Solving the Problem of Online Voting
Online Voting is the Future
Last night I attended a caucus in Utah. The line was the slowest, longest line I have ever been in. It was hot inside, crowded and the whole event was extremely disorganized. So many, many hours wasted by thousands of people standing in line. I bet some of those people don’t go out to vote again for a while.
Online voting has not taken off because of concerns about security and fraud. These are very valid concerns. We don’t want some hacker, terrorist or corrupt employee rigging an election. This problem is solvable and would save a vast amount of time, and money.
Two factor authentication has essentially solved the password and identity problem online, and I believe it can work equally well for voting online.
I propose that for online voting that you must visit a government building in person to register for online voting. Registering online has too many security concerns, so that’s why it must be done in person. It’s much harder to steal someone’s identity in person.
Once you present your photo identification, you would be given a generated token (32 character GUID maybe?) that must be entered on the voting website, along with a website URL to go to (more on this down below). In addition, you would provide a pass-phrase to the person giving you your token (also more on this down below). The pass-phrase would be encrypted into the database using a stored encryption key, unique to the precinct.
This token and pass-phrase are then printed out on paper. Not emailed or texted, just on paper. That way you don’t need a smart phone to receive a text message, and it’s much harder to intercept. Many older people won’t have a smart phone anyway. If you lose the paper, you’ll have to go vote in person. When voting online or in person, a mechanism would be needed to make sure the person hadn’t voted already, or this could be done after the fact by throwing out multiple votes by the same person.
Even if the registration portion of the online voting was somehow hacked, red flags would immediately start appear as people attempted to register in person, only to realize an entry had already been created for them in the database.
Each precinct would have two encryption keys. The first stored key would be used to initially encrypt pass-codes into the database. While secure, this is open to automated hacks. Therefore, a second encryption would be performed. The second encryption key would not be stored digitally and would only be in the brains of a few trusted individuals. At the end of each day or week, a trusted individual would re-encrypt any pass-code that had not yet been encrypted by the second encryption key. Later on, getting voting results would require manual entry of the second encryption key.
When you go to the website, after entering your voting token and pass-phrase, you would then enter a government id such as a social security number and/or drivers license number. This makes it very difficult for a hacker to steal one persons identity, let alone thousands of people. These three forms of authentication would be incredibly difficult to hack in an automated way or even manually.
The biggest challenge here is securing the websites and the corresponding databases of generated tokens. But there is a solution to that too. Rather than spending a billion dollars on a healthcare.gov style website, each precinct would be responsible for maintaining a website and URL and corresponding database of online votes. A would be hacker would have to hack thousands of separate web servers and databases to rig an election. A third party entity, preferably someone not involved with healthcare.gov, could provide the software and expertise to setup the website and database for each precinct.
Best practices and top grade encryption would be used by each of these websites and databases. Each persons pass-phrase, along with their token, government id and date they submitted their votes would be used to hash the voting data. If there was any tampering, the hash would mismatch. Hash validation would require the encryption key of the precinct to be entered manually in a one time process.
There would be some expense to make sure that the information is secure for sure, but probably less than hiring massive amounts of volunteers to collect paper votes. As a follow-up, a small random sample could be done by each precinct over the phone to confirm who voted for who. People could provide their token and pass-phrase over the phone and this could be validated against the database, without requiring the precinct encryption key. If there was any discrepancy, the precinct could invalidate all of their voting results. Hopefully this would be rare to non-existent.
I don’t think there is a 100% fool-proof way to do online voting (or in person paper voting for that matter). I do think this solution is good enough to be confident in, and would save everyone a lot of time and money. The benefits would be increased voter turnout and monetary savings. I really don’t think this is any less secure than paper voting. Both online and in person voting requires trusted individuals to accurately report the voting results to the government.