[EM] Is Helios online voting secure?

Jameson Quinn jameson.quinn at gmail.com
Thu Feb 23 02:28:18 PST 2012

2012/2/22 Kathy Dopp <kathy.dopp at gmail.com>

> Below is a quote from Ben Adida, creator of Helios.
>    We now have documented evidence ...that viruses like Stuxnet that
> corrupt nuclear power plants by spreading from one Windows machine to
> the other have been built. And so if you run a very large scale
> election for a president of a G8 country, why wouldn’t we see a
> similar scenario? Certainly, it’s worth just as much money; it’s worth
> just as much strategically. . . . All the verifiability doesn’t change
> the fact that a client side corruption in my browser can flip my vote
> even before it’s encrypted, and if we . . . must have a lot of voters
> verify their process, I think we’re going to lose, because most voters
> don’t quite do that yet.
> - Adida, Ben. 2011. Panelist remarks – Internet voting panel.
> EVT/WOTE’11, the Electronic Voting Tech. Workshop / Workshop on
> Trustworthy Elections. Aug. 9, 2011. URL http://www.usenix.
> org/events/evtwote11/stream/benaloh_panel/index.html.
> The above quote on Helios was sent to me from Barbara Simons,
> coauthor, with another computer scientists Doug Jones of an upcoming
> very well-researched and well-written book: "Broken Ballots: Will Your
> Vote Count?"  The book will be published by April 15th approx.
> Yes, I said that: "It is insecure against trojans on the voter's machine
at the time of the initial vote, ... not something I'd trust for public

This actually is not an insurmountable difficulty. There are two ways you
could face it:

1. Still using the voter's home machine, you could combine the cryptography
with captchas: the voter would have to match a picture next to the
candidate with a list of pictures in different order in order to rate/rank
that candidate. However, this is inconvenient, and to make it secure you
would need time limits. It also does nothing to address the digital divide.
This latter issue, not security, is the reason I find this solution
unacceptable for political elections.

2. You could use secure machines, booted from CD with no hard drive, at
polling stations.

But yes, I explicitly stated that helios as-is is NOT secure enough to use
for a high-stakes election with more than around 10K voters.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.electorama.com/pipermail/election-methods-electorama.com/attachments/20120223/a13c9b23/attachment-0004.htm>

More information about the Election-Methods mailing list