Monday, February 01, 2010
six years
This month will be the six-year anniversary of PaperVoteCanada. The first post was February 14, 2004.
Labels: meta
article about the Internet voting dialogue
Alice Funke (@punditsguide) has an article in The Hill Times - Online voting won't hike youth turnout, but 'it grows on you,' forum told - February 1, 2010
I'm quoted:
My concerns include:
* for the risk of coercion, they are acknowledging but accepting this - but have we had a serious debate about whether this is a risk that should be accepted?
* for the risk of a recount, they are simply accepting that all you can do is go and look at the digital data (the "data points" as it was described at the event) - there is nothing to actually recount - while this approach has been accepted, I can easily see an aggressive challenge that required a complete end-to-end forensic audit, which would require a level of technical expertise and time that would be, as I said in the quote, hugely expensive AND raise huge trust issues once people realised both how complex and how opaque these systems are
I'm quoted:
“The municipalities are perhaps naive
about the amount of risk they’re assuming,”
warned internet voting security expert Richard
Akerman of the PaperVoteCanada.ca
blog, though. “Very closely contested elections
like Al Franken’s recent race for the U.S. Senate
were only settled because people could
actually see the ballots,” he said. Had it been
conducted over the internet, “the expense of
defending the integrity of that system in the
courts would have been huge,” he claimed.
My concerns include:
* for the risk of coercion, they are acknowledging but accepting this - but have we had a serious debate about whether this is a risk that should be accepted?
* for the risk of a recount, they are simply accepting that all you can do is go and look at the digital data (the "data points" as it was described at the event) - there is nothing to actually recount - while this approach has been accepted, I can easily see an aggressive challenge that required a complete end-to-end forensic audit, which would require a level of technical expertise and time that would be, as I said in the quote, hugely expensive AND raise huge trust issues once people realised both how complex and how opaque these systems are
Labels: elections canada, internet voting, ivotecan
Sunday, January 31, 2010
tweet archive
This is the raw text of my @papervote tweets from the Elections Canada Internet Voting dialogue. (I'm archiving here because these will disappear from Twitter eventually, and also because I realise many of you prefer to get the text here rather than following in real-time or trying to page through Twitter.)
I have flipped the order so it is more readable - it's oldest first.
First tweet is at 8:54 AM Jan 26th 2010 and last one was at 4:56 PM Jan 26th 2010.
There are a total of 276 tweets.
BEGIN TWEETS
am set up on tethering and will be liveblogging under hashtag #ivotecan - there is a media section here but I only see one person so far
Elections Canada communications has very graciously allowed me to sit at the media table and get power for my netbook. #ivotecan
event is being opened #ivotecan - Elections Canada speaker up next
2/3 of Canadians likely to vote online according to recent survey - Elections Canada #ivotecan
lessons Canada can learn from other jurisdictions within Canada and outside Canada #ivotecan
Elections Canada pilot project will test secure voting via Internet for selected groups eg disabled, Canadians in other countries #ivotecan
Elections Canada emphasizing convenience of Internet voting - but "must maintain level of integrity that Canadians expect" #ivotecan
"Internet voting as an online service" #ivotecan - Elections Canada
Group is working on consistent cross-level standards (provincial, national etc.) #ivotecan
members of parliament and other experts reported to be in audience #ivotecan
Prof. Alvarez up next #ivotecan
Prof Alvarez and audience #ivotecan http://twitpic.com/zuo00
Alvarez will talk about American experience, upsides and downsides #ivotecan
Rationale for Internet Voting: evolution in US from handcounted to optiscan to paperless (nonnetworked and networked systems) #ivotecan
electronic technologies also used throughout the elections process in the United States #ivotecan
defining Internet voting: transmission of ballot over network - references his book One Click One Vote #ivotecan - public elections context
EDITORIAL NOTE: I misheard Alvarez, the book is actually Point, Click and Vote: The Future of Internet Voting. He has also written other books on the topic. END EDITORIAL NOTE
both home computer as well as kiosk Internet voting #ivotecan
Why innovate election tech? - turnout, accessibility, security (!), accuracy (!), efficiency, international access, cost #ivotecan
"How can these technologies improve the efficiency and reduce the cost of election administration?" #ivotecan
American experience - elections have vastly decentralised administration - run at the county level - not national #ivotecan
American experience - "complexity of ballots, regulations and procedures" #ivotecan - may be "dozens and dozens" of items
American experience - multiplicity of ballots, in different languages, covering huge number of items to vote upon #ivotecan
American experience - 2000 Presidential election - controversies have continued about use of electronic voting tech #ivotecan
American experience - California Internet Voting Task Force (2000) - has shaped a lot of US thinking #ivotecan
American experience - Internet voting - Alaska Republican party (Jan 2000) - Arizona Democratic party (March 2000) #ivotecan
Internet voting in 2000 Presidential election - 6 million Americans overseas (military, gov etc.) - special voting rights #ivotecan
international voting - mail transit time to and from e.g. Iraq is a big concern - Internet voting reduces transit time #ivotecan
2000 experiment was a proof of concept - focus on feasibility - electronic version of mail voting system #ivotecan - limited # participants
US international Internet voting used PKI credentials for authentication #ivotecan
not a lot of data - 91 registered, 84 voted using international Internet voting system for US in 2000 #ivotecan
"no security breaches found" for 2000 international Internet vote for US #ivotecan
followup: SERVE - Secure Electronic Voting Registration and Voting Experiment - planned to involve as many as 100,000 #ivotecan
SERVE wasn't implemented because in early 2004 study by computer security experts caused it to be cancelled #ivotecan
in early 2004 Michigan Democratic Party allowed online voting - 28.57% online votes of 162,000 votes total #ivotecan
"Controversies regarding electronic voting machines in 2004 and 2006 elections" #ivotecan
"Election admins and stakeholders reluctant to take on risks associated with voting pilots experiments or transitions to new tech" #ivotecan
ODBP - Okaloosa Distance Balloting Project, implemented in 2008. Kiosk voting for UOCAVA citizens at 3 international locations #ivotecan
there were a few problems with Okaloosa tech but tiny number (<100) voters #ivotecan
use of kiosks means you can ensure the kiosk is secure, rather than using insecure personal computers #ivotecan
(for tests) "Without better scientific design, most of the important outcome variables are difficult to assess" including security #ivotecan
"insufficient data collected" based on US Internet voting experiments to date #ivotecan
Security: What are the real vulnerabilities? How can you mitigate vulnerabilities? Need real experiments #ivotecan
next up: panel on Canadian experiences with Internet voting #ivotecan
Nicole Goodman of Carleton moderating and introducing the panel, which will discuss Canadian municipal Internet voting #ivotecan
first up: Markham's Online Voting Experience by Kimberly Kitteringham and Andrew Brouwer (Town Clerk & Deputy Town Clerk) #ivotecan
Markham Internet voting: 2006 election and plans for 2010 #ivotecan
80% of Markham residents have high-speed Internet access #ivotecan
Why online voting: electronic service delivery, multichannel service delivery, changing lifestyles, "new electorate", convenience #ivotecan
municipal turnout hovered around 30% - Internet voting a channel to encourage participation in voting process #ivotecan
online voting a way to enhance participation by people with disabilities #ivotecan - equal access to the electoral process
2003 positive Internet voting experience positive, recommended online voting for 2006 #ivotecan
Principles identified: security, accuracy, privacy, authentication/verification #ivotecan
Independent Risk Analsys by Henry Kim of York University; Gartner Group security review of IT platform #ivotecan
Dr. Kim found "similar reasonable risks" with two-step voting to in-person voting, and better characteristics than mail-in voting #ivotecan
Partnered with Election Systems & Software (ES&S) for provision of online voting; security of platform verified by Gartner Group #ivotecan
Comprehensive communications plan about Internet voting / voter awareness provided by Delvinia Interactive #ivotecan
2006 online voting only available during early voting period #ivotecan
reporting positive numbers >75% satisfaction from Delvinia survey #ivotecan found it convenient, voted from home
approx 6000 voted online in 2003, approx 10,000 voted online in 2006 #ivotecan
Change in online voting: earlier campaigning, be clear about ID requirements, change in nature of scrutineer function #ivotecan
scrutineers obviously cannot see voters receive and cast their ballot, unlike in-person voting #ivotecan
2010 Markham issuing RFP for online and tabulator vote systems - 3rd party review of online voting security - access plan #ivotecan
Markham "online voting viewed by staff as continued opportunity for service excellence and civic engagement" #ivotecan
Halifax Regional Municipality (HRM) Internet voting experience next up #ivotecan
Cathy Mellet, Acting Clerk/Manager, HRM #ivotecan
HRM covers large physical area, estimated to have population over 410k by 2012 #ivotecan
4 year "e-voting journey" starting in 2004 - Jan 2007 council approved Internet/phone advance voting with "2 levels of ID verify" #ivotecan
discussing mitigating risks while taking advantage of opportunities #ivotecan
RFP in 2007, selected Intelivote for HRM #ivotecan - had to change Municipal Elections Act and HRM by-law to permit
2008 event demographics 279,000 electors; advance voting: 10% of eligible, 28% of votes cast, 88% used Internet. #ivotecan
"engagement matters to voters" HRM #ivotecan
Principles Balance: accessibility vs scrutiny, engagement vs. integrity, convenience vs security... #ivotecan
objectives: ensure integrity, ensure compliance with regulations... #ivotecan
Partnership with Elections Nova Scotia & vendor #ivotecan
HRM election system & data transfer to vendor #ivotecan - also needed support/help centre and contingency plan
something about firewalls but presentation is going way too fast for me to keep up #ivotecan
voter identification "2 shared secrets" - mailed out password + voter birthdate #ivotecan
Sept 2009 special election - "complete internet voting from advance voting to election day" - "realtime voters list", kiosk #ivotecan
"substantially increased turnout" for special election (30% vs. 10% in previous special elections) HRM #ivotecan
e-voting works, well received, cost effective, greener #ivotecan
Jon McKinstry, Sales Manager, Dominion Voting Systems - presenting City of Peterborough story #ivotecan
Peterborough population 75,600. Internet voting 4400 registered, 3500 cast a vote, total 7% of votes were cast over Internet #ivotecan
if you registered for online but didn't vote over Internet, you could still come and vote in person #ivotecan
reasons: leader in delivery of voting systems, embrace tech, increase voter participation, adapt to changing lifestyles #Ivotecan
spike in demographics for Internet voting actually people 40-50, didn't actually have a peak in younger voters #ivotecan
needed realtime strikeout of voters list so that you couldn't vote online and then vote again in person #ivotecan
wanted a system that would consolidate votes from optical scan and internet voting #ivotecan
Principles: ... going too fast for me to keep up #ivotecan
independent security audit of Dominion Voting by Digital Boundary Group (London, Ontario) #ivotecan
again a shared secret system with the secret being the year of birth being the "secret" along with a preselected q/a #ivotecan
PIN number through regular postal mail or encrypted email #ivotecan
audit: password strength, denial of service, injection, ensure intrusion detection in place, system security vulnerability scans #ivotecan
audit reported "Dominion system was a very secure solution" #ivotecan
vote: elector ID + PIN number, separate website, answer preselected question set at reg time, ?enter birthdate? (not mentioned) #ivotecan
Peterborough - ease of use - could cast ballot for 5 days, 24 hours a day #ivotecan
election help desk as well as 1-800 call centre provided by vendor #ivotecan ("about 100 calls came in")
computers also provided at city hall, library, other sites #ivotecan
enhanced features: accessible ballot with zoom, audio, JAWS compatibility #ivotecan
Lessons learned: important for officials to have "complete understanding" of process and technology #ivotecan
Lessons: important to have dedicated marketing, increase number of laptops, run longer (from advance to election day) #ivotecan
approx 15 minutes for questions #ivotecan
am sitting next to @punditsguide
Q to panel from @punditsguide : privacy - 1 destruction of e-ballots? (e-ballot could be
linked back to individual) #ivotecan
Q to panel from @punditsguide : 2 what about voters being coerced at home #ivotecan
Markham: unsupervised voting - one person in a household could do all the voting - part of the risk assessment ... #ivotecan
Markham: unsupervised voting "a risk we were willing to accept" - used education about one person, one vote, secrecy of vote #ivotecan
?Markham? - how are online ballots handled - retained for same duration as paper ballot #ivotecan
?Markham? - paraphrase: no way to connect an individual voter to how they voted in the system #ivotecan
HRM - created substantial penalitys ($10k, 2y in jail) for voter fraud, collusion, or influencing #ivotecan
HRM - asked for certificate of destruction for online ballots from vendor #ivotecan
HRM - "two separate systems" that ensure no connection between voter and votes cast #ivotecan
Q City of Toronto: How do you handle recounts? #ivotecan
Halifax - recount = paraphrase "reopen the encrypted file and look at the data points" #ivotecan
Q City of Toronto: do you capture a (screen) image of the vote as cast? A from HRM: no we just record a data point #ivotecan
A on recount from Markham: "an electronic recount of an electronic vote" #Ivotecan
something about "data as recorded when polls closed and put on memory stick for auditor" ? #ivotecan
Jeremy Clark from Waterloo - privacy question - what kind of data is kept about timing of votes - ... #ivotecan
Jeremy Clark... if you keep timing info you can look at vote time and vote recorded and correlate to figure out who cast what vote #ivotecan
answer from panel: timing is kept, it is a risk but ... someone internal would have to do this attack #ivotecan
Q from Elections Ontario: is a preaudit done - is it possible to test the system before event - and is there postevent test #ivotecan
A from HRM - "audit ballots" cast before, during and after election #ivotecan - realtime tests of the system
A from Peterborough - security tests in advance, intrusion tests etc. #ivotecan
A from Markham: similar process to Halifax #ivotecan
Q: load testing? A from HRM: yes, Oracle platform not even stressed, a non-event. Markham: similar to Halifax #ivotecan
Q did you survey people who didn't use the system? do you know why people registered to vote online but didn't? #ivotecan
A from Markham: survey appeared online right after you voted online #ivotecan
EDITORIAL NOTE: At this point I hit an unexpected Tweet cap for a new account (128 tweets). For the rest of the morning I had to move to liveblogging on FriendFeed. I will try to integrate that reporting here later, but for now you can see it by paging through http://friendfeed.com/electronic-voting-in-canada (which also includes some of these tweets)
END EDITORIAL NOTE
tweeted so much, so fast, from this new account that I got temporary twitter lockout. morning reporting at: http://bit.ly/84ynMb #ivotecan
@kirkschmidt there was a Q "risk of internal staff", the response from HRM was "this is a risk we've always had to deal with" #ivotecan
@pmarchi No one has a good (technical) answer to the coercion issue. HRM made coercion "more illegal" with $10k fine, 2y prison. #ivotecan
Just wanted to mention @punditsguide has been doing a great job of tweeting this very fast-moving event. #ivotecan
@jasonkitcat Yeah and in fact several speakers have said convenience mostly helps save existing voters time, no big turnout boost. #ivotecan
I have blogged a brief summary this this morning's very fast, info-packed set of presentations: http://bit.ly/aqPSjY #ivotecan
Tech considerations session presenters: marketer, vendor, open-source guy, tech guy (Peter Wolf of IDEA, Masters in Computer Eng) #ivotecan
Tech considerations panel: Peter Wolf stuck in snowstorm in Frankfurt or something. #ivotecan Projector also not working (tech irony).
Wolf's notes: trust, transparency, but no external evidence of system's correct operation. Hence systems depend on public trust. #ivotecan
Wolf asserts you must then extend greater trust to the entire electoral system as well as have auditors #ivotecan
Wolf: Internet voting - client computer - "nobody can know if this computer can be trusted" #ivotecan
Wolf: observers would like to get insight into operation of systems, and computer security experts may be fundamentally opposed #ivotecan
It's too bad Wolf isn't here, because his notes raise many excellent points. #ivotecan
Wolf: trade secrets may block trust in system, ability to observe operation, due to black boxes e.g. operating systems, code #ivotecan
Wolf: Opening the Black Box. Norway - public access to source codes. Council of Europe - certification guidelines / standards #ivotecan
My editorial comment: it doesn't matter if your source code is open, you can't prove that's the code that is running. #ivotecan
Wolf: commercial vendors were willing to divulge codes if made a condition of Internet voting contracts #ivotecan
Wolf: lack of common standards for certification - issue recognized by Council of Europe #ivotecan
Wolf: sequoia source code released in USA (editor's note: just google that term to find out the results of analysis of the code) #ivotecan
Adam Froman: Delvinia Interactive - marketer/comms for Markham Internet voting #ivotecan
Adam Froman admits up front he doesn't know or care about the technology. He's going to talk about the voter experience. #ivotecan
Delvinia got CANARIE grant to study the use of broadband tech for municipal services - brought $200k to the table for Markham #ivotecan
@zippyFX it's not hard to write a trojan that sends a response back claiming to be the correct software
Delvinia positioning Internet voting as an option, not a replacement for traditional paper vote #ivotecan
Delvinia studied voter attitudes. And also worked on the voter outreach. Including education about registration changes #ivotecan
Delvinia - 2003 - interactive guides - but there's a general need for voter education, regardless of whether they're voting online #ivotecan
Delvinia - web site satisfaction survey - postpolling, online surveys #ivotecan
[ED COMMENT:] In case people don't know Canadian system: scrutineers from all parties watch the open counting of the paper ballots. Many eyes. #ivotecan
Delvinia - with advanced poll, sometimes politicians would show up at people's doors and discover they had already voted #ivotecan
Delvinia: voter registration process was main barrier to Internet voting #ivotecan
@zippyFX the trojan hides in the query stream and lies. Gives the correct CRC, size, response. See e.g. rootkits.
over 90% of people who voted online in Markham said they would be interested in voting in Federal election #ivotecan
Delvinia guy makes "tech is a part of people's lives" argument #ivotecan My counterargument: educate them about the risks of Internet vote.
Delvinia has a point that the new political engagement is a "digital dialogue" with citizens. Engagement beyond vote #ivotecan
Editorial comment: don't mix social media engagement with the need to secure one-time voting experience #ivotecan
Dean Smith of Intelivote also says he will not talk about the tech side of things at all #ivotecan Small Nova Scotia company.
getting sales pitch for Intelivote now #ivotecan
Intelivote assists in writing electronic voting legislation for countries (!) #ivotecan
Intelivote - integrated polling stations, telephone and Internet voting #ivotecan
Intelivote - pitch is "more choice" #ivotecan
talking about components of election system: help center, auditors, Intelivote control, electors, candidates, officials #ivotecan
components of election system diagram shows "Intelivote system" in centre of everything, which kinda freaks me out #ivotecan
Intelivote considers it a benefit that you can vote from anywhere in the world #ivotecan
Intelivote - anecdotal report about first time visually disabled voters were able to cast vote on their own thanks to technology #ivotecan
Intelivote - 2009 by-election "almost 70% voted electronically" is I think what he said #ivotecan
33 municipal elections in Ontario used Internet and/or phone voting #ivotecan "Canada as a leader" rhetoric coming from Intelivote
Speaking of rhetorical questions: Intelivote - "Why are Canadians so open to eVoting?" #ivotecan
Intelivote pitch: choice, flexibility, immediate, auditable results, voter intent clear - no spoiled ballots, enviro friendly #ivotecan
Intelivote pitch (continued): don't have to staff polling stations #ivotecan
Jason Gallagher: open source vs. propriety in 10 minutes or less #ivotecan
err vs. proprietary that is #ivotecan
defines source code #ivotecan
Gallagher explains in proprietary code, you never get to see the source code #ivotecan
looks like @punditsguide has hit a status update limit as well. have directed to http://friendfeed.com/electronic-voting-in-canada
Gallagher explaining open source software - allows peer review of software, no vendor lockin, gives rights to software users #ivotecan
Gallagher: free to modify open source, don't have to rely on vendor #ivotecan
Gallagher: why open source for voting - transparency, not a black box, accountability, auditability, security #ivotecan
Gallagher: how can shared source code be secure? paraphrase "many eyes make bugs shallow" - don't rely on secrets #ivotecan
Gallagher: there will always be hackers, but if your system is open, you also allow people to help you to improve #ivotecan
Gallagher: proprietary advantages - ready made ./ off the shelf, someone to blame if it goes wrong #ivotecan
Q from ? Alex Sussex ? Univ of Ottawa: everyone can witness paper ballot tally. "you can't actually see software occuring" #ivotecan
Q (continued): what role do candidates play in the observability of the tally? #ivotecan
Q (continued): you don't know what's going on inside the system... what role do candidates play to convince the voters #ivotecan
A from Intelivote: candidates want to be involved... the module shows people being struck off the voters list as they vote #ivotecan
A from Intelivote: no equivalent role for scrutineers in electronic world - no recount #ivotecan
A from Delvina: you're asking the wrong question. Should be "What would you need to see equivalent to paper voting?" #ivotecan
Editorial comment: there is no equivalent to observing the internals of the system analogous to scrutineer role #ivotecan
A from computer security researcher who asked original question: "there are new ways that allow voters to engage in the auditing" #ivotecan
Intelivote: system observing itself is "placebo effect" - one electronic process is observing another electronic process #ivotecan
Intelivote does allow peer review of its code #ivotecan
Intelivote uses randomization to avoid matching timestamps to determine who voted for whom #ivotecan
Q: how do panel see Internet voting rolling out across Canada #ivotecan
A from Intelivote: says Canada (and by extension Intelivote) has reputation and experience #ivotecan
Delvinia guy says you can use open source if you have the resources to build the solution #ivotecan
Editorial summary: Intelivote guy argues "reputation and experience", Delvinia guy argues "it's inevitable anyway" #ivotecan
Q from Elections Quebec: is there established, audited open source software available #ivotecan
A: one example in Australia, project has since been cancelled. Professor found error in source code. was fixed. #ivotecan
A from Tarvi: not about open source - about auditability and transparency. Estonia does not publish its source code. #ivotecan
A from Tarvi: Estonia ready "at any second" to sign NDA and provide code for auditing purposes #ivotecan
A from Tarvi about client side code: could be very easy to create malicious client side app - don't give out client side code #ivotecan
A from the audience: more open source - Scantegrity open source system, open voting consortium, ?OSEB? - DRE software #ivotecan
break and then roundtable discussion #ivotecan
observations from Alex Treschel - should do trials, with Canada-specific-research and analysis of the results #ivotecan
Alex Treschel - make sure you are not generalising from very small data sets or experiments #ivotecan
Alex Trechsel - cautions against generalising even from e.g. Halifax to other Canadian municipalities #ivotecan
Tom Hawthorn - when is it right to move? should we lead new tech (in elections) or follow well established technologies? #ivotecan
Tom Hawthorn - experience in UK was that perhaps they hadn't thought things completely through #ivotecan
Tom Hawthorn but if you wait too long, you may miss an opportunity #ivotecan
Tom Hawthorn - need to understand who is driving the process, who is holding the budget - better if electoral admins drive #ivotecan
Tom Hawthorn - place development of voting systems / software in an international context rather than individual countries #ivotecan
Tom Hawthorn - should develop common understanding and set of benchmarks #ivotecan
Tarvi Martens - electoral system is about trust. holds the same for evoting as for paper. #ivotecan
Tarvi Martens - example of failure in Netherlands. example of failure in Lithuania due to suggesting banking credentials #ivotecan
Tarvi Martens - example of failure in ?Finland? - if you screw up deployment, you will be set back a decade or more #ivotecan
Tarvi Martens - if the deployment of your system, including the user part, does not build trust, you will fail #ivotecan
Tarvi Martens - asserts user identity is critical to system (not surprising since he is expert on computer credentials) #ivotecan
Tarvi Martens - password based systems or weak credentials are easy to attack #ivotecan
Tarvi Martens - if people succeed in compromising your system, you will have a huge setback in trust #ivotecan
Jon Pammett: a wide variety of "policy laboratories" in Canada for Internet and other voting systems experimentation #ivotecan
Jon Pammett: not an expert in tech, wondering if Internet voting will increase turnout, but it seems based on today it won't #ivotecan
Jon Pammett: Internet voting doesn't appear to address voter engagement, which is the true driver of turnout #ivotecan
Jon Pammett: concerned about (my words) consequences of Internet voting road not taken #ivotecan
[ED COMMENT:] argument from panel that mixes "tech use" with youth. In my opinion, this is a false mix. Young people are not tech experts. #ivotecan
Editorial comment: I think there needs to be better research into what actually drives voting, rather than speculating #ivotecan
Q from @punditsguide: Canada examples are municipalities which are low turnout, not highly contested elections #ivotecan
Q @punditsguide: how will this work in a much more competitive election where votes are closer #ivotecan
Q (U Calgary): assess evoting based on increased efficiency? (code for saving money) - but if used in advance voting... #ivotecan
Q (U Calgary, contd) will increase cost of elections without noticeable effect on voter turnout? #ivotecan
Q (U Calgary, 2nd question): where research has been done on impact by age, no positive impact in bringing youth vote #ivotecan
Q (U Calgary, 2nd q): seems that Internet vote is mostly middle-aged turnout. #ivotecan
Q (U Calgary): seems like greater cost and no greater turnout - then what is justification for Internet voting? #ivotecan
A (Jon): age profile data is from municipalities - young people not engaged in municipal politics #ivotecan
@jasonkitcat seems to be a dialogue between desire for turnout and issues about trust #ivotecan
A (Jon): in competitive elections - possibly true people would be more likely to attack systems #ivotecan
A (Alex): in competitive elections higher risk - try it out in less competitive contexts too (and remember Swiss cap evote at 10%) #ivotecan
A (Alex): (not exact quote) "doesn't cost that much, comparitively" for "making people happier in democracy" #ivotecan
A (Alex): also remember youth never had high turnout, but it is dramatically low in e.g. Canada #ivotecan Internet voting not a panacea
A (Tarvi): to use Internet voting in Federal election for the first time is a bad idea - start small #ivotecan
A (Tarvi): Estonia formed a group of IT security experts, every step was security, security, security #ivotecan
A (Tarvi): Estonia knew exactly the potential failure points, the risks #ivotecan
A (Tarvi): if you haven't done your security due diligence, hackers can expose issues and destroy trust in your system as in NL #ivotecan
A (Tarvi): if you reuse your system, then over the long term the costs are lower #ivotecan
A (Tarvi): Internet voting not to increase turnout, it's to PRESERVE the turnout #ivotecan
A from Markham: cost for Internet voting were "quite small", "reasonable" #ivotecan
A from Markham: did see increased turnout #ivotecan not enough data to attribute directly to Internet voting
A from Markham: hackers "a cynical argument" against Internet voting, look at opportunities instead #ivotecan
A from HRM: if you can decrease the number of poll locations you decrease cost and "risk" (training / staff risk) #ivotecan
Comment (Nicole Goodman?): We don't know how any particular Internet voting model will work in any jurisdiction, need trials #ivotecan
Comment: yes there will be a large upfront cost, and there should be since it needs to be done right #ivotecan
Comment: cheaper over the long term #ivotecan
Comment: we can't fix turnout with Internet voting but there is no one solution, young people are not homogeneous group #ivotecan
Editorial comment: cheaper over time is hard considering you need 24/7 physical & net security for data centre 365 days/yr #ivotecan
Q: what are the main arguments against Internet voting? #ivotecan (other than security)
Q (Elections Canada): can academics map when a region is "mature" enough to go on an Internet voting route #ivotecan
A (Tom): Germany ruled use of Internet voting unconstitutional as it was inherently un-understandable by avg citizen #ivotecan
A (Tom): no one knows what the cost model is going to be in the future. may see some new kinds of costs #ivotecan
A (Tom): new costs = auditors, consultants, security experts - could be very expensive #ivotecan
A (Tom): most people in elections systems are not experts in electronic systems / security design - maybe they need to be #ivotecan
A (Tarvi): in Estonia Internet voting was challenged about uniformity of voting #ivotecan
A (Tarvi): ruling was that multiple times to vote over-rides privacy concerns (not sure I understand his answer) #ivotecan
A (Alex): groups in Geneva were strongly opposed to Internet voting (computer security experts) #ivotecan
A (Alex): in Geneva they engaged in a dialogue with the computer security experts #ivotecan
http://www.e-voting.cc/ - Internet voting conference, models #ivotecan
A: an argument against Internet voting - voting in person is a communal experience #ivotecan
Editorial comment: first mention today of compulsory voting as a direction for turnout and
engagement #ivotecan
audience comment: 8 million voters in Ontario, 800000 will be voting "electronically" - "it's happening" #ivotecan
I think it's the Intelivote guy: cost savings of electronic voting #ivotecan
aaaand we're done #ivotecan
@jasonkitcat I didn't get a strong sense of a driver other than "seems like a good thing to try"
@punditsguide good to meet you as well
END TWEETS
I have flipped the order so it is more readable - it's oldest first.
First tweet is at 8:54 AM Jan 26th 2010 and last one was at 4:56 PM Jan 26th 2010.
There are a total of 276 tweets.
BEGIN TWEETS
am set up on tethering and will be liveblogging under hashtag #ivotecan - there is a media section here but I only see one person so far
Elections Canada communications has very graciously allowed me to sit at the media table and get power for my netbook. #ivotecan
event is being opened #ivotecan - Elections Canada speaker up next
2/3 of Canadians likely to vote online according to recent survey - Elections Canada #ivotecan
lessons Canada can learn from other jurisdictions within Canada and outside Canada #ivotecan
Elections Canada pilot project will test secure voting via Internet for selected groups eg disabled, Canadians in other countries #ivotecan
Elections Canada emphasizing convenience of Internet voting - but "must maintain level of integrity that Canadians expect" #ivotecan
"Internet voting as an online service" #ivotecan - Elections Canada
Group is working on consistent cross-level standards (provincial, national etc.) #ivotecan
members of parliament and other experts reported to be in audience #ivotecan
Prof. Alvarez up next #ivotecan
Prof Alvarez and audience #ivotecan http://twitpic.com/zuo00
Alvarez will talk about American experience, upsides and downsides #ivotecan
Rationale for Internet Voting: evolution in US from handcounted to optiscan to paperless (nonnetworked and networked systems) #ivotecan
electronic technologies also used throughout the elections process in the United States #ivotecan
defining Internet voting: transmission of ballot over network - references his book One Click One Vote #ivotecan - public elections context
EDITORIAL NOTE: I misheard Alvarez, the book is actually Point, Click and Vote: The Future of Internet Voting. He has also written other books on the topic. END EDITORIAL NOTE
both home computer as well as kiosk Internet voting #ivotecan
Why innovate election tech? - turnout, accessibility, security (!), accuracy (!), efficiency, international access, cost #ivotecan
"How can these technologies improve the efficiency and reduce the cost of election administration?" #ivotecan
American experience - elections have vastly decentralised administration - run at the county level - not national #ivotecan
American experience - "complexity of ballots, regulations and procedures" #ivotecan - may be "dozens and dozens" of items
American experience - multiplicity of ballots, in different languages, covering huge number of items to vote upon #ivotecan
American experience - 2000 Presidential election - controversies have continued about use of electronic voting tech #ivotecan
American experience - California Internet Voting Task Force (2000) - has shaped a lot of US thinking #ivotecan
American experience - Internet voting - Alaska Republican party (Jan 2000) - Arizona Democratic party (March 2000) #ivotecan
Internet voting in 2000 Presidential election - 6 million Americans overseas (military, gov etc.) - special voting rights #ivotecan
international voting - mail transit time to and from e.g. Iraq is a big concern - Internet voting reduces transit time #ivotecan
2000 experiment was a proof of concept - focus on feasibility - electronic version of mail voting system #ivotecan - limited # participants
US international Internet voting used PKI credentials for authentication #ivotecan
not a lot of data - 91 registered, 84 voted using international Internet voting system for US in 2000 #ivotecan
"no security breaches found" for 2000 international Internet vote for US #ivotecan
followup: SERVE - Secure Electronic Voting Registration and Voting Experiment - planned to involve as many as 100,000 #ivotecan
SERVE wasn't implemented because in early 2004 study by computer security experts caused it to be cancelled #ivotecan
in early 2004 Michigan Democratic Party allowed online voting - 28.57% online votes of 162,000 votes total #ivotecan
"Controversies regarding electronic voting machines in 2004 and 2006 elections" #ivotecan
"Election admins and stakeholders reluctant to take on risks associated with voting pilots experiments or transitions to new tech" #ivotecan
ODBP - Okaloosa Distance Balloting Project, implemented in 2008. Kiosk voting for UOCAVA citizens at 3 international locations #ivotecan
there were a few problems with Okaloosa tech but tiny number (<100) voters #ivotecan
use of kiosks means you can ensure the kiosk is secure, rather than using insecure personal computers #ivotecan
(for tests) "Without better scientific design, most of the important outcome variables are difficult to assess" including security #ivotecan
"insufficient data collected" based on US Internet voting experiments to date #ivotecan
Security: What are the real vulnerabilities? How can you mitigate vulnerabilities? Need real experiments #ivotecan
next up: panel on Canadian experiences with Internet voting #ivotecan
Nicole Goodman of Carleton moderating and introducing the panel, which will discuss Canadian municipal Internet voting #ivotecan
first up: Markham's Online Voting Experience by Kimberly Kitteringham and Andrew Brouwer (Town Clerk & Deputy Town Clerk) #ivotecan
Markham Internet voting: 2006 election and plans for 2010 #ivotecan
80% of Markham residents have high-speed Internet access #ivotecan
Why online voting: electronic service delivery, multichannel service delivery, changing lifestyles, "new electorate", convenience #ivotecan
municipal turnout hovered around 30% - Internet voting a channel to encourage participation in voting process #ivotecan
online voting a way to enhance participation by people with disabilities #ivotecan - equal access to the electoral process
2003 positive Internet voting experience positive, recommended online voting for 2006 #ivotecan
Principles identified: security, accuracy, privacy, authentication/verification #ivotecan
Independent Risk Analsys by Henry Kim of York University; Gartner Group security review of IT platform #ivotecan
Dr. Kim found "similar reasonable risks" with two-step voting to in-person voting, and better characteristics than mail-in voting #ivotecan
Partnered with Election Systems & Software (ES&S) for provision of online voting; security of platform verified by Gartner Group #ivotecan
Comprehensive communications plan about Internet voting / voter awareness provided by Delvinia Interactive #ivotecan
2006 online voting only available during early voting period #ivotecan
reporting positive numbers >75% satisfaction from Delvinia survey #ivotecan found it convenient, voted from home
approx 6000 voted online in 2003, approx 10,000 voted online in 2006 #ivotecan
Change in online voting: earlier campaigning, be clear about ID requirements, change in nature of scrutineer function #ivotecan
scrutineers obviously cannot see voters receive and cast their ballot, unlike in-person voting #ivotecan
2010 Markham issuing RFP for online and tabulator vote systems - 3rd party review of online voting security - access plan #ivotecan
Markham "online voting viewed by staff as continued opportunity for service excellence and civic engagement" #ivotecan
Halifax Regional Municipality (HRM) Internet voting experience next up #ivotecan
Cathy Mellet, Acting Clerk/Manager, HRM #ivotecan
HRM covers large physical area, estimated to have population over 410k by 2012 #ivotecan
4 year "e-voting journey" starting in 2004 - Jan 2007 council approved Internet/phone advance voting with "2 levels of ID verify" #ivotecan
discussing mitigating risks while taking advantage of opportunities #ivotecan
RFP in 2007, selected Intelivote for HRM #ivotecan - had to change Municipal Elections Act and HRM by-law to permit
2008 event demographics 279,000 electors; advance voting: 10% of eligible, 28% of votes cast, 88% used Internet. #ivotecan
"engagement matters to voters" HRM #ivotecan
Principles Balance: accessibility vs scrutiny, engagement vs. integrity, convenience vs security... #ivotecan
objectives: ensure integrity, ensure compliance with regulations... #ivotecan
Partnership with Elections Nova Scotia & vendor #ivotecan
HRM election system & data transfer to vendor #ivotecan - also needed support/help centre and contingency plan
something about firewalls but presentation is going way too fast for me to keep up #ivotecan
voter identification "2 shared secrets" - mailed out password + voter birthdate #ivotecan
Sept 2009 special election - "complete internet voting from advance voting to election day" - "realtime voters list", kiosk #ivotecan
"substantially increased turnout" for special election (30% vs. 10% in previous special elections) HRM #ivotecan
e-voting works, well received, cost effective, greener #ivotecan
Jon McKinstry, Sales Manager, Dominion Voting Systems - presenting City of Peterborough story #ivotecan
Peterborough population 75,600. Internet voting 4400 registered, 3500 cast a vote, total 7% of votes were cast over Internet #ivotecan
if you registered for online but didn't vote over Internet, you could still come and vote in person #ivotecan
reasons: leader in delivery of voting systems, embrace tech, increase voter participation, adapt to changing lifestyles #Ivotecan
spike in demographics for Internet voting actually people 40-50, didn't actually have a peak in younger voters #ivotecan
needed realtime strikeout of voters list so that you couldn't vote online and then vote again in person #ivotecan
wanted a system that would consolidate votes from optical scan and internet voting #ivotecan
Principles: ... going too fast for me to keep up #ivotecan
independent security audit of Dominion Voting by Digital Boundary Group (London, Ontario) #ivotecan
again a shared secret system with the secret being the year of birth being the "secret" along with a preselected q/a #ivotecan
PIN number through regular postal mail or encrypted email #ivotecan
audit: password strength, denial of service, injection, ensure intrusion detection in place, system security vulnerability scans #ivotecan
audit reported "Dominion system was a very secure solution" #ivotecan
vote: elector ID + PIN number, separate website, answer preselected question set at reg time, ?enter birthdate? (not mentioned) #ivotecan
Peterborough - ease of use - could cast ballot for 5 days, 24 hours a day #ivotecan
election help desk as well as 1-800 call centre provided by vendor #ivotecan ("about 100 calls came in")
computers also provided at city hall, library, other sites #ivotecan
enhanced features: accessible ballot with zoom, audio, JAWS compatibility #ivotecan
Lessons learned: important for officials to have "complete understanding" of process and technology #ivotecan
Lessons: important to have dedicated marketing, increase number of laptops, run longer (from advance to election day) #ivotecan
approx 15 minutes for questions #ivotecan
am sitting next to @punditsguide
Q to panel from @punditsguide : privacy - 1 destruction of e-ballots? (e-ballot could be
linked back to individual) #ivotecan
Q to panel from @punditsguide : 2 what about voters being coerced at home #ivotecan
Markham: unsupervised voting - one person in a household could do all the voting - part of the risk assessment ... #ivotecan
Markham: unsupervised voting "a risk we were willing to accept" - used education about one person, one vote, secrecy of vote #ivotecan
?Markham? - how are online ballots handled - retained for same duration as paper ballot #ivotecan
?Markham? - paraphrase: no way to connect an individual voter to how they voted in the system #ivotecan
HRM - created substantial penalitys ($10k, 2y in jail) for voter fraud, collusion, or influencing #ivotecan
HRM - asked for certificate of destruction for online ballots from vendor #ivotecan
HRM - "two separate systems" that ensure no connection between voter and votes cast #ivotecan
Q City of Toronto: How do you handle recounts? #ivotecan
Halifax - recount = paraphrase "reopen the encrypted file and look at the data points" #ivotecan
Q City of Toronto: do you capture a (screen) image of the vote as cast? A from HRM: no we just record a data point #ivotecan
A on recount from Markham: "an electronic recount of an electronic vote" #Ivotecan
something about "data as recorded when polls closed and put on memory stick for auditor" ? #ivotecan
Jeremy Clark from Waterloo - privacy question - what kind of data is kept about timing of votes - ... #ivotecan
Jeremy Clark... if you keep timing info you can look at vote time and vote recorded and correlate to figure out who cast what vote #ivotecan
answer from panel: timing is kept, it is a risk but ... someone internal would have to do this attack #ivotecan
Q from Elections Ontario: is a preaudit done - is it possible to test the system before event - and is there postevent test #ivotecan
A from HRM - "audit ballots" cast before, during and after election #ivotecan - realtime tests of the system
A from Peterborough - security tests in advance, intrusion tests etc. #ivotecan
A from Markham: similar process to Halifax #ivotecan
Q: load testing? A from HRM: yes, Oracle platform not even stressed, a non-event. Markham: similar to Halifax #ivotecan
Q did you survey people who didn't use the system? do you know why people registered to vote online but didn't? #ivotecan
A from Markham: survey appeared online right after you voted online #ivotecan
EDITORIAL NOTE: At this point I hit an unexpected Tweet cap for a new account (128 tweets). For the rest of the morning I had to move to liveblogging on FriendFeed. I will try to integrate that reporting here later, but for now you can see it by paging through http://friendfeed.com/electronic-voting-in-canada (which also includes some of these tweets)
END EDITORIAL NOTE
tweeted so much, so fast, from this new account that I got temporary twitter lockout. morning reporting at: http://bit.ly/84ynMb #ivotecan
@kirkschmidt there was a Q "risk of internal staff", the response from HRM was "this is a risk we've always had to deal with" #ivotecan
@pmarchi No one has a good (technical) answer to the coercion issue. HRM made coercion "more illegal" with $10k fine, 2y prison. #ivotecan
Just wanted to mention @punditsguide has been doing a great job of tweeting this very fast-moving event. #ivotecan
@jasonkitcat Yeah and in fact several speakers have said convenience mostly helps save existing voters time, no big turnout boost. #ivotecan
I have blogged a brief summary this this morning's very fast, info-packed set of presentations: http://bit.ly/aqPSjY #ivotecan
Tech considerations session presenters: marketer, vendor, open-source guy, tech guy (Peter Wolf of IDEA, Masters in Computer Eng) #ivotecan
Tech considerations panel: Peter Wolf stuck in snowstorm in Frankfurt or something. #ivotecan Projector also not working (tech irony).
Wolf's notes: trust, transparency, but no external evidence of system's correct operation. Hence systems depend on public trust. #ivotecan
Wolf asserts you must then extend greater trust to the entire electoral system as well as have auditors #ivotecan
Wolf: Internet voting - client computer - "nobody can know if this computer can be trusted" #ivotecan
Wolf: observers would like to get insight into operation of systems, and computer security experts may be fundamentally opposed #ivotecan
It's too bad Wolf isn't here, because his notes raise many excellent points. #ivotecan
Wolf: trade secrets may block trust in system, ability to observe operation, due to black boxes e.g. operating systems, code #ivotecan
Wolf: Opening the Black Box. Norway - public access to source codes. Council of Europe - certification guidelines / standards #ivotecan
My editorial comment: it doesn't matter if your source code is open, you can't prove that's the code that is running. #ivotecan
Wolf: commercial vendors were willing to divulge codes if made a condition of Internet voting contracts #ivotecan
Wolf: lack of common standards for certification - issue recognized by Council of Europe #ivotecan
Wolf: sequoia source code released in USA (editor's note: just google that term to find out the results of analysis of the code) #ivotecan
Adam Froman: Delvinia Interactive - marketer/comms for Markham Internet voting #ivotecan
Adam Froman admits up front he doesn't know or care about the technology. He's going to talk about the voter experience. #ivotecan
Delvinia got CANARIE grant to study the use of broadband tech for municipal services - brought $200k to the table for Markham #ivotecan
@zippyFX it's not hard to write a trojan that sends a response back claiming to be the correct software
Delvinia positioning Internet voting as an option, not a replacement for traditional paper vote #ivotecan
Delvinia studied voter attitudes. And also worked on the voter outreach. Including education about registration changes #ivotecan
Delvinia - 2003 - interactive guides - but there's a general need for voter education, regardless of whether they're voting online #ivotecan
Delvinia - web site satisfaction survey - postpolling, online surveys #ivotecan
[ED COMMENT:] In case people don't know Canadian system: scrutineers from all parties watch the open counting of the paper ballots. Many eyes. #ivotecan
Delvinia - with advanced poll, sometimes politicians would show up at people's doors and discover they had already voted #ivotecan
Delvinia: voter registration process was main barrier to Internet voting #ivotecan
@zippyFX the trojan hides in the query stream and lies. Gives the correct CRC, size, response. See e.g. rootkits.
over 90% of people who voted online in Markham said they would be interested in voting in Federal election #ivotecan
Delvinia guy makes "tech is a part of people's lives" argument #ivotecan My counterargument: educate them about the risks of Internet vote.
Delvinia has a point that the new political engagement is a "digital dialogue" with citizens. Engagement beyond vote #ivotecan
Editorial comment: don't mix social media engagement with the need to secure one-time voting experience #ivotecan
Dean Smith of Intelivote also says he will not talk about the tech side of things at all #ivotecan Small Nova Scotia company.
getting sales pitch for Intelivote now #ivotecan
Intelivote assists in writing electronic voting legislation for countries (!) #ivotecan
Intelivote - integrated polling stations, telephone and Internet voting #ivotecan
Intelivote - pitch is "more choice" #ivotecan
talking about components of election system: help center, auditors, Intelivote control, electors, candidates, officials #ivotecan
components of election system diagram shows "Intelivote system" in centre of everything, which kinda freaks me out #ivotecan
Intelivote considers it a benefit that you can vote from anywhere in the world #ivotecan
Intelivote - anecdotal report about first time visually disabled voters were able to cast vote on their own thanks to technology #ivotecan
Intelivote - 2009 by-election "almost 70% voted electronically" is I think what he said #ivotecan
33 municipal elections in Ontario used Internet and/or phone voting #ivotecan "Canada as a leader" rhetoric coming from Intelivote
Speaking of rhetorical questions: Intelivote - "Why are Canadians so open to eVoting?" #ivotecan
Intelivote pitch: choice, flexibility, immediate, auditable results, voter intent clear - no spoiled ballots, enviro friendly #ivotecan
Intelivote pitch (continued): don't have to staff polling stations #ivotecan
Jason Gallagher: open source vs. propriety in 10 minutes or less #ivotecan
err vs. proprietary that is #ivotecan
defines source code #ivotecan
Gallagher explains in proprietary code, you never get to see the source code #ivotecan
looks like @punditsguide has hit a status update limit as well. have directed to http://friendfeed.com/electronic-voting-in-canada
Gallagher explaining open source software - allows peer review of software, no vendor lockin, gives rights to software users #ivotecan
Gallagher: free to modify open source, don't have to rely on vendor #ivotecan
Gallagher: why open source for voting - transparency, not a black box, accountability, auditability, security #ivotecan
Gallagher: how can shared source code be secure? paraphrase "many eyes make bugs shallow" - don't rely on secrets #ivotecan
Gallagher: there will always be hackers, but if your system is open, you also allow people to help you to improve #ivotecan
Gallagher: proprietary advantages - ready made ./ off the shelf, someone to blame if it goes wrong #ivotecan
Q from ? Alex Sussex ? Univ of Ottawa: everyone can witness paper ballot tally. "you can't actually see software occuring" #ivotecan
Q (continued): what role do candidates play in the observability of the tally? #ivotecan
Q (continued): you don't know what's going on inside the system... what role do candidates play to convince the voters #ivotecan
A from Intelivote: candidates want to be involved... the module shows people being struck off the voters list as they vote #ivotecan
A from Intelivote: no equivalent role for scrutineers in electronic world - no recount #ivotecan
A from Delvina: you're asking the wrong question. Should be "What would you need to see equivalent to paper voting?" #ivotecan
Editorial comment: there is no equivalent to observing the internals of the system analogous to scrutineer role #ivotecan
A from computer security researcher who asked original question: "there are new ways that allow voters to engage in the auditing" #ivotecan
Intelivote: system observing itself is "placebo effect" - one electronic process is observing another electronic process #ivotecan
Intelivote does allow peer review of its code #ivotecan
Intelivote uses randomization to avoid matching timestamps to determine who voted for whom #ivotecan
Q: how do panel see Internet voting rolling out across Canada #ivotecan
A from Intelivote: says Canada (and by extension Intelivote) has reputation and experience #ivotecan
Delvinia guy says you can use open source if you have the resources to build the solution #ivotecan
Editorial summary: Intelivote guy argues "reputation and experience", Delvinia guy argues "it's inevitable anyway" #ivotecan
Q from Elections Quebec: is there established, audited open source software available #ivotecan
A: one example in Australia, project has since been cancelled. Professor found error in source code. was fixed. #ivotecan
A from Tarvi: not about open source - about auditability and transparency. Estonia does not publish its source code. #ivotecan
A from Tarvi: Estonia ready "at any second" to sign NDA and provide code for auditing purposes #ivotecan
A from Tarvi about client side code: could be very easy to create malicious client side app - don't give out client side code #ivotecan
A from the audience: more open source - Scantegrity open source system, open voting consortium, ?OSEB? - DRE software #ivotecan
break and then roundtable discussion #ivotecan
observations from Alex Treschel - should do trials, with Canada-specific-research and analysis of the results #ivotecan
Alex Treschel - make sure you are not generalising from very small data sets or experiments #ivotecan
Alex Trechsel - cautions against generalising even from e.g. Halifax to other Canadian municipalities #ivotecan
Tom Hawthorn - when is it right to move? should we lead new tech (in elections) or follow well established technologies? #ivotecan
Tom Hawthorn - experience in UK was that perhaps they hadn't thought things completely through #ivotecan
Tom Hawthorn but if you wait too long, you may miss an opportunity #ivotecan
Tom Hawthorn - need to understand who is driving the process, who is holding the budget - better if electoral admins drive #ivotecan
Tom Hawthorn - place development of voting systems / software in an international context rather than individual countries #ivotecan
Tom Hawthorn - should develop common understanding and set of benchmarks #ivotecan
Tarvi Martens - electoral system is about trust. holds the same for evoting as for paper. #ivotecan
Tarvi Martens - example of failure in Netherlands. example of failure in Lithuania due to suggesting banking credentials #ivotecan
Tarvi Martens - example of failure in ?Finland? - if you screw up deployment, you will be set back a decade or more #ivotecan
Tarvi Martens - if the deployment of your system, including the user part, does not build trust, you will fail #ivotecan
Tarvi Martens - asserts user identity is critical to system (not surprising since he is expert on computer credentials) #ivotecan
Tarvi Martens - password based systems or weak credentials are easy to attack #ivotecan
Tarvi Martens - if people succeed in compromising your system, you will have a huge setback in trust #ivotecan
Jon Pammett: a wide variety of "policy laboratories" in Canada for Internet and other voting systems experimentation #ivotecan
Jon Pammett: not an expert in tech, wondering if Internet voting will increase turnout, but it seems based on today it won't #ivotecan
Jon Pammett: Internet voting doesn't appear to address voter engagement, which is the true driver of turnout #ivotecan
Jon Pammett: concerned about (my words) consequences of Internet voting road not taken #ivotecan
[ED COMMENT:] argument from panel that mixes "tech use" with youth. In my opinion, this is a false mix. Young people are not tech experts. #ivotecan
Editorial comment: I think there needs to be better research into what actually drives voting, rather than speculating #ivotecan
Q from @punditsguide: Canada examples are municipalities which are low turnout, not highly contested elections #ivotecan
Q @punditsguide: how will this work in a much more competitive election where votes are closer #ivotecan
Q (U Calgary): assess evoting based on increased efficiency? (code for saving money) - but if used in advance voting... #ivotecan
Q (U Calgary, contd) will increase cost of elections without noticeable effect on voter turnout? #ivotecan
Q (U Calgary, 2nd question): where research has been done on impact by age, no positive impact in bringing youth vote #ivotecan
Q (U Calgary, 2nd q): seems that Internet vote is mostly middle-aged turnout. #ivotecan
Q (U Calgary): seems like greater cost and no greater turnout - then what is justification for Internet voting? #ivotecan
A (Jon): age profile data is from municipalities - young people not engaged in municipal politics #ivotecan
@jasonkitcat seems to be a dialogue between desire for turnout and issues about trust #ivotecan
A (Jon): in competitive elections - possibly true people would be more likely to attack systems #ivotecan
A (Alex): in competitive elections higher risk - try it out in less competitive contexts too (and remember Swiss cap evote at 10%) #ivotecan
A (Alex): (not exact quote) "doesn't cost that much, comparitively" for "making people happier in democracy" #ivotecan
A (Alex): also remember youth never had high turnout, but it is dramatically low in e.g. Canada #ivotecan Internet voting not a panacea
A (Tarvi): to use Internet voting in Federal election for the first time is a bad idea - start small #ivotecan
A (Tarvi): Estonia formed a group of IT security experts, every step was security, security, security #ivotecan
A (Tarvi): Estonia knew exactly the potential failure points, the risks #ivotecan
A (Tarvi): if you haven't done your security due diligence, hackers can expose issues and destroy trust in your system as in NL #ivotecan
A (Tarvi): if you reuse your system, then over the long term the costs are lower #ivotecan
A (Tarvi): Internet voting not to increase turnout, it's to PRESERVE the turnout #ivotecan
A from Markham: cost for Internet voting were "quite small", "reasonable" #ivotecan
A from Markham: did see increased turnout #ivotecan not enough data to attribute directly to Internet voting
A from Markham: hackers "a cynical argument" against Internet voting, look at opportunities instead #ivotecan
A from HRM: if you can decrease the number of poll locations you decrease cost and "risk" (training / staff risk) #ivotecan
Comment (Nicole Goodman?): We don't know how any particular Internet voting model will work in any jurisdiction, need trials #ivotecan
Comment: yes there will be a large upfront cost, and there should be since it needs to be done right #ivotecan
Comment: cheaper over the long term #ivotecan
Comment: we can't fix turnout with Internet voting but there is no one solution, young people are not homogeneous group #ivotecan
Editorial comment: cheaper over time is hard considering you need 24/7 physical & net security for data centre 365 days/yr #ivotecan
Q: what are the main arguments against Internet voting? #ivotecan (other than security)
Q (Elections Canada): can academics map when a region is "mature" enough to go on an Internet voting route #ivotecan
A (Tom): Germany ruled use of Internet voting unconstitutional as it was inherently un-understandable by avg citizen #ivotecan
A (Tom): no one knows what the cost model is going to be in the future. may see some new kinds of costs #ivotecan
A (Tom): new costs = auditors, consultants, security experts - could be very expensive #ivotecan
A (Tom): most people in elections systems are not experts in electronic systems / security design - maybe they need to be #ivotecan
A (Tarvi): in Estonia Internet voting was challenged about uniformity of voting #ivotecan
A (Tarvi): ruling was that multiple times to vote over-rides privacy concerns (not sure I understand his answer) #ivotecan
A (Alex): groups in Geneva were strongly opposed to Internet voting (computer security experts) #ivotecan
A (Alex): in Geneva they engaged in a dialogue with the computer security experts #ivotecan
http://www.e-voting.cc/ - Internet voting conference, models #ivotecan
A: an argument against Internet voting - voting in person is a communal experience #ivotecan
Editorial comment: first mention today of compulsory voting as a direction for turnout and
engagement #ivotecan
audience comment: 8 million voters in Ontario, 800000 will be voting "electronically" - "it's happening" #ivotecan
I think it's the Intelivote guy: cost savings of electronic voting #ivotecan
aaaand we're done #ivotecan
@jasonkitcat I didn't get a strong sense of a driver other than "seems like a good thing to try"
@punditsguide good to meet you as well
END TWEETS
Labels: elections canada, internet voting, ivotecan
Tuesday, January 26, 2010
Internet voting dialogue: brief morning summary
I liked that the municipalities, particular Halifax Regional (HRM) talked about a risk mitigation framework, but I don't think they fully appreciate the degree of risk they're accepting, particularly since they're using third-party technology from private companies.
I was most impressed with Tarvi Martens' presentation about the technical details of the Estonian Internet voting system. They have clearly thought very seriously about the various issues involved, and have very very heavy physical security for the data centre, and no remote admin access outside the datacentre. He also emphasized they had a principle of "no black box systems" in the data centre, so they use Debian, an open source operating system, rather than Windows. The fact they have a national ID card addresses the key distribution and network encryption issues (because the ID card includes an encryption key, a public/private digital signature key). They also put ISPs on high alert during the election period and monitor continuously for attacks.
I did ask him the security of the user's desktop and his answer was reasonable but to me, ultimately still unsatisfactory. They are using what I assume are honeypot systems to monitor for emerging trojans that pretend to be some component of the desktop voting system (or presumably the ecard reader driver etc.) They also have as the first step of their voting procedure that the user should ensure their system is scanned for viruses. However there are multiple issues including the innumerable vectors for home system attack, the fact that most users WON'T secure or scan their systems no matter how often you educate them about the issue, and the possibility for root kit or other subtle elusive trojans that might not be picked up by their honeypots.
He did say, which I think is an important contingency measure, that in the event they did detect a widespread trojan attack they have the possibility to simply shut down Internet voting and tell people to vote on paper on their regular voting day (Sunday).
The other thing I heard from multiple speakers is that Internet voting is not having substantial impact on turnout. What it is doing is making it more convenient... for people who would have already voted.
I was most impressed with Tarvi Martens' presentation about the technical details of the Estonian Internet voting system. They have clearly thought very seriously about the various issues involved, and have very very heavy physical security for the data centre, and no remote admin access outside the datacentre. He also emphasized they had a principle of "no black box systems" in the data centre, so they use Debian, an open source operating system, rather than Windows. The fact they have a national ID card addresses the key distribution and network encryption issues (because the ID card includes an encryption key, a public/private digital signature key). They also put ISPs on high alert during the election period and monitor continuously for attacks.
I did ask him the security of the user's desktop and his answer was reasonable but to me, ultimately still unsatisfactory. They are using what I assume are honeypot systems to monitor for emerging trojans that pretend to be some component of the desktop voting system (or presumably the ecard reader driver etc.) They also have as the first step of their voting procedure that the user should ensure their system is scanned for viruses. However there are multiple issues including the innumerable vectors for home system attack, the fact that most users WON'T secure or scan their systems no matter how often you educate them about the issue, and the possibility for root kit or other subtle elusive trojans that might not be picked up by their honeypots.
He did say, which I think is an important contingency measure, that in the event they did detect a widespread trojan attack they have the possibility to simply shut down Internet voting and tell people to vote on paper on their regular voting day (Sunday).
The other thing I heard from multiple speakers is that Internet voting is not having substantial impact on turnout. What it is doing is making it more convenient... for people who would have already voted.
Labels: elections canada, internet voting, ivotecan
first timer
In case you're new to the blog, the Blogger navigation is not all that great, but if you're on the blog (rather than reading through RSS) you can use the search in the upper left, or browse the archives listed a ways down on the right hand side. The archives stretch back to February 2004; this is not a new blog.
Labels: meta
Liveblogging
Liveblogging Internet Voting event at @papervote under hashtag #ivotecan
UPDATE: Have exceeded the status update limit for @papervote (!) - already just for the first session. Have moved to liveblogging on FriendFeed at http://friendfeed.com/electronic-voting-in-canada
UPDATE: Have exceeded the status update limit for @papervote (!) - already just for the first session. Have moved to liveblogging on FriendFeed at http://friendfeed.com/electronic-voting-in-canada
Labels: elections canada, internet voting, ivotecan
Monday, January 25, 2010
knowing the players
I have looked at the materials provided for the Internet Voting event on January 26, 2010 and there are no participant biographies, so here is whatever I can find. I am listed academic credentials where available not because I think everyone needs to be a computer scientist trained in security to fully understand the issues, but because at least SOME of the people involved need to be computer & network security experts. I am also indicating corporate affiliations because no reasonable person can argue that a corporation providing Internet voting technology is going to do anything but present (through its spokespeople) every possible positive argument FOR Internet voting technology.
This is simply an analysis of the players from a computer security standpoint. Three main points are examined:
1. What is their academic background in computer security
2. What are their stated positions about Internet voting or, in the absence of statements, what is their corporation's position on Internet voting
3. If they are providing Internet voting technology, what information is publically available about the security analysis for these systems? It is incumbent for all voting technology providers to address all realistic threats to their systems in an open manner. There is no security through obscurity. A failure to do so shows an unseriousness about security.
I also want to make a key point: elections do not hinge on voter perceptions of security and convenience. Elections hinge on ACTUAL security. Asking members of the public if they think Internet voting is secure enough or if they are comfortable voting online or if it is convenient to vote online does not mean, in any way whatsoever, that the actual vote is ACTUALLY SECURE.
If citizens perceive a bank as (financially) safe but government regulation actually creates a situation where the bank fails (as has happened repeatedly in the United States), then it is clear the citizen perception was meaningless, what was important was the government failure to actually deliver an appropriate level of ACTUAL security.
And again, even if the system was actually secure, which is somewhere between highly unlikely and impossible, it still doesn't mean the system meets necessary requirements for a functioning democracy.
The Players:
* Michael Alvarez, California Institute of Technology (Caltech)
- Dr. Alvarez is a Professor of Political Science at Caltech and Co-Director of the Caltech/MIT Voting Technology Project. His BA, MA and PhD are in Political Science.
- info from CalTech site
The mission of the Voting Technology Project is, not surprisingly, around technology: "All of this research and policymaking activity seeks to develop better voting technologies, to improve election administration, and to deepen scientific research in these areas."
It is important to remember that US elections are much more complicated than Canadian elections, with many more candidates running for many more positions, in addition to (in many states), multiple complicated ballot initiatives (direct democracy issues to be voted upon).
* Kimberley Kitteringham, Town Clerk, Town of Markham
- reported in media as advocating Internet voting
yorkregion.com - Internet gateway to election reforms in Vaughan - September 30, 2009
* Andrew Brouwer, Deputy Town Clerk, Town of Markham
- Bachelor of Environmental Studies , Urban and Regional Planning; Master of Public Administration , Local Government Program (from LinkedIn profile)
* Cathy Mellett, Acting Clerk/Manager, Halifax Regional Municipality
- reported in media as advocating Internet voting
CBC News - 10% of HRM voters cast e-ballots - October 7, 2008
* John McKinstry, Sales Manager, Dominion Voting Systems
- a company that has literally trademarked the word democracy: "Dominion Democracy™ is our comprehensive yet flexible voting suite, designed to uphold the principles and ideals of the electoral process."
- message is shaped entirely around turnout
Taking the voting booth to the voter
- according to Google search (site:www.dominionvoting.com security) entire site has exactly two mentions of security
1.
Hosting your election
In summary: your election, hosted on a private company's servers. How do you know they are secure? Because they pride themselves on security.
2. There is a single instance of the word "security" in their document Democracy Suite EMS Edition 2007 (PDF)
While it is good that the system uses authorisation to limit access, and "protection" for data transactions (whatever that means), this assumes that a) the authentication credentials have not been compromised b) the network transmission is a particularly vulnerable and interesting place to attack.
Just on the second point: HTTPS encyrption of web transactions is essentially like using an armored car to transport money between two completely unsecure endpoints, between a house with no locks on its doors and a bank vault with no lock or security system. Attackers target system weaknesses. Since the Democracy Suite uses Windows computers, isn't an attacker more likely to attack the servers themselves using known Windows vulnerabilities, than to try to intercept the data in transit? The document does not address these issues. You have to secure Internet voting systems END-TO-END, from keystroke on the desktop to calculated results on the datacentre servers. This is impossible to do with anything approaching a high level of security (a high level of risk mitigation) for an election threat model.
* Alexander Trechsel, European University Institute, Florence
- Professor of Political Science and the first full-time holder of the Swiss Chair in Federalism and Democracy at the European University Institute (EUI) in Florence, Italy.
- info from EUI site
- PhD in Political Science (from LinkedIn profile)
* Tarvi Martens, Development Director, Certification Centre, Estonia
- MSc IT, Tallinna Tehnikaülikool (from LinkedIn profile)
- Program Manager for Internet Voting at Estonian National Electoral Committee (currently)
- Development Director at SK (currently)
- SK is a company that provides "provision of different certificates to physical persons and organisations. Currently, the largest project handled by SK involves issuing authentication and digital signature certificates to Estonian ID cards." - http://www.sk.ee/pages.php/0203
That is, SK is a private company in the business of providing certification technology.
* Urs Gasser, Harvard University
- Dr. Urs Gasser is the Berkman Center for Internet & Society's Executive Director.
- graduate of the University of St. Gallen (S.J.D. 2001, J.D. 1997) and Harvard Law School (LL.M. 2003) (Note: these are all law degrees)
- info from Berkman Center site
* Tom Hawthorn, The Electoral Commission
guardian.co.uk - Voting searches for the x-factor - Nov 23, 2005
- 2006 presentation "What voters expect from a voting system" indicates high degree of concern about "my vote being private" and "my vote being safe from fraud and abuse" (in terms of percentages these are the top two concerns expressed)
* Adam Froman, President, Delvinia Interactive
- corporation that promotes Internet voting
- "Internet voting made a positive impact on the election results." from blurb on page for their report "Understanding the Digital Voter Experience"
* Dean Smith, President, Intelivote Systems Inc.
- corporation that provides Internet voting
- eight results for site search on "security" (site:www.intelivote.com security)
* Jason Gallagher, Open Source Software Developer
- I don't actually know who this is. The most likely match appears to be: "Lead Open Source Software Developer for McMaster University, Dept. of Family Medicine" (from PCHRI 2006 participants)
* Peter Wolf, International Institute for Democracy and Electoral Assistance (IDEA), Stockholm
- MSc., GraZ University of Technology (from IDEA site)
I welcome corrections and clarifications and I will update this posting if more information becomes available.
This is simply an analysis of the players from a computer security standpoint. Three main points are examined:
1. What is their academic background in computer security
2. What are their stated positions about Internet voting or, in the absence of statements, what is their corporation's position on Internet voting
3. If they are providing Internet voting technology, what information is publically available about the security analysis for these systems? It is incumbent for all voting technology providers to address all realistic threats to their systems in an open manner. There is no security through obscurity. A failure to do so shows an unseriousness about security.
I also want to make a key point: elections do not hinge on voter perceptions of security and convenience. Elections hinge on ACTUAL security. Asking members of the public if they think Internet voting is secure enough or if they are comfortable voting online or if it is convenient to vote online does not mean, in any way whatsoever, that the actual vote is ACTUALLY SECURE.
If citizens perceive a bank as (financially) safe but government regulation actually creates a situation where the bank fails (as has happened repeatedly in the United States), then it is clear the citizen perception was meaningless, what was important was the government failure to actually deliver an appropriate level of ACTUAL security.
And again, even if the system was actually secure, which is somewhere between highly unlikely and impossible, it still doesn't mean the system meets necessary requirements for a functioning democracy.
The Players:
* Michael Alvarez, California Institute of Technology (Caltech)
- Dr. Alvarez is a Professor of Political Science at Caltech and Co-Director of the Caltech/MIT Voting Technology Project. His BA, MA and PhD are in Political Science.
- info from CalTech site
The mission of the Voting Technology Project is, not surprisingly, around technology: "All of this research and policymaking activity seeks to develop better voting technologies, to improve election administration, and to deepen scientific research in these areas."
It is important to remember that US elections are much more complicated than Canadian elections, with many more candidates running for many more positions, in addition to (in many states), multiple complicated ballot initiatives (direct democracy issues to be voted upon).
* Kimberley Kitteringham, Town Clerk, Town of Markham
- reported in media as advocating Internet voting
"We definitely think our early voting turnout was a direct result of the increase participation of people in the online voting process because online voting, from our staff and post-election survey, engages the voter that has been typically apathetic or difficult to reach. It offers a convenient solution for them because they can do it from anywhere in the world," Ms Kitteringham said.
yorkregion.com - Internet gateway to election reforms in Vaughan - September 30, 2009
* Andrew Brouwer, Deputy Town Clerk, Town of Markham
- Bachelor of Environmental Studies , Urban and Regional Planning; Master of Public Administration , Local Government Program (from LinkedIn profile)
* Cathy Mellett, Acting Clerk/Manager, Halifax Regional Municipality
- reported in media as advocating Internet voting
"We had people vote from Sri Lanka, from Korea, from over 50 Canadian cities and 25 American states," said Cathy Mellett, e-voting project manager for the Halifax Regional Municipality.
"That's really been the objective from the very beginning, it's about getting voters accessible and participating in the overall election here in the HRM."
Mellett said there were no serious glitches in the system during the voting period.
CBC News - 10% of HRM voters cast e-ballots - October 7, 2008
* John McKinstry, Sales Manager, Dominion Voting Systems
- a company that has literally trademarked the word democracy: "Dominion Democracy™ is our comprehensive yet flexible voting suite, designed to uphold the principles and ideals of the electoral process."
- message is shaped entirely around turnout
Voter turnouts continue to fall even in the face of aggressive communications campaigns at all levels of government. One way to improve turnouts is to give the voters more voting choice; choices that reflect changing technologies. Chief among these alternative choices is remote voting. In taking voting to the voter, you remove one of the barriers to turnout.
Taking the voting booth to the voter
- according to Google search (site:www.dominionvoting.com security) entire site has exactly two mentions of security
1.
Everything before and after the ballot is hosted on computer servers. There may not even paper ballots, as is the case with Internet voting.
Dominion can host your elections on our secure servers to ensure the integrity of your election. We pride ourselves on the security and permanency of our server system.
Hosting your election
In summary: your election, hosted on a private company's servers. How do you know they are secure? Because they pride themselves on security.
2. There is a single instance of the word "security" in their document Democracy Suite EMS Edition 2007 (PDF)
To address the sensitivity of the election process from a security standpoint, the system provides role-based authentication and authorization, while all data transactions are protected for greater confidentiality and data integrity.
While it is good that the system uses authorisation to limit access, and "protection" for data transactions (whatever that means), this assumes that a) the authentication credentials have not been compromised b) the network transmission is a particularly vulnerable and interesting place to attack.
Just on the second point: HTTPS encyrption of web transactions is essentially like using an armored car to transport money between two completely unsecure endpoints, between a house with no locks on its doors and a bank vault with no lock or security system. Attackers target system weaknesses. Since the Democracy Suite uses Windows computers, isn't an attacker more likely to attack the servers themselves using known Windows vulnerabilities, than to try to intercept the data in transit? The document does not address these issues. You have to secure Internet voting systems END-TO-END, from keystroke on the desktop to calculated results on the datacentre servers. This is impossible to do with anything approaching a high level of security (a high level of risk mitigation) for an election threat model.
* Alexander Trechsel, European University Institute, Florence
- Professor of Political Science and the first full-time holder of the Swiss Chair in Federalism and Democracy at the European University Institute (EUI) in Florence, Italy.
- info from EUI site
- PhD in Political Science (from LinkedIn profile)
* Tarvi Martens, Development Director, Certification Centre, Estonia
- MSc IT, Tallinna Tehnikaülikool (from LinkedIn profile)
- Program Manager for Internet Voting at Estonian National Electoral Committee (currently)
- Development Director at SK (currently)
- SK is a company that provides "provision of different certificates to physical persons and organisations. Currently, the largest project handled by SK involves issuing authentication and digital signature certificates to Estonian ID cards." - http://www.sk.ee/pages.php/0203
That is, SK is a private company in the business of providing certification technology.
* Urs Gasser, Harvard University
- Dr. Urs Gasser is the Berkman Center for Internet & Society's Executive Director.
- graduate of the University of St. Gallen (S.J.D. 2001, J.D. 1997) and Harvard Law School (LL.M. 2003) (Note: these are all law degrees)
- info from Berkman Center site
* Tom Hawthorn, The Electoral Commission
Remote electronic voting via the internet and telephone was once the future of British elections. But trials held in the 2003 local elections found it made little difference to turn-out and raised concerns about security, privacy and transparency.
Tom Hawthorn, electoral modernisation manager for the Electoral Commission, says that remote e-voting is unlikely this decade, although he believes the idea may return. "In the short- to medium-term, there's things about the existing voting system - voting stations and postal ballots - which can be improved," he says.
guardian.co.uk - Voting searches for the x-factor - Nov 23, 2005
- 2006 presentation "What voters expect from a voting system" indicates high degree of concern about "my vote being private" and "my vote being safe from fraud and abuse" (in terms of percentages these are the top two concerns expressed)
* Adam Froman, President, Delvinia Interactive
- corporation that promotes Internet voting
- "Internet voting made a positive impact on the election results." from blurb on page for their report "Understanding the Digital Voter Experience"
* Dean Smith, President, Intelivote Systems Inc.
- corporation that provides Internet voting
- eight results for site search on "security" (site:www.intelivote.com security)
* Jason Gallagher, Open Source Software Developer
- I don't actually know who this is. The most likely match appears to be: "Lead Open Source Software Developer for McMaster University, Dept. of Family Medicine" (from PCHRI 2006 participants)
* Peter Wolf, International Institute for Democracy and Electoral Assistance (IDEA), Stockholm
- MSc., GraZ University of Technology (from IDEA site)
I welcome corrections and clarifications and I will update this posting if more information becomes available.
Labels: canada, elections canada, internet voting, ivotecan
Thursday, January 21, 2010
If I can, I will be tweeting the Internet Voting Dialogue on January 26, 2010 from
http://twitter.com/papervote
No hashtag has been declared that I can find. I'm proposing #ivotecan
For electronic voting in Canada in general I have been using hashtag #evotecan
and there's an aggregator / discussion group on FriendFeed: Electronic Voting Canada.
http://twitter.com/papervote
No hashtag has been declared that I can find. I'm proposing #ivotecan
For electronic voting in Canada in general I have been using hashtag #evotecan
and there's an aggregator / discussion group on FriendFeed: Electronic Voting Canada.
Labels: elections canada, internet voting, twitter
Ottawa Jan 26, 2010 Elections Canada event on Internet voting
Very worrying.
NOTE: The registration deadline was JANUARY 21, 2010. Here's the (somewhat difficult to find) registration link: http://www.zoomerang.com/Survey/WEB229ZQUQUZMT
UPDATE 2010-01-25: I just realised I forgot to include a link to the event itself. Here is the Elections Canada link - Elections Canada: Media: Special Events and Conferences: Internet Voting and the Carleton link - Canada-Europe Transatlantic Dialogue (CETD) Events: Internet Voting. ENDUPDATE
Look at the issues they're examining:
* cost
* legal requirements
* software
* security
Let's revisit what I have called the "Democracy Requirements" for voting:
* preserving the secret ballot
* retaining the right to an uncoerced vote
* the integrity and accuracy of the vote count (all votes gathered and correctly counted)
* the simplicity of the system (can voters understand how the entire voting system works?)
Do you see the problem? They're talking about voting, but as usual, they're talking about it as if it were any other government "service" that is "delivered", rather than the single foundational element of our democratic society. This is what they always do, focus on the technology rather than the actual requirements for the integrity of the vote.
I can guarantee what the Internet voting presenters will discuss is three main things: convenience, turnout, and security. They will make a bunch of abstract claims about encryption and secure networks that will sound good but that, if you are an actual computer security expert, are actually nonsense.
You CANNOT, as in impossible:
* use technological security to ensure perfect end-to-end chain of custody for Internet voting
* construct a system in which the ballot is actually secret and anonymous
While it is true that there are theoretical computer constructs that can accomplish this, they run on theoretical computers over theoretical networks to theoretical servers. They do not run on Windows 7 computers on an ISP Internet connection to a bunch of servers in an actual datacentre.
Just think of the thousands, probably millions of phishing attempts every day, and the large number of these attempts that are successful. Just think of the recent security attacks on Google. Just think of the endless litany of lost passwords, lost user accounts, compromised commercial organisations. The home computer and the public Internet is one of the LEAST SECURE possible places I can imagine to hold an election.
Just off the top of my head I can list numerous possible compromises:
* if the password is sent in the physical mail, requiring at most some publically-discoverable extra piece of information (e.g. the user's birthdate), then I can attack the password distribution, in the same way that people steal credit cards and identities
* if it's not sent by mail, how do you solve the huge problem of secure key distribution to 30 million people? (secure key distribution is one of the single hardest problems in computer security)
* If your machine is already on a botnet, and millions of compromised machines already are, I have basically unlimited freedom to alter and compromise the election. I can watch your keystrokes and record who you voted for. I can watch your keystrokes and then, behind the scenes, CHANGE who you voted for. I can decide I don't like the parties running and use my botnet to attack the election servers (if you say "well, the datacentre can just block the attack" - yes, but the attackers are CITIZEN COMPUTERS)
* I can skip the end user and compromise the physical security of the data centre. And/or I can insert code into the servers that counts whatever votes for whatever candidates I want.
Even if the security is done well, there are insurmountable issues.
But even worse, the security is almost never done well. Because it is about cost, it goes often to the lowest bidder. Do you seriously want your entire election run by some private company that was the lowest bidder? Or consultants for Elections Canada that gave the best price? What "best price" means is, as was shown repeatedly for Diebold, the elections technology provider takes off-the-shelf technology (how could they not, and still provide the lowest cost), hacks together some amateurish backend with a somewhat pretty frontend, and then serves that up as a secure elections solution, leaving NOT ONLY all the security issues with e.g. running on Windows, but introducing ADDITIONAL security issues with code that is almost always woefully insecure, badly designed, and not available for review by outside computer security experts.
And even if, by some miracle, none of these things happens, ok we run an election.
It ends like the 1995 Quebec Referendum, 50.58% "No" to 49.42% "Yes" (note: elections are razor close ALL THE TIME).
So you say, all settled then, 50.58% "No".
And I say: PROVE the computers, the Internet, and the data centre were not compromised. PROVE the votes were not coerced. PROVE that it was actually Canadians voting, once, and not stolen accounts anywhere in the world voting multiple times.
You cannot prove this. Goodbye decisive elections. Hello endless battles.
Do you think this is abstract? There was ALREADY a fiasco with electronic voting machines in Quebec, which as terrible as they are, are at least in observable physical space. It was so bad, they had to investigate it, and:
On October 24, 2006 the Chief Electoral Officer of Quebec released a report (in French only) "Report on the Evaluation of New Methods of Voting" (Rapport d'évaluation des nouveaux mécanismes de votation). In a press release, three root causes of problems with electronic voting machines in the 2005 municipal elections were identified:
* an imprecise legislative and administrative framework
* absence of technical specifications, norms and standards
* poor management of voting systems (especially lack of security measures)
He recommended that the current moratorium on the use of these systems be maintained, and leaves it up to the provincial legislature to decide whether or not to use electronic voting in future.
The Canada-Europe Transatlantic Dialogue (Strategic Knowledge Cluster)
Internet Voting: What Can Canada Learn?
This workshop brings together practitioners and scholars to explore issues involved in the development of Internet voting. Speakers include experts from various jurisdictions where Internet voting has been used, and prominent researchers who have studied models of Internet voting. Speakers will detail the development of Internet voting in Canada at the municipal level by examining the cases of Markham, Peterborough and Halifax, and in Europe nationally and sub-nationally by exploring the experiences of Estonia, Switzerland and the United Kingdom. The workshop will consider rationales for the implementation of Internet voting, various features and models of its application, advantages and disadvantages, public acceptance, effects on accessibility and voter turnout, and security issues. Experts will share advice regarding technical considerations such as cost, legal requirements, software and security.
UPDATE 2010-01-25: I just realised I forgot to include a link to the event itself. Here is the Elections Canada link - Elections Canada: Media: Special Events and Conferences: Internet Voting and the Carleton link - Canada-Europe Transatlantic Dialogue (CETD) Events: Internet Voting. ENDUPDATE
Look at the issues they're examining:
* cost
* legal requirements
* software
* security
Let's revisit what I have called the "Democracy Requirements" for voting:
* preserving the secret ballot
* retaining the right to an uncoerced vote
* the integrity and accuracy of the vote count (all votes gathered and correctly counted)
* the simplicity of the system (can voters understand how the entire voting system works?)
Do you see the problem? They're talking about voting, but as usual, they're talking about it as if it were any other government "service" that is "delivered", rather than the single foundational element of our democratic society. This is what they always do, focus on the technology rather than the actual requirements for the integrity of the vote.
I can guarantee what the Internet voting presenters will discuss is three main things: convenience, turnout, and security. They will make a bunch of abstract claims about encryption and secure networks that will sound good but that, if you are an actual computer security expert, are actually nonsense.
You CANNOT, as in impossible:
* use technological security to ensure perfect end-to-end chain of custody for Internet voting
* construct a system in which the ballot is actually secret and anonymous
While it is true that there are theoretical computer constructs that can accomplish this, they run on theoretical computers over theoretical networks to theoretical servers. They do not run on Windows 7 computers on an ISP Internet connection to a bunch of servers in an actual datacentre.
Just think of the thousands, probably millions of phishing attempts every day, and the large number of these attempts that are successful. Just think of the recent security attacks on Google. Just think of the endless litany of lost passwords, lost user accounts, compromised commercial organisations. The home computer and the public Internet is one of the LEAST SECURE possible places I can imagine to hold an election.
Just off the top of my head I can list numerous possible compromises:
* if the password is sent in the physical mail, requiring at most some publically-discoverable extra piece of information (e.g. the user's birthdate), then I can attack the password distribution, in the same way that people steal credit cards and identities
* if it's not sent by mail, how do you solve the huge problem of secure key distribution to 30 million people? (secure key distribution is one of the single hardest problems in computer security)
* If your machine is already on a botnet, and millions of compromised machines already are, I have basically unlimited freedom to alter and compromise the election. I can watch your keystrokes and record who you voted for. I can watch your keystrokes and then, behind the scenes, CHANGE who you voted for. I can decide I don't like the parties running and use my botnet to attack the election servers (if you say "well, the datacentre can just block the attack" - yes, but the attackers are CITIZEN COMPUTERS)
* I can skip the end user and compromise the physical security of the data centre. And/or I can insert code into the servers that counts whatever votes for whatever candidates I want.
Even if the security is done well, there are insurmountable issues.
But even worse, the security is almost never done well. Because it is about cost, it goes often to the lowest bidder. Do you seriously want your entire election run by some private company that was the lowest bidder? Or consultants for Elections Canada that gave the best price? What "best price" means is, as was shown repeatedly for Diebold, the elections technology provider takes off-the-shelf technology (how could they not, and still provide the lowest cost), hacks together some amateurish backend with a somewhat pretty frontend, and then serves that up as a secure elections solution, leaving NOT ONLY all the security issues with e.g. running on Windows, but introducing ADDITIONAL security issues with code that is almost always woefully insecure, badly designed, and not available for review by outside computer security experts.
And even if, by some miracle, none of these things happens, ok we run an election.
It ends like the 1995 Quebec Referendum, 50.58% "No" to 49.42% "Yes" (note: elections are razor close ALL THE TIME).
So you say, all settled then, 50.58% "No".
And I say: PROVE the computers, the Internet, and the data centre were not compromised. PROVE the votes were not coerced. PROVE that it was actually Canadians voting, once, and not stolen accounts anywhere in the world voting multiple times.
You cannot prove this. Goodbye decisive elections. Hello endless battles.
Do you think this is abstract? There was ALREADY a fiasco with electronic voting machines in Quebec, which as terrible as they are, are at least in observable physical space. It was so bad, they had to investigate it, and:
On October 24, 2006 the Chief Electoral Officer of Quebec released a report (in French only) "Report on the Evaluation of New Methods of Voting" (Rapport d'évaluation des nouveaux mécanismes de votation). In a press release, three root causes of problems with electronic voting machines in the 2005 municipal elections were identified:
* an imprecise legislative and administrative framework
* absence of technical specifications, norms and standards
* poor management of voting systems (especially lack of security measures)
He recommended that the current moratorium on the use of these systems be maintained, and leaves it up to the provincial legislature to decide whether or not to use electronic voting in future.
Labels: canada, elections canada, internet voting
Friday, December 18, 2009
Canadians support online voting?
Very active discussion (over 400 comments at the time of this writing) on CBC News story Canadians support online voting: poll (with the usual Internet comment range between somewhat thoughtful and incoherent ranting)
Here's the comment I left:
In the poll, released exclusively to CBC: Power & Politics, Canadians were asked if Elections Canada offered a safe way of voting on the internet, how likely is it that they would use it.
Around 49 per cent of respondents said they were very likely and 15 per cent said they were somewhat likely.
Here's the comment I left:
Information on the Internet is just a click away. This issue has been well-studied by computer security experts. One part of it comes down to this magic phrase "a safe way of voting on the internet". That is probably impossible in the real world, outside of the confines of computer science theory. I know some will respond "online banking is already secure" but 1) it isn't & 2) banking has a completely, totally different set of threats and necessary security measure from voting
One good starting point is the Computer Technologists' statement on internet voting http://www.verifiedvoting.org/article.php?id=5867
"Election results must be verifiably accurate -- that is, auditable with a permanent, voter-verified record that is independent of hardware or software. Several serious, potentially insurmountable, technical challenges must be met if elections conducted by transmitting votes over the internet are to be verifiable. There are also many less technical questions about internet voting, including whether voters have equal access to internet technology and whether ballot secrecy can be adequately preserved."
I want to draw attention to that phrase: "potentially insurmountable". Given that paper voting works well now, is easy to understand, and is quick to count, would you rather stay with that, or try a system that computer experts say may be impossible to create? One which even if it solved the technical problems, would still have no solution for the secrecy of your ballot, a sacred right of democracy. Voting integrity is not theoretical. We know that votes were compromised in Iran and Afghanistan. Now imagine instead of paper votes and people in the streets, it had all taken place electronically? You would never know if the results reflected the votes cast.
Labels: canada, electronic voting, internet voting
Monday, July 06, 2009
Norway Internet voting
The Ministry of Local Government and Regional Development is now working on a plan to test the possibility for allowing Norwegians to cast their vote from the home PC at the municipal elections in 2011.
The Minister of Local Government, Magnhild Meltveit Kleppa, is eager to introduce reforms which will increase the interest for elections and for voter participation.
The Norway Post - Electronic home voting next - July 7, 2009
Labels: electronic voting, internet voting, norway
Saturday, June 27, 2009
say no to Elections Canada online voting idea
The Toronto Star (CP) reports
Elections Canada backs online voting - June 26, 2009
(It's not actually clear to me if they're talking about electronic voting machines, or voting online. Both approaches have huge flaws.)
As readers of this blog will already know, I favour the traditional in-person enumeration, and voting on paper in public. These are simple processes that are critical to the integrity of our democracy.
I've already written a critique of the idea that electronic voting will help with voter turnout - citizen engagement and e-voting. I have also outlined many, many times the security risks associated with electronic voting.
Electronic voting is a very bad idea based on incorrect assumptions.
And if you don't think having total confidence in the results of an election is important, check out the current situation in Iran. Elections matter.
This blog started in 2004 before the days of hashtags and such, but I'm suggesting hashtag #evotecan and tag evotecan for this issue.
There are also a few searches that should pull up references to this particular article:
Twitter - Elections Canada backs online voting
Twitter - bit.ly link to Toronto Star article
Google News - articles related to "elections canada" electronic
Allowing Canadians to vote electronically may be the remedy for the ever-dwindling percentage of voters who bother to exercise their democratic rights, Elections Canada suggests.
In a report released late Friday, the independent electoral watchdog says it will push this fall for legislative changes that would allow it to implement online registration of voters.
And it wants parliamentary approval to conduct an electronic voting test-run in a byelection by 2013.
Elections Canada backs online voting - June 26, 2009
(It's not actually clear to me if they're talking about electronic voting machines, or voting online. Both approaches have huge flaws.)
As readers of this blog will already know, I favour the traditional in-person enumeration, and voting on paper in public. These are simple processes that are critical to the integrity of our democracy.
I've already written a critique of the idea that electronic voting will help with voter turnout - citizen engagement and e-voting. I have also outlined many, many times the security risks associated with electronic voting.
Electronic voting is a very bad idea based on incorrect assumptions.
And if you don't think having total confidence in the results of an election is important, check out the current situation in Iran. Elections matter.
This blog started in 2004 before the days of hashtags and such, but I'm suggesting hashtag #evotecan and tag evotecan for this issue.
There are also a few searches that should pull up references to this particular article:
Twitter - Elections Canada backs online voting
Twitter - bit.ly link to Toronto Star article
Google News - articles related to "elections canada" electronic
Labels: canada, elections canada, electronic voting, evotecan
FriendFeed discussion room
I've removed the QuickTopic discussion space (which only ever got used by spammers anyway) and made a FriendFeed room to discuss this issue instead
http://friendfeed.com/electronic-voting-in-canada
http://friendfeed.com/electronic-voting-in-canada
Labels: meta
the linkroll bookmarks
For some reason the linkroll bookmarks I'm displaying on this site are full of spam - I am investigating.
In the meantime if you want to see the actual, non-spammy e-voting links, they're at
http://www.linkroll.com/index.php?action=links&user=papervotecanada
UPDATE: Linkroll is displaying spam links when you pull their RSS feed or use their JavaScript widget. Goodbye Linkroll.
In the meantime if you want to see the actual, non-spammy e-voting links, they're at
http://www.linkroll.com/index.php?action=links&user=papervotecanada
UPDATE: Linkroll is displaying spam links when you pull their RSS feed or use their JavaScript widget. Goodbye Linkroll.
Labels: meta
Sunday, February 01, 2009
Behind the Freedom Curtain - 1957 film about mechanical voting machines
This 1957 video promoting mechanical voting machines is beyond awesome.
I tried to embed it, but the embed code was too complex, you can see it at
http://www.archive.org/details/Behindth1957
For those of us not experienced with US elections, it's also a reminder of their incredible complexity.
My favorite part is when they talk about how the machine cannot make an error, and is protected by the incredible security of... a key.
Another gem from the Prelinger Archives, the video was on the front page of Archive.org today.
I tried to embed it, but the embed code was too complex, you can see it at
http://www.archive.org/details/Behindth1957
For those of us not experienced with US elections, it's also a reminder of their incredible complexity.
My favorite part is when they talk about how the machine cannot make an error, and is protected by the incredible security of... a key.
Another gem from the Prelinger Archives, the video was on the front page of Archive.org today.
Labels: video, voting machines
Monday, January 05, 2009
why voting systems matter
Minnesota uses optical scan systems and a small amount of hand counting.
Office of the Minnesota Secretary of State: Voting Systems map (PDF)
When a recount is necessary:
* You can see the ballots.
* You can determine for yourself whether they are being unfairly accepted or rejected, and how they should be counted.
* You can determine, therefore, whether you think the results fairly reflect the will of the people.
This is important because the current Senator-Elect, Al Franken, is certified as having won by 225 votes. Out of over 2.8 million votes cast in the 2008 US Senate election in Minnesota.
Voting systems matter because elections can be very close,
which means they will be challenged,
which means you must have VISIBLE EVIDENCE of the votes that can be counted by anyone,
so that the public can determine if the results are fair.
CNN: Minnesota canvassing board certifies Franken win - January 5, 2008
Office of the Minnesota Secretary of State: Voting Systems map (PDF)
When a recount is necessary:
* You can see the ballots.
* You can determine for yourself whether they are being unfairly accepted or rejected, and how they should be counted.
* You can determine, therefore, whether you think the results fairly reflect the will of the people.
This is important because the current Senator-Elect, Al Franken, is certified as having won by 225 votes. Out of over 2.8 million votes cast in the 2008 US Senate election in Minnesota.
Voting systems matter because elections can be very close,
which means they will be challenged,
which means you must have VISIBLE EVIDENCE of the votes that can be counted by anyone,
so that the public can determine if the results are fair.
CNN: Minnesota canvassing board certifies Franken win - January 5, 2008
Monday, November 10, 2008
citizen engagement and e-voting
Before you work on the solution, you must first decide upon the problem, about what is important to you.
For many people concerned about democracy and about electronic voting, the problems we consider are:
* preserving the secret ballot
* retaining the right to an uncoerced vote
* the integrity and accuracy of the vote count (all votes gathered and correctly counted)
* the simplicity of the system (can voters understand how the entire voting system works?)
I call the above "The Democracy Requirements".
You will very rarely hear advocates of electronic and particularly Internet voting talking about any of the above concerns. What they talk about is:
* efficiency
* modernity
* convenience and customer service
* voter turnout (# of votes cast, % of eligible voters who cast votes)
You will notice this is a completely different set of problems.
I call the above "The Voter Engagement Requirements".
So in a sense, we're talking at cross-purposes.
The computer security experts say "electronic voting can never be secure, and you can never know that your vote was counted properly" and they say "we think security is a non-issue because (other technology with unrelated requirements) is 'secure', and e-voting is modern and convenient and young people will use it".
The Democracy Argument Against Electronic Voting (and some paper voting too)
It should be mentioned, the first set of issues applies to many, many other voting options. As soon as you compromise chain-of-custody and the private-in-public vote, you risk all except simplicity.
For example: mail-in voting.
1. If I can identify the sender (by watching the mail they send, by identifying their handwriting, by some unique identifier on their ballot), then no more secret ballot.
2. There is a huge chain-of-custody issue - anyone in the mail stream can intercept and destroy, replace or alter your ballot
3. Your enemies can stand beside you and force you to vote the way they want
These are not abstract issues and rights. People are injured and even die every year in countries where voting is taking your life into your own hands.
Even just advance voting introduces chain-of-custody issues.
(Battlestar Galactica showed a simple fictional scenario for compromising a paper-based election, by having collusion in the chain-of-custody so that an original ballot box was changed with one stuffed with votes for a particular candidate.)
So let me make it very clear: voting on one day privately, in public, on paper, with a hand-count of ballot boxes that never leave the polling station, with scrutineers from all parties watching the count - this is the most elegant solution I can think of to the key issues of secrecy, non-coercion, integrity, accuracy and simplicity.
A machine-mediated vote, or a machine-mediated count CANNOT do this, because you CANNOT (as in, technologically impossible) know what program the computer is actually running. You cannot meet these requirements with an electronic system. I know this is a world where there are few absolutes, but trust me, any computer security expert can tell you this.
The Voter Engagement Argument for Some (non-voting) Use of Electronic Systems
Ok, assuming you want to engage your citizens in some meaningful way, and not in some Canadian Idol illusion-of-convenience superficial way, then I thought it came out quite clearly in the TVO discussion that you need:
* leadership
* engaging issues
* a real connection with voters, particularly young voters
Do you see any mention of technology in the above three items?
There is no website that is going to make you a leader, there is no social network that is going to make your issues engaging, there is no blog posting that can substitute for actually listening to your constituents. IF you already have addressed those issues, then you can reach your voters using...
* radio
* television
* and maybe you've heard of this Internet thing?
Technology is not a solution. Technology is one channel to communicate your message. You have to have an interesting message, first.
If you want more people to vote, give them something they care about to vote for, convince them that their vote matters, and connect with them before and AFTER the election, to demonstrate that you value them for their opinions, not for their increment to your vote count.
If you do that, they will wait in lines for hours. Voting technology doesn't matter. It doesn't solve a problem that Canada has.
For many people concerned about democracy and about electronic voting, the problems we consider are:
* preserving the secret ballot
* retaining the right to an uncoerced vote
* the integrity and accuracy of the vote count (all votes gathered and correctly counted)
* the simplicity of the system (can voters understand how the entire voting system works?)
I call the above "The Democracy Requirements".
You will very rarely hear advocates of electronic and particularly Internet voting talking about any of the above concerns. What they talk about is:
* efficiency
* modernity
* convenience and customer service
* voter turnout (# of votes cast, % of eligible voters who cast votes)
You will notice this is a completely different set of problems.
I call the above "The Voter Engagement Requirements".
So in a sense, we're talking at cross-purposes.
The computer security experts say "electronic voting can never be secure, and you can never know that your vote was counted properly" and they say "we think security is a non-issue because (other technology with unrelated requirements) is 'secure', and e-voting is modern and convenient and young people will use it".
The Democracy Argument Against Electronic Voting (and some paper voting too)
It should be mentioned, the first set of issues applies to many, many other voting options. As soon as you compromise chain-of-custody and the private-in-public vote, you risk all except simplicity.
For example: mail-in voting.
1. If I can identify the sender (by watching the mail they send, by identifying their handwriting, by some unique identifier on their ballot), then no more secret ballot.
2. There is a huge chain-of-custody issue - anyone in the mail stream can intercept and destroy, replace or alter your ballot
3. Your enemies can stand beside you and force you to vote the way they want
These are not abstract issues and rights. People are injured and even die every year in countries where voting is taking your life into your own hands.
Even just advance voting introduces chain-of-custody issues.
(Battlestar Galactica showed a simple fictional scenario for compromising a paper-based election, by having collusion in the chain-of-custody so that an original ballot box was changed with one stuffed with votes for a particular candidate.)
So let me make it very clear: voting on one day privately, in public, on paper, with a hand-count of ballot boxes that never leave the polling station, with scrutineers from all parties watching the count - this is the most elegant solution I can think of to the key issues of secrecy, non-coercion, integrity, accuracy and simplicity.
A machine-mediated vote, or a machine-mediated count CANNOT do this, because you CANNOT (as in, technologically impossible) know what program the computer is actually running. You cannot meet these requirements with an electronic system. I know this is a world where there are few absolutes, but trust me, any computer security expert can tell you this.
The Voter Engagement Argument for Some (non-voting) Use of Electronic Systems
Ok, assuming you want to engage your citizens in some meaningful way, and not in some Canadian Idol illusion-of-convenience superficial way, then I thought it came out quite clearly in the TVO discussion that you need:
* leadership
* engaging issues
* a real connection with voters, particularly young voters
Do you see any mention of technology in the above three items?
There is no website that is going to make you a leader, there is no social network that is going to make your issues engaging, there is no blog posting that can substitute for actually listening to your constituents. IF you already have addressed those issues, then you can reach your voters using...
* radio
* television
* and maybe you've heard of this Internet thing?
Technology is not a solution. Technology is one channel to communicate your message. You have to have an interesting message, first.
If you want more people to vote, give them something they care about to vote for, convince them that their vote matters, and connect with them before and AFTER the election, to demonstrate that you value them for their opinions, not for their increment to your vote count.
If you do that, they will wait in lines for hours. Voting technology doesn't matter. It doesn't solve a problem that Canada has.
Labels: citizen engagement, electronic voting, internet voting, politics
elections are often surprisingly close
The classic Canadian example I usually use is the last Referendum on Quebec independence where it was 50.58% "No" to 49.42% "Yes".
There is another great example going on right now in the Minnesota senate race.
According to Daily Kos, "Today's latest results show [Democratic challenger Al Franken] is now trailing Republican incumbent Norm Coleman by 204 votes."
Wikipedia currently shows the tally at
Popular vote Coleman:1,211,562 Franken:1,211,356 Barkley:437,389
If you want that in percentages that's Coleman 41.988%, Franken 41.981%
That means if your voting machines have even a .01% error rate, they've already thrown the election. And the high-tech threat to Minnesota's optical mark-sense scanners? Dust.
Undecided Minnesota Senate Race Used Machines that Flunked Accuracy Tests - Wired - November 5, 2008
In an earlier posting, Wired writes
ES&S Voting Machines in Michigan Flunk Tests, Don't Tally Votes Consistently - Wired - November 3, 2008
Say what you will about human failure modes, but dust usually isn't one of them.
Given that
1. Elections are often surprisingly close
2. Integrity of the count is paramount (your vote must be correctly counted)
3. Machines have many failure modes
4. A paper count by humans can be open and easily verified and rechecked
Then the best option to ensure confidence in election results is: hand-counted paper ballots.
(I don't know whether the Minnesota recount will require hand-counts.)
There is another great example going on right now in the Minnesota senate race.
According to Daily Kos, "Today's latest results show [Democratic challenger Al Franken] is now trailing Republican incumbent Norm Coleman by 204 votes."
Wikipedia currently shows the tally at
Popular vote Coleman:1,211,562 Franken:1,211,356 Barkley:437,389
If you want that in percentages that's Coleman 41.988%, Franken 41.981%
That means if your voting machines have even a .01% error rate, they've already thrown the election. And the high-tech threat to Minnesota's optical mark-sense scanners? Dust.
Undecided Minnesota Senate Race Used Machines that Flunked Accuracy Tests - Wired - November 5, 2008
In an earlier posting, Wired writes
The problems occurred during logic and accuracy tests in the run-up to this year's general election, Oakland County Clerk Ruth Johnson disclosed in a letter submitted October 24 (.pdf) to the federal Election Assistance Commission (EAC). The machines at issue are ES&S M-100 optical-scan machines, which read and tally election results from paper ballots.
Johnson worried that such problems -- linked tentatively to paper dust build-up in the machines -- could affect the integrity of the general election this week.
ES&S Voting Machines in Michigan Flunk Tests, Don't Tally Votes Consistently - Wired - November 3, 2008
Say what you will about human failure modes, but dust usually isn't one of them.
Given that
1. Elections are often surprisingly close
2. Integrity of the count is paramount (your vote must be correctly counted)
3. Machines have many failure modes
4. A paper count by humans can be open and easily verified and rechecked
Then the best option to ensure confidence in election results is: hand-counted paper ballots.
(I don't know whether the Minnesota recount will require hand-counts.)
Labels: election, electronic voting, optical scan, usa
a note on navigation
If you want to find stuff from the last four years of this blog, the search button in the upper left is probably the best bet, e.g.
http://papervotecanada.blogspot.com/search?q=cbc
http://papervotecanada.blogspot.com/search?q=toronto
http://papervotecanada.blogspot.com/search?q=cbc
http://papervotecanada.blogspot.com/search?q=toronto
Labels: meta
E-voting on TVO The Agenda November 10, 2008
The Debate: E-Voting: An Idea Whose Time Has Come?
Technology and the vote: Why has there been a stubbornly slow adoption of electronic voting?
The Agenda - November 10, 2008
Note: This episode has not yet aired, it will be on television tonight at 8 PM and again at (I think) 11 PM. The video is usually up online a few days after the show airs. I will update this posting with new information when available.
UPDATE: I have created a discussion thread on the "Your Agenda" discussion forum: e-voting. You'll have to create an account there if you want to add your thoughts before or after the show. ENDUPDATE
UPDATE 9 PM: The show has just ended. I thought the debate was good. I also thought it was positive that the debate focused on a much more realistic assessment of evoting in terms of voter engagement and turnout.
If voting was about convenience, you wouldn't have seen people standing in line for hours in the United States. Voting is about citizen engagement. If the citizens find something interesting to engage with, technology can be an enabler. But you don't need online voting for that, you need an online presence for every day other than the election, much as we're seeing already with Barack Obama, who reached out through BarackObama.com (and into many other Internet channels) and is now connecting with Americans through his transition site change.gov
To me this technology argument "young people use technology, so voting should use technology" is ridiculous. Young people aren't stupid. Putting up a Facebook page is not the answer, putting up content that they care about is the answer.
Both of the letters from the MPPs were very well informed.
As well Farhad Manjoo and Darin Barney were both well-informed about the technical issues, and it was great to see Don Lenihan being very clear that it is for the computer security experts to determine whether voting online is secure, not the politicians or corporations.
Marie Bountrogianni was obviously not well-informed about the technical issues, but unfortunately that didn't seem to stop her making incorrect assertions (if we can bank online, why not vote online? um, because they have COMPLETELY DIFFERENT SECURITY REQUIREMENTS).
John Hollins brings a corporate perspective to voting, talking about "serving customers", an approach which to be quite frank, I hate. Voters are not consumers being provided a service, they are citizens engaged in one of the few public activities of our democracy. Voting is not the same as paying a parking fine. (Longtime readers of this blog will know of Mr. Hollins and his boosterism for technology solutions.) In Canada we have very simple elections. You don't need a $3000 touchscreen voting machine with VVPAT paper trail, to record a single vote, so that when there's a problem, you can count the votes on the paper trail. JUST VOTE ON PAPER FIRST.
I will write a follow-up post on citizen engagement vs. e-voting.
Overall I thought it was a good discussion which in the end turned far more on the citizen engagement aspect.
After posting on the Agenda forum I was fortunate to get an email from Sandra Gionas and to have a chance to talk with her on the phone, and she has kindly included substantial quotes from me in her Inside Agenda blog posting Control, Alt, Delete and Vote.
ENDUPDATE
I love the loaded language people use for paper voting: "quaint", "old-fashioned"
or for the lack of technology in Canada's federal elections: "stubbornly slow adoption".
stubbornly?
This is what I had to say the last time someone argued that you couldn't stop the wheels of e-voting progress:
Ah yes. The real world. The modern world. The practical, down-to-earth, realistic, Common Sense Revolution world. Paper is obsolete, so old-fashioned, like the Geneva Convention and other inconveniences.
Bullshit.
corporate voting bullshit - Paper Vote Canada - November 24, 2006
If paper voting is so obsolete, why is it that, overwhelmingly, the most articulate and forceful campaigners against electronic voting are computer scientists? Are computer scientists generally considered stubbornly slow adopters? Could it be that the actual experts in computer technology know that from the standpoints of security, cost, simplicity and core principles of democracy, electronic voting is just a very bad idea?
You don't believe me?
* Computer Scientists question electronic voting - March 3, 2003
* Computer scientists slam e-voting machines - CNet News - September 27, 2004
* Following issuance of an analysis by four computer scientists who were members of the SERVE Security Peer Review Group, the Pentagon decided to scrap plans for the use of this technology to cast ballots in the 2004 Presidential election.
* Computer scientists weigh in on e-voting - July 20, 2006
* UC Computer Scientists Release Video on How to Hack a Sequoia Touch-Screen Voting Machine - September 9, 2008
* E-Voting Doesn’t Get Computer Scientist’s Vote - October 10, 2008
I could go on listing reports and articles for many pages, but I hope I've made my point.
Not having electronic voting is not stubborn resistance to progress, it's rational opposition to expensive, unnecessary, insecure technology that will undermine the foundations of our democracy.
Labels: canada, electronic voting, television
Wednesday, November 05, 2008
The Onion Reports
Voting Machines Elect One Of Their Own As President
All hail the DRE 700.
All hail the DRE 700.
Labels: electronic voting, humour, video
Monday, November 03, 2008
Oprah's Presidential vote initially not recorded by electronic voting machine
500th post.
What's interesting (and sad) is that Oprah blames herself for her voting problems.
First of all, if the machine doesn't record your vote, that's because the machine is badly designed. Second of all, it means you shouldn't be using machines.
It doesn't seem to occur to Oprah that the fault could lie with the machine.
What's interesting (and sad) is that Oprah blames herself for her voting problems.
First of all, if the machine doesn't record your vote, that's because the machine is badly designed. Second of all, it means you shouldn't be using machines.
It doesn't seem to occur to Oprah that the fault could lie with the machine.
Labels: election, electronic voting, usa
Friday, October 31, 2008
machines are insecure and vulnerable
shape-shifting electronic votes are more than fantasy, according to reports from states including West Virginia, Missouri, Nevada, Georgia and Colorado. Whether by accident or design, touch-screen voting machines have "flipped" votes from a caster's chosen candidate to one he opposes.
Unlike the old days when campaigners hung around street corners haranguing voters with handouts and pints of beer, the electronic era presents a sophisticated challenge to democracy.
Now, says Crispin Miller, author of Loser Take All: Election Fraud and Subversion of Democracy 2000-2008, changes can occur seamlessly, without a breath of suspicion. Electronic glitches are only one of a range of mishaps, mistakes and dirty tricks that may decide outcome on Nov. 4.
Complaints about the electronic machines have mounted, along with calls for a return to paper ballots, like Canada's.
"More traditional systems are better," says Jeremy Epstein, a technological security expert and member of two Virginia legislative commissions that studied voting machines. "Paper-based and hand-counted ballots are fast, accurate and cheap. Studies show that machines are insecure and vulnerable to attack."
Fraud fears grow as [US] voters throng polls - The Toronto Star - October 21, 2008
(The article title is not great, something like "voting machine errors and voting surpression plague election" might have been closer to the mark.)
Labels: election, electronic voting, usa
Thursday, October 30, 2008
optical scan to dominate 2008 US election
Election Data Services provides the US November 2008 voting equipment composition (I'm tempted to say "breakdown").
I should mention that they use some confusing terminology.
To me electronic voting covers optical scan, DRE and Internet voting.
They consider electronic voting to cover only DRE (usually touchscreen) machines.
An optical mark-sense reader is an electronic device just like a touchscreen machine. It uses optical sensors to read a dot on paper, rather than to record a fingerprint. It is subject to most of the kinds of attacks that a touchscreen suffers from: you can compromise the software/firmware, there may be errors in the software/firmware, the optical sensors may be mis-aligned or malfunctioning, the paper path may jam, the power can fail, etc.
As well, if you record the order in which voters submit their ballots for scanning, you can reverse this to determine exactly who voted for whom, by going down the stack of ballots - once again the secret ballot is compromised.
It is true that IF AN ERROR IS DETECTED or IF A RECOUNT IS MANDATED, you can then hand-count the ballots (albeit going slightly crosseyed staring at tiny circles for hours).
Of course if you were a clever hacker, you would just program the scanner to distort the election by a margin smaller than that which would trigger any investigation. A similarly small error would also not be detected.
NOTE: some kind of rendering bug puts this table far down on the page.
from 2008 Voting Equipment Study (PDF)
According to votingmachines.procon.org the numbers previously were
2004: 1% paper, 35% optical scan, 29.5% DRE
2000: 1.5% paper, 29.5% optical scan, 12.5% DRE
I should mention that they use some confusing terminology.
To me electronic voting covers optical scan, DRE and Internet voting.
They consider electronic voting to cover only DRE (usually touchscreen) machines.
An optical mark-sense reader is an electronic device just like a touchscreen machine. It uses optical sensors to read a dot on paper, rather than to record a fingerprint. It is subject to most of the kinds of attacks that a touchscreen suffers from: you can compromise the software/firmware, there may be errors in the software/firmware, the optical sensors may be mis-aligned or malfunctioning, the paper path may jam, the power can fail, etc.
As well, if you record the order in which voters submit their ballots for scanning, you can reverse this to determine exactly who voted for whom, by going down the stack of ballots - once again the secret ballot is compromised.
It is true that IF AN ERROR IS DETECTED or IF A RECOUNT IS MANDATED, you can then hand-count the ballots (albeit going slightly crosseyed staring at tiny circles for hours).
Of course if you were a clever hacker, you would just program the scanner to distort the election by a margin smaller than that which would trigger any investigation. A similarly small error would also not be detected.
NOTE: some kind of rendering bug puts this table far down on the page.
| Type | % Registered Voters |
|---|---|
| Punch Cards | 0.10 |
| Lever Machines | 6.72 |
| Hand-Counted Paper Ballots | 0.17 |
| Optically-Scanned Paper Ballots | 56.17 |
| Electronic (DRE / Touchscreen) Systems | 32.63 |
| Mixed | 4.22 |
from 2008 Voting Equipment Study (PDF)
According to votingmachines.procon.org the numbers previously were
2004: 1% paper, 35% optical scan, 29.5% DRE
2000: 1.5% paper, 29.5% optical scan, 12.5% DRE
Labels: election, electronic voting, usa
Wednesday, October 22, 2008
machines: oh the many ways they can fail
The elections staff had collected electronic copies of the votes on memory cards and taken them to the main office, where dozens of workers inside a secure, glass-encased room fed them into the “GEMS server,” a gleaming silver Dell desktop computer that tallies the votes.
Then at 10 p.m., the server suddenly froze up and stopped counting votes. Cuyahoga County technicians clustered around the computer, debating what to do. A young, business-suited employee from Diebold — the company that makes the voting machines used in Cuyahoga — peered into the screen and pecked at the keyboard. No one could figure out what was wrong. So, like anyone faced with a misbehaving computer, they simply turned it off and on again. Voilà: It started working — until an hour later, when it crashed a second time.
...
so many printers had jammed that 20 percent of the machines involved in the recounted races lacked paper copies of some of the votes. They weren’t lost, technically speaking; Platten could hit “print” and a machine would generate a replacement copy. But she had no way of proving that these replacements were, indeed, what the voters had voted. She could only hope the machines had worked correctly.
...
In the last three election cycles, touch-screen machines have become one of the most mysterious and divisive elements in modern electoral politics. Introduced after the 2000 hanging-chad debacle, the machines were originally intended to add clarity to election results. But in hundreds of instances, the result has been precisely the opposite: they fail unpredictably, and in extremely strange ways; voters report that their choices “flip” from one candidate to another before their eyes; machines crash or begin to count backward; votes simply vanish.
An extensive New York Times Magazine report from January 6, 2008: Can You Count on Voting Machines?
And these are just the obvious, visible ways in which machines can fail.
There are many other silent ways in which the machines could fail internally that you would never detect.
You can move to optical mark-sense, but these are still machines:
* the poll workers need to get trained on them
* the paper can jam
* the scanners can fail
* the entire machine can fail
and on and on and on.
In case you think those are unlikely scenarios, they are already happening in advance voting in the United States.
The Jacksonville Times-Union reported long lines in northeast Florida, with at least two counties reporting problems with voting machines. In Duval County, 7 of 15 optical scanning machines used to count ballots had to be replaced, the newspaper reported.
Early voting suggests 2008 may see record turnout, expert says - CNN - October 21, 2008
Labels: election, electronic voting, usa
Monday, October 20, 2008
US moving to optical mark-sense rather than DRE
Note: DRE stands for Direct-Record Electronic, most commonly in the US these are "touch screen voting machines".
Debate Continues over Security, Reliability of Voting Technology - America.gov - 27 August 2008
As I've said before, optical scan is the least-worst electronic technology, because you can at least do a manual recount of the paper ballots,
but you're still better off just counting the paper ballots by hand in the first place.
The main issue, according to a 2005 overview of electronic voting by the Institute of Governmental Studies at the University of California-Berkeley, is that if the record of votes cast exists only in digital form in a touch-screen system, there is no independent way to confirm the votes were recorded accurately and thus no way to conduct a reliable recount.
Overall, in the nation’s 170,000 polling places, there has been a shift from predominantly using manual systems (lever machines, punch cards, paper ballots) to computer-based systems (optical scan and DREs) in federal elections.
But according to news reports, as a result of the controversy over DRE machines, in the 2008 election many states might use optical scan paper ballots that require voters to fill in ovals with a pen.
Debate Continues over Security, Reliability of Voting Technology - America.gov - 27 August 2008
As I've said before, optical scan is the least-worst electronic technology, because you can at least do a manual recount of the paper ballots,
but you're still better off just counting the paper ballots by hand in the first place.
Labels: electronic voting
The Coast on electronic voting
The Coast has an excellent and extensive article on issues with electronic voting, particularly as related to the Halifax Regional Municipality.
iVote: Can electronic voting save democracy? - The Coast - September 18, 2008
It's no wonder that Americans are increasingly distrustful of the voting process. Voting experts challenge every aspect of elections, including the registration process, the procedures at the polling place itself, the use of electronic machines and the counting and recounting of votes.
Contrast the sour American experience to Canadian elections: In this country, voters show up at the poll and are handed a paper ballot and a pencil. They check the box next to their preferred candidate and put the ballot in a box. After the polls close, an election official opens the box, and the official and poll observers from the political parties examine each ballot and agree on how the vote was cast. A final tally takes about half an hour.
The Canadian system is clean, unambiguous and fair.
But the Halifax Regional Municipality doesn't like the Canadian system, and is determined to change it.
iVote: Can electronic voting save democracy? - The Coast - September 18, 2008
Labels: canada, halifax, internet voting
Sunday, October 19, 2008
machines don't fail, people fail
There is this charming myth that machines are "reliable" and "correct" whereas people are error-prone. (The above post title is me being sarcastic.)
This will be shown to be totally false when, on election day, a percentage of the millions of voting machines fail in the following ways:
* mechanical failure
* touch screen misaligned
* touch screen doesn't work at all
* display screen fails (black screen)
* power fails
* printer fails
* card reader fails
* software error
If they were using Internet voting, the ways in which things could fail would be even more spectacular:
* computer monitor fails
* computer hard drive fails
* mouse not working
* keyboard error
* power fails
* network card fails
* router fails
* connection to ISP fails
* network attack or denial of service
* ISP hardware or software fails
* network transmission error
* voting software error
* central voting servers fail
* air conditioning in central voting server room fails
* power fails in central voting server room
* network fails in central voting server room
* server room catches fire (this happens more often than you might think)
Note that all of the above is just a sample of what WILL happen (the odds of a hard drive failing eventually are 100%) and none of the above require any malicious activity, just normal failures of systems. When you add in malicious activity, the scenarios get much, much worse.
This will be shown to be totally false when, on election day, a percentage of the millions of voting machines fail in the following ways:
* mechanical failure
* touch screen misaligned
* touch screen doesn't work at all
* display screen fails (black screen)
* power fails
* printer fails
* card reader fails
* software error
If they were using Internet voting, the ways in which things could fail would be even more spectacular:
* computer monitor fails
* computer hard drive fails
* mouse not working
* keyboard error
* power fails
* network card fails
* router fails
* connection to ISP fails
* network attack or denial of service
* ISP hardware or software fails
* network transmission error
* voting software error
* central voting servers fail
* air conditioning in central voting server room fails
* power fails in central voting server room
* network fails in central voting server room
* server room catches fire (this happens more often than you might think)
Note that all of the above is just a sample of what WILL happen (the odds of a hard drive failing eventually are 100%) and none of the above require any malicious activity, just normal failures of systems. When you add in malicious activity, the scenarios get much, much worse.
Labels: electronic voting
and so it begins
"People make mistakes more than machines," said Jackson County Clerk Jeff Waybright.
Dear Jeff Waybright,
You are way wrong. You are confusing consistency with correctness. If a machine is programmed to do something (programmed, by a person) it will do that thing, consistently. If what it was programmed to do is WRONG, it will do it CONSISTENTLY WRONG.
Yours Truly,
Someone who actually knows about machines
Above quote from More W.Va. voters say machines are switching votes in the Charleston Gazette, October 18, 2008. The story reports that machines are not correctly displaying votes (presumably because of touch screen misalignment, or other malfunction).
Labels: election, electronic voting
Friday, October 17, 2008
Is America Ready to Vote?
One way to illustrate the simplicity of paper voting is to talk about how machines can fail, so...
Is America Ready to Vote? State Preparations for Voting System Problems in 2008
On November 4, 2008 voting systems will fail somewhere in the United States in one or more jurisdictions in the country. Unfortunately, we don't know where. For this reason, it is imperative that every state prepare for system failures. We urge each state to take steps necessary to insure that inevitable voting machine problems do not undermine either the individual right to vote, or our ability to accurately count each vote cast.
Is America Ready to Vote? State Preparations for Voting System Problems in 2008
Labels: electronic voting, usa
Tuesday, October 14, 2008
Election Day in Canada - Please Vote - October 14, 2008
It's election day in Canada.
Please vote.
Remember there are new identification rules, roughly you need either a driver's license (or health card with photo and address in Ontario) or two pieces of ID, one with name & photo and one with address.
See Voter Identification at the Polls for more information.
In general, see
http://www.elections.ca/
for any information you need about voting today.
If you're new to the process, this very simple guide will walk you through (with the exception of the new identification rules).
Please vote.
Remember there are new identification rules, roughly you need either a driver's license (or health card with photo and address in Ontario) or two pieces of ID, one with name & photo and one with address.
See Voter Identification at the Polls for more information.
In general, see
http://www.elections.ca/
for any information you need about voting today.
If you're new to the process, this very simple guide will walk you through (with the exception of the new identification rules).
