The Viewpoint column "Online Voting: We Can Do It! (We Have To)" in the September 2019 issue is naïve and unscientific. Although the column is explicitly framed as a response to the scientific community of experts who explain the dangers of Internet voting, it does not actually cite any of the scientific literature Ms. Orman is claiming to refute.
The scientific community (the "9 out of 10 experts" she mentions) have published many articles and reports laying out the scientific basis for why online voting is inherently insecure (given any known or imminently foreseeable technology).1,2,3,4,5,6,7 Yet Ms. Orman does not cite any of these scientific papers among the bibliographic citations in the References section of her column. Given that Communication's Viewpoint format does not permit an extensive bibliography, she did not have room to cite all of references listed here,1,2,3,4,5,6,7 but in a response to the scientific community it would have been appropriate to cite (and explicitly respond to the science in) at least some of them.
There are gaping technical holes at the core of Ms. Orman's proposal. She proposes to rely on Trusted Platform Modules (TPM) to secure the end-user devices; but TPM cannot possibly do that within any foreseeable future, for two reasons. First, TPM replaces your trust in the device with your trust in the holder of the signing key. Intel or Google or Samsung or Apple holds the signing key of your device; shall we let them choose who wins our elections? And even if we did—TPM has been around for 20 years and we still keep finding security holes in it; it's simply not trustworthy.
I won't even begin to explain why Blockchain doesn't solve online voting, since that is so well explained in the scientific literature.1,2 So too is the immensely thorny problem of distributing digital credentials to all voters, which Ms. Orman ignores entirely.
Even if one regards her Viewpoint as a guide to the many difficult scientific challenges that must be overcome before it's safe to proceed with online voting, the concluding paragraphs are completely pie-in-the-sky. She presumes that we could have secure smartphones with trusted hardware and software if only the government would subsidize them; as if well-resourced, technically savvy corporations such as Apple and Google were not already busting their butts to make their phones secure and failing in any case. And Ms. Orman suggests, in the very last paragraph, that secure TPM+TCB+PKI+(new-standardized-markup-language) could all happen within five years, by 2024, and be widespread by 2028. That claim is where the essential unreality of this whole scheme becomes clear. With so many intractable scientific problems unresolved—as they are even by Ms. Orman's own analysis—it is irresponsible to suggest pilot projects in elections for public office within such a short timeframe.
Andrew W. Appel, Princeton, NJ, USA
No research proves that online voting a priori defies security principles. The growing set of innovative tools and techniques for software verification, trustworthy identity credentials, and publicly verified computation argues the contrary. As in all practical solutions, there will be a trade-off between cost and security.
My perspective is that the balance point is rapidly shifting, and security researchers and professionals need to produce, critique, analyze, and verify high-assurance voting systems. The volatility surrounding these issues should not deter progress.
Hilarie Orman, Woodland Hills, UT, USA
In an era of active election interference by foreign powers in the U.S. and many other countries, the importance of careful design, vetting, and validation of online voting systems can't be overstated. At the same time, U.S. voter participation in national elections (the presidential elections every four years) has been mired in the 50%–60% range for past 50 years, so the need for technology that could increase participation in democracy are also desirable! This is an important issue where the experts of the ACM have contributed greatly to understanding and public policy, and there is much more to be done.
Andrew A. Chien, Editor-in-Chief
Companies like Google are strong supporters of ACM, sponsoring ACM's A.M. Turing Award and encouraging its employees to become ACM members. But that support gives ACM a greater, not lesser, responsibility to maintain objectivity and neutrality. Consequently, I was dismayed to read Vinton Cerf's editorial "Polyglot!" (Sept. 2019), a thinly veiled laundry list of all the wonderful things Google can do: "Google speaks 106 languages ... Google's language ability vastly exceeds my own ... [Google] Assistant ... Google Lens ... Google Translate ..." and even "Google Science Fair." Cerf lauds Google eight times, failing to mention any other organization even once.
Cerf, a luminary of our field, is free to serve Google as its "chief evangelist," as his byline notes. ACM should not allow itself to be used as its platform.
Jonathan Grier, Pikesville, MD, USA
It's a good point that ACM aspires to balance coverage of advanced technologies from leading academic researchers, government researchers, companies, and other leaders around the world. This case was a failure of expediency and familiarity. Vinton Cerf's employer certainly has no monopoly on advanced technology in language translation (for example, Microsoft Translator, Amazon Translate, Baidu Translate) and image recognition (for example, SenseTime, Amazon Rekognition, Bing Visual search). We will continue to strive to do better!
Andrew A. Chien, Editor-in-Chief
1. The Myth of "Secure" Blockchain Voting. D. Jefferson, Oct. 2018; www.verifiedvoting.org/jefferson_themythof_secure_blockchainvoting/.
2. Securing the Vote: Protecting American Democracy. National Academies of Science, Engineering, and Medicine, Sept. 2018; https://doi.org/10.17226/25120.
4. The Future of Voting: End-to-End Verifiable Internet Voting—Specification and Feasibility Study. Report of the U.S. Vote Foundation, 2015; https://www.usvotefoundation.org/sites/default/files/E2EVIV_full_report.pdf.
5. If I Can Shop and Bank Online, Why Can't I Vote Online? D. Jefferson, 2011; https://www.verifiedvoting.org/resources/internet-voting/vote-online/.
6. Recommendations Report to the Legislative Assembly of British Columbia. The Independent Panel on Internet Voting, 2014; http://bit.ly/2lHEDYS.
7. Security Analysis of the Estonian Internet Voting System. J.A., Halderman, H. Hursti, et al., 2014; http://bit.ly/2lUlzXf
©2019 ACM 0001-0782/19/11
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and full citation on the first page. Copyright for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or fee. Request permission to publish from [email protected] or fax (212) 869-0481.
The Digital Library is published by the Association for Computing Machinery. Copyright © 2019 ACM, Inc.
No entries found