Unpublished Guidelines Show The DHS Is Steering States Away From Insecure Internet Voting Options

from the good-move dept

The DHS has come out against internet voting. Sort of.

If there's anything less secure than electronic voting, it's internet voting. The temptation is to provide voters with more options if the pandemic continues to keep voters home. But guidelines from the DHS's redundantly-named Cybersecurity and Infrastructure Security Agency (CISA) say this risks the integrity of those votes by opening them up to attackers.

The eight-page document, obtained by the Guardian, pulls no punches in calling the casting of ballots over the internet a “high-risk” endeavor that would allow attackers to alter votes and results “at scale” and compromise the integrity of elections. The guidelines advise states to avoid it altogether or restrict it to voters who have no other means of casting a ballot.

No state is currently offering online-only voting, but the option used to collect votes from US citizens overseas is still pretty risky. The DHS doesn't consider the electronic delivery of ballots to be inherently insecure, but CISA's report points out attackers could intercept ballots en route and alter them by removing candidates' names, for example. Returning them electronically obviously poses the same risks: interception and alteration.

The worst option is the one no state has been willing to deploy… yet: online voting. The report says this method poses the highest risk of attack. Putting the whole thing online could compromise the security of the vote and voters, remove the secrecy that surrounds the public voting process, and potentially lead to wide-scale alteration or destruction of votes.

The only thing surprising about the DHS's guidance is that it exists at all. While concerns continue to mount about election security, the DHS has remained mostly silent, allowing the private sector and local governments to address these issues in their own way. This silence has continued despite the host of issues raised during the 2016 presidential elections. This is making some election integrity experts happy.

“Clear, explicit guidance from DHS that internet voting is not secure or trustworthy is long, long overdue,” says Susan Greenhalgh, the senior adviser on election security for the watchdog group Free Speech For People. “It has failed for four years to codify and publish that guidance in an effort to avoid antagonizing some state officials.”

But, as the Guardian points out, the DHS has not officially broken its silence about election security issues. The document obtained by the Guardian was not publicly released by the DHS. The document can't be found on CISA's site and no DHS official has commented on the document itself. So, while it's good guidance that brings common sense to internet-based voting, it doesn't appear to reflect the public face of the DHS's election security efforts.

Hopefully, this guidance has at least made its way to state governments even if the general public hasn't been entrusted with it. The guidelines will make electronic collection of voter information and votes slightly more secure and dissuade those unprepared to follow these steps from opting for riskier voting methods while dealing with the unforeseeable complications of a global pandemic.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cisa, cybersecurity, dhs, election voting, internet voting


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Paul B, 12 May 2020 @ 12:23pm

    No Computer Architect wants internet voting

    No sane computer programmer would touch voting on the internet.

    https://xkcd.com/2030/

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 12 May 2020 @ 12:25pm

      Re: No Computer Architect wants internet voting

      Except one who starts an LLC and convinces some politician to award them a multimillion dollar contract.

      link to this | view in chronology ]

  • icon
    Ehud Gavron (profile), 12 May 2020 @ 12:24pm

    10th Am?

    When it suits the US Federal Government they happily say "I'm not responsible" and "It's up to the States" and other such things.

    When it suits them they happily say "Here are the guidelines you must follow... to open your state... to have voting... etc."

    DHS and the Feds could take a role in fixing an election system that has been broken long before "hanging chads" (that was 20 years ago) but instead they've insisted it's up to states, counties, parishes, cities, etc.

    Yet here they are shown to have drawn up guidelines ... about a "problem" they aren't solving, merely indicating what should NOT be done.

    Security researcher Bruce Schneier has said it best. We need a paper trail -- and it doesn't have to be on paper. Internet voting would be fine if it was

    • secure [your connection cannot be intercepted in the clear]
    • authenticated [only you can cast YOUR vote and only once]
    • verifiable [at ANY time you can verify your vote was cast for the candidate(s)/position(s) you chose]

    There's no incentive on the part of any of the players who make money, including the jurisdictions "leasing the machines", Premier Election Solutions (formerly Diebold, to be easily confused with the same company who just had their ATM backend hacked), etc.

    Until the US moves from a "you grease my pocket, I buy from you your inferior product and then complain if the result isn't what I wanted" system, nothing will improve.

    Donny voted by mail.

    Me, I just want my "I voted" sticker so I can shame the kids on my lawn.

    E

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 12 May 2020 @ 4:59pm

      Re: 10th Am?

      verifiable [at ANY time you can verify your vote was cast for the candidate(s)/position(s) you chose]

      This needs to be read as the general "you". In other words, "you" who barely managed to complete grade school, not "you" the computer science PhD.

      You're missing an important aspect of verifiability. It must also not be possible for you or anyone else to see how you voted or prove you voted in a specific way. This is a security measure to prevent vote-buying and voter intimidation.

      (With traditional paper-based voting, you personally put your ballot into the box, and can volunteer to be there and watch every ballot be counted. So, you can verify you saw the ballot and how it was counted. Computer-based proposals to allow anonymous verifiability are... complicated.)

      link to this | view in chronology ]

      • icon
        Ehud Gavron (profile), 13 May 2020 @ 1:33am

        Re: Re: 10th Am?

        Sucks to be the anonymous coward who knows very little but then wants to call me out for discussing the topic because I happen to know about it and not be a chickenshit about posting my name.

        Thanks for your homily. You don't like my use of "you" then then use the word five times. Pick one - either we don't use "you" or we do.

        YOU have no idea how to

        • encrypt
        • authenticate
        • ensure / verify

        So until YOU can actually offer suggestion that real security researchers (hint: not YOU) agree provides those, Internet voting is worse than in-person or mail-in ballots.

        Right now because of the hodgepodge of different systems (see my original posts) we're back at 20 years ago's "hanging chads" issue. Until that's solved, adding additional methods to introduce non-verifiable voting is going to introduce more issues.

        We have an idiot in charge who claims without proof that voting is being corrupted, by illegal aliens, and some are voting many times. A paper trail, authentication, and encryption would solve those.

        Why is it "American Idol" can count millions of votes in one hour... but the United States can't in 30 days? Hint: They don't have any incentive to change the system.

        E
        P.S. I'm well aware American Idol lets one vote more than once, and doesn't provide a paper trail. And yet... they can process 10,000 more vote per hour than the government processes in one day. Go figure.

        link to this | view in chronology ]

      • icon
        Scary Devil Monastery (profile), 13 May 2020 @ 2:23am

        Re: Re: 10th Am?

        "Computer-based proposals to allow anonymous verifiability are... complicated."

        And guarantee the only person able to verify to the same extent as that which is possible in a physical ballot count HAS to be someone who has system access...and is thus able to write and amend the numbers he's supposed to monitor.

        So voter verifiability passes from "everyone, most notably the voting party" to "some unnamed elite programmer able to, if he so desires, alter the result".

        And that's why e-voting is very very bad when it concerns something a LOT of people have a very vested interest in.
        Usually OK if what you're casting your ballot for is your favorite show, much less so if it's to determine who gets to spend the next four years camping the oval office.

        link to this | view in chronology ]

        • icon
          Ehud Gavron (profile), 13 May 2020 @ 2:36am

          Re: Re: Re: 10th Am?

          Agreed. PKC solves this, but it's too "hard" for most people to use.

          What we need is a tool (EFF? Are you there?) so we can use PKC to

          • create private and public key
          • authenticate same (don't ask me how; no key-ring parties here!)
          • use key to certify vote

          The back-end tech is there. The friendly front-end stuff... no.

          E

          link to this | view in chronology ]

          • icon
            Scary Devil Monastery (profile), 15 May 2020 @ 3:03am

            Re: Re: Re: Re: 10th Am?

            "Agreed. PKC solves this, but it's too "hard" for most people to use."

            Don't get me ranting about PEBKAC and "The luser challenge". I swear, every time i get started on that I end up sounding like Steve Jobs, that patron saint of the BOFH.

            "The back-end tech is there. The friendly front-end stuff... no."

            Yeah. It all leads right back to where the end user wants that blasted "Someone fscking Else" to tend the locks on their doors and windows. And there we are with all the key certificates held in escrow by some 3rd party a few folks on FB recommended...or worse still, by the likes of Bill Barr.

            link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 May 2020 @ 12:29pm

    Nothing wrong with mail in, it has been working in several states now for many years. I think it is the paper trail that some do not like, whereas said trail is a huge selling point for others.

    link to this | view in chronology ]

    • icon
      Ehud Gavron (profile), 12 May 2020 @ 2:44pm

      Paper Trail

      I think it is the paper trail that some do not like...

      Yes, Mr. Diebold, we know. You hate accountability. How could 5,000 Kentucky voters cast 10,000 votes for Mitch McConell (who should keep his white supremacist mouth shut) if we have a PAPER TRAIL.

      Great point! Thank you so much! That clarifies things greatly.

      DO let me know the next time someone who doesn't have the balls to sign their name starts a sentence with "I think". Your right to comment anonymously doesn't mean your anonymous opinion has a value any higher than my dog's opinion.

      E

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 12 May 2020 @ 4:36pm

        Re: Paper Trail

        Mail in ballots, what is your problem with them?

        Balls to sign a name? Really now. Why would the size of one's gonads have any relevance upon whether they sign their name to comments on a blog.

        Why talk about internet voting when mail in voting is not even considered? Got any great insights there Ehud?

        link to this | view in chronology ]

        • icon
          Ehud Gavron (profile), 13 May 2020 @ 1:25am

          Re: Re: Paper Trail

          Mail in ballots, what is your problem with them?
          I'm not a ballot official so my "problem" is not relevant. Also they're fine.

          Balls to sign a name?
          Yup.

          Got any great insights there[sic] Ehud?
          Sure. Read up top. Follow the words, left to right, up to down, punctuation counts.

          Paper voting is a proven thing. Internet voting has the three issues I've mentioned twice now, which, as an anonymous wiseass with nothing to add, you've ignored twice.

          E

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 13 May 2020 @ 7:11am

            Re: Re: Re: Paper Trail

            Anything in the same sentence with Internet is highly suspect, but let's just implement internet voting because we have secured other things so well. Nothing bad will happen, an expert on the internet told me so.

            In order to poke fun at email voting I must first address each and every point that you have made, what happens when I refuse ... twice?

            link to this | view in chronology ]

            • icon
              Ehud Gavron (profile), 14 May 2020 @ 1:20am

              Re: Re: Re: Re: Paper Trail

              In order to poke fun at email voting I must...

              No, there's nothing you must. You chose not to respond -- twice by your admission -- so all you're doing is trolling. TD allows that, so troll on. Sadly you're shitting on all the ACs that really do have something to contribute. That's a shame.

              E

              link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    icon
    tz1 (profile), 12 May 2020 @ 4:11pm

    Isn't there a push to vote by mail?

    We could have the best of both worlds... Vote by E-Mail. Isn't it voter suppression to demand anything that would demand only those who should vote be able to, and to make it any less convenient than email?

    link to this | view in chronology ]

    • icon
      Ehud Gavron (profile), 12 May 2020 @ 4:25pm

      Re: Isn't there a push to vote by mail?

      Technical reply from an IT person who has been doing protocols for a long time:

      Email is not the answer. The reasons are as I explained earlier that security researchers want to ensure

      • no man in the middle attack (MITM) so encryption is important
      • authentication so you ensure WHO is voting and ONLY ONCE
      • verified trail so you can see your vote

      Email end-to-end encryption doesn't functionally exist. It could. It doesn't. You might use SSL/TLS to send to your ISP who then sends it in the clear to another ISP who may have it fetched by SSL/TLS... but it's not end to end encryption.

      Email authentication doesn't exist. It could. It did. It turns out S/MIME was too (rub crying eyes) hard for people. That, btw, was the Internet solution to PGP/GPG which was too (rub crying eyes with sandpaper) very hard for people.

      Verification trail has never really been an issue EXCEPT that the government needs to ensure YOU get to view YOUR votes, can't change them, can complain if they're wrong, and NOBODY ELSE can view your votes... but the government gets to see the total. This is the authentication problem all over again.

      So yes, vote by email is nice if we can solve the issues. Do we have to pay Shiva a license fee if we do solve these problems?

      E-male

      link to this | view in chronology ]

      • icon
        Scary Devil Monastery (profile), 13 May 2020 @ 2:37am

        Re: Re: Isn't there a push to vote by mail?

        Why oh why is there no "sad but true" button when you need one?

        "So yes, vote by email is nice if we can solve the issues."

        In theory possible. Implanted rfid chip and suitable biometric verification to identify the individual to cast his ballot, an on-site, always-on camera to monitor the location of the voter for possible extortion and/or social pressure, all run on a thin client consistently monitored and sanitized by a government agency using stringent security standards.

        And of course if you have all of those lovely options the bigger issue would be whether your vote actually helps to elect someone or just informs the people in charge of your philosophical differences visavi Incumbent Authority. Your only way of finding out would be the polite visit by your friendly commissar.

        That, at least, is how it'll have to work if you're too lazy, too willfully ignorant, or too dumb to want to ensure your own security. "Idiot-proof" only works for, well, their aptly named demographic.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 13 May 2020 @ 7:15am

          Re: Re: Re: Isn't there a push to vote by mail?

          And then the bozo who gets elected does not follow thru on all those pretty promises, refuses to perform their assigned duties and does their best to screw things up.

          link to this | view in chronology ]

          • icon
            Scary Devil Monastery (profile), 15 May 2020 @ 3:14am

            Re: Re: Re: Re: Isn't there a push to vote by mail?

            Oh that's all right. I mean if your society already has all the backdrop I mentioned above then the guy ending up holding office won't have to care what the citizens think about him. Slaves and exiles are ill powered to cause Pharaoh grief.

            link to this | view in chronology ]

  • icon
    Upstream (profile), 13 May 2020 @ 2:58am

    Internet Voting

    Internet voting can be made secure and verifiable, but not anonymous, using GPG / PGP techniques. The not anonymous part means that an individual vote is directly connected to the identity of the voter who cast that vote. This is antithetical to our secret ballot system. Since this is a deal-breaker, the fact that it is difficult to implement is irrelevant.

    So far, there has not been any system developed where Internet voting can be secure, verifiable, and anonymous. It is probably not even possible to develop such a system. As usual, Randall Munroe got it right.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.