Friday, July 15, 2016
Ottawa Citizen - Why not fight about online voting instead? - comment
I would have to turn on Facebook Platform apps to leave a comment on the Citizen, which isn't going to happen, so I'm putting my comment here instead:
Kudos to Chief Electoral Officer Mayrand for stressing caution.
I'd like to quote part of Mayrand's testimony that illustrates the many challenges with introducing online voting:
"...we have to be careful. We need to look also at security. There are certain characteristics of the vote that we want to preserve: it is confidentiality, it is secrecy, the reliability and the integrity."
There is extensive evidence that we do not currently have the technology to meet the security requirements needed for online voting, nor the ability to maintain the confidentiality we currently get with the paper secret ballot.
A 2014 report from the BC Independent Panel on Internet Voting ( http://www.internetvotingpanel.ca/ ) indicated that
"Internet voting has some significant inherent risks"
"Do not implement universal Internet voting for either local government or provincial government elections at this time."
An extensive investigation conducted by the Parliament of Australia in 2013 ( http://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Electoral_Matters/2013_General_Election/Second_Interim_Report/Chapter_4#safety ) indicated that
"Internet voting is considered by experts to be the most risky and difficult mode of electronic voting to implement."
and concluded that any potential benefits do not outweigh the risks.
You can find a lot more information about this topic in my blog "Paper Vote Canada" ( http://blog.papervotecanada.ca/ )
(The quote from Mayrand is from my manual transcription of his July 7, 2016 testimony, as the official transcript is not yet available.)
You can see previous comments I have left on newspaper articles by selecting the label: newspaper comment.
Presentation at Shopify - Questions to ask about Internet voting
This is a slightly more technical presentation (with tech jokes), presented at Shopify tech talks on July 14, 2016.
I'd like to thank the Shopify audience for asking a lot of good questions.
NOTE: SpeakerDeck disables links in presentations; for clickable links you will have to download the PDF from Share -> Download PDF at https://speakerdeck.com/papervote/questions-to-ask-about-internet-voting-shopify-edition
June 2, 2016 Presentation - Questions to ask about Internet Voting
Friday, July 08, 2016
Estonian Internet voting and turnout myths
Endlessly cited for the advantages of Internet voting is Estonia.
It's very Canadian to always assume some other country's system must be better.
But the reality is that after offering Internet voting for national elections starting in 2007, Estonia had lower turnout in 2015 than Canada.
I'll say that again for emphasis
After almost a decade of offering Internet voting, Estonia had a lower turnout in its 2015 Parliamentary election than Canada did.
|2011 Turnout||2015 Turnout|
Data are from
- Statistics about Internet Voting in Estonia
- Elections Canada - Voter turnout for the 2015, 2011, 2008 and 2006 general elections
- there were staggering gaps in procedural and operational security
- the architecture of the system leaves it open to cyberattacks from foreign powers, such as Russia
July 6, 2016 evidence about online voting (particularly turnout)
Thursday, July 07, 2016
#ERRE questions about online voting - July 7, 2016
Marc Mayrand's opening remarks are also available from Elections Canada.
Also see @kady's liveblog
and her article Why not fight about online voting instead?
in response to which I have posted a comment.
Below are excerpts specific to online voting. Any emphasis (bold italics) in the text is mine.
TRANSCRIPT START - July 7, 2016 - Chief Electoral Officer Marc Mayrand
Mr. John Aldag:
... if we were to look at things like some form of online voting or electronic voting, would the timeline of May 2017 include that kind of introduction, or would it be more of a status quo?
Mr. Marc Mayrand:
I have no plans to introduce online voting for 2019. I would need, certainly, very clear directions in that regard. I think there's still a lot of research to be done, and there are many considerations. That's what I would like to see the committee doing in its work, addressing some of the key considerations and giving us some direction on where we should go and how should we proceed to explore and test online voting at some point. I doubt very much that this could be done by 2019, given the scope of the reform we're looking at. I think that would be a significant burden on capacity.
Unfortunately, we'll have to go to the next question, but it's a good thought, and we can pick up on it in a bit.
I believe so. If we want Canadians to have confidence in the electoral system, we need to make sure it's one they accept.
Let's just say it doesn't seem too difficult.
I'd like to know whether you're considering giving Canadians the option between voting online, similar to electronic tax return filing, and going to the polling station and showing identification.
Mr. Marc Mayrand:
It's very difficult for me to really respond clearly and directly to your question.
I think the one thing that comes to mind first of all is that this committee has a mandate. The other aspect is that these issues require, I think, assessing what the social acceptability of online voting or mandatory voting. I understand that this committee will undertake extensive public consultations over the next short while, looking at these matters and voting systems.
I'm not aware if the procedure and House affairs committee has by tradition undertaken such broad consultations. That's the one caveat I would put out there. I think it's important to have significant consultation on these matters. They are important and directly affect electors.
Mr. Matt DeCourcey:
We observed that students in Fredericton really appreciated being able to vote on campus. That worked out very well.
I wonder if maybe you could share some evidence that demonstrates that engaging young Canadians, those below 18 and those entering adulthood, in education around civic affairs, democratic institutions, voting, helps enhance voter turnout and helps encourage long-term participation in the process. We absolutely want to encourage greater numbers of Canadians voting. I'm convinced of that. Is there any direction you can send us?
Mr. Marc Mayrand:
We can build all sorts of online services, remove all sorts of barriers, but if people don't have the interest, don't have the knowledge, they may not take advantage of the opportunity. I think these things go hand in hand.
Mr. Luc Thériault:
I'd like to know whether you've done any studies in the past on online voting. You are aware of the problems Quebec experienced with that in 2005. I imagine that, even under the current voting system, you would be able to further automate the process or offer online voting. That was my understanding.
Is that correct?
Mr. Marc Mayrand:
We did a fair number of intensive studies for a few years, at the beginning of the decade, and we do indeed have a solid grasp of the issues, the barriers, the possibilities, and the associated risks. I can share that information with the committee.
Ms. Elizabeth May:
... it's an honour again to get to ask a few more questions of you, Mr. Mayrand.
On the online voting question, I've seen in some commentaries that there's a societal benefit in the social cohesion of people collectively experiencing voting, even the lining up—I think we've all had great experiences as voters before we became candidates—and what happens when you're standing in line. Is there any literature on this? Is this a concern to be weighed against the convenience factor of online voting?
Mr. Marc Mayrand:
I've certainly heard about it. I don't recall reading about it. That doesn't mean that it doesn't exist. We can see if we can find anything about it.
Mrs. Sherry Romanado:
On the flip side, if Canada did want to implement online voting—and now I'm talking about folks who are in rural areas who may not have broadband Internet—what would be some of the barriers for our being able to implement something? Again, I bring up maybe lack of Internet or good Internet access.
Could you elaborate on some of the other barriers?
Mr. Marc Mayrand:
Connectivity, even though it's improving all the time, remains an issue in many parts of the country. As I mentioned earlier, electronic tabulation may have its limits for very remote areas for the simple fact that connectivity is not always up to par. I think that's a government as a whole issue that needs to be prioritized. I believe there are various programs to improve broadband access and speedy Internet access across the country and it's an effort that needs to be continued.
Below is my original unofficial transcription. Please use the official transcripts above instead.
Unoffical transcription from ParlVu (meeting 4, 10am).
To Chief Electoral Officer Marc Mayrand
John Aldag - Q "If we were to look at something like online voting, electronic voting, would the timeline of May 2017 include that kind of introduction?"
Marc Mayrand - A "I have no plans to introduce online voting for 2019. ... I think there's still a lot of research to be done, and there are many considerations... [committee] should give [Elections] some direction ... how should we proceed to explore and test online voting at some point. I doubt very much this could be done by 2019 given the scope of the reform we're looking at... would be a significant burden."
Luc Thériault (in translation) - Q "With regards to online voting you said that you would like to have clear guidelines from the committee and I would like to hear a little bit more on this point. What do you foresee as being problematic on this front? We know that voting is a very solemn process, it takes place in private and how then will we manage such issues with online voting?"
Marc Mayrand (in translation) - A "Thank you for the question. Yes we've done some studies on this and I'm delighted to share them with the committee. Obviously technology is changing quickly and so that is something we have to take into consideration, people have been talking about online voting for some time now, I can share these studies with the committee. To my mind one thing that's important though is the social acceptability of online voting, these questions related to security, to vulnerability, we would have to define the parameters of where this vote would be used - would you be able to vote from any computer, or would it still be supervised electronic voting, would you have to vote from a specific place. I think that it would be useful to start to narrow down the focus, narrow down the field. For example we can have postal voting at the moment and that's not a supervised vote, and so are are there risks related to that... [for online voting] would they be any different, could they be mitigated? That's the sort of question that we would have to have a look at & I'd like to have some input on that. If we look at online voting in Canada we see that it is somewhere that progress has been made in the municipalities but it's not something that is done at the provincial level, at the federal level... some studies have been undertaken but we haven't had any new attempts; everyone's had a look at it but everybody seems to be waiting to have some direction from the top to see what it is we should do, where we should go if we want to go ahead with online voting."
Ruby Sahota - Q "What other changes can we make to the Elections Canada Act to ensure that we are inclusive and that we respect all the diversity that we have in Canada."
Marc Mayrand - A "If you want to make a fundamental different in accessibility... you need to really seriously look at online voting. ... If we really want to make a breakthrough, it would be to explore more aggressively online voting - how make it an option for these electors."
Ruby Sahota - Q "You were talking a lot about security and social acceptability, I think that the world is starting to move towards finding it socially acceptable doing online, I mean people make million dollar deals online, and transfer money all the time, so it's hard for me to figure out why we can't figure out a way to vote that's secure online and I think people would come onboard since it would open it up to so many more people."
Chair interjects as Sahota's question time is up.
Sherry Romanado (in translation) - Q "Could you give use a bit more information on ... technology that could be used to improve voting. ..."
Marc Mayrand (in translation) - A "... Rendering this automatic will take a lot of work, however there is no reason for us not to have automated forms and automated voting, this would also guarantee a better compliance, there would be fewer errors, errors would be picked up by the machines used. ..."
Sherry Romanado (in translation) - Q "With regards to online voting, I know that a number of us have already raised the matter, we want there to be a heightened participation amongst Canadians. Currently we can file our taxes online, or on paper, it's not very difficult ... And so do you think that it would be possible to allow Canadians to vote online if they want to, just as we do with our tax returns - but they would still have the option to go to the polling station if they would wish to?"
Marc Mayrand (in translation) - A "To me that is an issue rather of facts. I don't think that in any case we would replace paper voting by online voting, all we would do would be to provide another option for voters, and then voters will be able to choose the one that they want. ... With online voting, there would be positive benefits for certain groups, we have to move forward in a progressive and wary way."
Sherry Romanado - Q "Instead of selecting a specific group to pilot online voting, could we not leave it up to the choice of the Canadians, how they would vote? I can order a pizza online, I can order a Starbucks coffee or charge up my bank account, I can do everything online. On the day of the vote I may be busy, it may be raining, it may be I don't want to go out that day, if I could do it from home, it gives me that option that I don't lose my opportunity to vote. ... I think it could really change the way we do our electoral process, and I would hate to wait another two, three, four elections before we go that route."
Marc Mayrand - A "Well that's where we start going, we have to be careful. We need to look also at security. There are certain characteristics of the vote that we want to preserve: it's confidentiality, it's secrecy, the reliability and the integrity. When we start looking at moving online, I would point out the big difference currently, ... with any other services you get online, the risk of online services currently is [borne] by the provider - if you go online on the bank, you use your MasterCard, somebody [misuses] it or hacks your account, it will be the provider that will cover that off. That's one aspect which does not exist in the voting process. The other aspect is that we lack a universal authentication system in Canada, and without such a thing it's very difficult--you can find some alternatives. The problem we have is that if you get a code with Revenue Canada or with the bank or your PIN, everybody tells you to keep it secret, and you have an interest in keeping it secret, you have a personal interest - I'm not sure we can say the same when it comes to voting."
Chair interjects as Romanado's question time is up.
Any emphasis (bolding) above is mine.
Thanks to @kady's liveblog, which touches on all these conversations in summary.
Financial Times - A vote for online elections - comment
Considering that the Financial Times itself reports "The tools for cyber attacks are so accessible that individuals and private groups, as well as states, can carry out such offensives" it seems extraordinarily unwise to open up voting to these kinds of attacks. (FT quote from Germany points finger at Kremlin for cyber attack on the Bundestag http://www.ft.com/intl/cms/s/0/668a131e-1928-11e6-b197-a4af20d5575e.html )ENDCOMMENT
Sophisticated and in some cases state-sponsored attackers have broken in to White House computers and the Canadian National Research Council. We know this because some of the breaches have been detected and (to the extent possible) repaired. (BBC News - White House computer network 'hacked' http://www.bbc.com/news/technology-29817644 ; BBC News - Canada National Research Council 'hacked by Chinese spies' http://www.bbc.com/news/world-us-canada-28548925 )
Elections cannot be repaired after the fact, and they shouldn't have to be. Online voting increases risk enormously, without providing any benefits. Even if online voting security were extremely good, there would still be the issue of coercion. But time and again when voting technology is examined, the security is inept at best.
The Estonian example is illustrative, for while "officials say that their decade-long experiments have gone very well", an independent report on e-voting in Estonia identified serious concerns including "staggering gaps in procedural and operational security, and the architecture of the system leaves it open to cyberattacks from foreign powers, such as Russia" (Independent Report on E-Voting in Estonia, https://estoniaevoting.org/ )
It is key to choose appropriate technology, not just technology for technology's sake. The paper secret ballot is still the appropriate technology for voting, as no computer system has yet been created that can provide the same combination of security and privacy. I realise this may "seem peculiar" but it is the reality, as leading computer security experts have repeatedly stated, including most recently David Dill of Stanford University (Stanford Engineering, Why Online Voting is a Danger to Democracy http://engineering.stanford.edu/news/david-dill-why-online-voting-danger-democracy )
permalink to comment is http://on.ft.com/25RBV2F - it was posted June 11, 2016
Chief Electoral Officer Mayrand's statement about online voting at #ERRE - July 7, 2016
It is undeniable that many Canadians would benefit from the introduction of online, or Internet voting. Internet voting could make the vote more accessible for various groups such as voters with mobility challenges, including seniors, those with visual impairments and Canadians abroad.
That being said, caution is needed in moving forward to ensure that Canadians continue to have the same high level of trust in the integrity of elections. In this regard, we are not currently planning to offer online voting in 2019.
However, Elections Canada would welcome direction from this Committee in terms of moving forward with research on Internet voting.
In examining this issue, the Committee should consider a number of aspects, including social acceptance and the challenges that online voting present for the integrity and secrecy of the vote. Finally I would ask the Committee to consider the scope of the introduction of online voting, which may include limiting its use to particular groups of electors who would benefit the most from this option, such as those with a disability or Canadians living abroad.from Remarks of the Chief Electoral Officer before the Special Committee on Electoral Reform (ERRE) - July 7, 2016
Emphasis (bolding) in above paragraphs mine.
You can see Marc Mayrand's statements (based on the above) on ParlVu video (requires Flash) from 10:06:53 to 10:08:12.
Wednesday, July 06, 2016
evidence about online voting (particularly turnout)
1. This assumes that social media is a primary medium for Canadians under age 45 to have discussions.
But US social media demographics for online users show that social media is widely used at all ages.
58% of entire adult population
Pew Research Centre - Social Media Update 2014 - Demographics of Key Social Media Platforms - January 9, 2015
So Facebook is basically used by everyone. It's a bit of a strong statement to say "especially those under 45"; one can't assume that social media is the special purview of the young. It also assumes that these tools are used substantially for discussion, rather than for other activities (e.g. entertainment). It seems a very general assertion to make. I would like to see evidence that social media is used by many Canadians, particularly young Canadians, as a primary mechanism for decision-making. However, how social media is used is kind of tangential - of much more concern is the linkage that is made between being online and voting online, which I address in the next section.
2. This assumes that because people (assumed to be young people) use social media online, they will also want online voting and that this will increase participation.
But evidence again and again shows that online voting does not increase participation, by youth or by any voting group. All that happens is that (mostly middle-aged) people who would have voted at a polling station anyway vote online.
Young ontario voters (aged 18-24) more likely to use paper ballots than internet votingabove from Internet Voting Project Twitter - https://twitter.com/ivotingproject/status/660551650000699392 - 31 October 2015
3.100 Advocates also cite current Estonian and Swiss internet voting as
improving equality and voter turnout, convenience and timely vote
counting. However, these examples have either been consistently
undermined in security analyses (in the case of Estonia) or have not been
proven in a general election (in the case of Switzerland).
UPDATE 2016-07-08: For more on Estonian Internet voting, see subsequent blog post Estonian Internet voting and turnout myths. ENDUPDATE
there was no impact on turnout, which actually decreased very slightlyabove from UK Electoral Commission - Official report on internet voting pilot at Rushmoor elections published - June 3, 2008
Internet voting is seen by some as a potential solution to this trend of declining voter turnout. ... While there have been some Internet voting elections where voter turnout has increased, when other factors such as the apparent closeness of the race and interest in particular contests (e.g., a mayoral election without an incumbent) are taken into consideration, research suggests that Internet voting does not generally cause non-voters to vote. Instead, Internet voting is mostly used as a tool of convenience for individuals who have already decided to vote.above from BC Independent Panel on Internet Voting report (PDF) page 12 - February 2014
However, it said, there was no evidence that the trial led to a rise in the overall number of people voting nor that it mobilised new groups, such as young people, to vote.above from BBC - E-voting experiments end in Norway amid security fears - 27 June 2014
At best, [Michael] McGregor said, the evidence is mixed. He sees internet voting as no different than advanced polls in that "it's not increasing turnout, it's just people who are already voting."above from CBC News - Why hi-tech voting has low priority for Canadian elections - September 9, 2015
[Nicole] Goodman's data from municipal elections in the Toronto-area municipality of Markham, which has had internet voting since 2003, found that "those aged 35–64 are the strongest internet voting users in all election years and suggest that online ballots are growing in popularity among older voters while use is waning among younger voters."
above from City of Mississauga report on Internet Voting - Potential enhancements for the 2018 Municipal Election: Internet Voting, Ranked Choice Elections and Vote Anywhere. (PDF) - June 20, 2016
- Statistics indicate that internet voting does not increase voter turnout or youth participation.
I could keep on citing evidence, but you get the idea. Online voting doesn't increase turnout. It doesn't get younger voters voting.
What gets younger voters voting is engagement with the issues. Which is why the turnout increased across the board in the last (totally paper-based) election.
Youth voter turnout increased in every Canadian province and territory in
above from https://twitter.com/ElectionsCan_E/status/743791592306253824/Wow! Youth voter turnout increased in every Canadian province and territory in #elxn42. pic.twitter.com/02YjjNQWuh— Elections Canada (@ElectionsCan_E) June 17, 2016
INTEGRITY AND SECURITY
3. If we're talking about integrity and security there is abundant evidence, which would take far too long to cite here, that putting elections online reduces integrity (in part because it becomes essentially impossible to meaningfully observe any of the process of the election) and dramatically increases the security risk. There are many many such examples in my blog and my Twitter. I'll just use a single quote to illustrate the point:
“We believe that online voting, especially online voting in large scale, introduces great risk into the election system by threatening voters’ expectations of confidentiality, accountability and security of their votes and provides an avenue for malicious actors to manipulate the voting results,” Neil Jenkins, an official in the Office of Cybersecurity and Communications at the [US] Department of Homeland Security, said at a conference of the Election Verification Network this spring.above from Washington Post - More than 30 states offer online voting, but experts warn it isn’t secure - May 17, 2016
The Economist - Online voting could transform Britain’s electorate - comment
Minister Monsef's statement about online voting July 6, 2016
... social media. as that is how many Canadians, especially those under 45, interact and carry on discussions.
In 2016 Facebook, Twitter and similar platforms are not a frivolous novelty but a primary tool to engage with each other and with private and public institutions, and an important resource we can’t overlook.
With that in mind, it is important that the committee will also duly consider other reforms noted in the motion – online voting and mandatory voting – in the work that it does between now and Dec. 1, 2016.
Online voting and similar reforms that embrace the technological advantages we have today should be considered as a way to increase participation by removing barriers that may exist for some Canadians. For others, it may simply represent a preferred form of engaging in the process. At all times though, there should always be a balance between the security and integrity of the voting process.Ottawa Citizen - Monsef: Why Liberals want electoral reform - July 6, 2016 - The text is excerpted from remarks by Democratic Institutions Minister Maryam Monsef to the House of Commons Special Committee on Electoral Reform
The above remarks should become available in the committee transcript within a few days.
You can see her making these statements on ParlVu from 14:20:08 to 14:21:26.
See a subsequent blog post for my analysis, including evidence about online voting (particularly turnout).
Australia - Parliament of Victoria - Inquiry into Electronic Voting
above from http://www.parliament.vic.gov.au/emc/inquiry/419
Twitter: @VicParliament and @VicGovAu
It is a bit frustrating to see these endless inquiries. The Parliament of Australia (which is different from the Parliament of Victoria) held an extensive consultation in 2013. To quote a valid part of an otherwise misguided article in The Australian, the Parliament of Australia inquiry "held 20 hearings and reviewed more than 200 submissions before deciding Australia should stick to its largely paper-based system".
Please stop asking the same question about Internet voting hoping to get a different answer.
The Australian Parliament inquiry is excellent, incidentally.
Parliament of Australia - Inquiry into and report on all aspects of the conduct of the 2013 Federal Election and matters related thereto -
New Brunswick launches voting consultation including Internet voting
The discussion paper is called "Strengthening New Brunswick’s Democracy" and is available from the Government of New Brunswick website (GNB.ca) atA consultation process on overhauling the province's electoral system is being launched by Premier Brian Gallant's Liberal government in time for the 2018 election.The Liberals tabled a 49-page discussion paper in the legislature Tuesday [July 5, 2016], hoping it will serve as a guide for a committee of MLAs that it plans to appoint later this week.The document includes ideas such as online voting, lowering the voting age to 16 years of age from its current 18 years, and changing the way MLAs are elected, including options such as a preferential ballot or a proportional-representation system.
The Internet voting section is pages 18-19.
UPDATE 2016-07-15: I have reviewed the Internet voting section and it is good. It makes it clear there are still lots of risks and unsolved problems. ENDUPDATE
It is also available in print bilingual and in a French PDF, here are the ISBNs
ISBN 978-1- 4605-1033-9 (Print Bilingual)
ISBN 978-1- 4605-1034-6 (PDF English)
ISBN 978-1- 4605-1035-3 (PDF French)
I don't know what the mechanisms for participation will be. I will update this post when I have more information.
I found the news releases
The provincial government has tabled the discussion paper and will ask the legislature to strike a select committee to consider its contents.Government of New Brunswick - Government submits electoral reform options to legislative assembly - July 5, 2016
It is expected that hearings will take place in the fall  with a report due by early 2017. The plan is to allow for any changes to be implemented in advance of the 2018 general election.
Le gouvernement soumet des options de réforme électorale à l’Assemblée législative - 05 juillet 2016
As of July 15, 2016 there is no electoral reform committee listed under Legislative Committees - Select Committees.
For the French version of the discussion paper, see
Vote par Internet - de la page 20 à la page 21 dans « Renforcer la démocratie au Nouveau-Brunswick » (PDF)
The Australian - Election cliffhanger prompts e-Voting rethink - comment
While the counting of paper ballots is slow, all of the complexity is visible to everyone. With an Internet voting system, you would be greatly increasing the complexity and all of the associated possibilities for very complex systems to fail, but hiding all of that increased complexity from voters. This simply distances the voting system even further from citizens. To quote the 2013 Parliamentary inquiry: “It is important that in embracing technology, the secret ballot is not undermined, voter behaviour is not negatively impacted, and confidence in the electoral process and electoral outcomes is not damaged. At a time of debate about community disengagement with political processes, it would be greatly concerning if the method of voting—the one act of participatory democracy that all Australian citizens will definitely engage in—was to further disengage the community from these processes.” 
That is not to mention the risk of the election being hacked, including by other nation states. This is a reality already - China was blamed for a massive hack on a Bureau of Meterology computer  resulting in the government spending an additional $230 million on cybersecurity  .
This leads to the last point, about claimed cost savings. The current paper-based system can be used again and again, year after year, with at most minor modifications. That is not at all the case for any kind of universal electronic voting system. Technology and cyberattacks are constantly changing, which means that any electronic voting system is obsolete the day that it launches. Such a system would have to be continuously and expensively updated for every election, to reflect technology changes and to defend against new types of attacks. That kind of continuous expenditure on information technology is great for the Information Industry, but terrible for government budgets.
 http://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Electoral_Matters/2013_General_Election/Second_Interim_Report/Chapter_4#comment section 4.80
With the slow paper-based count, there has been a flood of articles about Australian e-voting. Unfortunately I'm not able to respond to them all, but the above comment applies generally.
Monday, July 04, 2016
Australia and online voting
there are the “experts” who claim that we shouldn’t implement electronic votingOk, here's the thing: when people are actual experts, you don't put "experts" in quotes. Dr. Vanessa Teague, one of the experts referred to, has written extensively about the topic, including peer-reviewed papers about voting systems and computer security. One can see that from her University of Melbourne faculty page and her Google Scholar profile. To dismiss someone whom Google Scholar reports as having been cited 1064 times by other academics as an "expert" is at best completely misleading.
This style continues in this muddle of a paragraph
All of these things “might” be true but they don’t “necessarily” have to be true and don’t in the end serve as justification for not implementing electronic voting.I really don't know what to say. The statements made by experts are evidence that can be challenged by doing tests. That's science. Putting things in quotes to disparage them is not.
And then we get to the latest bit of technology magic, Blockchain
Blockchain-based voting has the benefit that voting can be done online anonymouslyReally. Anonymously. The Blockchain public ledger, in which every transaction has a user ID attached, enables anonymous voting? How does it do that exactly? How does one ensure that only eligible voters vote, and that the vote that they cast (presumably by posting the vote to the Blockchain) is both verifiable and anonymous, when the user ID must be traceable?
The reality of a vote using the Blockchain is you're posting a traceable vote to a public ledger, which is to say, you're undermining anonymity and enabling coercion.
But Blockchain is in any case the kind of sleight of hand distraction a magician would perform, to distract you from other key activities. In system security, you must ensure that every component of the system is secure, not just one component. Even if Blockchain were somehow a magic crypto solution for storing and checking the vote (which it isn't) you still have to cast the vote. From an actual computer in the real world, not a theoretical computer. And actual computers in the real world, whether they be desktops or mobile devices, are hacked and compromised all the time. In fact the exact same author who just wrote the above quote about Blockchain-based voting's benefits wrote in the article just previous to the voting one that even antivirus security companies can't get security right.
Antivirus software is very complicated. It has to understand the nature of a very large number of different types of files and the different ways in which these files can be altered to escape detection. In order to efficiently process files that may be being written to a disk or arriving via a web link or email, antivirus software usually runs on the computer with extra privileges. This makes the consequence of attacks on this type of software particularly serious. The counter-intuitive result of this is that antivirus software gives malware writers even greater opportunities for attack on a computer than if the software hadn’t been installed in the first place. In security jargon, it actually increases the “attack surface”.That is exactly correct. But if you think antivirus software is very complicated, Internet voting software is vastly more complicated than that. You've got the entire attack surface of the client computer used to cast the votes, and the entire attack surface of the network used to transmit the votes, and the entire attack surface of the servers used to store and count the votes (including Blockchain, which doesn't run on some abstract cloud, but on actual servers or desktops that can be compromised in many ways, including simply capturing enough mining computers to outvote any other writes to the chain).
Recording votes on the blockchain could be combined with two-factor authentication such as that employed by a system used in Utah recently. This system allowed online voting for the Republican Party’s presidential nominee during the recent US primaries.Like the system used in Utah? The one The Guardian reports was "plagued by glitches" where "as many as 13,000 people had tried to sign up but could not because of a variety of technical problems" and "The state party disregarded warnings from prominent computer scientists and from the National Institute for Standards and Technology, which oversees federal certification of voting equipment, that online voting systems are dangerously vulnerable to malware, putting both the integrity and the secrecy of the vote at risk." That system is the one you want to hold up as a model?
I don't know how one can reconcile understanding not increasing attack surface in one article with advocating vastly increasing attack surface in the following one; I'm going to assume it is associated with frustration with what is admittedly a very complex and slow paper-based election process in Australia.
If you want to read some actual thoughtful analysis of online voting in Australia, in addition to Dr. Teague's article and extensive submissions on the topic, I also recommend that there be an extensive examination of the risks and benefits associated with electronic voting in Australia. Oh wait, there already was, by the Australian Parliament in 2013, and they concluded that the benefits don't outweigh the risks. It's an excellent, comprehensive, clear report. And it only puts things in quotes when it is actually quoting people and statements.
Parliament of Australia - Inquiry into and report on all aspects of the conduct of the 2013 Federal Election and matters related thereto -