Appendix A

California Internet Voting Task Force

Technical Committee Recommendations

 

Table of Contents

4  Internet Petition Signing

Internet petition signing refers to any system in which voters "sign" official petitions, e.g. initiative, referendum or recall petitions, entirely electronically, with the "signature" and associated information transmitted by Internet to the proper agency, either directly or combined with other signatures. Only registered voters are permitted in California to sign petitions.

The Internet Voting Task Force did not consider Internet petition signing at any great length. Hence, in this report we will confine ourselves to comparing it in principle to Internet voting.

First, we should note that many of the security considerations in the design of Internet voting systems apply with little change to Internet petition signing systems as well--in particular, the fundamental distinction between systems in which the entire end-to-end voting infrastructure is controlled by the county vs. systems in which the voting platform is a home-, office-, or school PC. Systems that would allow online petition signing from a home or office PC are vulnerable to malicious code or remote control attacks on the PC that might prevent the signing of a petition, or spy on the process, or permit additional petitions to be signed that the voter did not intend to sign, all without detection. Hence, for the same reasons that we do not recommend Internet voting from machines not controlled by election officials, we cannot recommend similar systems for petition-signing until such time as there is a practical solution to the general malicious code problem and the development of a system to electronically verify identity.

While there are similarities between voting and petition signing, it is important to note that the two are not identical and they have somewhat different cost and security properties: