Pretty Good Voting

Recent academic assessments of the potential for secure Internet-based voting have been extremely pessimistic. A panel assembled to review the Department of Defense’s SERVE (Secure Electronic Registration and Voting Experiment) project– a system designed to allow foreign-based members of the armed services to vote online in Federal elections, which was nearly deployed for the 2004 election–concluded not only that the specific design of SERVE was insecure, but that “there really is no good way to build such a voting system without a radical change in the overall architecture of the Internet and the PC, or some unforeseen security breakthrough” [6]. These sorts of pessimistic evaluations have tended to focus on the ‘holy grail’ of Internet voting: public Federal and State elections. Such elections have a number of properties which make an Internetbased solution extremely difficult. But the fact that online Federal elections are not currently plausible no more invalidates the general concept of Internet voting than the fact that transactions on the New York Stock Exchange are not directly performed on the Internet invalidates the general concept of ‘ecommerce’. It is our contention that a wide range of elections are in fact possible to perform with ‘good enough’ security on the Internet. We believe that such elections will be useful in many contexts, such as elections held by non-profit organizations, corporate shareholder votes, political associations, and other non-governmental entities. In fact, many such elections are already being held online. Shareholder voting online has become common. Political organizations such as MoveOn.org have held online elections to allow their membership to choose elements of their political strategy (such as which campaign advertisements to run). During the 2004 Democratic primary race, the campaign of Howard Dean held an online election that allowed donors to decide whether his campaign ought to opt out of Federal campaign finance limits. These developments suggest that online voting at a level ‘below’ that of full-blown public elections is a phenomenon of some social importance. This importance seems likely to increase in the future, especially if holding an online election becomes as convenient as setting up an online auction or discussion board–and there is no inherent reason why this should not be the case. Of course, the fact that online elections are already being held does not mean they are secure. While we are not privy to the implementations currently used by existing systems, they generally seem to adhere to what could be called an ‘e-commerce’ level of security: a user sends sensitive information to a trusted website via an HTTPS connection (both to prevent snooping, and to authenticate that the election server is genuine), and the website is then relied upon to do the ‘right thing’. In the case of actual e-commerce,