Recently the Huffington Post published an article about Hawaii’s recent Internet and phone-based elections (“America’s Newest State Holds America’s Newest Election“). The article presents an optimistic and patriotic view of the Everyone Counts (E1C) election system that allows voters to cast their ballots from their home computers or over the phone. It was written by E1C executive Aaron Contorer and is effectively a marketing piece for E1C that exaggerates the scope of the election, overlooks or insults other election methods, and glosses over the formidable technical challenges and dangers posed by the electronic submission of voted ballots.
The election in Honolulu was for neighborhood board members, and thus was not covered by Hawaii’s public election laws. That matters because Hawaii’s election laws, fortunately, require a voter-verified paper ballot and a post-election hand audit of a percentage of these ballots. Since such verification and audits are impossible with a purely Internet-based voting system, there is no legal way to use the E1C system under current Hawaii state law. Nevertheless, because this small election is being used to promote Internet voting generally, and because Internet voting schemes are being proposed across the United States, the issue demands thorough discussion. In response to multiple efforts to allow voting over the Internet in major elections, many of our nation’s prominent technology experts have signed a statement cautioning against adopting Internet-based voting systems without first understanding and guarding against the numerous and well-documented dangers. This is not because, as Mr. Contorer suggests, those opposing Internet voting find “[t]he introduction of technology to any process … scary”. The signatories to this statement are not at all intimidated by technology; in fact many are established experts in voting systems who are most certainly aware of the major risks associated with Internet voting.
The article asserts that since we are able to conduct banking and commerce over the Internet, we should also be able to vote over the Internet. This is a common misconception (or misrepresentation) that is often made when attempting to support Internet-based voting. Banks spend considerable time and money to ensure the security of our assets, yet there are still risks. Identity theft and fraud affect millions of Americans and cost billions of dollars each year. When we can detect such fraud it is because we are able to track our money through each transaction from start to finish, including the people associated with those transactions.
However, elections by their very definition disallow this type of explicit end-to-end auditing. Voters must cast their ballot in secret and not be able to prove to others how they voted. Election officials must not be able to tie votes to citizens except in very narrow circumstances as carved out by law. The lack of these basic protections make Internet-based voting a dangerous idea and place it so far from the realm of Internet banking or commerce as to make the author’s point moot.
There are significant security issues that any vendor must address before declaring such a system fit for public elections. Yet the author glosses over these security issues raised by Internet voting, referring several times to “military-grade encryption.” It is a well-known marketing technique of voting system vendors to tout the strength of their encryption because it sounds impressive. But the fact is that encryption is only a secondary part of any electronic security. It does nothing at all to protect against insider attacks, denial of service attacks, various forms of spoofing, viruses, or many kinds of ordinary software bugs.
Even the most secure military computer networks have been compromised, including a recent serious breach of the Pentagon’s $300 billion Joint Strike Fighter project. Even in the absence of malicious adversaries, software, especially a networked system such as the one E1C sells, is fundamentally difficult to get right. Aviation and military software, written to standards requiring development efforts tens or hundreds of times as costly as voting software, is undergoing constant review and upgrades.
Americans deserve the best electoral system available. There are many options for making elections more accessible, secure, and efficient, and the Internet will have a role to play. Current possibilities that show promise include the easier maintenance of voter registration records and the distribution of blank absentee ballots. But we should not subject our democracy to the costs or risks of current Internet-based voting schemes. Rather than rushing to implement Internet voting systems because we don’t want to be “stuck in the past,” we should instead focus on improving our elections using innovations that build upon mature and well-understood technologies. Let’s leave the bluster and insults behind, and build a reliable, accurate, and secure electoral system of which we can all be proud.