election authorities and other voting
districts. Key management for the
more than 3,000 counties and 10,000
voting districts in the U.S.A. is a non-trivial task. The blockchain carries an
immutable log of the history, revocations, authorizations, and so forth.
The multiplicity and independence of election administration regions prevents adoption of a single
software base. There are a few obvious critical items for standardization
into open source components. One
is a two-way secure communication
protocol for voters to use in establishing their voting session. The other
concerns the presentation of the ballot and the voter responses. Ballots
can be complicated, and the voter
must be able to read the options unambiguously. A standardized and formally verifiable markup language will
assure the voter’s device can interpret
the ballot uniquely and clearly, and
verified software on the mobile device
will convey the responses into a similarly unambiguous format.
How do voters know the correct software is running on their devices, how
do they know their response got to the
server? One needs a chain of trust established through trustworthy processors,
public keys, blockchain logging, and
runtime software audits. The most practical solution would include a standard
trusted processing module in all mobile
devices along with the minimal verified
software for the trusted computing base
(TCB). A “trusted path” operation on the
cellphone would lock the device interactions into the trusted processor.
The TCB must include the keyboard
and device display. Each manufacturer
may have separate device drivers, so the
variation in interfaces creates a possibly different attack surface for each device. This is another security challenge:
nearly device independent hardware/
firmware driver designs with common
components for critical functions.
The final challenge is economic.
How much will the software cost, how
much would a smartphone with the
trusted hardware and software cost,
how much would state and county
governments have to spend, and who
would pay for development?
My rough estimate is that if the gov-
ernment required cellphones to have
the secure processor and software (as
user-invocable options solely for vot-
ing), the cost would be approximately
$10 per unit. This would impact the
affordability of the lowest-price cell-
phones, but the U.S. federal govern-
ment could subsidize it by transferring
landline taxes to a secure voting initia-
tive. States could easily fund the soft-
ware initiative through the expected
savings in reduced election costs.
Some voters will continue to need
paper ballots or in-person voting at
county headquarters, and mobile poll-
ing stations are needed to assist rural
voters. This support can diminish over
time as secure and assistive technolo-
gies develop. New opportunities for de-
veloping voting devices for the various
“abilities” will develop as offshoots of
device security research.
Universal, secure online voting cannot be ready by 2020. A national goal of
5% online voting for 2024 seems reasonable, with 50% by 2028. The choice
is not really between online voting and
paper voting, it is between risky online
voting and secure online voting.
1. Aasmae, K. Online voting: Now Estonia teaches the
world a lesson in electronic elections. ZDNet (2019).
2. DARPA awards for secure hardware/firmware. Federal
Business Opportunities (2017).
3. Davidson, L. Ben McAdams widens lead a bit over MIA
love as Governor, Lt. Gov. rip Utah county for election
foulups. Salt Lake Tribune (2018).
4. Gardner, A. N.C. board declares a new election
in contested house race after the GOP candidate
admitted he was mistaken in his testimony.
Washington Post (2019).
5. Marks, J. The cybersecurity 202: Darpa has a plan to
making voting machines far more secure. Washington
6. Marquardt, A., Conte, M., and Cohen, Z. Russia
sought to interfere with us election systems in 2018
midterms, U.S. official says. CNN (2019).
7. Pereira, O. Internet voting with Helios, 2016.
Hilarie Orman ( firstname.lastname@example.org) is President at
Purple Streak, Woodland Hills, UT, USA.
Copyright held by author.
NANOCOM ‘19: ACM The 6th
Annual Int’l Conference
on Nanoscale Computing
Contact: Tommaso Melodia,
BCB ‘19: 10th ACM Int’l
Conference on Bioinformatics,
Computational Biology and
Niagara Falls, NY,
Contact: Xinghua Shi,
UbiComp ‘19: The 2019 ACM
Int’l Joint Conference
on Pervasive and
London, U. K.,
Contact: Katayoun Farrahi,
RecSys ‘19: 13th ACM Conference
on Recommender Systems,
Contact: Toine Bogers,
HT ‘19: 30th ACM Conference
on Hypertext and Social Media,
Contact: Claus Atzenbeck,
SAP ‘19: ACM Symposium on
Contact: Solene Neyret,
AFT ‘19: 1st Advances in
Contact: Ittay Eyal
of online voting
need to balance