August 27, 2009
Hawaii experiments with internet voting
Recently, Hawaii held a first-in-nation all-digital election for local district races using telephone and internet technologies. The company providing the technological solutions hailed the election as a great success. In reality, voter participation plummeted to a fraction of the previous levels. If this was supposed to encourage more voters to cast a ballot by making it more convenient, it was an epic fail. The drop in voter participation was a dramatic 83 percent — let me say this again — epic fail . http://www.kitv.com/politics/19573770/detail.html
Nevertheless, Aaron Contorer, Chief of Products and Partnerships for Everyone Counts E1C), the vendor providing the digital solutions for Honolulu local elections, wrote a puff piece on Huffington Post, pronouncing in a great success that was “advancing the art of government.”
Contorer makes it sound positively unpatriotic to question the use of the internet and telephone in voting. http://www.huffingtonpost.com/aaron-contorer/americas-newest-state-hol_b_203639.html
What better use of technology? Who would see democracy stuck in the past, a relic of the age before secure encryption, before cash machines, indeed before telephones?
Any time someone wraps an idea in the flag and suggests that that is sufficient reason to support it, it is appropriate to wonder whether that is all they’ve got. And in this case, I would argue that appeals to patriotism are the foundation of Contorer’s arguments and should be weighed with a large dose of scepticism since the real technological concerns about the security of such a voting system are never really addressed.
Contorer makes the comparison between internet banking and internet voting and never admits that there are significant differences between the two that military grade encryption alone will not address.
At this point a savvy tech person in the person of Barbara Simons stepped up to counter Contorer’s flag-waving marketing piece in behalf of his company’s products. Simons’ credentials are impressive. In addition to being the former president of the Association for Computing Machinery, Simons is an expert in electronic voting and serves on the Board of Advisors of the U.S. Election Assistance Commission. She was a member of the National Workshop on Internet Voting that was convened at the request of President Clinton and produced a report on Internet Voting in 2001. She also participated on the Security Peer Review Group for the US Department of Defense’s Internet voting project (SERVE) and co-authored the report that led to the cancellation of SERVE because of security concerns.
When Barbara Simons speaks on the subject of internet voting she cannot be ignored or dismissed as someone frightened of computer technology or lacking sufficient knowledge. First she provides some much-needed facts about the scope of the Hawaii election and the state’s election law. She says Contorer’s article on Huffington Post: http://www.huffingtonpost.com/barbara-simons/the-internet-and-voting-w_b_210554.html
…exaggerates the scope of the election, overlooks or insults other election methods, and glosses over the formidable technical challenges and dangers posed by the electronic submission of voted ballots.
The election in Honolulu was for neighborhood board members, and thus was not covered by Hawaii’s public election laws. That matters because Hawaii’s election laws, fortunately, require a voter-verified paper ballot and a post-election hand audit of a percentage of these ballots. Since such verification and audits are impossible with a purely Internet-based voting system, there is no legal way to use the E1C system under current Hawaii state law.
Nevertheless, because this small election is being used to promote Internet voting generally, and because Internet voting schemes are being proposed across the United States, the issue demands thorough discussion.
Simons points out that numerous computer scientists have signed a letter warning about the dangers of internet voting. Then she proceeds to make the case against internet voting.
The article asserts that since we are able to conduct banking and commerce over the Internet, we should also be able to vote over the Internet. This is a common misconception (or misrepresentation) that is often made when attempting to support Internet-based voting. Banks spend considerable time and money to ensure the security of our assets, yet there are still risks. Identity theft and fraud affect millions of Americans and cost billions of dollars each year. When we can detect such fraud it is because we are able to track our money through each transaction from start to finish, including the people associated with those transactions.
However, elections by their very definition disallow this type of explicit end-to-end auditing. Voters must cast their ballot in secret and not be able to prove to others how they voted. Election officials must not be able to tie votes to citizens except in very narrow circumstances as carved out by law. The lack of these basic protections make Internet-based voting a dangerous idea and place it so far from the realm of Internet banking or commerce as to make the author’s point moot.
There are significant security issues that any vendor must address before declaring such a system fit for public elections. Yet the author glosses over these security issues raised by Internet voting, referring several times to “military-grade encryption.” It is a well-known marketing technique of voting system vendors to tout the strength of their encryption because it sounds impressive. But the fact is that encryption is only a secondary part of any electronic security. It does nothing at all to protect against insider attacks, denial of service attacks, various forms of spoofing, viruses, or many kinds of ordinary software bugs. Even the most secure military computer networks have been compromised, including a recent serious breach of the Pentagon’s $300 billion Joint Strike Fighter project.
Even in the absence of malicious adversaries, software, especially a networked system such as the one E1C sells, is fundamentally difficult to get right. Aviation and military software, written to standards requiring development efforts tens or hundreds of times as costly as voting software, is undergoing constant review and upgrades.
With something so precious as the vote it is appropriate to stick to mature, tested technologies instead of rushing to adopt the Next New Thing.
I notice that Contorer points with pride to his previous work on Microsoft Windows and MSN. As a longtime Windows user who has experienced several generations of Microsoft’s buggy, crash-prone operating system, I would not see that association as a strong positive recommendation. How do we know that the software he is currently touting is not equally flawed?
Simons concludes by suggesting that America deserves the best election system possible. She notes that there are certain election functions where the internet might be appropriate such as maintenance of voter registration databases, or distribution of blank absentee ballots. She ends with the following plea:
But we should not subject our democracy to the costs or risks of current Internet-based voting schemes. Rather than rushing to implement Internet voting systems because we don’t want to be “stuck in the past,” we should instead focus on improving our elections using innovations that build upon mature and well-understood technologies. Let’s leave the bluster and insults behind, and build a reliable, accurate, and secure electoral system of which we can all be proud.
NOTE: A more technical article on possible secure uses of the internet for voting can be found on Ed Felten’s blog. Felten is a Princeton computer science professor who has demonstrated how easy it is to hack electronic voting machines and has written extensively on e-voting security. Here’s the link to the article: http://www.freedom-to-tinker.com/blog/felten/internet-voting-how-far-can-we-go-safely