Wednesday, October 26, 2016
1310 News radio - The case against Internet voting
I was on Ottawa Today with Mark Sutcliffe from about 11:50 to noon (Oct 26, 2016), the track is online now, to hear me go to timecode 34:33. The interview ends at timecode 43:34.
The one thing I wish I had mentioned is that it's not just my personal opinion that every component needed for an online voting system is not secure (from your desktop or phone, through the network, to an elections vote counting server), it's the consensus evidence from computer scientists who have been researching this issue. It is very unfortunate that in the upcoming McGill electoral reform event and in particular the upcoming uOttawa electoral reform event that has e-voting on the agenda, there are zero computer security experts presenting. You wouldn't have an event about designing bridges without bridge engineers, why is it ok to have a discussion about using technology for voting without software engineers present?
In addition to this blog, you can find me on Twitter @papervote
Sunday, October 23, 2016
iPolitics - Canadians want online voting: poll - comment
(I have also left a similar comment on the EKOS Politics article The Case for Internet Voting,
and this can serve as a partial response to the claims made on 1310 News Ottawa Today with Marc Sutcliffe, Oct 25, 2016 from 10:00 to 11:00, timecode 11:10 to 21:02):
What I hope has roughly the same shelf life as whips and buggies is the idea that we can make tech policy based on opinion polls. Before we send a spacecraft to Mars, we don't poll people for their opinions on whether the Earth orbits the Sun or on the laws of gravity. In the 21st Century, we need to do evidence-based policy. Here's what the computer science and social science evidence says about online voting:
- Widespread use of online voting would enable widespread coercion of voters, including vote buying.
- The innumerable software and hardware components that would be involved in marking, transmitting, receiving and counting an online ballot represent an unreasonably high risk to the chain-of-custody for the ballot.
- Canadian government departments have already been successfully cyberattacked by nation-states.
- Computer security experts warn that online voting is not secure.
- National security experts warn that online voting is not secure.
- Social science evidence indicates that online voting won't increase turnout.
Halifax Votes 2016: E-voting turnout down by more than 10,000 from 2012
In fact, the evidence shows that adding online voting never substantially increases turnout. In a study of online voting in Ontario, Goodman and Stokes conclude
"internet voting is unlikely to solve the low turnout crisis"
Goodman, Nicole and Stokes, Leah C, Reducing the Cost of Voting: An Empirical Evaluation of Internet Voting's Effect on Local Elections (October 6, 2016). Available at SSRN: https://ssrn.com/abstract=2849167
Estonia, a tiny country that is often claimed as a poster child for online voting, had a lower turnout in its national elections in 2015 than Canada did. (Estonia 64.2%, Canada 68.3%)
Claims that online voting will somehow engage young voters are similarly spurious; the evidence shows that it is middle-aged voters who would have voted anyway who vote online. The City of Kitchener’s 2012 report on Internet voting finds that “There is clear evidence that, regardless of geography internet voting does not attract younger voters.” (FCS-12-191 - Alternate Voting - Internet Voting)
Similarly, on the security front, the article proceeds from one assumption unsupported by evidence to another. First "If we can make financial transactions secure". Well actually we can't make financial transactions secure. The core interbanking system SWIFT was compromised and millions of dollars were stolen.
New York Times - Once Again, Thieves Enter Swift Financial Network and Steal http://www.nytimes.com/2016/05/13/business/dealbook/swift-global-bank-network-attack.html - May 12, 2016
Online banking transactions are individually identifiable and reversible. That's why online banking works. When people's banking accounts are hacked - and they are hacked all the time - the charges are reversed by the bank at no cost to the customer. Votes can't be either individually identifiable or reversible. That's one of the core challenges of online voting.
Blockchain isn't a magic bullet for online voting. You can watch Canadian computer scientist Jeremy Clark explain why https://youtu.be/-Uw-JnGIeIE
And it's important to understand hacking isn't some theoretical threat. Core internet services were disrupted just this past week by a Distributed Denial of Service (DDoS) attack.
New York Times - Hackers Used New Weapons to Disrupt Major Websites Across U.S. - http://www.nytimes.com/2016/10/22/business/internet-problems-attack.html - Oct 21, 2016
Canadian government departments including the Finance Department, Treasury Board Secretariat, Defense Research and Development Canada and the National Research Council have all been successfully hacked.
CBC - Foreign hackers attack Canadian government - http://www.cbc.ca/news/politics/foreign-hackers-attack-canadian-government-1.982618 - February 16, 2011
Globe and Mail - Extensive fallout from Chinese hack of National Research Council - http://www.theglobeandmail.com/news/national/records-show-extensive-fallout-from-chinese-hack-of-national-research-council/article31695327/ - Sep 2, 2016
Online polls where you ask people whether they like doing things online are all well and good. But they're not evidence supporting policy on online voting. When the actual evidence is examined, the conclusion is that online voting is a terrible idea.
For more information for a general audience, see
* Why Electronic Voting is a bad idea https://youtu.be/w3_0x6oaDmI
* Online Voting is a cybersecurity nightmare http://www.dailydot.com/layer8/online-voting-cybersecurity-election-fraud-hacking/ - June 10, 2016
* This is why we still can't vote online http://motherboard.vice.com/read/this-is-why-we-still-cant-vote-online - Oct 19, 2016
For a technical audience, you can review the many very real vulnerabilities and successful attacks documented by computer security expert J. Alex Halderman in "Practical Attacks on Real-World E-Voting" https://jhalderm.com/pub/papers/ch7-evoting-attacks-2016.pdf
Reveal podcast examines electronic and online voting issues
Program page with links to iTunes and more information: https://www.revealnews.org/episodes/how-to-really-steal-an-election/
The beginning is a lot about US elections that may not be particularly relevant for a Canadian audience.
Below are some timecodes you can use to jump to various portions of the program:
- 12:07 - electronic voting machines (electronic voting computers) - link
- 18:34 - online voting - link
- 22:57 - Dr. Barbara Simons, computer security expert - link
- 38:24 - issues with postal voting on a Navajo reservation - link