Use of Biometric Technologies for E-Voting - Report Example

USE OF BIOMETRIC TECHNOLOGIES FOR E VOTING Use of Biometric Technologies for E-Voting Name: Course: Institution: Date: Use of Biometric Technologies for E-Voting Introduction: Biometrics is the science that aims at fetching human biological characteristics with an automated machine either for identification or for authentication. This paper gives an overview of biometric methods applied in e-Voting in the UK. The first part identifies two biometric methods used in e-Voting; the second section describes security issues in regard to e-Voting systems and finally assesses the inherent vulnerabilities associated with SSL and RSA. Two suitable biometric methods of e-voting that can be used in the UK are: fingerprints and voice. Finger print scanners are most likely the commonly used biometric system; as and substitute the entry of pin code to unlock the card, usually in the smart card readers area. Similar systems include palm prints or hand geometry. The voices of humans constitute amore behavioral individual aspect. Voice recognition attempts to use these features and use them in identification of a person. So far, conventional voting systems locked out many people from participating fully in voting. The use of voice recognition in e-voting assists many blind people to successfully cast their vote. The application of voice recognition in the UK has been modified to support a voice synthesizer, and it can be applied in the conventional way such as use of a voice command or a keyboard. The voter is authenticated by the e-Voting system through a biometric fingerprint machine. An interactive audio also guides the voter through the voting process and processes his/her desired voting options through matching phonetic pronunciations of easy responses like ‘yes,’ ‘no,’ and ‘ok.’ The voice recognition system has to be adapted in the UK to accommodate accents and a wide range of voices for both genders. Such commitment will illustrate the UK’s government commitment to making advanced technologies available to many people of all backgrounds (Cranor and Cytron 2006, p59). With the advent of modern technology, the biometric match is used to let loose a digital signature as a substitute f using a pass phase or a password. As biometric data is stored on safe devices such as a token or a smart card, the information is not centrally stored but it is retained by its owner thus safeguarding privacy and ensuring security. As an example, the e-Voting system applied in Geneva Swiss is a clear proof that new technologies can help in dismantling the digital segregation and make technology helpful to all people. This is the case with the attempts to help the partially sighted and blind people to actively enter and fully play a part in the world of e-democracy. No biometric system is perfect. One of the issues that can come along is false rejects. A false reject occurs when a legitimate user attempts to substantiate and the system falsely rejects him/her. Another error is known as false accept. This is a situation where a valid user is successfully substantiated even though he or she has been rejected. The false reject rate (FRR) in using the fingerprints and voice biometrics is 0.2% and 15% respectively and the false accept rate (FAR) in using fingerprints and voice biometrics is 0.2% and 3% respectively. Concerning security, this paper looks at ‘spoofing attacks’. Spoofing is the wilful pursue to compel a false accept into the biometric system. This type of security concern is usually relevant for behavioral aspects such as blue print of a signature or replay of a voice recording. Nevertheless, face recognition and other physical properties are also vulnerable to this type of attack. According to Cranor and Cytron (2006, p 71), over 50 percent of the UK citizens are in support of the electronic voting methods. As Cranor and Cytron (2006, p72) puts it, 53 percent of the UK citizens would be in support of electronic voting and would be more likely to vote due to it. Younger voters are even more willing to vote electronically; with 60 percent of 18 to 35 year olds claiming that e-voting through biometrics would increase their chances of voting. Over 75 percent of people over 55 years in the UK concurred with them. In the coming poll, many authorities are willing to give a try in telephone and internet voting. The local government is a good example that illustrates the provision of online services such as giving permission to local citizens to internet voting. This helps much in keeping in touch with the advanced technological era which we now live in. sprawling this policy at a local government level should initialize electronic voting in general elections, where voter turnout has also decreased. It is also evident that over 60 percent of the UK citizens contact their local council using the telephone, while 25 percent use online portal or email. However, local councils need to be serious of their use of communication technology, because only 10 percent the UK citizens visit their council in person while five percent can still prefer to send a letter. Same with the United States and Brazil, the voters are in full support of e-Voting because the introduction of biometrics in voting has made the process of vote counting as well as result tabulation faster and more accurate. This is a very vital consideration and it should be applied in all general elections. Electronic voting also reduces fraud, for instance, in Brazil; a Superior Electoral Tribunal’s spokesperson argued that Brazil’s e-Voting systems are 100% fraud free, in contrast to other electoral procedures that were used before. E-Voting is also cheaper. Repudiation is a concept in which one party declines to fulfill or perform the contract’s obligations. This usually happens in politics when the deal is no longer beneficial. Non-repudiation is a notion of ensuring that a contract, especially one concurred to through the internet, cannot be declined later by the other parties involved. In current political world, where face-to-face agreements proof futile, non-repudiation is becoming extremely vital, especially in electronic voting (Cranor and Cytron, p70). However, electronic voting seems to promote repudiation. First and foremost, electronic voting devices use secret software and produce no separate voting record to facilitate auditing as well as substantiation of the votes. Hence, by design it is impossible either to agree or disagree directly the accuracy of the vote totals of an electronic voting machine or the software neutrality. (Nevertheless, there is plentiful indirect proof of e-Voting fraud: circumstantial, anecdotal, and statistical evidence). The programmers and manufacturers of electronic voting devices (all of whom are closely related to with some political parties), insist that source codes of the software must be kept secret for no defensible and apparent reason. Their argument is that they are much concerned with copyright contravention. However, essays, music, drama, and fiction are all public in nature and yet all have patents and copyrights. The manufacturers of e-Voting machines also manufacture automated gas pumps and Automated Teller Machines both of which produce paper receipts. Yet they unwaveringly resist demands that their ‘touch screen’ voting gadgets produce printouts, which might be used to substantiate the accuracy of the votes. These manufacturers do not ‘test hacks’ of machines that are randomly selected. Illegitimate hacks have proven electronic voting systems to be tremendously susceptible to fraudulent manipulation. Furthermore, as Cranor and Cytron (2006, p63) explains, some parties that have close ties with manufactures of e-Voting software and machines lock up these machines. A discharge implore which would permit a vote on the receipt, is unavailing, because of inadequate support by these political parties. For example, in 2000, in the United States, Clinton Curtis, a computer programmer, was asked by a congressional candidate of GOP to create a software program that would increase the votes of the republicans. Of course, the congressional candidate denied Curtis allegations but unlike Curtis, he declined to state his denial under oath. Therefore, in one way or another technology supports repudiation. There are security concerns regarding the use of SSL/TLS and RSA protocol in e-Voting. The little lock on the browser window indicating that someone is communicating safely with his email or bank account may not always be true. Generally when a user visits a safe website such as PayPal or Gmail, the websites certificate is examined by the browser to verify its authenticity. SSL in conjunction with RSA authenticates that ones browser is talking to the website he/she thinks it is. Due to that, browser makers are very loyal to a large number of certificate authorities. Browser designers have accredited more than 200 certificate authorities around the globe; therefore, any certificate given out by anyone of those companies is legitimate. In RSA, authenticity can be presented by signing the application for a voting token using an electronic signature card. The voter can also be identified if this is also a citizen card. Authenticity on the vote casting day is only presented by the voting token. If this token is not kept in a safe place of a PIN protected environment on a smart card, then it has to be protected by a password (Cranor and Cytron 2006, p 64). The token cannot be tracked back to the user because it is usually issued with a blind signature. On the day of the election, the token is only used as a means of authentication. The voter’s personal computer is the only means one can intercept the token and corrupt anonymity. This can be eliminated if the decisive parts of the voting protocol such SSL are conducted in the smart card’s secure environment. Manipulation by a third party can occur on a personal computer or in transmission. The latter is prevented by a standard encryption like SSL/TLS, the former by again conducting the decisive protocol facets in a tamper-proof and secure environment. References: Cranor, L.F., & Cytron, R.K: (2006). Design and Implementation of a Security-Conscious Electronic Polling System: Oxford University Press. Read More