Based on the anecdotal evidence of listening to some of my friends talking – I believe there is a temptation by the average person today to just want to have online voting already. After all we do our banking and every other “secure” activity online – What is the big deal!?
Why is fast and easy internet voting still not really a thing?
I lived in Guam for 15 years, and was very fortunate to be involved in local politics a number of times. One of my best friends (whose selfless actions forever have changed and benefited my life) ran for the island’s legislature, and my family worked closely with him towards this goal . However, prior to that Glenn had been involved with the island election board, and recruited me to be one of the vote counters on election night over two different election seasons.
Guam, at the time used ‘fill in the oval’ paper ballots. As the different precincts came in the ballots were verified – then brought to the counting area. We’d take a precinct and process the entire batch under the watchful eyes of the those assigned to ensure that no ballots were introduced in the counting area. Huge stacks of thousands and thousands of sheets of paper. Some for senate, some for local mayoral candidates, and also the various referendums. Each type of ballot encoded as to what type of vote it was printed to record, and each fed through the counting machines. The stacks of sheets of paper for a population of some 120,000 people’s voting population was quite astounding.
There was an art to feeding the machines, and being as competitive as I am – I was racing every other counter in the room whether they knew it or not. As an operator you filled the hopper with a stack of ballots and kept a small bit of tension on the stack with your hand so that only one sheet would feed at a time – multiple feeding sheets would error, and you’d have to stop to re-feed the stack. Occasionally you’d have a ballot that was marred, illegible, jammed in the machine – these would go to the manual counting room where they’d be tallied by hand.
It was exciting to be a part of the process – and interesting to me in hindsight as i think about it. As a cog in the machine I really had no idea how the vote was going to go even though I was operating the machinery. And with the procedural controls in place the ability to change the number or nature of the vote was near impossible. The tabulations were not reviewed directly on the counting machines – but at a central processing unit. And if there were any issues or questions the ballots would be recounted and manually reviewed.
There are two or three predominate electronic voting systems in the USA. Most Americans only know what these look like from news reports because our historic turn out shows that at most only up to 45% of potential voters in the country have actually experienced using them.
[Insert finger waging and shamming here.]
There are a number of issues related with voting electronically the way most of the country does now – by a machine – that having been well known are still unaddressed.
These machines are all run using closed source software – so there is no way to have any independent verification of the code. This means there is no group able to review what a particular vendor puts into the system to count, to audit, perform redundancy checks. This requires access to both the code running (software), but also the machine operating system (firmware). As of this writing to my knowledge no manufacturer has opened both of these to independent review.
Aging Equipment Costs and Risks
There is an upkeep cost for machines the voting and tabulation systems that may not be budgeted for. This along with licensing costs to the various vendors, and the risk with any brand or technology that it will age out, or the manufacturer goes out of business. Interestingly this factor alone has led many precincts around the country to return to paper ballot technologies – the mechanical equipment is not exposed to the actual voters but only operators. Mechanical equipment is less subject to hacking dangers as the optical sensors don’t track anything other than the darkened ovals, and that only for basic enumeration. No computer code can be directly introduced via the ballot system.
According to Pew research – this year (2016) only 25% of national voters will use touch screen type voting systems – which is down from previous years highs of up to 40%. The physical tabulators are also designed to be more durable machines over time than the touchscreens of today. And while the ‘older’ style machines may seem slow, but speed gains can be made simply by investing in a more tabulation machines (which individually have a much lower cost over time than the electronic system counter parts) and splitting the counting load over a larger number of units.
Ease of Hacking Current Systems
For all the weaknesses we mentally associate with older technologies such as paper ballots, or punch cards (and all the hanging chad business) – and that primarily being the time it takes to count votes. The inherent strength is that at least with these technologies there is a way to go back and perform recounts. The ability to if necessary manually assess and verify what oval was circled.
But with these black box machines you get the count you are presented – and no way to recount. This leaves all trust to the system – but the existing systems are all entirely exposed! [And despite the bold text I’m actually not speaking in hyperbole.]
The voter doesn’t even need to leave the booth to hack the modern machine.
So, being unable to address the ease of hacking existing ‘high-tech’ systems’ security issues related to a room of voting machines – we haven’t even begun to really tackle the issues related with online voting.
There are five states that do have some degree of online voting, but only one (Alaska) that currently offers it to the entire population. Why is the adoption so slow? There are a number of real world concerns that need to be addressed before we can really work this out, each issue I list below is just a subset of the total. Yet each of these is individually enough to prevent us from using online voting by itself.
Here is a quick non-authoritative list of 4 concerns:
- Ability to verify voters: People today have issues with remembering simple passwords that they use every day at work. How will we ensure that voters are able to accurately login and identify themselves to vote? How will we maintain the integrity of their login credentials? Any known or expected transmission can be intercepted, and either blocked or potentially changed in transit.
- Ability to verify votes: In 2010 there was online voting in Washington DC, and it was found that two hackers were able to gain access to the system and they changed every vote to one candidate. Email is not even a remote consideration as it is an entirely open form of communication – it is sent as clear text that anyone can intercept. Despite millions being spent on verified vendor technologies we still have nothing in place that actually does this.
- Auditing the result effectively: With the inherent issues related to points one and two – there is no way to re-count. No way to verify a one vote per person, nor anyway to ensure that each and every vote is being tallied. The Federal Government has concluded that it is currently not possible verify and guarantee the security, privacy, nor integrity of ballots cast over the Internet and no way to effectively audit any result.
- DDos attacks: A Distributed Denial of Service attack is a very common way to attempt to overwhelm a single location or a .section of the internet and render it unable to communicate with the outside world. [Here’s a very cool realtime map tracking major DDos attacks happening now] It would be in today’s world trivial for someone to knock out a population center from being able to vote for a large portion of the voting window to cast a ballot. Imagine how if large sections of swing states were suddenly and completely unable to vote. Imagine the Bush / Gore race with how close it was if no one in Miami, Fort Lauderdale, or Tampa/St. Pete were able to cast votes. Whether you think this example would have been a win or a loss, the issue is what if it were not just one swing state, but many.
“The question of whether Internet voting is secure is really not a political question,” Dr. Halderman says. “It’s a technical question.” (WSJ)
If you are a frequent reader of the things I’ve written, and of groups I support (such as the EFF for example) you will recognize that one of my main concerns is that of the need for strong encryption and anonymity – as these are the guardians of free expression. The call to weaken security and provide for back doors into security protocols by politicians makes even less sense in light of what we face on the issue of secure internet voting, much less the security of the internet as a whole – upon which so much of our infrastructure and economy is based upon. Unfortunately politicians are often moved in a moment, and not necessarily considering the long term impact of poorly defined laws nor the enduring impact they have in harming our society.
In the end the apparent ease of voting from our laptops, tablets, and phones is not what we actually need in society at this point. What we need are evidence based elections that allow individuals to vote their conscience, does not expose them to inappropriate outside voting pressures, and which maintains the voter’s privacy and vote integrity. We need elections that encourage and enable all legal voters to participate, yet does not disenfranchise people of differing socio-economic diverse backgrounds.
I guess the internet will just have to wait.