Geoff Palmer at Stuff reports:
In 2010, Washington DC unveiled its state of the art internet-based electronic voting system.
To demonstrate it, it held a unique public trial: a mock school board election in which people were invited to test the new system and even, they challenged confidently, try to compromise its security. Within days of it going live, an unlisted election candidate – one Bender Bending Rodriguez, also known simply as Bender from the TV series Futurama – was the leading contender, with 100% of the vote.
Which will be used by some as a reason why there should be no Internet voting, but look at the details:
They found an unencrypted copy of every registered voter’s authentication code, and those, combined with the public key used to encrypt the ballots, allowed them to alter every vote already cast and replace any subsequent ones with fakes.
Having the authentication codes unencrypted is a pretty big security hole.
While they were about it, they blocked other attacks coming from New Jersey, India and China, and noticed that hackers from Iran were accessing part of the system via a default admin password (“admin”).
And that is just incompetence.
There are risks with Internet voting, but they can be minimised and mitigated. You could have (for example) a paper copy print out at Election HQ of every vote cast over the Internet. You can have confirmation e-mails of votes. You can have random audits.
I’m not an advocate of only having Internet voting, but in an era of declining turnouts, having the option to vote over the Internet would help turn that around.