convenience vs risk -- US public elections by email and beyond

Ed Gerck edgerck at nma.com
Fri Feb 2 15:11:31 EST 2007 

The social aspects of ease-of-use versus security are well-known.
People would rather use something that works than something that
is secure but hard to use. Ease-of-use trumps risks.

What is less recognized, even though it seems intuitive, is that
convenience (even though costlier and harder to use) can also make
people ignore risks. Convenience trumps ease-of-use, which trumps
risks.

For example, people will often send a cell phone text message
that requires dozens of button-clicks, costs money and is less
secure (US Rep. Mark Foley case)... than do a one click, free
phone call. We all use regular email even though it is totally
insecure -- because it's convenient.

Convenience has a lot to do with "personal comfort". It is often
more comfortable to send a text message or email than call and
actually speak with the person.

That you can do it on your own time, or save time, is a very
important component for personal comfort. A convenience store,
for example, sells items that saves the consumer a stop or
separate trip to the grocery store.

What happens when convenience is ignored? If convenient ways are
not available?

Let me note that opposition to any type of e-voting has led to
public elections in the US being carried out via regular email
in 2006.

It may be hard to imagine why opposition to e-voting would in any
way make adoption of email voting more likely.

It happens because voting is useful and voters want to vote.
Therefore, voters will find ways that are not safe but convenient
and available ...if more convenient and safe ways are blocked.

We already discovered that for the system to be usable is more
important than any security promises that might be made. Security
innovation has often improved usability -- for example, even though
public-key cryptography is hard to use by end-users, it represented
a major usability improvement for IT administrators. Usable
security is a major area of innovation today.

We are discovering that convenience is an even stronger force to
bring about innovation.

How about paper voting? It does not prevent large-scale fraud, which
has been a complement to paper elections for over a century, and is
not convenient. Lacks personal comfort, personal use of time. Lack
of convenience (not lack of security) will, eventually, kill paper
voting.

Regarding voting, our future is pretty obvious. Online voting
will be mainstream, and is already here in the public and private
sectors. But, to be secure, it should not happen with regular
email, e-commerce web sites, or current "trust me" e-voting machines
(DRE).

The socially responsible thing to do regarding voting is, thus, to
develop online voting so that it is secure _and_ easy to use. It
already has the top quality that paper voting and e-voting machines
(DRE) cannot have: convenience.

But the real-world voting security problem is very hard. Voting is an
open-loop process with an intrinsic "vote gap", such that no one may
know for sure what the vote cast actually was -- unless one is willing
to  sacrifice the privacy of the vote.

A solution [1], however, exists, where one can fully preserve privacy
and security, if a small (as small as you need) margin of error is
accepted. Because the margin of error can be made as small as
one needs and is willing to pay, it is not really relevant. Even when
all operational procedures and flaws including fraud and bugs are
taken into account.

The solution is technologically neutral but has more chances for
success, and less cost, with online voting. Which just adds to the
winning hand for online voting, led by convenience.

I would like to invite your comments on this, to help build the trust
and integrity that our election system needs -- together with the
convenience that voters want. Personal replies are welcome. I am
thinking of opening a blog for such dialogue. Moderators are welcome
too.

Best,
Ed Gerck

[1] Based on a general, information-theory model of voting that applies
to any technology, first presented in 2001. See
http://safevote.com/doc/VotingSystems_FromArtToScience.pdf
Provides any desired number of independent records, which are readily
available to be reviewed by observers, without ever linking voters to
ballots.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list