One of the most common questions I get is “if I can bank online, why can’t I vote online”. A recently released (but undated) document ”Supplement to Authentication in an Internet Banking Environment” from the Federal Financial Institutions Examination Council addresses some of the risks of online banking. Krebs on Security has a nice writeup of the issues, noting that the guidelines call for ‘layered security
programs’ to deal with these riskier transactions, such as:
- methods for detecting transaction anomalies;
- dual transaction authorization through different access devices;
- the use of out-of-band verification for transactions;
the use of ‘positive pay’ and debit blocks to appropriately limit
the transactional use of an account;
‘enhanced controls over account activities,’ such as transaction
value thresholds, payment recipients, the number of transactions
allowed per day and allowable payment days and times; and
- ’enhanced customer education to increase awareness of the fraud
risk and effective techniques customers can use to mitigate the
[I've replaced bullets with numbers in Krebs’ posting in the above list to make it
easier to reference below.]
So what does this have to do with voting? Well, if you look at them
in turn and consider how you’d apply them to a voting system:
One could hypothesize doing this – if 90% of the people in a
precinct vote R or D, that’s not a good sign – but too late to do
much. Suggesting that there be personalized anomaly detectors (e.g.,
“you usually vote R but it looks like you’re voting D today, are you
sure?”) would not be well received by most voters!
- This is the focus of a lot of work – but it increases the effort for the voter.
Same as #2. But have to be careful that we don’t make it too hard
for the voter! See for example SpeakUp: Remote Unsupervised Voting as an example of how this might be done.
- I don’t see how that would apply to voting, although in places like Estonia where you’re allowed to vote more than once (but only the last vote counts) one could imagine limiting the number of votes that can be cast by one ID. Limiting the number of votes from a single IP address is a natural application – but since many ISPs use the same (or a few) IP addresses for all of their customers thanks to NAT, this would disenfranchise their customers.
“You don’t usually vote in primaries, so we’re not going to let you
vote in this one either.” Yeah, right!
This is about the only one that could help – and try doing it on
the budget of an election office!
Unsaid, but of course implied by the financial industry list is that the goal is to reduce fraud to a manageable level. I’ve heard that 1% to 2% of the online banking transactions are fraudulent, and at that level it’s clearly not putting banks out of business (judging by profit numbers). However, whether we can accept as high a level of fraud in voting as in banking is another question.
None of this is to criticize the financial industry’s efforts to improve security! Rather, it’s to point out that try as we might, just because we can bank online doesn’t mean we should vote online.