I’m a geek and have, for 25 years, been an early adopter of just about any Internet-based service. (Hell, I had a GEnie account!) But I’m still very reluctant to cast my ballot using anything other than a pencil and a piece of paper. But I am interested in debates on this issue, if only because new technologies may improve voter participation which I think is a good thing. So here’s a couple of opinions, pro and con, from the American debate on Internet voting. (Both culled from computer scientist Dave Farber‘s discussion list). Here’s the argument in favour:
Dave:
Internet voting is possible and can be done.
And there are several well-reasoned proposals for this. Our own proposal was published in “The Witness-Voting System”, the invited opening chapter in “Towards Trustworthy Elections, New Directions in Electronic Voting”, published by Springer Verlag. Chaum, David, et. al. (Ed.), (c) 2010, pages 1-36. ISBN-10: 1-4020-7301-1.
Yes, voting is a challenging problem, a problem that even school children can understand but that is made harder to solve than traditional computer security by requirements for public verifiability and ballot secrecy.
In our proposal, we present a comprehensive theory of voting, viewed for the first time as a non-classical communication process, even though the results are expected to be deterministic. We consider both passive and active attacks and, for additional fairness assurances, further requirements including that the system must work as desired without insight or ingenuity (i.e., without relying on human input) while it must be fully auditable by a diversity of machines and humans.
Among the many novel and strong results gained from our approach, we show how any type of voting can be as secure as desired while assuring that ballots and voters are unlinkable. The secret ballot is, therefore, not the reason for the failures that we observe in all actual voting systems, so far.
Further, in implementation terms, we show that paper-based voting faces unfavorable scaling with increasing number of voters, while paperless electronic voting and networked voting (networked machines, not necessarily using the Internet) are easier to secure in large scale. The latter being easier to secure than voting with isolated machines.
Of course, the voter demographics will change to a much younger sample — and this seems to be the unsightly elephant in the room.
But it is not true that voters would need to give up the right to vote anonymously. In fact, voters could be more strongly anonymous that today, and yet more strongly identified to have the right to vote.
These points can be mathematically proven and feasibly executed.
Best regards,
Ed Gerck, Ph.D.
CEO, Safevote, Inc.
And against …
Dave –
In the letter to President Obama we say “Because of multiple intrinsic risks, Internet voting should be forbidden unless and until proposed systems have undergone extensive, independent public review and open testing to ensure that they have solved the fundamental problems of security, privacy, authentication, and verification.”
The system to which Ed Gerck refershas not undergone the open and public review and testing that we call for. Some of the threats against which his system would need to defend are:
1. Election rigging viruses on the voters’ machines that could be spread surreptitiously before the election.
2. The vulnerability of election officials’ servers to being attacked, keeping in mind that the offices of most election officials are underfunded, understaffed, and with little to no security expertise.
3. Targeted (or general) denial of service attacks.
4. Man in the middle, spoofing, phishing, and related attacks.
5. Insider attacks.
In addition, how would [SafeVote] conduct a recount or prove that the declared outcome is correct, if the outcome is challenged? Estonia has been allowing its citizens to vote over the Internet for a while. In the most recent election the Centre Party (the second largest party) received a larger percentage of the paper-based votes than the votes cast over the Internet. While there are possible explanations for the discrepancy, there are members of the Centre Party, including some of the key leaders, who are convinced that the Internet portion of the election was rigged. Whether or not that is true – and it’s impossible to prove either way, since there is nothing to recount – it is not healthy for Estonian democracy for a portion of the electorate to believe that the election was stolen.
Election officials in Washington DC were convinced that the Internet voting system they were planning to use for overseas voters in 2010 was secure. Fortunately, they had the integrity first to run a mock election that anyone could attack. Within a very short period of time, a team from the Univ. of Mich. led by Alex Halderman had completely taken over the DC system. The team even protected the system against probes coming from Iran and China. While these probes probably were not targeting the voting system directly, they illustrate some of the dangers against which any Internet voting system used for a major election would need to defend.
Regards,
Barbara Simons
(See Simons Wiki page. She’s past president of the Association for Computing Machinery among many other things and has long been looking at this issue)
I favour e-voting. However, beyond the obvious security issues which I would leave to the experts, verification of one’s vote is the most important to me.
Our municipality during the last election used a form of e-voting for the first time. Voters were given a paper ballot on which they filled in the circle beside the candidate of their choice; they then fed the ballot into a slot designed for that purpose. And that was it.
I expected to see on the screen confirmation that my vote had been recorded as I had indicated. But no; there was nothing. Alternatively, I’d have been content with a paper receipt showing same. Again, nothing. In other words, the process from this voter’s point of view felt incomplete and left me uncertain my vote had been electronically recorded as I’d intended it.
Further to my comment above, that form of e-voting of course goes only part way. Machines are used to count the ballots, rather than people; and the paper ballots that go into the slot can be used for verifying the two match.
However, I prefer online voting and have used it over the past few years for the selection of political party leaders.
Dave,
I spent my entire adult life working in the IT field. I wrote programs, designed systems and was responsible for the accuracy and integrity of large financial systems.
I oppose electronic voting.
I want my ballot to be paper and I want scrutineers watching the counting and totaling. I do not care how well a system is tested, it will not be tamper proof.
A poll generally has about 200 voters. It is not an onerous task to manually count 200 ballots while being watched by scrutineers from all the candidates. I have been a scrutineer.
If a person is too lazy to stop by a polling station with weeks of early voting
they do not deserve the right to vote. Generations fought and died for this right. Security is a huge issue and if a person is too lazy I don’t want them voting as they are no doubt too lazy to educate themselves on the issues and candidates.
Peggy I concur with your explanation concerning electronic voting against casting a paper ballot; I to have worked as a scrutineer, a Poll clerk and in the last couple of elections as a Deputy Returning officer; we were given a total of 450 ballots and never ever used all; the most ballots cast were between a 150 and 200. It does not take much to check id’s for proper address and name. Once the poll closes it takes approximately 2 hours to count the ballots, account for spoiled ballots and make sure that unused ballots used ballots and spoiled ballots agree to total ballots provided. If you want to look at the U.S. in 2000 with the ballots cast in Florida, this was done electronically and look at the problems with falling chads; this had to be resolved in a court of law.
So in conclusion the Canadian form of voting although labor intensive is far superior than using electronic voting. To big a chance of hackers trying to alter the outcome.
Voting is a right and a privilege. What is so hard for a legal voter to get off his fat ass and go out and exercise that right and privilege ON the day that elections are held? Laziness! jc
On January 23rd, 2013 Edmonton City Council will decide on whether or not Edmonton should begin using internet voting in our next municipal election. While many people such as city clerk, Alayne Sinclair, think that internet voting is secure, the reality is, it is not. A simple Google search will provide you with multiple news articles showing how systems get hacked all the time. Hackers gain access to secure computer systems such as the Pentagon, CIA, and the different Canadian government organizations just to name a few. If organizations such as these, with enormous budgets for network security, can be penetrated, what makes a private company think they can provide the citizens of Edmonton with a safe and secure means of online voting? The simple fact of the matter is they cannot.
The internet was not designed to be secure; it was designed to continue transferring data if a catastrophic event were to take place. Many people think that because they can now do online banking, the internet has become a safe enough place to cast a ballot online, but online banking and online voting are two different things. When banking online the bank wants to know who you are, but during an election your vote is to remain secret.
As a computer programmer and former network administrator I embrace technology equally as much as I embrace democracy. While there is so much technology that can benefit our lives, electronic voting is not one of them due to the enormous amount of trust which has to be put into online voting.
• Trust that the election system won’t be hacked by any individual or group on the internet
• Trust that when the system is hacked the private company will report it openly and honestly so another election can be held
• Trust that the software responsible for counting the votes doesn’t contain any unintentional programming or mathematical errors which would report erroneous results
• Trust that the operating system and all other software running on the election server doesn’t contain any security holes which would allow a hacker to gain undetected access
• Trust that the programmers who wrote the code didn’t leave any security holes in their election program
• Trust that a rogue programmer didn’t write some backdoor code to allow remote access and change the results without leaving a trace
• Trust that the private organization doesn’t have executives or programmers who can be financially, or in other ways, motivated to change the results of an election
• Trust that every single computer used by all voters in the election is not infected with a virus, Trojan horse, rootkit, or some other form of malware designed specifically to alter your vote
• Trust that all the network devices, servers, and computers that make up the internet haven’t been compromised in some fashion to allow someone to capture and alter the ballot while it is being sent to the election server
• Trust that, similar to the ‘robo calls’, a third party…
• Trust that, similar to the ‘robo calls’, a third party hasn’t set up a ‘phishing site’ to trick voters into casting their ballots on their server instead of the real election server
• Trust that the election server not only received your ballot but also received it exactly as you cast it for the candidate you selected
• Trust that, unlike the NDP leadership election, there won’t be a Denial of Service (DoS) attack on election day which will inhibit your democratic right to cast your ballot
• Trust that when there is a Denial of Service attack your vote won’t get hijacked
• Trust that no one on the internet will steal your identity, and thus steal your vote
• Trust that a person or group won’t try to coerce voter’s into voting for their candidate
• Trust that a person or organization won’t try to buy voter’s ballots
• Trust that the numbers appearing on a computer screen somewhere actually contain votes that have been counted by the election software and not randomly generated
• Trust the election results because there will be no way to recount the votes as no paper ballot exists to audit the election
• Trust that everyone participating in the election is from the municipality/province/country where the election is being held
• Trust that anyone voting won’t be able to vote more than once
• Trust that the ‘virtual ballot box’ won’t be stuffed with virtual votes by the private company
• Trust that despite your giving a private company your personal information (name, address, etc.) so you can register to participate in the election, they will not somehow link you to your ‘secret ballot’
• Trust that a private company won’t be building a database to keep track of who you voted for in the past
• Trust that once the election is over and in accordance with election laws all election data will be deleted and not kept on any backup media or device so it can be reviewed later
Computer security experts around the world agree that electronic voting cannot be trusted as there are countless ways to manipulate the results of an election and security on the internet can be compromised. Dr. Alex Halderman Ph.D., associate professor at the University of Michigan, successfully hacked into the online voting system proposed by Washington D.C. In less than 36 hours he had the ability to change the election system and as a result Washington D.C. did not implement online voting. Dr. Barbara Simmons Ph.D. co-authored a paper with Dr. David Jefferson and others which analyzed the security of the Secure Elections Registration and Voting Experiment (SERVE), online voting system for U.S. military personnel serving overseas, which led to it being shut down. If computer security experts don’t trust internet voting and can find ways to compromise the security of election servers, why would anyone want to implement electronic voting?
Even an election using paper ballots is not perfect. In certain instances people are able to vote more than once, ballots can easily be spoiled, and sometimes a ballot box can be stuffed with votes. It’s understandable that no system is perfect and there are risks involved when holding an election. But shouldn’t a new method of voting reduce or maintain the number of security risks instead of introducing more?
If city council votes in favor of using online election software, then we are all witnessing the beginning of the end of democracy. Once enough municipalities are using online or electronic voting then provinces will move to adopt this. After the provinces have adopted e-voting then it is only a matter of time before the federal government adopts it. While there may not seem to be a great risk of a foreign group hacking a municipal election, how much more interest would there be in a provincial or federal election? If the NDP leadership race garnered enough attention to attract hackers to disrupt their election how long would it really take?
This must be stopped here and now. A message must be sent out from the citizens of Edmonton telling their democratically elected council members that the world is not ready for electronic voting. Telling them there is no way to secure an electronic ballot. Telling them that there is no way to trust an electronic vote.
As Josef Stalin said, “It’s not the voters that count. It’s those who count the vote!” In order to have a functioning democracy we must be able to trust our elections. We must have accountability and a paper trail to verify each and every election. We must be able to perform a recount when necessary and be able to audit an election. We must be able to trust the vote!