There are some major differences between banks and voting.

1) Bank security relies on the ability to undo and otherwise correct earlier mistakes, which requires a system with no anonimity.

2) An ATM going down is bad for business, but the customer will go to another one or suffer the wait. OTOH, American voters demand the vote results before going to bed.

3) The bank's system are used daily. Banks had a long time to learn from past mistakes. Voting machines are only used a few times a year. This also affects reliability. Electronic voting systems can't be load tested before the election.

4) The load is much greater for the voting system. This may not affect security, but I figured it would be worth mentioning.

The bank's system are used daily. Banks had a long time to learn from past mistakes. Voting machines are only used a few times a year. This also affects reliability. Electronic voting systems can't be load tested before the election.

This is why I would recommend that the bank's systems be used as a base. They've been battle-tested. Basically, the question is one of "How can we rebuild the wheel?", which is stupid. How many times have we said "Why are you rebuilding XYZ when it's already on CPAN!" You may not like your bank's website, but it works, and that's the point.

Being right, does not endow the right to be rude; politeness costs nothing.
Being unknowing, is not the same as being stupid.
Expressing a contrary opinion, whether to the individual or the group, is more often a sign of deeper thought than of cantankerous belligerence.
Do not mistake your goals as the only goals; your opinion as the only opinion; your confidence as correctness. Saying you know better is not the same as explaining you know better.

The most important point in the ikegami's post was

1) Bank security relies on the ability to undo and otherwise correct earlier mistakes, which requires a system with no anonimity.

Voting must be anonymous and secret. This means no one should be able to tell how you voted and you should not be able to prove how you voted.

This prevents you from applying almost every conventional security and reliability technique. It means that once you have deployed your software, you cannot monitor it or log it's output in any of the conventional ways. For example you cannot even record information about what time a vote was cast or what order the days votes were cast in as this may allow voters to be identified.

Banking systems make mistakes but the bank can then go through the logs and correct them. This is just not possible with an electronic voting system.

For a voting system to be trustworthy, there must be a paper trail. Without a paper trail you are asking the voter to trust the good intentions and also the competence of the programmer and also of the adminstrators of the election. This is unacceptable.

Voting systems based on paper do not require trust. Biased and unbiased observers can watch the ballot boxes and the counting process as closely as they like, all mutually distrustful of each other, all keeping each other (and everyone else) honest.

The purpose of electronic anything should be to assist humans but not to take control away from them. Electronic voting takes control away. With an electronic system, there is a point where my vote is entirely under the control of the electronic system. It exists nowhere except inside the memory of the machine and I have no way of knowing if it has been stored correctly, deleted or distorted.

We should be looking for Computer Assisted Voting. For example in Talahassee, you fill out a paper ballot. If you want, you can have it scanned by the computer which will tell you if there are any mistakes and will also tell you how your vote will be read. If you're happy, you drop it in the ballot box.

This optical scan system has a very low error rate (touch screen voting has an extraordinarily high error). It's also very cheap and very easy to use.

Rant over.

> This is why I would recommend that the bank's systems be used as a base. They've been battle-tested. Basically, the question is one of "How can we rebuild the wheel?", which is stupid.

Not quite. If a bank's system eats $4000 from your account, you have deposit slips, checks, and bank statements that the bank can use to recreate your account history. And, if you discover the problem 10 days late, the bank still can fix it.

In an election, there can be no mistakes from the software. And, if you find out later that there were errors, there is a lot more at stake, and a lot that can't be reconstructed. Bank systems might be a good model to look at for ideas about handling redundancy and implementing detailed logging, but voting systems are a separate problem.

radiantmatrix
require General::Disclaimer;
"Users are evil. All users are evil. Do not trust them. Perl specifically offers the -T switch because it knows users are evil." - japhy

Happens all the time, depending on what you mean by "hacked". But online banking isn't the thing that's the most like voting -- ATMs are. How often do ATMs get hacked? All the time.

The huge issue is anonymity. Everything there is to record about ATMs gets recorded, to go back and look at later if it turns out there is a problem. You can't do that with voting. It's a secret ballot, meaning that it should be impossible to determine who voted for whom. At the same time, it should be the case that every vote is counted as the voter intended it to be counted, that no one should be able to vote more then once, that nobody should be able to pretend to be somebody else (living or dead) in order to vote as them, vote in elections that they are not qualified to vote in (by not residing in the proper area), and that nobody should be prevented from voting when they are qualified to do so, by not having ID (many people don't), by not speaking the language, by being blind, deaf, or both.

Clearly, these issues, especially uniquely identifing people without ID, is hard, and by focusing on the issues specificly of poorly impelemented electronic voting systems, people are ignoring the larger issues that these electronic voting systems are supposed to be solving.

You might do well to consider whether the answer to your question would be different, if the question were "When was the last time you heard about any e-banking...being hacked?"

The F(inance)I(nsurance)R(eal)E(state)industries still tend to deal with successful exploits by keeping them quiet and eating the losses

"I don't care who does the electing as long as I get to do the nominating" -- Boss Tweed.

For comparison, the online access to my account here in Switzerland required that I fill in a request in writing, and then I received a special calculator and (by separate mail) a SIM card (with a PIN).

To access your account you have to know your contract number (NOT your account number), you need to know the PIN to your SIM card, enter six challenge digits that the online system generates into the calculator and enter the response that was generated on the calculator (which is alpha-numeric, BTW).

Pretty complicated, but the probability of getting hacked through simple password guessing is extremely small (absent other types of security problems in the code, of course).

Michael

I don't think you can make the comparison. I bet there are plenty of vulnerabilities in online banking systems. They don't get attacked, because if you're someone who wants to steal money electronically, the online system will probably get you fairly low returns (why get a few hundred bucks out of some soccer mom when you can snag a few dozen mutual funds?)

I therefore argue that online banking systems don't get attacked because they're secure. They don't get attacked because they have poor returns when you succeed.

If I could attack a few dozen bank accounts, that would be a pretty decent return. What I'm saying is that banks have extremely high liability exposure. Therefore, copying them will, at the very least, be an excellent start to secure voting.

Being right, does not endow the right to be rude; politeness costs nothing.
Being unknowing, is not the same as being stupid.
Expressing a contrary opinion, whether to the individual or the group, is more often a sign of deeper thought than of cantankerous belligerence.
Do not mistake your goals as the only goals; your opinion as the only opinion; your confidence as correctness. Saying you know better is not the same as explaining you know better.

That isn't true. The banks have been "eating losses" caused by electronic theft, and keeping it unpublicized, in order to "maintain the faith of their clients". There have been quite a few stories written on this, typically someone (inside) electronically rips off an account, the victim starts to scream, and the bank just returns the money out of it's profits, and it's written up as a loss of some kind. When the security people finally track down the culprit, they are typically let off, if they promise to keep their mouth's shut.

So the banking system, only appears secure (albeit it is beyond me to hack it), but insiders can have a field day ripping them off. So think what insiders could do to rig elections? Even if they are traced down a year later, it is too late.

The only way is to have an open system, is where there is a paper trail, an audit number for each vote cast, redundant hard drives to store the data,( with them stored and transported separately), and freely inspected source code.

Perl would be perfect for this, because it is alot more understandable than C.

You have to face up to the fact that the people in power "want the ability to fix elections", it's the only way they will be able to control elections as the population of poor and underprivileged grows, to where the fat-cats would be voted down in fair elections. All the BS they put out, on the need for secret source code, is just pulling the wool over the eyes of the sheep.

Would you trust an e-voting system written by a company which is (partially) owned by the Carlyle group? Do you know who wrote the e-voting system in your district? Do you trust them with your vote?

Forgot something: Diebold makes ATM machines.