identity ideas: 2020

vrijdag 12 juni 2020

Internet voting

Gene Spafford is one of my old security heroes. As you may know, not having an ICT background I'm not an expert in technical IT security, but what I learned about Unix and Internet security, I learned from Simson and Spafford (great introduction into security, also for Windows users...).

And if he speaks, you need to listen. This time he spoke about Internet Voting. The occasion being the US presidential primary elections. There are lots of voices who claim that internet voting is essential for democracy. Spaf is cautious, and with lots of reason, because, as he shows, technology is not stable and secure enough to facilitate free elections, there are too many obstacles from a technology point of view. No, not even Blockchain will make it secure enough. Here's the link to the interview with Spaf. And to all politicians: this expert knows more about security than all of you combined.

Why this post if I can just point to the interview?

Well, first the aspect of Identity was not mentioned. And we should of course touch on that as well. And second: this topic is a global topic, not just covering the US primaries.

Even though elections are anonymous, anonymity only extends to

the knowledge of who voted for whom
the knowledge of who voted

Those are the only anonymity requirements. The latter may not even be required if voting is mandatory by law, but then again, even in that case privacy may be relevant amd anonimity may extend to that topic.

But just the possibility, the justification for voting does require knowledge of the voter:

you are only allowed to vote if according to legislation you are considered to be a voter
you can only vote once
unless you have a uniquely identified mandate from another voter

And this is where Internet Voting is hurt even more than just by the techology part.

In order to make Internet Voting possible, these requirements have to be met: