Emilis Dambauskas reports that the President, Parliament and Electoral Commission are all pushing hard for the use of Internet Voting in the next possible election. They are rather weakly claiming as justification the growth of the Internet, EU e-government obligations (no! voting isn't government, it's democracy) and also Council of Europe work on e-voting.
The proposed model is Internet only, seemingly inspired by past Estonian pilots. But because Lithuania does not have an e-signature infrastructure banking authentication systems are being proposed for voter authentication. This is wrong on so many levels: Are people without bank accounts at a disadvantage? Are people working for banks going to have access to privileged information? Will bank worked be able to create new authentication credentials?
Emilis, who works for a bank, has been an election worker and is also a coder noticed the announcement and has got some press coverage for those opposed to Internet voting. He published a paper on his site, which he summarised in English as:
In my paper I state 4 main concerns:
- Citizens will not be sure if the election results are legal, because “experts” will be used instead of ordinary spectators (which can be anyone)
- One of the main cornerstones of democracy will become dependent on big business (usually foreign capital) and IT expert influence
- It would be easier to do election fraud
- There will appear a big risk of disclosing information on how people voted (which should be secret under our Constitution).
I support these concerns with 4 main groups of arguments:
- System based on advanced technology will never be understandable and transparent enough for the great majority of Lithuanian people
- A centralized system is in essence less secure than the current decentralized (we have 2000 voting districts with 400 – 6000 voters in them).
- The system described in the concept is not secure, because: a. the voter votes at home, and there can be both influence with force, or bribery b. the security of the voters computer (think Windows viruses, trojans, botnets) is not taken into account c. bank personell can sell identification date to interested parties (that would definately be a crime, but very hard to trace — I support it by also stating that I currently work at a bank) d. the SSL certificate for the i. voting server would be either issued by foreign company (like Verisign), or not supported on users computers (Aidas Kasparas http://kasparas.net/, though he is in favour of i. voting helped me with this argument — he's a real expert of networking and server administration) e. noone can really guarrant total security of the i. voting server (think about hidden virtual machines underneath the OS, hardware that secretly copies data and so on) — that would be James Bond difficult, but if you can own a country by doing that it surely pays off.
- I stress that goverment institutions most probably don't have enough technology competence for such a project (I point to the mistake with private and public keys in the concept, approved by both NEC and the parliament; I also use the examples of Diebold in USA and the Dutch hack of the voting machines)
I do hope Emilis and others succeed in bringing some sense to those pushing for Internet Voting in Lithuania. The Internet isn't well suited for voting, but it is for collaborating so I know that throughout Europe activists will be supporting each other as issues like this arise.