Assuring the integrity of voting using cryptography
American voters have no way of knowing that our votes have been counted, or counted correctly. We go to the polls and we punch buttons on a screen or fill out paper ballots and put them in a box, but we don’t know if the electronic voting machine works correctly, if the ballot box made it to the election office, or if the ballots have been accurately tallied. The rise of electronic voting machines with secret, proprietary software has only made these problems worse.
On Monday, laureate Ron Rivest, one of the inventors of the RSA cryptography algorithm that underlies most secure internet transactions, described the work he and others have done to use cryptography to solve these problems.
The starting place for his work is simple, though not an acceptable solution in itself: Imagine that when a vote was recorded, it was registered on a website for everyone to see. Then voters could go home, check the website, and know that their vote was accurately recorded. Furthermore, since all the data would be publicly available, anyone interested could count up the results and check the election officials’ work.
The problem with this is that people often don’t want other people to be able to see whom they voted for. Furthermore, such a system would raise the prospect of vote selling, since anyone could prove whom they voted for (even now, that’s a problem with voting by mail, and that’s one of the central reasons that Rivest strongly opposes the idea of internet voting).
So in Rivest’s plan, when a voter is given a record of his vote, it’s encrypted. If the voter wants, he can have the machine decrypt it on the spot to check it and then re-encrypt it, assuring himself of its accuracy. He can then take the encrypted version home and check that it’s been recorded — though at home, he can’t decrypt it to see whom he voted for, and hence can’t prove to anyone else whom he voted for.
The next step is to tally up the votes, while assuring everyone that you’re doing so accurately. Essentially, this can be done by decoupling the votes from the names of the voters, decrypting them, and then making the full list of votes public. Then anyone inclined to can perform the tally themselves.
The details of this kind of scheme quickly get very complex, because you have can’t trust anyone in the process and have to design the system to be both transparent and fully resistant to malfeasance. But this is the basic outline.
A number of systems along these lines have been created, including one that Rivest was involved in called Scantegrity, which Tacoma Park, Maryland used for both its 2009 and 2011 elections. The problem, Rivest says, is that Scantegrity was developed by academics and doesn’t have a big marketing team to push it. Change in voting systems tends to happen slowly, because the decisions are made county by county, and election officials are beholden to many different constituencies. He’s currently most encouraged by an effort spearheaded by a county election official in Austin, Texas, who decided that none of the current systems are adequate for her needs, so she’s gotten the help of academics and others to design a new system from scratch incorporating these methods. Another election official in Los Angeles is leading a similar effort.
“I’m optimistic,” Rivest says. “I think the concerns of the academics are beginning to have an impact.”