Tag: voting technology

  • Ten Things to Know About Voting Technology

    Ten Things to Know About Voting Technology

    1. Voting is not like any other transaction.

    The first remark I usually hear on the subject of Internet voting is, “I
    can shop online, I can bank online, why can’t I vote online?” The answer
    is that voting is not like those transactions. Credit card companies and
    banks tolerate a degree of fraud in all of their transactions. We could
    not similarly accept some degree of fraud in the voting process. And,
    when you make a deposit to your checking account over the Internet, your
    bank sends you back a message confirming the transaction and the amount
    of your deposit. But if we are to preserve our right to cast a secret
    ballot, then we would not want to vote online and have our election
    agencies send back to us a note confirming our choices.

    Casting a secret ballot in a fair and democratic election is, in fact,
    unlike any other kind of transaction. Think about it: each person only
    gets to vote once, in a limited time frame, and every voter must be
    authenticated while at the same time preserving that voter’s right to
    cast a secret ballot. Voters must be confident that their votes have
    been accurately recorded and the voting system must create an audit
    trail in case a recount is needed that also preserves the secret ballot.
    It is not impossible to build an online voting system, but it’s
    important to realize that to do so creates unique challenges because
    voting is unlike any other transaction.

    2. There are two kinds of Internet voting: polling place Internet
    voting, and remote Internet voting.

    It’s important to distinguish between polling place Internet voting and
    remote Internet voting, which is voting from home or work. Both remote
    and polling place Internet voting use computers in the voting process
    and both use the Internet to transfer ballots to the central counting
    center. The important difference between the two methods is ownership of
    the computer that’s acting as a voting machine. With polling place
    Internet voting, the voting machine is owned and controlled by election
    officials. With remote Internet voting, the voting machine is owned and
    controlled by either the voter or their employer.

    In our January 2000 report, the California Internet Voting Task Force
    made this important distinction between polling place and remote
    Internet voting, and concluded that while polling place Internet voting
    can and should be explored, remote Internet voting could greatly expose
    the voting process to fraud. For this reason we made no prediction of
    when, if ever, remote Internet voting would be possible.

    3. Remote Internet voting is highly susceptible to voter fraud.

    A voting machine owned and maintained by a county election office can be
    controlled, but a third party machine, owned by the voter or their
    employer, is highly susceptible to attack. For example, a remote
    Internet voter could unknowingly download a “Trojan Horse” or virus that
    sits on the voter’s computer. When the voter opens his Internet ballot
    on his computer desktop, at that point the ballot is no longer encrypted
    and would therefore be susceptible to manipulation by a virus or
    malicious code. A Trojan horse could then, for example, rearrange the
    appearance of the voting boxes on the ballot, leading you to believe,
    for example, that you voted for the incumbent but actually returning
    your ballot with a vote for the challenger. You would then send your
    ballot back encrypted to your election agency, and since we cast a
    secret ballot neither you nor your election agency would know that your
    vote had not been properly recorded.

    If you think this scenario is far-fetched, consider this: already some
    Internet users have unknowingly downloaded programs known as “spyware”
    that keep track of their computer usage and page visits without their
    knowing it and report this information via the the user’s Internet
    connection to commercial and marketing interests. Already the vast
    majority of Internet users visit web sites that set “cookies” in their
    web browsers used to track their online movements. Few even know what a
    cookie is, let alone know how to remove one or how to set their browser
    preferences to refuse them altogether.

    Consider also the fact that remote Internet voting will give rise to a
    whole new wave of voter fraud attacks from people living in foreign
    countries as well as those who previously had no interest in elections
    but enjoy a good hacking challenge. The Pentagon detected more than
    22,000 attempts to probe, scan, hack into, infect with viruses or
    disable its computers in 1999 alone, and anticipates the number of
    attacks will only increase with time. And let’s not be naive about our
    country’s record on voter fraud. Though voter fraud is not as much of a
    problem here as it has been in other countries, history shows that in
    close races some campaigns do resort to cheating in order to win.
    Automating the voting process gives one person the ability to make a
    much greater impact when they attempt to cheat.

    When you consider the likely increase in attempts at voter fraud,
    combined with the low level of computer literacy we have now, both among
    users and the election community, it is unrealistic to think we are
    ready for remote Internet voting anytime soon.

    4. Remote Internet voting may erode our right to cast a secret ballot
    and lead to political coercion in the workplace.

    Currently we cast our ballots in a private polling booth, and in some
    counties voters place their ballots inside an envelope so that poll
    workers and other voters won’t catch a glimpse of their votes before
    they drop their ballot into the ballot box. Polling place Internet
    voting can preserve the secret ballot and the sanctity and privacy of
    the polling place. Remote Internet voting, on the other hand, can lead
    to voting from work, which is where most of us connect to the Internet
    during the day. And for many of us, our workplace computers are far from
    private.

    If we were to vote from work, our coworkers or supervisors might
    casually or deliberately watch us as we make our choices. Even if they
    aren’t standing over your shoulder, the company intranet could easily
    retain a copy of your ballot. These are not insurmountable obstacles,
    but it does mean that if we allow for voting in the workplace, we’ll
    need new policies to protect employees from potential political coercion
    in the workplace. New policies would need to be developed to protect the
    right to cast a secret ballot in the workplace on your employer’s
    computer, and such policies would contradict with existing laws that
    assert an employer’s right to review any material their employees create
    on a company computer, including personal email. Simply put, voting in
    the workplace could be a nightmare for employers and employees alike,
    and if we were to move forward with remote Internet voting in the future
    we’d be wise to prohibit voting in the workplace altogether.

    5. Remote Internet voting poses a threat to personal privacy.

    How would we authenticate remote Internet voters? Authenticating voters
    is one of the primary steps we take to protect our elections from fraud.
    We have to make sure that people are eligible to vote, vote only once,
    and cast their own ballots. Using a pin number in combination with other
    pieces of personally identifiable information, as the Arizona Democratic
    Party did in its March 2000 Primary, is not sufficient to protect our
    elections from vote selling, vote swapping, and voter fraud. Digital
    signatures may be an option, and we have a long way to go before that
    technology is widely understood and accepted by the public, and digital
    signatures still cannot protect Internet voters’ ballots from a Trojan
    horse attack.

    The most secure way to authenticate voters is to use biometric scanning
    procedures, such as retinal or finger-printing scans. I, like many
    Americans, find such security measures invasive, and believe it would be
    unwise to sanction government agencies to begin collecting sensitive
    biometric data on American citizens. There is a general rule I follow:
    for every degree of convenience we gain through technology there is
    usually a corresponding loss of privacy. Remote Internet voting would
    make voting more convenient, but that convenience will come at a price
    that, in my opinion, is too high.

    6. There is a huge politics and technology information gap.

    In my seven years of working in politics and technology, I have found
    there are unfortunately too few people who have a working knowledge of
    both fields. This huge gap between politics and technology appears to be
    widening, not closing over time, and is becoming increasingly evident
    around the issue of Internet voting. Many of the political experts who
    talk about Internet voting don’t appreciate the technological dangers of
    voting online. Then there’s the technologically-savvy but politically
    naive people who say, “Wouldn’t it be great if we could vote on
    everything?”, failing to understand either the benefits of
    representative democracy or the complexities of the voting process. If
    we are going to close the politics and technology gap, we are all going
    to have to make a great effort to educate the experts and bring people
    from diverse fields together online and offline through conferences and
    public meetings. It’s going to take a lot of work, but if we address the
    politics and technology information gap it will make for better public
    policy in every area impacted by technology.

    7. There is a generational technology gap.

    Older people are not as familiar with new technology as younger people
    are, and surveys show that younger voters are sometimes intimidated by
    existing voting technology. The generational technology gap turns up in
    many places. The Democracy Online Project’s post-2000 general election
    survey found that the younger the voter, the more likely they used the
    Internet to access election information.

    Internet voting polls also find that younger voters find the idea of
    Internet voting much more appealing than older voters do. For example, a
    poll conducted by ABC News in 1999 found that only 19 percent of
    Americans age 65 and over would support Internet voting even if it could
    be made secure from fraud. Similarly, a year ago the Public Policy
    Institute of California surveyed Californians and found that public
    support for Internet voting is highest among 18-34 year olds (59
    percent) and lowest among those 55 and over (27 percent). There is no
    doubt that new technology provides an unprecedented opportunity to
    engage alienated young people in the democratic process, but we must be
    careful that we don’t alienate older voters along the way.

    8. Changing technology alone isn’t enough; voter education is also
    needed.

    It made me angry to hear people ridicule Florida’s voters for casting
    their votes incorrectly. As an experienced voter educator, it no longer
    surprises me to hear about the elements in our voting process that
    voters find confusing. There is an intolerable lack of reliable,
    nonpartisan voting information available for U.S. voters; most of what
    passes for election information comes in the form of campaign mailers
    and thirty second spots designed to confuse, manipulate or scare voters
    and do just about anything but inform them.

    We take so much for granted when it comes to voter education, and it is
    shameful that the United States poses as a model democracy for other
    countries to emulate when we make virtually no effort to educate our own
    voters and prepare them to vote on Election Day. We can begin to address
    this problem by appropriating federal and state funds to nonpartisan
    voter education efforts. We already spend $31 million a year on the
    National Endowment for Democracy to advance democracy abroad; we can
    certainly afford to spend at least the same amount to advance democracy
    at home.

    9. Transparency in the voting process fosters voter confidence and
    security.

    Whatever changes we make to our voting technology, we must not sacrifice
    the trust that is gained by having a transparent vote casting and
    counting process. The old voting technology that we are talking about
    replacing, in particular the punch card ballot, functions in a way that
    is transparent to the voter. You mark or punch your ballot, you drop it
    into a locked box, and the box is transported to the central counting
    center by pollworkers where the public can (and often does) watch the
    counting of ballots.

    Now, as we consider introducing computers into the voting process, we
    must look at how transparency may be affected. Whether we are talking
    about Internet voting or any kind of computerized voting, one inevitable
    result is that very few people, and certainly not your typical voter,
    have the expertise to review the software used for a computerized system
    and know that it is functioning properly. Consequently, it will require
    much more faith on the part of the voter in both the voting technology
    and their election officials to trust that a computerized system
    accurately records and counts their votes. And faith, unfortunately, is
    something that’s in short supply right now in our democracy, so we must
    be careful that we don’t erode it any further when we upgrade our voting
    technology.

    10. Software used in the voting process should be open to public
    inspection.

    One way to build public confidence in computerized voting is to require
    voting software code be made public. Election officials often cringe at
    this suggestion for two reasons: they think that making voting
    technology source code public will undermine the security of the voting
    process; and they expect that voting technology companies will object to
    revealing their source code because it undermines their competitiveness
    in the marketplace. In fact, many of the leading voting technology
    companies are not necessarily opposed to public source software, and
    some have already indicated they will comply with a public source code
    requirement if it’s imposed on everyone.

    The first concern — the public source undermines the security of the
    voting process — reflects the misguided “security through obscurity”
    approach to software, which is the idea that keeping your source code
    secret makes your technology more secure. In fact, there is consensus in
    the security industry that public source code leads to more secure
    computer systems than closed source.

    In fact, the Pentagon, our number one military agency, recently decided
    to no longer purchase closed source, commercial software programs from
    companies such as Microsoft, Netscape and Lotus to use in its most
    sensitive systems. The reason given by a Pentagon official, speaking
    anonymously to the Washington Post, is because they found that these
    closed source programs had too many holes, backdoors and trapdoors that
    place the department in greater danger of a computer attack than using
    public and open source software would.

    No software program is perfect, and any voting software program will
    inevitably have holes and some problems. If the source code is closed,
    those who want to manipulate the outcome of an election will eventually
    find and exploit those holes. If the source code is open and public,
    then the good guys in the security industry can find the holes first and
    help fix the software.

    One high-profile example of this shift toward public source for
    high-security operations is the National Security Agency’s initiative to
    develop “Security Enhanced Linux”. This is a new, security-enhanced
    operating system that was just released this month. It’s based on Linux,
    a very successful open source operating system, and anyone in the world
    can go online to www.nsa.gov/selinux/ and download its source code. If
    the agency entrusted with protecting our national security finds public
    source code more secure than closed source code, it should be a clear
    signal that the election community would be wise to follow suit.

    Of course, we can’t assume the good guys are going to forever be
    reviewing voting software code, so it’s crucial that a continuous
    recertification process is also established. Computerized voting
    machines, unlike punch cards, are based on dynamic, not static
    technology. We must anticipate that any computerized system will need to
    have security holes fixed, upgrades made, and new computer and Internet
    protocols supported. Even if we have public source voting software, we
    will still have a limited number of experts capable of evaluating its
    reliability. And what some security experts are saying is that it will
    be difficult, if not impossible to know for certain if the software
    that’s been certified and is publicly available is the same software
    that’s running on your voting machine. It’s worth noting that some of
    the strongest objections to computerized voting are made by computer
    security experts. For this reason, and also to foster voter confidence
    in new voting technology, it would be wise to consider a way to use a
    mix of paper ballots and computers in the voting process, and to require
    that paper ballots be counted along with digital ballots so that we
    could create a paper audit trail and thwart attempts to rig voting
    software.

    III. Conclusion

    New voting technology has many advantages, but it also brings new
    challenges to the voting process. And not all current voting technology
    is inadequate. Many voters in the U.S. cast ballots using optical scan
    systems, which are affordable, accurate, have a paper audit trail that
    can provide for a recount, and some of which feature a ballot scanner at
    the polling place that helps voters avoid overvoting or spoiling their
    ballots. Whatever we do to upgrade voting technology, we must ensure
    that all voters have an equal chance of having their votes counted.

    We need to close the politics and technology gap and continue to bring
    experts from different fields together to share information and learn
    from each other. We need our elected representatives to demonstrate
    patience, good judgment and leadership, and we need the media and public
    to pay close attention to voting technology policy as it develops. And
    we need to get serious about voter education in this country and spend
    the public resources needed to prepare people to vote on Election Day.

    It is remarkable that the first Presidential election of the new
    millennium came down to the question of whether we have more faith in
    people or machines to accurately and fairly count votes. The U.S.
    Supreme Court decided the answer was machines. This ruling sets a
    dangerous precedent. Technology can do a lot for us, but it cannot and
    should not trump human judgment.

    I raise concerns about Internet voting not because I am pessimistic; on
    the contrary, I am very optimistic about the opportunities before us to
    advance and transform democracy using computers and the Internet. I am
    critical of voting technology not because I am opposed to it, but
    because I cherish democracy and think computerized voting is both one of
    the most exciting and potentially dangerous ideas of our time.

    – – – – – – – – – – – – – – – – – – – – – – – – –

    The California Voter Foundation is an independent, non-profit
    organization advancing new technologies to improve democracy and
    providing non-partisan voter information on the Internet at
    www.calvoter.org. CVF-NEWS is the California Voter Foundation’s free,
    electronic newsletter featuring news and updates about politics and the
    Internet, emphasizing activities taking place in California.