KALYPTO (IN)SECURITY

Research, demonstrations, and popcorn

Security and Voting

The issues around voting are enormous.  I couldn’t even pretend to know them all or understand the full impact.  Especially without being able to examine the voting machines being utilized for this election.  That being said, there are some very minor changes that could be made in order to further secure the voting process and increase the validity of the outcome.

  1. Allow Voters to Verify Their Recorded Vote.  By allowing voters to securely verify the vote that is attributed to them, people could have the ability to have their vote removed from tallies or corrected.  Voters should receive a receipt that shows their voting choices.  Once they have that receipt, they should be allowed to login securely online to verify that the vote recorded for them is the same as the vote they actually cast.
  2. Federal Removal of Deceased / Invalid Voters.  The federal government should be required to scan all votes for social security numbers that are invalid or belong to persons that are registered as deceased in the social security system.  This would allow them to significantly reduce the number of fraudulent or invalid votes.  One of the biggest fraud issues is ghost votes (votes cast under the name of a real person who is deceased).  The cause of ghost votes can be numerous, from family members wanting to vote in honor of their loved ones, to people outright trying to fraudulently impact the outcome of an election through the use of ghost votes.  No  matter the reason, ghost votes should be very easy to detect and remove.
  3. Secured voting booths.  Voting booths should be secured similarly to how an ATM is.  The only part of a machine that should be exposed is the part where the paper document is fed in (for paper voting locations), or where the screen and buttons are for casting a vote (for digital voting locations).  The rest of the machine should be secured behind a solid metal / cement container.  Access to any part of the machine not directly involved with the voting process, should be limited to a single accountable person at each location.  If the machine is tampered with, that person must accept responsibility.
  4. Video Record Polling Locations.  As soon as you read the title of this one, you probably got uneasy.  That is because you assume an invasion of privacy.  What I am actually talking about here is not recording people voting from the side showing their screen, but rather recording the entire room and the back / sides of the voting machines.  This would allow you to not only determine who was voting fraudulently if a ghost vote or invalid vote was cast, but it would allow auditors to see if someone messes with the machine from the back / sides.
  5. Prosecute Fraudulent Voters.  One of the big problems is not that we can’t detect fraudulent votes / ghost votes, but rather that the people casting these fraudulent votes are not prosecuted enough.  This should result in a felony (which strips your right to vote in the future until re-granted by a judge).
  6. SLOW THE F#$% DOWN.  Voting is easy.  Voting is quick.  Saying the results the same day the votes are cast is a horrible idea.  Allow time for auditing and verification.  Allow time for people to verify their recorded vote after it is cast and verify it matches what they voted.
  7. Federal standards and reviews for voting machine hardware, software, and security.  A panel of people should have oversight of security standards for voting machines.  It would make sense to have at least one representative from each state, but asking 50 different groups of people to evaluate the entire code base is not realistic.  Having a panel of representatives that are from leading United States software development and information security organizations be responsible for determining standards and reviewing code is not ridiculous to ask.  I know of many very high level highly skilled people that would jump at the chance to be part of a group that helps secure and standardize our voting system.  These people should be tasked with keeping the security and reliability at a level consistent with the burden the system will bear.

If we made these seven changes, we could drastically improve not only the accuracy of elections, but also improve trust of the entire process by citizens.

Kalypto • October 19, 2016


Previous Post

Next Post