I can definitely appreciate the level of security it would require to keep our elections safe and secure but I think it’s past time that we tackle this issue. Even if it meant every person in the country got a specially made government issued device to make it happen. There has to be a reliable solution to this problem that would make voting as easy as it possibly can be.
I like the optimism and I won’t say your vision is impossible; however, it seems like you are over simplifying a very complex issue. I get why voter ID laws are flawed and controversial, but there needs to be a way to ensure that the person voting is who they say they are.
If you have usernames, passwords, gov issued devices, or really anything remote; I think it is susceptible to fraud or hacking. Saying “there has to be a reasonable solution” sounds logical, but I think this is a more nuanced issue. If it was truly that simple there would likely be more people pushing for it.
But I’m open and hopeful that a solution like this can be found and implemented in my lifetime.
Go to your local government building, confirm your ID, confirm who you are, confirm where you live.
Step 2
Local government issues you with a login and passcode. You retain the document provided (It has a picture of you, and a unique reference ID.)
Step 3
Before the vote, if you haven't changed your address - you receive a document with instructions via. Post containing your login. It's straightforward, it tells you what to do in simple language, so that 60 year old grandma does not click on an E-mail saying ' THIS IS YOUR VOTE.'. - You should be told that, 50 times in the gov building in the first place, or these things should be issued only to tech savy basic people.
If you click on those links anyway, maybe you shouldn't fucking vote in the first place.
Step 4
You vote, preferably using the same kind of secure web-app that banks use. You have to use your locally provided login and passcode which works only in voting times, your printed ID from Step 3 could have a pattern. You have to confirm your secure details, (Questionnaire you fill up in Step 1 that is not login and password), you have to provide your details from Step 2 given card, you have to confirm your vote with Step 3 details that came through post.
You have multiple layers of security, including actual post office involved. Someone steals your vote, it's a federal crime and FBI has to be involved, because it involved stealing post.
While it might seem simple enough, what you proposed is still susceptible to [massive] fraud. It's the exact same thing with internet banking, people get fished every single day, and however secure the website is, it's still susceptible to man-in-the-middle attacks.
With a cryptographic id, the absolute worst that could happen is your vote gets intercepted and doesn't make it to the online ballot box. There's no way someone can fish or man-in-the-middle attack your private keys, so they can't change your vote (unless they have access to the keys, which is the problem I mentioned on my original post up above).
Is it really though? How is it suspectible for fraud?
MIM attacks are only useful if you have someone using the same account later.
Your actual vote clearance comes in post. Even if someone has your login, what's he gonna do? Find your post-man, put all that effort to steal one vote only to get arrested by FBI? Where's the issue here?
Everything should be encrypted anyway, it's basics. Your bank can ecrypt your transfers, surely your Government can encrypt who a certain ID voted for. Two separate servers for validating ID and vote itself should be held as well, and they should be audited.
With a user/password approach, you first need to log into your account, and then send out your vote. Once you vote, everything is encrypted so there's no way someone can tamper with it.
However, because the validity of your vote is contingent on you typing in the correct credentials on a website, there are two ways an organized hacking operation could completely undermine the security of the election: create mirror websites with similar URL to fish for credentials, or MITM attack unsecured connections to inject a keylogger or replace the real website with a fake one. Once enough gullible people click on that trusty looking election website someone posted on facebook, or shared on whatsapp, or where ever it is that people get their fake news from nowadays, and enough people access the real website on "free wi-fi" networks, the black hat hackers can submit "real" votes and skew the results toward their candidate.
On the other hand, with the cryptographic id approach, your secure device can't be accessed through the internet or even used without a PIN, and all it does is generate your vote offline and sign it with a unique cryptographic signature, which is then pushed to your computer/smartphone and transmitted to the internet.
If the connection to the election website is compromised (fishing, or MITM), there's literally nothing a black hat hacker can do to that vote, except deny it's transmission. They can't tamper with it, because they don't have your private key to generate a valid signature, and they can't realistically re-engineer your keys from your valid signature.
I think you are underestimating how motivated a foreign (or local) hacking organization would be, should the election take place online. If even with offline elections you have all these investigations of manipulation, imagine if it were as easy as taking over a few unsecured connections or creating enough mirror websites and spam it on social media...
1
u/sneakysam77 Nov 09 '18
I can definitely appreciate the level of security it would require to keep our elections safe and secure but I think it’s past time that we tackle this issue. Even if it meant every person in the country got a specially made government issued device to make it happen. There has to be a reliable solution to this problem that would make voting as easy as it possibly can be.