Please no internet voting!

In response to http://www.ft.com/intl/cms/s/0/644f7b3e-2dc8-11e6-a18d-a96ab29e3c95.html

Dear Gillian,

I assure you, you absolutely don’t want internet voting.

It’s exceedingly difficult to keep servers secure, today you have to work from the assumtion that you get hacked so the trick is to minimize the potential damage by various means of replication, encryption and checkdoors. But once a system has been silently compromised you no longer know, you can never be absolutely certain that a system isn’t vulnerable or hasn’t been compromised.

Banks for example face a constant level of attack that can increase or decrease but it is never gone. Large international companies continue to see pervasive Chinese and Russian hacking attempts, massive amounts of IP have been stolen. Read this article from 2011: http://www.vanityfair.com/news/2011/09/chinese-hacking-201109 and the consider at what level the threat is today when it was like that 5 years ago.

No, exposing our most vital institution to that is foolish, people in the industry know it and companies like Google aren’t going to touch it, the risk is too great and just not worth it.

And what politician is going to say that people can vote online but that China or an expert hacking group may be able to alter the results?

The alternative is to have relatively dumb voting computers that are not internet connected, that tally the vote and that print out your vote which is then deposited in a box so that it can be counted manually if need be. Such computers could be manufactured cheaply and can be deployed to British Embassies.

As for Estonia see https://www.theguardian.com/technology/2014/may/12/estonian-e-voting-security-warning-european-elections-research