[Cryptography] Questions about crypto that lay people want to understand
leichter at lrw.com
Sun Dec 20 19:29:14 EST 2015
>> * If HTTPS is good enough for
>> my bank account, how come I
>> can't use it to vote? Why
>> do I have to vote in person?
> Your bank only accepts https because they have insurance that will
> reimburse them if their certificate gets spoofed.
I'm not aware of any such insurance. Given that the CA's consistently refuse to accept any liability, it's unlikely any insurance company would want to step up.
Consumers, at least in the US, are generally protected against fake withdrawals and similar problems. To some degree this is by law, but much of it is just standard industry practice - not because the banks have big hearts, but because they realize that if they didn't provide such protection, they would quickly lose customers.
Interestingly, business accounts are generally provided no such protection, and businesses regularly lose large sums of money to criminals who fake money transfers from their accounts, and similar attacks. The banks generally disclaim any responsibility, and generally get away with it. These are not attacks on HTTPS - they usually "go around" the encryption by planting virus on the end-user machines using spear-fished emails. The same attacks *could* be mounted, just as effectively, against consumers - but since even the accounts of relatively small businesses contain much more money than your typical consumer accounts, and businesses much more commonly deal in much larger monetary transfers (to pay salaries or buy supplies) than you typical consumer.
HTTPS is good enough to protect the privacy of your transactions with your bank, and to assure you that you're probably talking to your real bank: While attacks could be mounted that would compromise either of these, they would not be anywhere near the easiest attacks to mount for that purpose. No one will try to break down the steel front door when there's a wood back door with windows not far away.
> There isn't any
> insurance that can give us back democracy, and the attackers are
> willing to devote a lot more resources to stealing it than thieves
> are willing to devote to stealing from banks.
When you access your bank account, you want reasonable assurance that you've actually reached your bank, and no one can see your transactions. Beyond that, you trust the bank - you have no real choice, as they are the ones holding your money and all the records.
When you vote, you should not trust whatever agency collects the votes. In traditional voting systems, you votes are secret from *everyone*, even the people running the polling station. Think about paper ballots: The system has to insure that no one but you can see what you wrote on your ballot, but also that your vote is actually counted correctly. To count votes, someone has to see the ballots! So what we do is make sure that no one can tie a particular person to a particular ballot - and that no one can remove ballots from, or adds ballots to, the ballot collection box.
In addition, representatives of all the candidates (generally through their parties), and other civic organizations, monitor the entire system to detect any attempts at fraud. Among they things they watch for is that only those registered to vote actually do so, and that they do so only once.
These are not at all the kinds of things HTTPS provides. In effect, HTTPS guarantees that the polling place you go to is the real, legitimate polling place; and that no one is looking over your shoulder as you fill in your paper ballot and deposit it in the box. You need to build all the other guarantees, along with the means for public monitoring, into the system. This turns out to be a very hard problem. All the systems out there that have tried to solve it have proved to be flawed. It's probably possible to have effective, safe on-line voting, but we're nowhere near there yet - and the risks of someone cheating and "stealing an election" are very high.
More information about the cryptography