Ms. Voting Matters would really really like to wave her magic wand and allow everyone on the planet to cast their votes, securely, with their smart phones, tablets, or laptops. Really truly, I would do it if I could.
But I can’t. The Internet of Voting is just not safe and secure enough now, no matter how much we all would wish it so.
And some smart people seem to agree with me. The Atlantic Council, a venerable Washington D.C. think tank that spurs dialogue between America and Europe, just released a white paper titled “Online Voting: Rewards and Risks.”
The paper tilts a bit toward the reward side of the equation – it is, after all, co-sponsored by Intel Security and its McAfee division, whose technologies specialize in Internet security – but it also strikes some big cautionary notes. And Ms. Voting Matters waves her wand in approval of those rumbling base notes.
Let’s take a look at some of the key points of the paper.
The authors, Peter Haynes and Jason Healey, do ask the key question that we at The TrustTheVote Project asked ourselves seven years ago when we started our voting technology efforts: “Why are the same technologies that have revolutionized so many aspects of our daily lives not being used to improve the electoral process?”
In theory, Haynes points out, “the types of online technologies that handle our financial transactions with remarkable reliability and security (notwithstanding high-profile breaches such as the Target credit-card theft) should also be able to revolutionize voting.”
Ms. Voting Matters demurs a little here. It isn’t just the Target hack – shall we remind you about:
- Sony PlayStation, April 2011;
- Global Payment Systems, March 2012;
- Zappos, January 2012;
- Adobe Systems, October 2013;
- Target, December 2013;
- Nieman Marcus, January 2014;
- Yahoo, January 2014;
- Michael's Stores, January 2014;
- White Lodging Services, February 2014;
- Home Depot, September 2014.
Need we go on? I didn’t think so.
That kind of mass hacking of millions of accounts just cannot be risked on the thing that makes us a democracy -- voting.
The authors, to their credit, correctly point out that financial transactions work very differently than voting transactions. Financial exchanges can be fairly secure because they’re based on some firm identities established between buyer and seller through passwords, security questions and the like. But in voting, election administrators first have to be sure that you are indeed you, but then they cannot in any way link your I.D. to your vote. If they did, the vote would not be anonymous. Can you imagine a hack that revealed not 2 million credit card numbers, but how 2 million people voted, or worse, changed 2 million ballot choices to a different candidate? That would undermine democracy in terrible ways.
Turnout in the U.S. already hovers around 50 percent for presidential elections. Just think if the vote were no longer anonymous; turnout would decline further, and trust would decline. And what if we found out that Michelle vote for Hillary instead of Barack in the Illinois Democratic primary of 2008! OMG!
More serious, what if a hack changed a huge number of ballots making it impossible to know whom the real winner was? Not only would that create a mess far worse than what happened in 2000 with the Bush-Gore presidential race, but turnout would plummet because nobody could really trust the vote.
The Atlantic Council authors clearly say, “for online voting in all its forms to take off, security will need to be vastly improved.” Ms. Voting Matters concurs.
Haynes further clarifies the differences between online commercial transactions and online voting: “Online retailers, and other companies offering services over the Internet factor in some degree of loss as a cost of doing business online, and generally indemnify their customers against bad actors. Online voting poses a much tougher problem: lost votes are unacceptable. And unlike paper ballots, electronic votes cannot be ‘rolled back’ or easily recounted. "The twin goals of anonymity and verifiability within an online voting system are largely incompatible with current technologies."
“Without very strong security,” Healy continues in a sidebar about a hack of the Ukraine voting system this year, “online voting offers even more opportunities for intrusions and tampering than traditional [voting] systems.”
This brings us back to The TrustTheVote Project and what we do and why we do it. We are not luddites, we’re Silicon Valley technologists. We want to bring modern technology to voting systems. It’s important for our democracy, now and tomorrow.
And that’s why we're applying open-source principles to our technology solutions. They’re visible and glass box, people with a certain level of knowledge can peer inside, look at the code, understand it, and alter or fix it if there’s a flaw. Any knowledgeable developer can more easily detect problems or vulnerabilities in open-source software. Back-doors, hidden rogue compromises, and simple mistakes are not cloaked by secrecy of the source code. Developers can modify the code and make it better for each jurisdiction’s needs, with everyone knowing what they did. That kind of an open system approach, which drove the development of the Internet and many great apps we rely on today from web browsers to blogging tools, can make voting more accurate, more transparent, more verifiable, and even more secure.
To be sure, the TrustTheVote Project team has its eyes on the future while focusing on fixing current technical challenges for elections officials and improving the voting experience for all of us. We contribute to research, investigations, and meetings about the future of voting and the use of new technology, including the Internet. Online voting will come one day, but there are some big security and privacy problems to figure out first. We’re convinced that the new structure of voting starts with a transparent foundation of true innovation on which we can build for the future, and with a little patience along the way.
Ms. Voting Matters’ magic wand is pretty powerful, but it cannot make secure online voting happens overnight. While there are the challenges at hand with the machinery used today and into the near future, there also remain more challenging problems with the design of the Internet itself when using it to handle ballots. The hard, necessary work of developing open-source solutions will help get us to the future when we can more safely use technologies that continue to bring ease and convenience to our lives.