The Internet and Voting: Worth Doing Right
Coauthored by Justin Moore.
Recently the Huffington Post published an article about Hawaii's recent Internet and phone-based elections ("America's Newest State Holds America's Newest Election"). The article presents an optimistic and patriotic view of the Everyone Counts (E1C) election system that allows voters to cast their ballots from their home computers or over the phone. It was written by E1C executive Aaron Contorer and is effectively a marketing piece for E1C that exaggerates the scope of the election, overlooks or insults other election methods, and glosses over the formidable technical challenges and dangers posed by the electronic submission of voted ballots.
The election in Honolulu was for neighborhood board members, and thus was not covered by Hawaii's public election laws. That matters because Hawaii's election laws, fortunately, require a voter-verified paper ballot and a post-election hand audit of a percentage of these ballots. Since such verification and audits are impossible with a purely Internet-based voting system, there is no legal way to use the E1C system under current Hawaii state law.
Nevertheless, because this small election is being used to promote Internet voting generally, and because Internet voting schemes are being proposed across the United States, the issue demands thorough discussion.
In response to multiple efforts to allow voting over the Internet in major elections, many of our nation's prominent technology experts have signed a statement cautioning against adopting Internet-based voting systems without first understanding and guarding against the numerous and well-documented dangers. This is not because, as Mr. Contorer suggests, those opposing Internet voting find "[t]he introduction of technology to any process ... scary". The signatories to this statement are not at all intimidated by technology; in fact many are established experts in voting systems who are most certainly aware of the major risks associated with Internet voting.
The article asserts that since we are able to conduct banking and commerce over the Internet, we should also be able to vote over the Internet. This is a common misconception (or misrepresentation) that is often made when attempting to support Internet-based voting. Banks spend considerable time and money to ensure the security of our assets, yet there are still risks. Identity theft and fraud affect millions of Americans and cost billions of dollars each year. When we can detect such fraud it is because we are able to track our money through each transaction from start to finish, including the people associated with those transactions.
However, elections by their very definition disallow this type of explicit end-to-end auditing. Voters must cast their ballot in secret and not be able to prove to others how they voted. Election officials must not be able to tie votes to citizens except in very narrow circumstances as carved out by law. The lack of these basic protections make Internet-based voting a dangerous idea and place it so far from the realm of Internet banking or commerce as to make the author's point moot.
There are significant security issues that any vendor must address before declaring such a system fit for public elections. Yet the author glosses over these security issues raised by Internet voting, referring several times to "military-grade encryption." It is a well-known marketing technique of voting system vendors to tout the strength of their encryption because it sounds impressive. But the fact is that encryption is only a secondary part of any electronic security. It does nothing at all to protect against insider attacks, denial of service attacks, various forms of spoofing, viruses, or many kinds of ordinary software bugs. Even the most secure military computer networks have been compromised, including a recent serious breach of the Pentagon's $300 billion Joint Strike Fighter project.
Even in the absence of malicious adversaries, software, especially a networked system such as the one E1C sells, is fundamentally difficult to get right. Aviation and military software, written to standards requiring development efforts tens or hundreds of times as costly as voting software, is undergoing constant review and upgrades.
Americans deserve the best electoral system available. There are many options for making elections more accessible, secure, and efficient, and the Internet will have a role to play. Current possibilities that show promise include the easier maintenance of voter registration records and the distribution of blank absentee ballots. But we should not subject our democracy to the costs or risks of current Internet-based voting schemes. Rather than rushing to implement Internet voting systems because we don't want to be "stuck in the past," we should instead focus on improving our elections using innovations that build upon mature and well-understood technologies. Let's leave the bluster and insults behind, and build a reliable, accurate, and secure electoral system of which we can all be proud.
Loading comments…
Want to reply to a comment? Hint: Click "Reply" at the bottom of the comment; after being approved your comment will appear directly underneath the comment you replied to
The religious wars around voting technologies (paper vs electronic vs Internet) miss the point that without end-to-end audit there is no basis to judge any of them -- "Internet Voting Combatants Miss the Point (again)" http://jimadlerblog.com/2009/06/internet-voting-combatants-miss-point.html
Jim Adler
In 2004, the Pentagon were about to launch an Internet voting system, dubbed "SERVE." But it was dumped after the entire notion of Internet voting was blasted by leading experts in computer security.
Here's an excerpt from their report, "A Security Analysis of the Secure Electronic Registration and Voting Experiment (SERVE)," http://www.servesecurityreport.org/
"Because the danger of successful, large-scale attacks is so great, we reluctantly recommend shutting down the development of SERVE immediately and not attempting anything like it in the future until both the Internet and the world's home computer infrastructure have been fundamentally redesigned, or some other unforeseen security breakthroughs appear...."
They caution that some varieties of attack "would be extremely difficult to detect, even in cases when they change the outcome of a major election."
Has the Internet become safer since then? Hardly. Security holes continually crop up.
In June 2008, Internet servers were discovered to have a flaw that would allow hackers to secretly divert browsers to imposter websites. (Search on "DNS poisoning." Or see http://www.informationweek.com/news/internet/security/showArticle.jhtml?articleID=208808229 )
Such sites could "filter" votes before passing them on to an authentic website.
And just six weeks ago, this alarming report appeared:
U.S. Steps Up Effort on Digital Defenses
http://www.nytimes.com/2009/04/28/us/28cyber.html?_r=2&hp
The Internet is nowhere near being a "Green Zone" for voting, even for the military.
THANK YOU for this article.
When I saw the title, I braced myself for the need for me to write up another "rebuttal" - in 200 words or less - as I am one of those experts of which Ms. Simmons writes.
I am SO RELIEVED that people are starting to get it: All-digital voting can never be made secure. Period.
While paper systems may also never be made fully secure, they always leave a -ahem- Paper Trail...
.
The author is right, despite all the "military grade" encryption that banks use the system still depends on us balancing our checkebooks and knowing where each dollar was spent. You cannot do that in voting. If your vote can be linked to you then you can be bullied or bribed into voting one way and punished or even killed for voting wrong.
That has happened in the past, this is why we have a private voting booth so that we can each, for that moment, for that space, make the right decision, our personal decision, free from intimidation, coercion and temptation.
Despite all the work that banks do, and they want to because their money is on the line, money still gets lost, and identities are still stolen.
As a side point it doesn't matter whether Obama won or not. Every election from U.S. Senator to City Councilman to Judge matters. Every elected official has the power to make our lives better or worse, the kind of power that corrupt people will always try to steal, if not today then tomorrow.
As another point, the turnout for this "first ever internet election", 6.3%. Hardly a major event.
You must be logged in to comment. Log in or connect with
