Just watched David Bismark’s TED Talk on fraud control systems for electronic voting. Interesting stuff—and a vast improvement over older systems—although I’m not sure the security is as watertight as he claims.

Think, if you will, of a vote as a credit card transaction. Imagine you’re buying a book from Amazon with your VISA card. When you do, Amazon sends a packet of data to VISA, asking VISA to pay Amazon a certain amount of money; attached to this packet is your 16-digit card number and a 3-digit CCV, which acts as a signature of sorts, verifying that the transaction goes ahead with your permission.

If, at the end of the month, you notice a fraudulent transaction on your VISA statement, you can ring up your bank and query it. Assuming all goes well, then the suspicious transaction can be reversed.

Before the Internet, credit card transactions worked in much the same way. However, rather than match your card number and CCV to your account, the clerk eyeballed your signature and read your card number to somebody at the credit card company, who checked it on a computer.

The number on your credit card isn’t random, nor is it generated sequentially; there’s an algorithm that creates them. There was also an algorithm to determine that a given 16-digit number might be a valid credit card number, an algorithm that didn’t have to consult accounting records, bypassing the need for ridiculously expensive computing overhead and security protocols. When you made a transaction, the computer at the credit card company looked at the number it was given and verified that it was part of the set of valid numbers. Sometime later, the transaction would be sent to accounting to chase up—there simply wasn’t the capacity to process transactions in realtime.

Whether it was reverse-engineered or stolen, the card number generation algorithm got out, and enterprising hackers could download card generators. Through various means, they could then purchase goods, and by the time the accounting department failed to match the number with an account, the hackers would be long gone.

Were hackers able to obtain the algorithm that generated Bismark’s 2D barcodes, then they may be able to lodge fraudulent votes that belonged to nobody, with nobody to check their validity online—just as they could once do with credit card purchases.

The exercise of a secret ballot must address three primary concerns: the electors’ privacy, the correct interpretation of their vote and the integrity of the election’s result. Bismark’s system addresses the first admirably, the second passably but, based on his TED Talk, the third not at all.

Advertisements