Yes, a secure online voting system is possible, but maybe we need to fix the root cause first

October 5, 2019 by epoetus


When children can hack in and alter the votes tabulated by an official voting system in use today in under 10 minutes, it is time for this country to put its political leadership on notice – especially the old white male Republican leadership in places like North Carolina who seem more like racist, misogynistic, and bigoted fascists still pining for the Confederacy than the defenders of democracy, human rights, inclusion and equality that we expect. It is time to put a stop to gaming the vote via Gerrymandering, Voter ID laws, voter roll purges, and other racist policies that tag minorities as felons so that they cannot vote. Among other things we can implement a secure online election system. But maybe we need to view the root cause of the problem as being the agenda of those elected officials involved in the oversight of these systems before we move ahead with an implementation.



A quick plug for Islanders’ Voice: If you like what you see on the Islanders’ Voice site then please share our stories with your friends and ask them to join the mailing list: Subscribe to Islanders’ Voice Free Weekly Mailing List, and like the Islanders’ Voice Facebook page as well: Islanders’ Voice Facebook page.



Design overview

NOTE: this design was quickly defined by career software IT people working for a sizable, well-established company in the financial arena, one of whom is a director of security for that financial system.



A much more detailed and air tight design with a comprehensive set of scenarios can be defined if required, but below is the basic outline of how such a system could work. As proof and evidence for the validity of this, we leveraged the design of existing financial systems as analogies for how these systems can work. For example major online credit card transaction processing systems that are used by large merchants or online stock trading mechanisms follow these same basic design principles to protect them from the incalculable punishment to their reputations and their finances were their systems breached or fail an audit. Somehow this rigor has eluded voting systems in our democracy.

This design will not cover:
• Accessibility, which is how systems are designed for those who are impaired (e.g. blind)and need alternate ways of navigating to the information.
• The details of voter registration process, which can be updated to support this security architecture.
• The details of storing the results in a way that makes tabulation easy, transparent and open.
• The legal disputes currently under way with respect to things like voter id laws.



Basic requirements:
• The submitted votes cannot be hacked
• The ballot cannot be hacked
• The user’s access to voting cannot be hacked (aka Registration, Authentication and Permissions)
• The vote happens once and cannot change once completed
• The tabulation of the results cannot be hacked



The elements to the solution
The voting token – a single use token tying a registered voter to a ballot and their votes on that ballot.
The voter registration id – proof of authentication for the voter, that ties them to a specific location, which is required for assigning users to a district or geography (e.g. Washington State for US Senate positions).
The ballot – the secured document or workflow wizard that the voter updates and sends once they have filled it out.
Voting – the process of a voter requesting their ballot, authenticating themselves, selecting their votes on the ballot and sending the completed ballot to be tabulated.



The high level process steps:
• The resident registers to vote – the process by which the voter obtains a Registration ID. They can register in person, and it is possible to register online. They will get a Registration ID, and also will receive a letter in the mail each year and prior to voting with the Registration ID to help them vote in case the ID is lost or forgotten.
• The local government generates the ballot, which is a document and the transactional software elements required to record the selections made for the vote. The ballot can be location specific (e.g. Orcas Island ballot).
• Generate the single use voting token, which is paired with the ballot and the users Registration ID and is used for authentication.
• Send out the ballot. A letter can be sent with a QR code or URL for them to open up the ballot. This is sent separately from, and after the Registration ID reminder mail or email.
• Opening up the ballot to vote, which retrieves the specific ballot produced for the voter
• Authenticating the voter with the Registration ID
NOTE: Can use two factor authentication as well. Possibly as a configuration that the voter can enable.
• Voting by selecting votes on the ballot
• Reviewing your selections
• Sending the ballot in once the voting is completed.
• After you have confirmation of the vote you can print your vote along with the confirmation ID of your vote.


Below is a rough drawing of how the information would flow through this system



Other details about this system

• Voting can take place anywhere that you have computers, tablets or smartphones on the internet that support browsers with HTTPS.
• If somehow your vote is interrupted before you submit it, and you didn’t receive a confirmation ID then you can start over. If, when you start over, you get your confirmation ID and the display/PDF of your vote, you’re all good, but if not then you will just have to fill it all out again.
• Once a vote is recorded a physical version of the vote can be generated automatically as part of an additional check on the vote – it can be printed, written to a removable drive (write once CD, DVD, hard disk), block chains which have been associated with cryptocurrency can be updated with this information for archival purposes as well. Any and all of these archival mechanisms along with audit logs for their activities can be employed for the purposes of an historic cross-check and proof if required.
• The ballot and voting – you can only fill out the ballot and submit it once. After submitting it, you cannot change it, and the vote itself cannot be changed. To eliminate confusion, ideally each thing being voted on will be presented on its own so that the actual vote is very clear and unambiguous – a la a traditional “wizard” or online certification or standardized test UI. Using this approach, information about each option, as is available on the ballot, can be provided to the user.
• The master voting data can be made publicly available with a sanitized copy of the voting data that protects user identity.
• Tabulating results: make an exact copy of the voting data available to the public so that the tabulation can be recalculated out in the open.
• This system will need a staff of people to ensure that it remains secure, and any new security vulnerabilities are resolved according to their severity. In addition, new features will need to be built and maintained to allow for changing user needs and the needs of the stakeholders and the managing body.
• This system will need a managing body to ensure that it continues to meet the needs of all parties involved – especially the will of the people. Since this system is designed to preserve and maintain democracy, the managing body will need to demonstrate the values of democracy and transparency in how it functions. It will need to be paid for with taxpayer dollars, and will therefore need oversight and auditing processes in place that ensure it is working properly – ideally these functions will be built in and rendered transparent from the beginning. Since democracy is at the core of how this nation functions, this managing body might warrant special treatment – clearly the misuse of the executive branch has shown us that those corruptive forces impact the functioning of our nation and democracy so placing a voting system under executive branch oversight presents a serious risk.



What does this all mean?



Our democratic processes are clearly not serving our interests. This can be easily proven on many levels today. The simple example of our inability to pass gun control legislation where 90% of the country advocates for stricter gun laws is one clear proof of this reality. With respect to online voting systems, and their vulnerability to attack, one must conclude that it is not the available technologies that have produced these vulnerabilities – it is the institutions building and overseeing these systems that are at the root of these vulnerabilities. While it is not trivial to implement a secure voting system, it is possible and there are financial systems in use today which prove that point. In short, these problems appear to be yet another manifestation of “Money in Politics” driving the agenda of our governing bodies.



While it is mandatory that our legislatures, executive and judicial branches demonstrate that they are fulfilling the will of the people, it is clear that they are not. Our fourth estate, journalism, has also run aground due to the demands of private industry, profits and shareholders focus on the quarterly bottom line – they would just as soon enable corruption via “catch and kill” of articles as do their job. This proves that our democratic processes, democracy itself, is not working properly. This journey into a secure voting system reveals a problem that does not exist with financial systems – accountability and transparency – which also appears to be at the heart of the failure of our democratic systems. Since democracy is so vital to the way that this country operates, it is critical that everyone understand their role in making sure that it is working properly, and it is mandatory that accountability be at least as clear as that which we see in our financial systems.



There has been a lot of talk about curing what ails this country: Get “Money out of Politics,” Tax the rich and their large corporations, eliminate bigotry misogyny and racism from society by granting equal rights to all, stop the rich from frying the planet for profits, and so on. Maybe we need to elevate the democratic process itself onto that stage as yet another problem to be solved in that mix. Maybe a well-defined description of democracy, the process by which it is determined, the accountability and transparency required to preserve it and also the measures, like we have with GDP today, required to verify that democracy is healthy should be codified in law along with equal rights, and the second bill of rights. Maybe this is another thread that when pulled reveals the same problem which is plaguing us in all directions: unless we make some serious changes to how this country operates we will continue to be overrun by corruption and an oligarchy that views government as something to control for the purposes of colonizing the resources of this country and its people. But let’s be clear on this one point: we can build a secure online voting system.




11-year old hacked into a voting system in 10 minutes

More recent article on hacking into voting systems:

%d bloggers like this: