internet voting is a terrible idea |
There are some things the internet is good for: cute animal videos, email (despite the spam), buying things that are smaller than a breadbox, even keeping up with the day-to-day doings of relatives, friends, and absolute strangers (beats working).
Then there are those things the internet is not good for. Voting, for example. It isn’t much of a stretch to say not everything is better online. The main reason: Every network can be hacked, and almost certainly will be hacked, if it hasn’t been hacked already. If there’s some information or resource that’s too important to be stolen and/or leaked, it has to be kept off the internet. No exceptions. That goes double for voting records, which we’re finding are increasingly vulnerable. An August 29, 2016, article by Politico’s Cory Bennett and Eric Geller describes an alert issued by the FBI to state election offices about hack attacks on their systems. The alert follows breaches detected in the voting systems controlled by the states of Arizona and Illinois. The break-ins are said to be the work of “foreign actors.” Bennett and Geller cite several security experts who point the finger at Russia, which they claim is attempting to influence the upcoming Presidential election. Hackers who break into election records could alter the information to prevent eligible voters from exercising their franchise. Any vulnerability in the voting systems could give credence to claims that the election is rigged. Both of the affected states responded to the attack by taking their voter databases offline. That’s where the records should have been in the first place. The same goes for tax records, Social Security accounts, and other sensitive government information that is too valuable to be put at risk. No such thing as a hack-proof network You can use the Electronic Frontier Foundation’s Privacy Badger and other free security tools until you’re blue in the face and still not be immune to having your personal information stolen online. (I wrote about three other essential browser security add-ons in the September 9, 2014, Weekly: Sandboxie, AdBlock Plus, and Web of Trust.) The last thing in the world the intelligence community wants is hack-proof networks. Ars Technica’s Dan Goodin explains in an August 19, 2016, article how the U.S. National Security Agency exploited a vulnerability in a popular Cisco router to extract cryptography keys so it could snoop on encrypted virtual private network (VPN) connections. The snooping continued undetected for more than 10 years before being exposed via documents leaked by NSA contractor Edward Snowden in 2014. Another Ars Technica article by Goodin posted on August 15, 2016, reports on a bug in the Linux operating system that makes 1.4 billion Android phones susceptible to unauthorized snooping. Likewise, the encryption embedded in the millions of smart devices that comprise the burgeoning internet of things (IoT) has holes built in that open to attack all the networks to which the gizmos attach, as Computing UK’s Graeme Burton describes in a September 6, 2016, article. The engineers and scientists who devised the internet in the 1970s and 1980s never thought the network would ever be used so widely. Even if they had imagined that criminals would ultimately ply the network looking for victims, there isn’t much the internet’s creators could have done back then to prevent it, as Craig Timberg writes as part of a series of articles in the Washington Post dated May 30, 2015, entitled “A Flaw in the Design.” Accurate, reliable vote counts require a medium you can feel The internet’s openness is the prototypical example of a thing’s best feature also being its worst. So much time, effort, and expense is poured into trying to “secure” the internet that it’s past time for someone to point out the futility of the endeavor. The internet is inherently insecure, and there’s nothing anyone can do about it. That’s why internet voting will never work. The only way to ensure that every vote is counted accurately, and that the accurate vote count is verifiable after the fact, is to use a tangible medium. And that usually means paper. Verified Voting’s analysis of internet voting proposals and pilots concludes that “voted ballots sent via Internet simply cannot be made secure.” There is no way for election officials to confirm that the ballots they receive match exactly the ballots turned in by the voters. An essay on the site entitled “If I Can Shop and Bank Online, Why Can’t I Vote Online?” points out that processing votes and processing financial transactions are two very different animals. For one thing, ecommerce systems are robust and able to compensate for the small percentage of lost or fraudulent transactions by mitigating and ultimately absorbing the resulting loss (passing it on to customers, usually). While paper voting systems sometimes lead to misplaced ballots, most of the lost votes are ultimately recoverable. If a digital ballot is lost, there may be no reliable backup. As recent breaches at state election offices show, the sanctity of the secret ballot is imperiled when hackers can release our personal voting history. Last but not least, the potential for voter fraud goes through the roof when you’re looking at votes stored as electronic records. It would be trivially easy for hackers to falsify vote counts without leaving any traces. Authenticating voters in person and when they vote by mail generally relies on a signature on file with the election officials. Online voter authentication would be tricky but not impossible. Another challenge is preventing double voting by people who send in an electronic ballot and also show up at their local polling place. There is no school like old school, and when it comes to voting, there is only old school. Some things simply do not belong on the internet, and if you don’t believe me, you can ask former Congressman Anthony Weiner. (Be sure to wait until he puts his cell phone away.) Ballots and politicians’ private parts are at the top of the keep-off-the-internet list. ------------------------------------------------------------- All of Facebook’s privacy settings in a single infographic Granted, it’s a seriously long infographic (I counted 19 page scrolls), but the illustration created by security firm Vound Software/Intella covers the “Most Important Ways to Protect Your Privacy on Facebook." I found the graphic in a September 2, 2016, post by David Cohen on AdWeek’s SocialTimes blog. If you’ve only got time to check one Facebook setting, I recommend the option that lets you view your profile the way the public sees it. To do so, open your profile page, click the ellipses on the top right, and choose View As. You can also see what your profile looks like to a specified person by entering that person’s name in the text box that appears when you choose this option. |