#ijf13, Day 2: Lessons of realism in online voting

by Fabio Chiusi – translated by Roberta Aiello

There were lessons of realism at the Hackers’ Corner to oppose the “hyperdemocratic” claims of those who want online voting immediately. After the presentation of Giovanni Ziccardi and Claudio Agosti, who knows if Beppe Grillo would still be uncritically convinced. “At the moment there doesn’t exist a pure system of  consensus gathering and online voting that gives assurance of security”, says Ziccardi. For now, “the old-fashioned paper ballot is a much more secure way”. In the future, there could be “many benefits,” he adds. However, it is good to reflect today on the many ways in which “the hacking of collection systems of voting and online consensus” can be achieved. In order to reach this goal one needs to be “in the role of the cyber attacker“.

For example, Grillo should remember his experiments  (“parlamentarie”  – the online elections of lists of candidates of the Five Star Movement to the parliament – and “quirinarie” – the online elections of Five Star Movement candidates for the presidency of the Italian Republic) that “every system should be tested before being presented to citizens”. “Competent people should be asked” – hackers, particularly – “try to break it, before using it publicly”. To achieve this aim,  Agosti reminds us, the code needs to be an open source code: hiding it does not prevent attacks, although it slows them down, says Ziccardi. Without “an independent and transparent process that allows the voter to verify that his ballot has been counted correctly” (auditing), consultation is reduced to a “game”. As in the case of the pilot voting system hacked by Alex Halderman and his team of the University of Michigan, it may happen that the managers of the platform are not aware of the manipulation. The administrators of the server that manages the consultation data “can turn water into wine and move votes”. For this reason, “there needs to be a paper check for electronic voting”, otherwise it is impossible to verify its correctness. It is easy to blame unspecified “hackers“, or other external attackers. From inside it is much simpler and, especially in the absence of transparency, invisible. The effects are “institutional”, Ziccardi reminds us , whether you choose members of Parliament or suggest candidates for the presidency of the Republic or, tomorrow, if there is the outcome of the Italian political elections at stake.

Special skills are not needed: hacking a voting system is pretty simple, many could do it. An individual, an association, a hostile State. If our computer “becomes a voting machine”, the vulnerability of the computer adds to that of the vote. The voting booth is safer, it does not allow  “buying-vote” easily (this is still only theoretical, Ziccardi points out) and, above all, it is not exposed to many, simple but devastating attacks, such as ddos and trojan viruses, to which our pc is exposed.

There is an economic problem: online voting is expensive. In the case of SERVE, described by Ziccardi, it costs 40 million dollars. It took a collaboration with Accenture and the U.S. departments of the Interior and of Defence. Moreover, the service is “critical”: a violation of the secrecy of the ballot box, and therefore of individual privacy, would have “a devastating effect on public confidence”. If would be enough to change the IP or erase the traces of the vote from one’s own browser to invalidate an online consultation (Agosti thinks that this could be what produced the discrepancy between votes and voters in the case of  the “quirinarie” that determined the annulment and the repetition), there is a final evaluation: an analysis of costs and benefits of the operation of hacking. It is a critical element, because a system could be subject to tampering, but not tampered with because it would require excessive investment compared to the result. A question that does not arise in the case of Italian political elections.

What can we do? Ensuring mechanisms of voting that are not permanent (as in Liquid Feedback), according to Agosti. Taking a cue from the stratagems of security used in the banking systems (for example, providing a flash drive with random numbers), or (always through an appropriate flash drive) an encrypted environment that replaces, temporarily, the usual operating system and that covers the vote only. The sensation is that some problems could be avoided, others can not. Thinking about their balance is a smart way to avoid the enthusiasm and catastrophism that do not lead to any real democratic progress.

(Foto by Martina Zaninelli)