Online Voting: Click and Be Counted

When engineers voted in March to end their strike against Boeing, the decision wasn't made at a raucous union meeting or in polling booths. Instead, members of the Society of Professional Engineering Employees in Aerospace cast secret ballots on their own computers. Such experiments, both public and private, are paving the way to online elections of all sorts.

The challenges to online voting are great enough that it won't be used in this year's elections, except for a few limited experiments. Some residents of Florida, South Carolina, Texas, and Utah stationed overseas in the military will vote online this autumn. The impediments to broader use fall into four areas, three concerning online security, the fourth equal access to the polls.

CRYPTOGRAPHIC KEY. The first problem is positive identification of online voters. When Arizona Democrats conducted an online Presidential preference poll in March, officials simply mailed each voter a personal identification code. Entering the number on a Web site allowed a vote to be cast. Most election security experts found this inadequate because the ID numbers could have been lost or stolen. ''I'm very worried that some jurisdiction will have an online election that turns into a disaster,'' says Clay Roberts, director of the Florida Elections Division. ''That would set back a technology that could be a boon for everyone.''

Jim Adler, CEO of VoteHere.net, which ran the Boeing election, suggests a more complex but more secure system than the union used. Voters who sign up on a Web site are mailed a disk containing a cryptographic key and an affidavit, which they must sign and return. The key, which is required to vote, is only activated after the affidavit is checked against a signature on file.

While precise identification is essential, so is keeping ballots private. One solution is the electronic equivalent of a system used for absentee ballots. An absentee voter puts the ballot into an unmarked envelope, which is placed inside another envelope that he or she signs and seals before mailing. At the election office, the outer envelope is discarded before the anonymous inner one is opened.

In the electronic version, computer software will encrypt your e-ballot, then encrypt the package with a different key, to generate the anonymous envelope. For extra security, the decryption key can be split up so that different authorities each have one part and must cooperate to count the votes.

Finally, the system itself must be secure. That means votes are safe from tampering once cast and that the entire system is protected from the sort of attacks that have blocked service at popular Web sites. There's no magic solution to the problem. Encryption helps, but votes must also be moved quickly from the Web servers where they are collected to more secure computers. Preventing denial of service attacks is harder, especially since hackers know just when the electronic polls are open. The best answer is vigilance and the use of multiple redundant servers.

In some ways, the social problems of electronic voting may pose a bigger challenge than the technical ones. The well-off are far more likely to have home PCs than the poor. ''If you have a system that makes it easier for the middle class and upper middle class to vote than the poor, that's a fundamental inequality,'' says Florida's Roberts.

Partly for this reason, the first online voting experiments will require voters to come to polling places rather than vote at home. One convenience, however, is that you may be able to vote at any polling place, not just your precinct. Ultimately, the fairness issue could be eased by setting up computer polls in lots of public places, including neighborhood stores, along with the traditional schools and churches.

I'm enough of a skeptic about both technology and voter enthusiasm that I take with a large grain of salt some claims that Internet voting will produce a surge in citizen participation in government. But anything that makes public involvement easier is a good thing for democracy.

By STEPHEN H. WILDSTROM

TABLE: What Online Voting Needs

AUTHENTICATION
The system must be able to determine that online voters are who they claim to be.

PRIVACY
Having authenticated voters, the system must then forget their identity to preserve the secrecy of ballots.

SECURITY
Ballots must be safe from electronic tampering. Voting must be protected from the sort of denial of service attacks that paralyzed commercial sites.

EQUITY
Steps must be taken to ensure equal voting opportunity for those who lack home computers or Internet access.

All That in a Flat Screen?

For all the talk of the convergence of televisions and computers, companies have struggled mightily as they try to combine the two technologies into successful products. Microsoft's WebTV, which turns your television into a computer of sorts, has been only a modest success. Devices such as the ATI All-In-Wonder card that let you watch broadcast or cable TV on a PC monitor, turn your computer into a very expensive and slightly blurry TV.

The SyncMaster from Samsung Electronics (www.samsungmonitor.com) is a better approach to convergence. It's basically a flat-panel monitor in 15-inch and 17-inch sizes that incorporates a television tuner, audio amplifier, and speakers.

As a computer monitor, the SyncMaster delivers crisp images. That's true whether the display is the 1,024-by-768 pixels on the $1,300 150MP or 1,280-by-1,024 pixels on the $2,600 170MP. At the push of a button or the click of a remote, the SyncMaster becomes a TV set. It's a bit less successful in this role only because LCD flat-panels lack some of the depth of color and smooth transitions, especially in action sequences, that we are used to from picture tubes.

In addition to a standard VGA computer input, the SyncMaster accepts composite video, S-video, and cable-TV inputs. A picture-in-picture feature allows you to view a small TV image on your computer screen.

If you really want to see TV on your computer, the SyncMaster is a worthwhile choice at only a small premium over the cost of a plain flat-panel monitor.

Password Shortcut

With the explosion of e-commerce, more and more Web sites require passwords. Remembering them is a pain, and just entering them can be a nuisance.

Making life easier for the users of password-protected online services is the goal of Microsoft Passport, a service that can store your user name and password for an assortment of Microsoft and third-party Web sites (see www.passport.com/directory/ for a list). Just log on once with your Passport password, and you won't have to log in to any of the Passport affiliate sites. And at nearly three dozen merchants--including Expedia.com, Buy.com, and Costco Online--once you have stored credit-card data in your Passport ''wallet,'' you won't have to give it again.

It's convenient, but is putting all your password eggs in one Passport safe? A review by security experts David P. Kormann and Aviel D. Rubin of AT&T Labs gave Passport generally decent marks but found ground for consumer caution. (The paper, Risks of the Passport Single Signon Protocol, is available at cs.nyu.edu/rubin/passport.html).

The biggest risk that Kormann and Rubin found was the danger of simple human error. If you don't log off from Passport, anyone with access to your computer can pretend to be you--and spend your money--at any Passport site. This risk is especially great if you use Passport in a public place, such as an airport kiosk.

Other dangers are more arcane. For example, the researchers found that someone could set up a phony Passport e-commerce site, snag Passport user names and passwords, and then use the stolen identities on genuine Passport sites. This strikes me as a somewhat farfetched risk, and Microsoft says that in its tests, it could not collect useful information through the phony merchant ploy. Other perils, which involve stealing data in transit or surreptitiously redirecting traffic to a bogus Web site, are not unique to Passport.

The bottom line for Kormann and Rubin is that Passport's risks, which ''may be inevitable for a system with its requirements,'' cause them to view it ''with suspicion.'' Since the main danger to U.S. users is bogus charges, for which their liability is limited to $50 at worst, it's probably safe enough. But do remember to log out.

Help Desk

Q: Reader Steve Schneider of Berkeley, Calif., wants to use a wireless phone to connect his laptop to the Internet in Spain and asks what sort of equipment he will need.

A: The first thing needed is a phone that operates on the European GSM standard. You can either buy a ''world phone,'' such as an Ericsson I888 or Motorola TimePort-L7089, or you can rent a phone in Europe.

The Ericsson and Motorola can both connect to a PC via an infrared link. You may need some tech support, though, to get IR to work, since most laptops ship with the port disabled. If your phone isn't IR-equipped, you'll need a GSM-ready modem, such as a Xircom RealPort or a Psion Gold Card, and a special cable to link the modem to your handset.

You'll also need to arrange for Internet access overseas. While you could call back to an Internet service provider in the U.S., the cost would be prohibitive. You can get a local number to call either by subscribing to a Spanish provider or a global service such as AT&T WorldNet.

While GSM service is available just about everywhere in Europe, data moves at just 9,600 bits per second--too slow for much Web browsing. High-speed data service called GPRS is beginning to be deployed, but it won't be widely available until next year.