August 27, 2009

Hawaii experiments with internet voting

Posted in Election reform, Elections, internet voting tagged , , , at 10:04 pm by bluebanshee

Recently, Hawaii held a first-in-nation all-digital election for local district races using telephone and internet technologies.  The company providing the technological solutions hailed the election as a great success.  In reality, voter participation plummeted to a fraction of the previous levels.  If this was supposed to encourage more voters to cast a ballot by making it more convenient, it was an epic fail.  The drop in voter participation was a dramatic  83 percent — let me say this again — epic fail .

Nevertheless, Aaron Contorer, Chief of Products and Partnerships for Everyone Counts E1C), the vendor providing the digital solutions for Honolulu local elections, wrote a puff piece on Huffington Post, pronouncing in a great success that was  “advancing the art of government.”

Contorer makes it sound positively unpatriotic to question the use of the internet and telephone in voting.

What better use of technology? Who would see democracy stuck in the past, a relic of the age before secure encryption, before cash machines, indeed before telephones?

Any time someone wraps an idea in the flag and suggests that that is sufficient reason to support it, it is appropriate to wonder whether that is all they’ve got.  And in this case, I would argue that appeals to patriotism are the foundation of Contorer’s arguments and should be weighed with a large dose of scepticism since the real technological concerns about the security of such a voting system are never really addressed.

Contorer makes the comparison between internet banking and internet voting and never admits that there are significant differences between the two that military grade  encryption alone will not address.

At this point a savvy tech person  in the person of  Barbara Simons stepped up to counter Contorer’s flag-waving marketing piece in behalf of his company’s products.  Simons’ credentials are impressive. In addition to being the former president of the Association for Computing Machinery, Simons is an expert in electronic voting and serves on the Board of Advisors of the U.S. Election Assistance Commission.  She was a member of the National Workshop on Internet Voting that was convened at the request of President Clinton and produced a report on Internet Voting in 2001. She also participated on the Security Peer Review Group for the US Department of Defense’s Internet voting project (SERVE) and co-authored the report that led to the cancellation of SERVE because of security concerns.

When Barbara Simons speaks on the subject of internet voting she cannot be ignored or dismissed as someone frightened of  computer technology or lacking sufficient knowledge.  First she provides some much-needed facts about the scope of the Hawaii election and the state’s election law.  She says Contorer’s article on Huffington Post:

…exaggerates the scope of the election, overlooks or insults other election methods, and glosses over the formidable technical challenges and dangers posed by the electronic submission of voted ballots.

The election in Honolulu was for neighborhood board members, and thus was not covered by Hawaii’s public election laws. That matters because Hawaii’s election laws, fortunately, require a voter-verified paper ballot and a post-election hand audit of a percentage of these ballots. Since such verification and audits are impossible with a purely Internet-based voting system, there is no legal way to use the E1C system under current Hawaii state law.

Nevertheless, because this small election is being used to promote Internet voting generally, and because Internet voting schemes are being proposed across the United States, the issue demands thorough discussion.

Simons points out that numerous computer scientists have signed a letter warning about the dangers of internet voting.  Then she proceeds to  make the case against internet voting.

The article asserts that since we are able to conduct banking and commerce over the Internet, we should also be able to vote over the Internet. This is a common misconception (or misrepresentation) that is often made when attempting to support Internet-based voting. Banks spend considerable time and money to ensure the security of our assets, yet there are still risks. Identity theft and fraud affect millions of Americans and cost billions of dollars each year. When we can detect such fraud it is because we are able to track our money through each transaction from start to finish, including the people associated with those transactions.

However, elections by their very definition disallow this type of explicit end-to-end auditing. Voters must cast their ballot in secret and not be able to prove to others how they voted. Election officials must not be able to tie votes to citizens except in very narrow circumstances as carved out by law. The lack of these basic protections make Internet-based voting a dangerous idea and place it so far from the realm of Internet banking or commerce as to make the author’s point moot.

There are significant security issues that any vendor must address before declaring such a system fit for public elections. Yet the author glosses over these security issues raised by Internet voting, referring several times to “military-grade encryption.” It is a well-known marketing technique of voting system vendors to tout the strength of their encryption because it sounds impressive. But the fact is that encryption is only a secondary part of any electronic security. It does nothing at all to protect against insider attacks, denial of service attacks, various forms of spoofing, viruses, or many kinds of ordinary software bugs. Even the most secure military computer networks have been compromised, including a recent serious breach of the Pentagon’s $300 billion Joint Strike Fighter project.

Even in the absence of malicious adversaries, software, especially a networked system such as the one E1C sells, is fundamentally difficult to get right. Aviation and military software, written to standards requiring development efforts tens or hundreds of times as costly as voting software, is undergoing constant review and upgrades.

With something so precious as the vote it is appropriate to stick to mature, tested technologies instead of rushing to adopt the Next New Thing.

I notice that Contorer points with pride to his previous work on Microsoft Windows and MSN.  As a longtime Windows user who has experienced several generations of  Microsoft’s buggy, crash-prone operating system, I would not see that association as a strong positive recommendation.   How do we know that the software he is currently touting is not equally flawed?

Simons concludes by suggesting that America deserves the best election system possible.  She notes that there are certain election functions where the internet might be appropriate such as maintenance of voter registration databases, or distribution of blank absentee ballots.  She ends with the following plea:

But we should not subject our democracy to the costs or risks of current Internet-based voting schemes. Rather than rushing to implement Internet voting systems because we don’t want to be “stuck in the past,” we should instead focus on improving our elections using innovations that build upon mature and well-understood technologies. Let’s leave the bluster and insults behind, and build a reliable, accurate, and secure electoral system of which we can all be proud.

NOTE: A more technical article on possible secure uses of the internet for voting can be found on Ed Felten’s blog.  Felten is  a Princeton computer science professor who has demonstrated how easy it is to hack electronic voting machines and has written extensively on e-voting security. Here’s the link to the article:



  1. Electronic voting has proven itself to be lacking an acceptable audit trail, why would we extend an unproven process to the Internet? That sounds like a recipe for massive fraud to me.

  2. Hey Bluebanshee!

    Internet voting can be used to sideline the superrich in all US elections, and make elected officials directly dependent upon the electorate.

    If you value democracy, and your blog posts suggest you do, then why not read a little beyond the Barbara Simons, Avi Rubin anti-Internet scare tactics?

    Check out my critique of those guys at:

    And see how to marginalize Big Money at:

    William J. Kelleher, Ph.D.


    Thanks for posting the Bob Dylan song!

    • bluebanshee said,

      I am not a computer scientist myself. However I have great respect for those who have great knowledge of the inner workings of computer software like Barbara Simons and Avi Rubin. Therefore, I take the warnings from folks who have great insight and understanding about how computer systems are designed and built very seriously. Barbara Simons, Avi Rubin, Ed Felten, John Washburn and a host of other computer scientists all say that there is no way to make sure that internet voting can be made secure and private, given the current state of technology. I am personally acquainted with computer software engineers who build online products professionally who will not themselves do online banking, or make online purchases because these professionals lack confidence in the security of online transactions.

      According to your Amazon profile, your background is in Political Science, not Computer Science. Therefore you do not have the credentials to speak with authority on internet security. You may be correct that the direct election of the President would be desirable. However, internet voting is not the way to make this happen. I suggest that public financing of elections at all levels is a better way to reform our electoral system.

  3. Remember SERVE!

    Citizens United and Big Money can be completely neutralized with Internet voting. To find out how, start with this essay.

    AVI RUBIN et al ON TRIAL, in

    “The Reasonable Person Standard and the Critique of Leading Figures in the Making of Public Policy: The Case of Internet Voting.”

    Here is a history of the sabotaging of SERVE.

    To read online or download (free) go to the list and click on the title, at

    William J. Kelleher, Ph.D.

    Feel free to share this.

    Your comments are welcome.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: