uting digital credentials to all voters,
which Ms. Orman ignores entirely.
Even if one regards her Viewpoint as a guide to the many difficult scientific challenges that must
be overcome before it’s safe to proceed with online voting, the concluding paragraphs are completely
pie-in-the-sky. She presumes that
we could have secure smartphones
with trusted hardware and software
if only the government would subsidize them; as if well-resourced, technically savvy corporations such as
Apple and Google were not already
busting their butts to make their
phones secure and failing in any
case. And Ms. Orman suggests, in
the very last paragraph, that secure
TPM+TCB+PKI+(new-standardized-markup-language) could all happen
within five years, by 2024, and be
widespread by 2028. That claim is
where the essential unreality of this
whole scheme becomes clear. With
so many intractable scientific problems unresolved—as they are even
by Ms. Orman’s own analysis—it is
irresponsible to suggest pilot projects in elections for public office
within such a short timeframe.
References
1. The Myth of “Secure” Blockchain Voting. D.
Jefferson, Oct. 2018; www.verifiedvoting.org/
jefferson_themythof_secure_blockchainvoting/.
2. Securing the Vote: Protecting American
Democracy. National Academies of Science,
Engineering, and Medicine, Sept. 2018; https://doi.
org/10.17226/25120.
3. Email and Internet Voting, The Overlooked Threat
to Election Security. S. Greenhalgh, S. Goodman, P.
Rosenzweig, and J. Epstein, Oct. 2018.
4. The Future of Voting: End-to-End Verifiable Internet
Voting—Specification and Feasibility Study. Report
of the U.S. Vote Foundation, 2015; https://www.
usvotefoundation.org/sites/default/files/E2EVIV_
full_report.pdf.
5. If I Can Shop and Bank Online, Why Can’t I
Vote Online? D. Jefferson, 2011; https://www.
verifiedvoting.org/resources/internet-voting/vote-online/.
6. Recommendations Report to the Legislative
Assembly of British Columbia. The Independent
Panel on Internet Voting, 2014; http://bit.
ly/2l HEDYS.
7. Security Analysis of the Estonian Internet Voting
System. J.A., Halderman, H. Hursti, et al., 2014;
http://bit.ly/2lUlzXf
Andrew W. Appel, Princeton, NJ, USA
THE VIEWPOINT COLUMN “On- line Voting: We Can Do It! (We Have To)” in the Sep- tember 2019 issue is naïve and unscientific. Although
the column is explicitly framed as a
response to the scientific community
of experts who explain the dangers of
Internet voting, it does not actually
cite any of the scientific literature Ms.
Orman is claiming to refute.
The scientific community (the “ 9
out of 10 experts” she mentions) have
published many articles and reports
laying out the scientific basis for why
online voting is inherently insecure
(given any known or imminently foreseeable technology).
1–7 Yet Ms. Orman
does not cite any of these scientific
papers among the bibliographic citations in the References section of her
column. Given that Communication’s
Viewpoint format does not permit an
extensive bibliography, she did not
have room to cite all of references
listed here,
1–7 but in a response to the
scientific community it would have
been appropriate to cite (and explicitly
respond to the science in) at least some
of them.
There are gaping technical holes
at the core of Ms. Orman’s proposal.
She proposes to rely on Trusted Platform Modules (TPM) to secure the
end-user devices; but TPM cannot
possibly do that within any foreseeable future, for two reasons. First,
TPM replaces your trust in the device with your trust in the holder of
the signing key. Intel or Google or
Samsung or Apple holds the signing
key of your device; shall we let them
choose who wins our elections?
And even if we did—TPM has been
around for 20 years and we still keep
finding security holes in it; it’s simply
not trustworthy.
I won’t even begin to explain why
Blockchain doesn’t solve online voting, since that is so well explained in
the scientific literature.
1, 2 So too is the
immensely thorny problem of distrib-
You Can Publish It!
(You Have To)
DOI: 10.1145/3361696
Author’s Response:
No research proves that online voting a
priori defies security principles. The growing
set of innovative tools and techniques
for software verification, trustworthy
identity credentials, and publicly verified
computation argues the contrary. As in all
practical solutions, there will be a trade-off
between cost and security.
My perspective is that the balance point
is rapidly shifting, and security researchers
and professionals need to produce, critique,
analyze, and verify high-assurance voting
systems. The volatility surrounding these
issues should not deter progress.
Hilarie Orman, Woodland Hills, UT, USA
Editor-in-Chief’s response:
In an era of active election interference by
foreign powers in the U.S. and many other
countries, the importance of careful design,
vetting, and validation of online voting
systems can’t be overstated. At the same
time, U.S. voter participation in national
elections (the presidential elections every
four years) has been mired in the 50%–60%
range for past 50 years, so the need for
technology that could increase participation
in democracy are also desirable! This is
an important issue where the experts
of the ACM have contributed greatly to
understanding and public policy, and there
is much more to be done.
Andrew A. Chien, Editor-in-Chief
ACM Must Maintain
Profession Neutrality
Companies like Google are strong
supporters of ACM, sponsoring
ACM’s A.M. Turing Award and encouraging its employees to become
ACM members. But that support gives
ACM a greater, not lesser, responsibility to maintain objectivity and neutrality. Consequently, I was dismayed
to read Vinton Cerf’s editorial “
Polyglot!” (Sept. 2019), a thinly veiled
laundry list of all the wonderful things
Google can do: “Google speaks 106 languages ... Google’s language ability vastly
