Electronic Voting: The Ultimate Online Banking Application
So here I am, trying to solve another major crisis in my head every day on the way to work, and it dawned on me the other day that even though I may think I have the answer to everything - I don't! And there is no way that every single day I am making such progress on these important issues that I can simply forget previous crises.
And I began to think back days, weeks, even months in the past to try and revisit some of the major controversies of yesteryear (well 2008 anyway). One topic that stood out to me that I had thought a lot about at the time was electronic voting. Not too long ago we were selecting a new party to lead our nation. In the months leading up to Election Day, I remember seeing something in the news on an almost daily basis about how many issues electronic voting systems had in the past and were having as the election geared up. Apparently you can do everything from vote multiple times to delete every voter's selection on these types of systems.
In a completely accurate electronic voting system, there are no questions as to how many times a person voted and, ultimately, who that person really is.
I think the real goal of a nationwide election system is not only to record someone's selection, but to also match it with that specific person. Not for the purpose of being able to, at some point in the future, match someone with their selection, but rather to prevent someone from voting multiple times, let's say, or to prevent one person from using another person's vote. The parallels should become clear after reading that and considering the title of this entry - in a completely accurate electronic voting system, there are no questions as to how many times a person voted and, ultimately, who that person really is. Isn't that a main priority online banking applications are tasked with?
Cases of fraud and major data breaches are becoming mainstream, and we (at BankInfoSecurity.com anyway) are hearing every day about solutions that would prevent these things from happening. But at the end of the day, if you are 100% certain of someone's identity, or that they are authorizing a certain transaction, then many cases of fraud should disappear, and much of the impetus behind data breaches (to try and uncover authentication credentials) should be removed.
But what are the repercussions of such a system? That question is way outside the scope of this blog entry and possibly belongs in a philosophy class. However, it does seem to raise serious privacy issues for consumers. It seems like consumers are stuck down the path that in order to have more security, they need to give up privacy. Ultimately, how does an authentication system authenticate someone without knowing exactly who the person to be authenticated is? I'm sure brilliant minds have been and are currently working away at this conundrum, and I think every new authentication technology/offering is working toward this goal.
Whether trying to ensure someone is authorized to make a purchase or vote for the next President, knowing someone's identity with 100% accuracy will be a must in preventing the enormous impact of fraud and data breaches we face. The challenge will be to create such a system that does not compromise a user's privacy.
Perhaps tomorrow (yawn) I will work on crafting such a system...