Online Voting Remains Too Much of a Downside Risk

For our elections official stakeholder community, I thought we'd pass along our "take" on yet  another recent study about online voting. But this one, from a respectable think tank in Washington D.C., shouldn’t make election administrators worry too much. No need to brace for a legislative blunder, so long as this paper is taken seriously, as it should be.  On the other hand, there doesn’t yet appear to be a replacement for your DRE machinery – for those of you still relying on them.

This report, “Online Voting: Rewards and Risks,” by Peter Haynes and Jason Healey of The Atlantic Council’s Brent Scowcroft Center on International Security is moderate and balanced in tone. (Some may recall Brent Scowcroft was President George H.W. Bush’s centrist, pragmatic national security adviser.)

It acknowledges the desire in an interconnected world for easy voting by laptop or smart phone, but it also goes a long way toward explaining why that is a hard goal to realize given the current state-of-the-art of elections technologies.

We at The TrustTheVote Project know that election officials do not want to be given a new mandate by lawmakers to set up online voting when there are so many questions about security. And we know that election administrators are mainly worried about getting through the next two election cycles with outdated, and in some cases, obsolete voting machinery.

This new Atlantic Council report doesn’t give the “Internet Voting Now!” crowd much ammunition. Indeed, the authors cite well-known examples of even remote ballot distribution pilots going side-ways (mostly due to configuration errors – often the bane of such online efforts). The Atlantic Council paper also appended a table assessing risks to each part of the voting process that could come with online voting.

The highest risks – the authors said “very high risks” – were to the online casting of ballots. “Attacks could target availability, confidentiality, or authentication of the system,” the authors wrote. Attacks could overload servers in a way to prevent voting at all, and attackers could potentially impersonate legitimate voters to cast false votes or monitor network traffic to see how individuals voted. In addition, hackers might try to disrupt vote counting by preventing individual voting locations from reporting to the central office, or intruders could break into election servers and change previously cast votes.

Now, the authors say that there might be solutions down the road to these kinds of threats, things such as more advanced cryptography, secure software, and even biometrics used as identifiers to verify voters. And they acknowledge that as the population gets more digitally savvy, the pressure will be on to have online voting.

“For the digital generation, unsupervised polling via mobile devices may be the ‘killer app’ of e-voting,” the authors note. “For that to become a reality, device security will still need to be strengthened. Biometrics (such as fingerprint scanning) and two-factor authentication (such as when a bank requires a customer to enter both a password and a code sent to his or her mobile phone) could help solve these issues. Beyond enhanced security and auditability, greater public acceptance of and trust are also essential.”

Ultimately, the authors assert, “the growing percentage of voters who have grown up with digital technology will likely tilt the balance towards online voting—even if that shift initially manifests itself as a mix of online technologies and paper verification to reassure individuals that their vote has been cast and counted as they intended.”

The authors conclude “All this will take time. Broad adoption of most new technologies generally takes longer than technology optimists hope, but it will happen.”

We think, and suspect you agree, that an element missing in that analysis is public policy. Just the mere mention of biometrics, for example, can have policy makers jittery. Any effort to strengthen identification or authentication processes – even for the sake of those who want to vote via their smartphone -- simply invites a political brawl between the voter fraud and the voter rights camps. So, we also know technology alone will not completely answer the challenge of ease and convenience for a Millennial-led mobile, digital society.

This societal impetus toward easier and online voting is exactly why we at The TrustTheVote Project are hammering away as fast as we can at our open-source elections technology framework.  We believe it will support the necessary virtues of delivering verifiable, accurate, (more) secure and transparent elections, at low cost, using off-the-shelf hardware.  We’ll get there, with the invaluable assistance of you, our stakeholders – the elections officials on the front lines of democracy, who we have the privilege of working with every day.

And the race is on to accomplish our work before the demands for online voting overwhelm lawmakers who listen to constituents first, their political advisers and policy experts next, and (sadly not always) the experts later.