Wednesday, October 26, 2016

1310 News radio - The case against Internet voting

After I tweeted a blog post response yesterday to an article about online voting and an associated radio interview, 1310 News contacted me for an interview.  I really appreciate their rapid outreach and the opportunity to speak.

I was on Ottawa Today with Mark Sutcliffe from about 11:50 to noon (Oct 26, 2016), the track is online now, to hear me go to timecode 34:33.  The interview ends at timecode 43:34.

The one thing I wish I had mentioned is that it's not just my personal opinion that every component needed for an online voting system is not secure (from your desktop or phone, through the network, to an elections vote counting server), it's the consensus evidence from computer scientists who have been researching this issue.  It is very unfortunate that in the upcoming McGill electoral reform event and in particular the upcoming uOttawa electoral reform event that has e-voting on the agenda, there are zero computer security experts presenting.  You wouldn't have an event about designing bridges without bridge engineers, why is it ok to have a discussion about using technology for voting without software engineers present?

In addition to this blog, you can find me on Twitter @papervote

Labels: , , ,

Sunday, October 23, 2016

iPolitics - Canadians want online voting: poll - comment

Here's my comment on the iPolitics article Canadians want online voting
(I have also left a similar comment on the EKOS Politics article The Case for Internet Voting,
and this can serve as a partial response to the claims made on 1310 News Ottawa Today with Marc Sutcliffe, Oct 25, 2016 from 10:00 to 11:00, timecode 11:10 to 21:02):

What I hope has roughly the same shelf life as whips and buggies is the idea that we can make tech policy based on opinion polls.  Before we send a spacecraft to Mars, we don't poll people for their opinions on whether the Earth orbits the Sun or on the laws of gravity.  In the 21st Century, we need to do evidence-based policy.  Here's what the computer science and social science evidence says about online voting:
Let's take turnout evidence first.  Just last week there was online voting again in Halifax.

Halifax Votes 2016: E-voting turnout down by more than 10,000 from 2012

In fact, the evidence shows that adding online voting never substantially increases turnout.  In a study of online voting in Ontario, Goodman and Stokes conclude

"internet voting is unlikely to solve the low turnout crisis"

Goodman, Nicole and Stokes, Leah C, Reducing the Cost of Voting: An Empirical Evaluation of Internet Voting's Effect on Local Elections (October 6, 2016). Available at SSRN: https://ssrn.com/abstract=2849167

Estonia, a tiny country that is often claimed as a poster child for online voting, had a lower turnout in its national elections in 2015 than Canada did.  (Estonia 64.2%, Canada 68.3%)

Claims that online voting will somehow engage young voters are similarly spurious; the evidence shows that it is middle-aged voters who would have voted anyway who vote online.  The City of Kitchener’s 2012 report on Internet voting finds that “There is clear evidence that, regardless of geography internet voting does not attract younger voters.” (FCS-12-191 - Alternate Voting - Internet Voting)

Similarly, on the security front, the article proceeds from one assumption unsupported by evidence to another.  First "If we can make financial transactions secure".  Well actually we can't make financial transactions secure.  The core interbanking system SWIFT was compromised and millions of dollars were stolen. 

New York Times - Once Again, Thieves Enter Swift Financial Network and Steal http://www.nytimes.com/2016/05/13/business/dealbook/swift-global-bank-network-attack.html - May 12, 2016

Online banking transactions are individually identifiable and reversible.  That's why online banking works.   When people's banking accounts are hacked - and they are hacked all the time - the charges are reversed by the bank at no cost to the customer.  Votes can't be either individually identifiable or reversible.  That's one of the core challenges of online voting.

Blockchain isn't a magic bullet for online voting.  You can watch Canadian computer scientist Jeremy Clark explain why https://youtu.be/-Uw-JnGIeIE

And it's important to understand hacking isn't some theoretical threat.  Core internet services were disrupted just this past week by a Distributed Denial of Service (DDoS) attack.

New York Times - Hackers Used New Weapons to Disrupt Major Websites Across U.S. - http://www.nytimes.com/2016/10/22/business/internet-problems-attack.html - Oct 21, 2016

Canadian government departments including the Finance Department, Treasury Board Secretariat, Defense Research and Development Canada and the National Research Council have all been successfully hacked. 

CBC - Foreign hackers attack Canadian government - http://www.cbc.ca/news/politics/foreign-hackers-attack-canadian-government-1.982618 - February 16, 2011

Globe and Mail -  Extensive fallout from Chinese hack of National Research Council - http://www.theglobeandmail.com/news/national/records-show-extensive-fallout-from-chinese-hack-of-national-research-council/article31695327/ - Sep 2, 2016

Online polls where you ask people whether they like doing things online are all well and good.  But they're not evidence supporting policy on online voting.  When the actual evidence is examined, the conclusion is that online voting is a terrible idea.

For more information for a general audience, see

* Why Electronic Voting is a bad idea https://youtu.be/w3_0x6oaDmI
* Online Voting is a cybersecurity nightmare http://www.dailydot.com/layer8/online-voting-cybersecurity-election-fraud-hacking/ - June 10, 2016
* This is why we still can't vote online http://motherboard.vice.com/read/this-is-why-we-still-cant-vote-online - Oct 19, 2016

For a technical audience, you can review the many very real vulnerabilities and successful attacks documented by computer security expert J. Alex Halderman in "Practical Attacks on Real-World E-Voting" https://jhalderm.com/pub/papers/ch7-evoting-attacks-2016.pdf

Labels: , ,

Reveal podcast examines electronic and online voting issues

Program page with links to iTunes and more information: https://www.revealnews.org/episodes/how-to-really-steal-an-election/

The beginning is a lot about US elections that may not be particularly relevant for a Canadian audience.
Below are some timecodes you can use to jump to various portions of the program:

In the SoundCloud interface above, you need to click your mouse within the soundbar panel to select the start time you want, e.g.

Labels: , , , ,

<- Older Posts - Newer Posts ->

This page is powered by Blogger. Isn't yours?