对于一个快速走向全数字化的世界,进行电子选举似乎是一件轻而易举的事。然而,对于世界上大多数人来说,久经考验的纸质投票系统仍然是首选。
造成这种情况的一个原因是纯粹的惯性。一夜之间改变如此庞大而根深蒂固的系统并不容易。另一个重要因素是在维护选举完整性方面的谨慎态度。
纸质投票欺诈的本质是众所周知的,但是一旦你进入数字化时代,就会有一组全新的变量在起作用。尽管如此(Nonetheless),电子投票即将到来,当你下次去投票时,你很有可能会按下机器上的按钮,而不是在一张纸或打孔卡上做标记。
那么最大的问题是电子投票是否安全,选举黑客是否是一个问题?
“电子”投票是什么意思?
电子投票有多种形式,每种形式的安全问题都不同。从广义上讲,电子投票意味着使用计算机化系统获取选票。读取穿孔卡的投票机严格来说也属于电子投票的广义范围内。但这些类型的机器通常不是人们在使用“电子投票”一词时所谈论的。
相反,它们要么意味着使用所谓的“直接记录电子系统(“direct recording electronic systems)”,要么意味着使用计算机或智能手机等设备进行在线投票。
电子投票(Electronic Voting)有什么好处(Benefits)?
选举成本高昂、劳动密集,而且可能跨越很长一段时间,从而影响州或国家层面的生产力。如果每个人都可以进行电子投票,这将意味着非常快速和准确的投票计数。需要雇用更少的人来管理选举。您还减少了成吨成吨的纸张的运输,以及安全基础设施,以确保这些选票安全地到达计票地点。
独立投票机在用户体验方面也提供了很大的灵活性。例如,残疾选民可以从许多无障碍选项中进行选择,以帮助他们独立而有尊严地投票。
直接记录电子系统没有纸质版本的选票,所有选票都记录在某种存储设备中。该数据被添加到计数中。显然,由于它都是电子的,因此不会出现错误计数,并且可以立即获得结果。至少在一个理想的世界里,它应该是这样工作的。
在线投票的一个主要好处是选民可以在家里、另一个国家或任何有互联网连接的地方投票。从理论上讲,这可能会增加选民投票率,并允许公众更频繁地对更多问题进行投票。而不是只针对最大的问题进行昂贵的公投(expensive referendums)。换句话说,它可能是一种工具,可以更纯粹地表达民主。
电子投票如何运作?
从选民的角度来看,简短的回答是它应该像纸质投票一样工作。假设您已被验证有资格投票,您将走到机器前,按照说明进行操作,然后为您想要的候选人投票。然后,您的投票应该被安全地存储和统计。
在线(Online)投票将涉及登录投票系统,通过某种身份验证过程,然后投票。在线(Online)投票不适合政府选举,并且存在太多影响诚信的问题,但它确实在私营企业中用于股东投票等事情。
随着各种技术的进步,我们有朝一日可能会看到在线投票足够安全,可以在大选中使用。
主要的安全风险是什么?
电子投票的安全风险取决于所讨论的电子投票的具体类型。
直接记录电子投票机的主要风险是它们缺乏书面记录。使用打孔卡的电子机器正在制作原始纸质记录的电子副本。这意味着官员可以回到实际的打孔卡来验证电子计数。
虽然查看纸卡是否被篡改或失效相对容易,但可能无法知道DRE机器中的数字数据是否已被篡改。因此,给定DRE机器的安全性在很大程度上取决于数据冗余以及如何根据独立记录检查结果或如何检测数据篡改。
黑客如何篡改(Hackers Tamper)电子投票(Electronic Voting)?
首先(First),不得不说没有100%的防篡改系统。任何投票系统中总会存在一定程度的欺诈或漏洞。所以真正的问题是电子投票带来的一般风险水平是否可以接受。特别是与公认的模拟投票系统的风险相比。
电子投票的最大问题之一是检测数字数据是否被篡改可能很困难。取决于数据的存储、编码和传输方式。这就是为什么不愿意接受直接记录机器的原因,因为没有可供检查的辅助记录。
这意味着,如果这些机器被黑客入侵并发生了真正的欺诈行为,我们可能永远不会知道。我们所知道的是,某些机器的漏洞已在实验室条件下得到证实。
还有一些经过验证的投票数据的取证结果(forensic findings)已被篡改或机器本身已被篡改。2019 年,电视名人约翰·奥利弗 (John Oliver)(John Oliver)发布了一份关于电子投票机在美国出现的安全问题的(USA)精彩总结(excellent summary),我们建议将其作为了解关键问题的良好起点。
但是,我们可以在这里总结一些主要的攻击媒介:
- 访问编程和操作DRE机器的人员
- 访问加载到DRE上的软件(DRE)
- 直接物理访问DRE机器(例如USB恶意软件攻击)
- (Network)对未隔离的DRE机器的(DRE)网络访问
与黑客的本质一样,安全方面的弱点通常是人性的,而不是数字的。因此,敬业的黑客(hackers)可能会针对导致投票机数据最终电子计数的链条中的每个环节,特别强调构成该链条一部分的人。
电子投票安全吗?
这是一个复杂的问题,没有办法说答案是不合格的是或否。一个问题是两台不同的投票机可能有非常不同的漏洞。
因此,您可以做的最重要的事情是找出您将在您所在州或当地投票站使用的投票机型号和品牌。对这台机器是否已经过安全专家的独立测试进行一些研究,以确定你是否愿意用它投票。
电子投票也不应该孤立地看待。有令人不安的迹象表明,选民行为“黑客攻击”可能通过社交媒体等平台发生,使用虚假信息和协同机器人网络。
如果您人为地操纵选民情绪,那么您根本不需要破解DRE机器!因此,还要考虑您投票所依据的信息质量,可能是您被黑客入侵,而不是投票的机器。
Election Hacking 101: Is It Safe to Vote Electronically?
For a wоrld that’s rapidlу going all-digital, it might seеm like a no-brainer to havе electronic elеctions. Yet, for most of the world, the tried-and-tested paper-based voting system is still the preferred choice.
One reason for this is pure inertia. It’s not easy to simply change such a massive and entrenched system overnight. Another important factor is a cautious attitude when it comes to preserving the integrity of an election.
The nature of paper-based voting fraud is well-known, but once you go digital there are an entirely new set of variables at play. Nonetheless, electronic voting is coming, and when you next head to the ballots there’s a good chance you’ll be pressing a button on a machine rather than marking a piece of paper or punch card.
The big question then is whether it’s safe to vote electronically and is election hacking an issue?
What Does “Electronic” Voting Mean?
There are various forms of electronic voting and the safety concerns are different for each one. Electronic voting, broadly, means capturing votes using a computerized system. Voting machines that read punch cards are also strictly speaking under the broad umbrella of electronic voting. But those types of machines are not usually what people are talking about when they use the term “electronic voting”.
Instead they either mean the use of so-called “direct recording electronic systems” or alternatively online voting using a device like a computer or smartphone.
What Are The Benefits Of Electronic Voting?
Elections are expensive, labor-intensive and can span long stretches of time that affect productivity on a state or national level. If everyone could vote electronically it would mean very fast and accurate voting counts. Fewer people would need to be employed to manage the election. You also cut out the transport of tons and tons of paper, along with the security infrastructure to make sure those votes make it safely to where they are counted.
Standalone voting machines also offer lots of flexibility when it comes to the user experience. For example, voters with disabilities can choose from a number of accessibility options to help them cast a vote independently and with dignity.
Direct recording electronic systems have no paper versions of votes and all votes are recorded to some sort of memory device. That data is added to the count. Obviously, since it’s all electronic, there can be no miscounts and the results are available immediately. At least in an ideal world, that’s how it should work.
With online voting a major benefit would be that voters can cast their vote from home, from another country or anywhere else with an internet connection. Which may theoretically increase voter turnout and allow for the public to vote on more issues, more frequently. Rather than expensive referendums for only the largest issues. In other words, it could be a tool that allows for a more pure expression of democracy.
How Does Electronic Voting Work?
The short answer, from a voter’s perspective, is that it should work pretty much like paper-based voting. Assuming that you have been verified as eligible to vote, you’ll walk up to the machine, follow the instructions, and then cast a vote for your desired candidates. Your vote should then be securely stored and tallied.
Online voting would involve logging in to a voting system, going through some sort of identity verification process and then casting your vote. Online voting is not suitable for government elections and has far too many problems that affect integrity, but it does see use in private enterprise for things like shareholder voting.
With the advancement of various technologies we might one day see online voting secure enough for use in general elections.
What Are The Main Security Risks?
The security risks when it comes to electronic voting depend on the specific type of electronic voting under discussion.
The main risk with direct recording electronic voting machines is their lack of a paper trail. Electronic machines that use punch cards are making an electronic copy of a primary paper record. This means that officials can go back to the actual punch cards to verify the electronic count.
While it’s relatively easy to see if a paper card has been tampered with or rendered invalid, it may not be possible to know if the digital data in a DRE machine has been tampered with. So the safety of a given DRE machine relies strongly on data redundancy and how results can be checked against an independent record or how tampering with the data can be detected.
How Can Hackers Tamper With Electronic Voting?
First of all, it has to be said that there is no such thing as a 100% tamper-proof system. There will always be some measure of fraud or vulnerability in any voting system. So the real question is whether the general level of risk posed by electronic voting is acceptable. Especially compared to the risks of accepted analog voting systems.
One of the biggest problems with electronic voting is that detecting whether digital data has been tampered with can be difficult. Depending how that data is stored, encoded and transferred. This is why there has been reluctance to accept direct recording machines, because there’s no secondary record to check against.
This means that if these machines have been hacked and real fraud has occurred, we may never know. What we do know is that vulnerabilities in some machines have been demonstrated under laboratory conditions.
There are also a number of verified forensic findings of voting data that has been tampered with or that the machines themselves have been tampered with. In 2019 TV personality John Oliver released an excellent summary of the security problems electronic voting machines have exhibited in the USA and we recommend it as a good starting point to understanding the key issues.
However, we can summarize some of the main vectors of attack here:
- Access to the people who program and operate DRE machines
- Access to the software that’s loaded onto the DRE
- Direct physical access to a DRE machine (e.g. USB malware attack)
- Network access to DRE machines that aren’t isolated
As is usual with the nature of hacking, the weak points in security are often human in nature rather than digital. So dedicated hackers might target every link in the chain leading towards the final electronic count of voting machine data, with special emphasis on the human beings who form part of that chain.
Is It Safe To Vote Electronically?
This is a complex question and there’s no way to say that the answer is an unqualified yes or no. One issue is that two different voting machines may have very different vulnerabilities.
So the most important thing that you can do is find out which model and brand of voting machine you’ll be using in your state or local polling station. Do some research on whether that machine has been independently tested by security professionals to decide whether you’d be comfortable casting your vote with it.
Electronic voting shouldn’t be viewed in isolation either. There are troubling indications that voter behavior “hacking” can happen via platforms such as social media using disinformation and concerted bot networks.
If you manipulate voter sentiment artificially, then you don’t need to hack DRE machines at all! So consider the quality of information you’re basing your vote on as well, it might be you who have been hacked and not the machine taking your vote.