You obviously don't work in the field of Information Technology, do you?
We have to consider where online voting begins, and it begins on each voters personal electronic devices. The vast majority of those devices use "anti-virus" software packages for security. Every major anti-virus package uses "default permit" and "Enumerating Badness" techniques - #1 and #2 of Marcus Ranum's "
Six Dumbest Ideas in Computer Security" - to protect those devices (if they have anything at all). If you believe our computers and electronic devices are secure enough to protect our vote, you are delusional!
The United States and Israel
created the Stuxnet worm to attack Iran's uranium-enrichment facility two years ago. What makes you think China or other nations couldn't attack our online voting systems without being discovered until it was too late?
The United States government attempted a project called the
Federal Voting Assistance Program (FVAP), as the Secure Electronic Registration and Voting Experiment (SERVE). In their final report, they said "the real barrier to success is not a lack of vision, skill, resources, or dedication; it is the fact that, given the current Internet and PC security technology, and the goal of a secure, all-electronic remote voting system, the FVAP has taken on an essentially impossible task. There really is no good way to build such a voting system without a radical change in overall architecture of the Internet and the PC, or some unforeseen security breakthrough. The SERVE project is thus too far ahead of its time, and should not be reconsidered until there is a much improved security infrastructure to build upon."
In 2001,
Bruce Schneier said "Building a secure Internet-based voting system is a very hard problem, harder than all the other computer security problems we've attempted and failed at. I believe that the risks to democracy are too great to attempt it." In March of 2012,
students were invited to hack into a system set up by the Board of Elections and Ethics weeks before it was to be deployed for the use of overseas absentee voters. Results: "Our experience with the D.C. pilot system demonstrates one of the key dangers in many Internet voting designs: one small mistake in the configuration or implementation of the central voting servers or their surrounding network infrastructure can easily undermine the legitimacy of the entire election." On the hack,
Bruce Schneier reminded us that: "If a bunch of students can break into a system after a couple of weeks of attempts, we know it's insecure. But just because a system withstands a test like this doesn't mean it's secure."
Also last March, the National Democratic Party (Canadian, not the US) had a vote. The vote was disrupted. Machines crashed. Voting was slowed. Results delayed.
They still don't know who was responsible.
We
can't keep electronic voting machines located inside polling places secured from being hacked remotely - what makes you think online voting would be better? As Bruce says, "
Computer security is hard."
