A few countries that tried online voting gave up after a while.
They face the challenge of ensuring that the votes recorded in the database are the actual votes submitted by the voters.
There is the risk that the votes could be altered fraudulently by hackers or by the programmers who developed the software.
How can they assure the public that the voting results are valid, when the integrity of the votes cannot be proven?
I have a way of handling this uncertainly.
This is what I would do:
a) All votes will be recorded into two databases - a primary database that is controlled by the election authority and an audit database that is controlled by an independent third party, e.g. the supreme court or an independent auditor.
b) The tables containing the votes in both database are set to "insert mode" only. The "update" mode is disabled. This is the technology to prevent the alteration of the votes. I am not sure how strong is this technology, but it is useful to adopt it.
c) An audit program is run at regular intervals to compare the votes in the primary and the audit database. Any mismatch will be highlighted immediately to the election officials and the relevant independent officials.
If the votes in the primary or audit databases are somehow altered fraudulently, the mismatch will be thrown out by the audit program. It would be quite impossible for the hacker to be able to change the votes in both databases simultaneously.
There are technology to prevent the interception of the data in transit to the databases. This technology is able to prevent fraud for online banking transactions. It can also secure the voting results.
There is still the risk that the programmer of the voting software could acting fraudulently by taking the actual votes by the voter and altering them before updating the two databases.
This risk can be managed by checking the integrity of the software and not allowing any changes after it has been approved.
If necessary, an additional layer of check can be provided. The voter can receive a QR code that identify the ballot number. This QR code allows the voter to access the audit database and see the actual votes recorded for that online ballot.
The voter will remember the persons that he has voted for, and can point out if there were unauthorized changes. Each voter can only view the online ballot that he has submitted.
There is also the need to ensure the secrecy of the votes. Each voter is given a ballot paper that is identified by the ballot number. There is no way of identifying the actual person who has voted from the ballot number.
There is a secret table that link the ballot paper to the voter, but this is under strict control. This table is kept encrypted and secret. It can only be used to verify the authenticity of the ballot paper.
In the event of any mismatch, the vote will be invalidated. If the mismatch is small, the results from the remaining votes can be accepted. If it is extensive, the whole election process can be aborted.
The change of this happening is very slim. The main value of this process is to give confidence in the integrity of the online voting system.
I have developed a prototype of the online voting system that embrace these principles, i.e. the use of two databases and the audit program to highlight any mismatches.
This prototype can be viewed at https://tklcloud.com/democracy/home.aspx
Tan Kin Lian
They face the challenge of ensuring that the votes recorded in the database are the actual votes submitted by the voters.
There is the risk that the votes could be altered fraudulently by hackers or by the programmers who developed the software.
How can they assure the public that the voting results are valid, when the integrity of the votes cannot be proven?
I have a way of handling this uncertainly.
This is what I would do:
a) All votes will be recorded into two databases - a primary database that is controlled by the election authority and an audit database that is controlled by an independent third party, e.g. the supreme court or an independent auditor.
b) The tables containing the votes in both database are set to "insert mode" only. The "update" mode is disabled. This is the technology to prevent the alteration of the votes. I am not sure how strong is this technology, but it is useful to adopt it.
c) An audit program is run at regular intervals to compare the votes in the primary and the audit database. Any mismatch will be highlighted immediately to the election officials and the relevant independent officials.
If the votes in the primary or audit databases are somehow altered fraudulently, the mismatch will be thrown out by the audit program. It would be quite impossible for the hacker to be able to change the votes in both databases simultaneously.
There are technology to prevent the interception of the data in transit to the databases. This technology is able to prevent fraud for online banking transactions. It can also secure the voting results.
There is still the risk that the programmer of the voting software could acting fraudulently by taking the actual votes by the voter and altering them before updating the two databases.
This risk can be managed by checking the integrity of the software and not allowing any changes after it has been approved.
If necessary, an additional layer of check can be provided. The voter can receive a QR code that identify the ballot number. This QR code allows the voter to access the audit database and see the actual votes recorded for that online ballot.
The voter will remember the persons that he has voted for, and can point out if there were unauthorized changes. Each voter can only view the online ballot that he has submitted.
There is also the need to ensure the secrecy of the votes. Each voter is given a ballot paper that is identified by the ballot number. There is no way of identifying the actual person who has voted from the ballot number.
There is a secret table that link the ballot paper to the voter, but this is under strict control. This table is kept encrypted and secret. It can only be used to verify the authenticity of the ballot paper.
In the event of any mismatch, the vote will be invalidated. If the mismatch is small, the results from the remaining votes can be accepted. If it is extensive, the whole election process can be aborted.
The change of this happening is very slim. The main value of this process is to give confidence in the integrity of the online voting system.
I have developed a prototype of the online voting system that embrace these principles, i.e. the use of two databases and the audit program to highlight any mismatches.
This prototype can be viewed at https://tklcloud.com/democracy/home.aspx
Tan Kin Lian
No comments:
Post a Comment