Task force casts vote against online elections

While millions of dollars of business is moving to the Internet, the idea of allowing people to vote online from their home or office computer remains a distant prospect, a California task force reported last month.

Despite initial optimism, the California Internet Voting Task Force, convened by California Secretary of State Bill Jones, concluded that online voting comes with too much risk of computer viruses, vote tampering and other electronic attacks.

While new technology may emerge in coming years to address these problems, existing security solutions simply do not appear to be viable to support widespread online voting, the task force found.

"In doing the study, we were a little disappointed to find that we cannot go out there today and allow people to vote from the comforts of their home," said Alfie Charles, assistant secretary of e-government, who chaired the task force.

In part, the task force's optimism came from watching the momentum of electronic commerce. Though at first glance e-commerce doesn't appear all that different from online voting, there is one critical difference, Charles said.

In traditional electronic commerce, both parties in a financial transaction know what outcome to expect and can verify its occurrence. For example, a person receiving a book from an online order will know if there has been a mistake and can fix it.

But voting, having no such safety net, requires a great deal of trust. "You have one chance, and it has to be absolutely correct," Charles said.

The study found that voting online might leave users vulnerable to computer viruses and other attacks on their home computers. Attacks could leave end users unable to vote or even make it possible for a hacker to alter their votes.

Any process for confirming that a computer is "clean" would put so much of a burden on the end user it simply would not be not viable, the task force concluded.

Also, at this point, there does not appear to be a feasible way to know for certain the identity of the person casting a vote. Some emerging security schemes use digital signatures, but a signature only verifies the computer being used, not the person using the computer.

Technically, it may be possible to create a digital identification that combines digital signatures with something like a fingerprint scan to verify the identity of a voter. But again, the burden of buying and installing such a solution would fall on the voter.

The lack of viable solutions leaves Internet voting in limbo, Charles said. "If you can't prevent fraud, than it isn't worth moving beyond that," Charles said.

One alternative, short of widespread Internet voting, is to set up Internet voting stations where voters can go to cast their ballots. This solution would make it possible to allow voters living outside their voting district to take part in an election without voting by absentee ballot.

California is in the process of certifying such a solution for use in the state, Charles said.