Wednesday, May 11, 2016
Internet voting video of the week - Tom Scott
https://youtu.be/w3_0x6oaDmI
Labels: electronic voting, internet voting, links to video, online voting
online voting - get ready to provide evidence
If you are interested in providing evidence about the risks of online voting, you are welcome to contact me @papervote or papervotecanada@gmail.com
On May 11, 2016 the Government of Canada gave notice of its proposal to create an All-Party Parliamentary Committee on Electoral Reform.
Online and in-person consultation hearings are proposed. I have asked (through my Twitter account) if there will be a specific hearing on online voting.
Sources of information are
UPDATE 2016-06-24: The full committee membership has been announced and they have held their first meeting. I have listed all of the members with their contact information in #ERRE - Special Committee on Electoral Reform - membership
There has been no commitment to hold a specific hearing about online voting, @CdnDemocracy said only "the all-party parliamentary committee will be studying online voting" in response to my tweeted question.
ENDUPDATE
On May 11, 2016 the Government of Canada gave notice of its proposal to create an All-Party Parliamentary Committee on Electoral Reform.
The Government has also asked that the committee consider the issues of mandatory voting and online voting.The government is proposing that five principles guide the parliamentary committee's study, of which the most relevant for the purposes of this blog is
4. Safeguarding the integrity of our voting process.The timing is tight to produce a comprehensive report.
The Government is proposing that the special all-party committee issue its final report to Parliament by December 1, 2016.from News Release - Government of Canada proposes All-Party Parliamentary Committee on Electoral Reform and Democratic Institutions - Frequently Asked Questions.
Online and in-person consultation hearings are proposed. I have asked (through my Twitter account) if there will be a specific hearing on online voting.
UPDATE 2016-06-30: Please see my blog post@CdnDemocracy Will there be a hearing specifically about online voting?— Richard Akerman (@papervote) May 11, 2016
How to participate in #ERRE Special Committee on Electoral Reform
for more information. ENDUPDATESources of information are
- Twitter: @CdnDemocracy
- Web: http://www.DemocraticInstitutions.gc.ca/
- Twitter: Minister of Democratic Institutions @MaryamMonsef
UPDATE 2016-06-24: The full committee membership has been announced and they have held their first meeting. I have listed all of the members with their contact information in #ERRE - Special Committee on Electoral Reform - membership
There has been no commitment to hold a specific hearing about online voting, @CdnDemocracy said only "the all-party parliamentary committee will be studying online voting" in response to my tweeted question.
ENDUPDATE
Labels: #CdnDemocracy, CdnDemocracy, internet voting, online voting
Sunday, June 07, 2015
Voting Machines
The electronic voting machine, a purely electronic kiosk where you vote, has many challenges.
The code that the machine runs must be correct (without significant bugs or errors), which is difficult (and expensive).
Worse, you must be certain that the code you have validated is actually the code it runs for every vote during the election, which is impossible. As in, literally impossible. The problem is, the only way to find out what code the machine is running is to ask it. Because machines are programmed by humans, machines can lie, just like humans.
Here's how it works:
2. Computer says "I am running the validated code"
2. Computer expert queries the computer about what code it is running
3. The malicious code lies and says "I am running the validated code"
This is not theoretical, this is exactly what a rootkit does.
So if the machine only records votes electronically, you can never be sure if your vote was correctly recorded. (This is not to mention the possibility of alteration during a long electronic chain of transmission to get to the final election results.)
The only way to verify your vote is to get a paper printout, so that you can look at the paper and validate that it shows your vote as cast. But again, remember the computer can lie. You can vote for party A, the computer can record the vote for party B and then print a paper receipt saying you voted for party A.
The only way to actually be certain of the vote count is to count the paper...
which means you just spent millions of dollars replacing a pen.
These are just the core issues, in an ideal system.
In reality, there are many more problems with voting machines. Although some were based on ATMs, ATMs are physically bigger, have a simpler job, have much clearer transactional validation (ask for $100, complain if you don't get $100), and have dedicated maintenance teams. While some voting machines were build by ATM manufacturers (like Diebold), the coding was rushed (at least we assume so, we don't get to see the coding), the machines are only used once a year at most, and the maintenance is done by amateurs who don't have the bank's monetary motivations for maintaining accuracy. In such a situation, voting machines can have many errors including:
* touchscreen misalignment
* coding errors
* introduction of malicious code e.g. via USB
* failure due to poor storage or aging out
* existing software vulnerabilities (particularly since most run Windows) that are uncovered during the lifetime of the machine but never patched, opening them to network or USB attack
The code that the machine runs must be correct (without significant bugs or errors), which is difficult (and expensive).
Worse, you must be certain that the code you have validated is actually the code it runs for every vote during the election, which is impossible. As in, literally impossible. The problem is, the only way to find out what code the machine is running is to ask it. Because machines are programmed by humans, machines can lie, just like humans.
Here's how it works:
Computer running the validated code
1. Computer expert queries the computer about what code it is running2. Computer says "I am running the validated code"
Computer running hacked code
1. Computer is hacked, adding malicious (lying) code to the validated code2. Computer expert queries the computer about what code it is running
3. The malicious code lies and says "I am running the validated code"
This is not theoretical, this is exactly what a rootkit does.
So if the machine only records votes electronically, you can never be sure if your vote was correctly recorded. (This is not to mention the possibility of alteration during a long electronic chain of transmission to get to the final election results.)
The only way to verify your vote is to get a paper printout, so that you can look at the paper and validate that it shows your vote as cast. But again, remember the computer can lie. You can vote for party A, the computer can record the vote for party B and then print a paper receipt saying you voted for party A.
The only way to actually be certain of the vote count is to count the paper...
which means you just spent millions of dollars replacing a pen.
These are just the core issues, in an ideal system.
In reality, there are many more problems with voting machines. Although some were based on ATMs, ATMs are physically bigger, have a simpler job, have much clearer transactional validation (ask for $100, complain if you don't get $100), and have dedicated maintenance teams. While some voting machines were build by ATM manufacturers (like Diebold), the coding was rushed (at least we assume so, we don't get to see the coding), the machines are only used once a year at most, and the maintenance is done by amateurs who don't have the bank's monetary motivations for maintaining accuracy. In such a situation, voting machines can have many errors including:
* touchscreen misalignment
* coding errors
* introduction of malicious code e.g. via USB
* failure due to poor storage or aging out
* existing software vulnerabilities (particularly since most run Windows) that are uncovered during the lifetime of the machine but never patched, opening them to network or USB attack
Labels: electronic voting, security, voting machines
Friday, April 17, 2015
Internet voting risks
(And risks associated with other types of voting technology.)
I have been tweeting many links about Internet voting risks on the account @papervote
but now it is time to put them together in a blog post.
You can also find links in my bookmarks (which are drawn from many of my accounts, not just @papervote) under tag voting_tech_risks (click link for full list).
Also see extensive materials at http://www.verifiedvoting.org/resources/internet-voting/
✭ US Association for Computing Machinery (ACM) - Internet voting
Remarks from the Honorable James R. Clapper, Director of National Intelligence:
This excellent report, licensed in the Creative Commons for reuse (CC BY-NC-ND 3.0 Australia) covers many risks related to Internet voting, with very clear language.
Full report (PDF) can be downloaded; individual sections also available.
✭ NISTIR 7770 - Security Considerations for Remote Electronic UOCAVA Voting (PDF) - February 2011
✭ UK Electoral Commission - Key issues and conclusions: May 2007 electoral pilot schemes (PDF; copy from Archive.org) - August 2007
From the Chaos Communication Conference (31c3) in 2014. You can also see the video on their website.
✭ Why electronic voting is a BAD idea - published to YouTube Dec 18, 2014
The above video is a fantastic clear explanation of why electronic voting machines are a security risk and why Internet voting is even worse.
Presented by Tom Scott for Computerphile, filmed by Sean Riley.
✭ Videos from online course Securing Digital Democracy by J. Alex Halderman
✭ SRI International - Podcast (audio) - Internet voting - October 10, 2010
Interviewing Jeremy Epstein.
✭ Remarkable Virginia IT Agency Report Details Reasons for WinVote Decertification - by Doug Chapin - April 15, 2015
✭ Sydney Morning Herald - International experts warn of the risks of Australian online voting tools - March 24, 2015
✭ Communications of the ACM - Security Risks, Privacy Issues Too Great for Internet Voting - March 12, 2015
Above article reports on a presentation by computer scientist David Jefferson.
✭ CBC - Internet voting isn't a big draw for younger voters, researcher says - February 11, 2015
Note that Nichole Goodman is a social sciences researcher, not a computer scientist.
✭ Analyst opinion: Don’t take online voting for granted - by Nick Wallace - January 30, 2015
Above article by computer scientist Barbara Simons.
... more to come
I have been tweeting many links about Internet voting risks on the account @papervote
but now it is time to put them together in a blog post.
You can also find links in my bookmarks (which are drawn from many of my accounts, not just @papervote) under tag voting_tech_risks (click link for full list).
Also see extensive materials at http://www.verifiedvoting.org/resources/internet-voting/
Statements from Computer Scientist Organisations
Computer scientists are best positioned to understand the risks related to the use of computers for voting. They have made clear statements against the use of Internet voting at this time.✭ US Association for Computing Machinery (ACM) - Internet voting
Internet voting adds additional concerns about security, verifiability and auditability to those already known about electronic voting. ...✭ Computer Technologists' Statement on Internet Voting
At the present, paper-based systems provide the best available technology to [preserve the ability to audit and/or recount the votes].
Several serious, potentially insurmountable, technical challenges must be met if elections conducted by transmitting votes over the internet are to be verifiable.
Government Reports / Tech Reports
✭ US Office of the Director of National Intelligence - Opening Statement to Worldwide Threat Assessment Hearing (PDF) - February 26, 2015Remarks from the Honorable James R. Clapper, Director of National Intelligence:
I'll start with cyber threats. Attacks against us are increasing in frequency, scale, sophistication and severity of impact.✭ Foundation for Information Policy Research - Response to The Speaker’s Commission on Digital Democracy (PDF) - September 27, 2014
this technology still has very significant issues with security, privacy, coercion resistance, auditability and comprehensibility, which preclude its use in high-stakes contests where capable and well-resourced actors (political parties, lobby groups and even foreign governments) may have an incentive to manipulate the system✭ Parliament of Australia - Inquiry into... 2013 General Election - Second Interim Report: An assessment of electronic voting options
This excellent report, licensed in the Creative Commons for reuse (CC BY-NC-ND 3.0 Australia) covers many risks related to Internet voting, with very clear language.
Full report (PDF) can be downloaded; individual sections also available.
✭ NISTIR 7770 - Security Considerations for Remote Electronic UOCAVA Voting (PDF) - February 2011
✭ UK Electoral Commission - Key issues and conclusions: May 2007 electoral pilot schemes (PDF; copy from Archive.org) - August 2007
issues with the security and transparency of the solutions
Expert Analysis
✭ Independent Report on E-voting in EstoniaAudio and Video
✭ Security Analysis of Estonia's Internet Voting System by J. Alex Halderman - published to YouTube Dec 28, 2014From the Chaos Communication Conference (31c3) in 2014. You can also see the video on their website.
✭ Why electronic voting is a BAD idea - published to YouTube Dec 18, 2014
The above video is a fantastic clear explanation of why electronic voting machines are a security risk and why Internet voting is even worse.
Presented by Tom Scott for Computerphile, filmed by Sean Riley.
✭ Videos from online course Securing Digital Democracy by J. Alex Halderman
✭ SRI International - Podcast (audio) - Internet voting - October 10, 2010
Interviewing Jeremy Epstein.
Articles, Blog Posts, etc.
✭ Freedom to Tinker - Decertifying the worst voting machine in the US - by Jeremy Epstein - April 15, 2015✭ Remarkable Virginia IT Agency Report Details Reasons for WinVote Decertification - by Doug Chapin - April 15, 2015
✭ Sydney Morning Herald - International experts warn of the risks of Australian online voting tools - March 24, 2015
✭ Communications of the ACM - Security Risks, Privacy Issues Too Great for Internet Voting - March 12, 2015
Above article reports on a presentation by computer scientist David Jefferson.
✭ CBC - Internet voting isn't a big draw for younger voters, researcher says - February 11, 2015
Note that Nichole Goodman is a social sciences researcher, not a computer scientist.
✭ Analyst opinion: Don’t take online voting for granted - by Nick Wallace - January 30, 2015
Government should consider alternatives to online voting. ... Preventing fraud is a tall order. ... An additional challenge is preserving the secret ballot...✭ USA Today - Online voting rife with hazards - November 4, 2014
Above article by computer scientist Barbara Simons.
Education
Learn more about the issues.... more to come
Wednesday, October 19, 2011
City of Markham's Internet voting story at GTEC 2011
GTEC conference, October 19, 2011 from 10:00 to 11:00
Using Digital Technology to Connect with Citizens in the Town of Markham
Given the apparent decrease in voter engagement, Canadian governments are faced with seeking innovative ways to connect with the public. When used strategically, digital technologies are an effective means to engage citizens. Through the use of Internet voting and the implementation of multiple interactive online initiatives, the Town of Markham has become a leader in eDemocracy. In this session attendees will hear from the Mayor of Markham, the visionary behind Markham’s innovative use of digital technologies to engage citizens, as well as the CEO of Delvinia, the firm behind the initiatives and the only organization to collect consumer data on Internet voting in three consecutive elections.
from GTEC 2011 Conference Program at a Glace
Using Digital Technology to Connect with Citizens in the Town of Markham
Given the apparent decrease in voter engagement, Canadian governments are faced with seeking innovative ways to connect with the public. When used strategically, digital technologies are an effective means to engage citizens. Through the use of Internet voting and the implementation of multiple interactive online initiatives, the Town of Markham has become a leader in eDemocracy. In this session attendees will hear from the Mayor of Markham, the visionary behind Markham’s innovative use of digital technologies to engage citizens, as well as the CEO of Delvinia, the firm behind the initiatives and the only organization to collect consumer data on Internet voting in three consecutive elections.
Speaker - Frank Scarpitti, Mayor, Town of Markham
Co-presenter - Adam Froman, CEO, Delviniafrom GTEC 2011 Conference Program at a Glace
Wednesday, September 28, 2011
in which I help the news media
1) Delvinia releases a report
"Our latest DIG report examines the Town of Markham’s experience with Internet voting in the 2003, 2006 and 2010 municipal election"
http://www.delvinia.com/delvinia-releases-dig-report-on-edemocracy-and-citizen-engagement/
This is good.
2) However
So objective fact 1: Delvinia is selling the full report.
3) However
So objective fact 2: Delvinia was paid by the City of Markham to promote Internet voting in 2003, 2006 and 2010 (the same years in the same city concerning the same topic that the newly-released evoting report covers).
4) The correct way to report this, providing the full context, would be
Delvinia, a company paid by the City of Markham to promote Internet voting in 2003, 2006 and 2010, is now selling a detailed report about Internet voting in Markham. The report concludes Internet voting was a great success.
I am not criticising Delvinia or the report, I am just stating the objective facts of the context of the report.
So I will now help some news reporting organisations.
This is what the Star wrote
You may note that neither in this extract nor indeed anywhere in the entire article does it mention the context I provided above. The article with context would be
And here, again, is the article with the actual full context added
UPDATE: I should also mention, in case you think this is a minor nuance on an obscure story buried in the back pages of the paper, that "Online voting changes the game" was the Toronto Star's front-page, above-the-fold, banner full-width headline story for Monday September 26, 2011. In newspaper terms, they declared it the single most important story in the world for September 26, 2011.
"Our latest DIG report examines the Town of Markham’s experience with Internet voting in the 2003, 2006 and 2010 municipal election"
http://www.delvinia.com/delvinia-releases-dig-report-on-edemocracy-and-citizen-engagement/
This is good.
In 2010, with the support of Ryerson University, Delvinia secured an Engage Grant from the Natural Sciences and Engineering Research Council (NSERC) to commission Nicole Goodman, a PhD candidate specializing in Canadian political institutions and alternative voting methods, to provide a scholarly perspective on the data collected following the 2010 election as well as a comparison to the data Delvinia collected in the 2003 and 2006 elections.It is also excellent to see academic research in this field and a rigorous report.
2) However
The DIG report is available online at www.delvinia.com/dig. The full research report is available for purchase through Delvinia. Please refer to our order form to obtain a copy of the report.from http://www.delvinia.com/delvinia-releases-dig-report-on-edemocracy-and-citizen-engagement/
So objective fact 1: Delvinia is selling the full report.
3) However
In addition to helping the Town raise awareness of Internet voting in the 2003, 2006 and 2010 municipal elections, Delvinia also conducted in-person and online surveys to collect data regarding public attitudes, feelings and beliefs toward Internet voting in each of those elections.from http://www.delvinia.com/should-canadians-have-the-opportunity-to-vote-online/
So objective fact 2: Delvinia was paid by the City of Markham to promote Internet voting in 2003, 2006 and 2010 (the same years in the same city concerning the same topic that the newly-released evoting report covers).
4) The correct way to report this, providing the full context, would be
Delvinia, a company paid by the City of Markham to promote Internet voting in 2003, 2006 and 2010, is now selling a detailed report about Internet voting in Markham. The report concludes Internet voting was a great success.
I am not criticising Delvinia or the report, I am just stating the objective facts of the context of the report.
So I will now help some news reporting organisations.
This is what the Star wrote
Internet voting in advance polls in Markham has helped increase overall voter turnout, engage non-voters to vote and greatly improve overall voter satisfaction, according to a research and public opinion report released Monday.http://www.thestar.com/news/article/1059558
In the report by Delvinia, a digital strategy firm, voter turnout in Markham has increased by 35 per cent since the introduction of Internet voting in 2003, and much of that is attributed to the advent of online voting.
You may note that neither in this extract nor indeed anywhere in the entire article does it mention the context I provided above. The article with context would be
Internet voting in advance polls in Markham has helped increase overall voter turnout, engage non-voters to vote and greatly improve overall voter satisfaction, according to a research and public opinion report released Monday.This is what IT World Canada wrote
In the report by Delvinia, a digital strategy firm, voter turnout in Markham has increased by 35 per cent since the introduction of Internet voting in 2003, and much of that is attributed to the advent of online voting. Delvinia, a company paid by the City of Markham to promote Internet voting in 2003, 2006 and 2010, is now selling a detailed report about Internet voting in Markham.
New data culled from Markham, Ont. voters could make a case for the introduction of Internet voting across all levels of government in Canada, according to a new report from user experience design firm Delviniahttp://www.itworldcanada.com/news/e-voting-gets-almost-unanimous-praise-study-finds/144015
The Toronto-based digital consultancy released the findings of its eDemocracy and Citizen Engagement report on Monday, which focused on the Town of Markham’s recent online voting initiatives. The municipality has offered online voting for its local elections since 2003.
And here, again, is the article with the actual full context added
New data culled from Markham, Ont. voters could make a case for the introduction of Internet voting across all levels of government in Canada, according to a new report from user experience design firm DelviniaI want to be completely up-front: I am profoundly disappointed that major Canadian news media are not providing the full context of this report. I expect the news media to provide context for ANY press release, announcement, speech, interview or think-tank report. Information without context is no foundation for democracy.
The Toronto-based digital consultancy released the findings of its eDemocracy and Citizen Engagement report on Monday, which focused on the Town of Markham’s recent online voting initiatives. The municipality has offered online voting for its local elections since 2003. Delvinia, a company paid by the City of Markham to promote Internet voting in 2003, 2006 and 2010, is now selling a detailed report about Internet voting in Markham.
UPDATE: I should also mention, in case you think this is a minor nuance on an obscure story buried in the back pages of the paper, that "Online voting changes the game" was the Toronto Star's front-page, above-the-fold, banner full-width headline story for Monday September 26, 2011. In newspaper terms, they declared it the single most important story in the world for September 26, 2011.
Monday, May 02, 2011
May 2, 2011 - Election Day
Go vote, in the assurance that your vote will be accurately counted.
http://elections.ca/
http://elections.ca/
Labels: canada, elections canada
Wednesday, April 27, 2011
Canadian online voting discussion on The Rutherford Show
Thursday April 28, 2011 at noon Eastern (10 Mountain) The Rutherford Show will have a discussion about online voting, including Internet voting expert Barbara Simons.
You can listen to the show live - click the large "Listen Live" icon at the top of the web page.
You can listen to the show live - click the large "Listen Live" icon at the top of the web page.
Labels: canada, online voting
Wednesday, April 20, 2011
if I can do X online, then why not voting
This is a kind of typical "if I can bank online securely, why not vote online" story by Lena Almeida
Let’s boost participation by allowing online voting
Canada.com - April 15, 2011
And this is a kind of typical "hey our government cybersecurity research lab was hacked" story
Top Federal Lab Hacked in Spear-Phishing Attack
Wired Threat Level - April 20, 2011
Because the answer is, you don't bank online securely. People's online banking is hacked ALL THE TIME. Everyone's systems, including national cybersecurity facilities in the US and Canada, get broken into by determined, sophisticated attackers.
Let me make it clear, I respect Ms. Almeida's question. It is not at all obvious to someone who hasn't stepped through the properties of our current paper-based system one-by-one, and who hasn't analysed the risks of a purely Internet-based system, why online voting shouldn't be as simple as filing your taxes online.
What you CAN do with banking is have their experts follow a forensics trail, undo the unauthorized changes, and return your account to its correct state. As happened to me recently when my credit card number was stolen.
But you CANNOT DO THIS WITH A ONE-TIME, ONE-VOTE, ANONYMOUS ELECTION.
If your vote is reversable 1) it has to be personally identifiable 2) ANYONE with technical knowledge can reverse it.
So that's why you can't vote online. It's not a technical problem. There are no technical barriers to voting online. Amongst many, many other things it's a security problem. Even if you can solve the security problem, you still can't verify what code is running (so open source doesn't help). Even if you could solve the security AND the code verification problems, you still can't stop someone standing over you at home as you vote, and threatening you if you don't vote the correct way (the coercion problem). Or someone can just steal someone's voting credentials and skip the bother of threatening them (the authentication problem).
Hackers will attack your vote, it's just a question of whether they succeed. And the company or individuals writing the code could be malicious, corrupted or threatened. Or the company making the servers. Or the people in the server room. Or actively malicious insiders anywhere along the network chain. Or citizens can be systematically intimidated into voting a certain way. Or the voting credentials of huge numbers of people who don't bother to vote can simply be stolen (e.g. monitoring the mailboxes of students and other young people for convenient mailings with PIN numbers that are unlikely to be used).
Oh, and even if someone miraculously everyone involved in the long chain between you and your vote being recorded on a distant server is trustworthy and not malicious, the software can still have bugs. In fact it's pretty much guaranteed to have bugs. Bugs which may not show up until millions of real users start hammering the real system on election day. So it can still fail spectacularly. Or even worse, fail silently and undetectably, misrecording or losing votes.
But other than that, online voting is a great idea.
PS If you think the TV shows have mastered this problem, I suggest googling so you think you can dance vote hacked or head right to
How the 'Dancing' vote was hacked - MSNBC Cosmic Log - November 19, 2010
Let’s boost participation by allowing online voting
Canada.com - April 15, 2011
And this is a kind of typical "hey our government cybersecurity research lab was hacked" story
Top Federal Lab Hacked in Spear-Phishing Attack
Wired Threat Level - April 20, 2011
Because the answer is, you don't bank online securely. People's online banking is hacked ALL THE TIME. Everyone's systems, including national cybersecurity facilities in the US and Canada, get broken into by determined, sophisticated attackers.
Let me make it clear, I respect Ms. Almeida's question. It is not at all obvious to someone who hasn't stepped through the properties of our current paper-based system one-by-one, and who hasn't analysed the risks of a purely Internet-based system, why online voting shouldn't be as simple as filing your taxes online.
What you CAN do with banking is have their experts follow a forensics trail, undo the unauthorized changes, and return your account to its correct state. As happened to me recently when my credit card number was stolen.
But you CANNOT DO THIS WITH A ONE-TIME, ONE-VOTE, ANONYMOUS ELECTION.
If your vote is reversable 1) it has to be personally identifiable 2) ANYONE with technical knowledge can reverse it.
So that's why you can't vote online. It's not a technical problem. There are no technical barriers to voting online. Amongst many, many other things it's a security problem. Even if you can solve the security problem, you still can't verify what code is running (so open source doesn't help). Even if you could solve the security AND the code verification problems, you still can't stop someone standing over you at home as you vote, and threatening you if you don't vote the correct way (the coercion problem). Or someone can just steal someone's voting credentials and skip the bother of threatening them (the authentication problem).
Hackers will attack your vote, it's just a question of whether they succeed. And the company or individuals writing the code could be malicious, corrupted or threatened. Or the company making the servers. Or the people in the server room. Or actively malicious insiders anywhere along the network chain. Or citizens can be systematically intimidated into voting a certain way. Or the voting credentials of huge numbers of people who don't bother to vote can simply be stolen (e.g. monitoring the mailboxes of students and other young people for convenient mailings with PIN numbers that are unlikely to be used).
Oh, and even if someone miraculously everyone involved in the long chain between you and your vote being recorded on a distant server is trustworthy and not malicious, the software can still have bugs. In fact it's pretty much guaranteed to have bugs. Bugs which may not show up until millions of real users start hammering the real system on election day. So it can still fail spectacularly. Or even worse, fail silently and undetectably, misrecording or losing votes.
But other than that, online voting is a great idea.
PS If you think the TV shows have mastered this problem, I suggest googling so you think you can dance vote hacked or head right to
How the 'Dancing' vote was hacked - MSNBC Cosmic Log - November 19, 2010
Labels: canada, online voting
iconic
Just pointing to some official Elections Canada icons for the 41st General Election.
Please note: the following reproductions are a copy of the promotional icons that are published by Elections Canada and the reproductions have not been produced in affiliation with, or with the endorsement of Elections Canada.
UPDATE: Removed in accordance with May 2 deletion requirement. ENDUPDATE
In general Elections Canada could use some major website and social media help.
That would move youth turnout a lot more than online voting.
Note to self: Apparently I am to make these icons disappear after May 2, 2011.
Please note: the following reproductions are a copy of the promotional icons that are published by Elections Canada and the reproductions have not been produced in affiliation with, or with the endorsement of Elections Canada.
UPDATE: Removed in accordance with May 2 deletion requirement. ENDUPDATE
In general Elections Canada could use some major website and social media help.
That would move youth turnout a lot more than online voting.
Note to self: Apparently I am to make these icons disappear after May 2, 2011.
* You are hereby granted a limited license to reproduce and display the promotional icons on your website for purposes of providing information to the public about the current general election by offering a link to Elections Canada's web site;
* The rights granted herein are for a limited term ending on May 2, 2011;
* You must reproduce the promotional icons in the format and in the color displayed herein and you may not modify, alter or adapt the promotional icons or any part of them;
* You will acquire no right or interest in the promotional icons or the copyright therein, except for the limited license granted herein; and
* You must indicate to the public that the reproduction is a copy of the promotional icons that are published by Elections Canada and that the reproduction has not been produced in affiliation with, or with the endorsement of Elections Canada.
Labels: elections canada
Thursday, April 07, 2011
computers never make mistakes
They do exactly what people have told them to.
Like say a former computer programmer.
Who counts the vote on a stand-alone computer. In her office.
And discovers over 7500 extra votes due to a spreadsheet copy error.
Is this kind of farce how you want to run elections?
from August 13, 2010 Journal Sentinel - Officials dispute reliability of Waukesha County clerk's election data system
and what happened in 2011?
April 7, 2011 - Journal Sentinel - Prosser's huge gain comes after Waukesha County flub is caught
Now let us imagine this story told this way:
* for security purposes, the elections official has boxes containing all the votes, in her private office
* oh and she's an expert in creating ballots
* oh and she just discovered another box of ballots over there in the corner
Do you think any elections observer in the world would buy this?
But it's all done with computers, so I guess it's impossible there could be anything suspicious.
Human nature doesn't change.
And humans program computers.
And humans create the security for computers.
Computer security does not exist in the abstract. Computers do not defend themselves or program themselves. But somehow people think it is a realm beyond human emotion and failings. In the end it's systems created by humans, used by humans, that have to resist threats from humans.
This is what happens when you vote over the Internet:
* Someone with some credentials they got somewhere votes. Hopefully it's you, with your rightful credentials. But it could be anyone who gained valid credentials, anywhere in the world.
* These credentials are used to vote. This involves your computer, full of hundreds of competing programs created by fallible humans, interacting with a website created by humans, over a network built managed and run by humans.
* The vote... or at least a vote, lands on a server... somewhere, a server running thousands of pieces of human-created software. A server installed, controlled, and managed by humans.
So the good news is, as long as you can absolutely trust every one of the thousands of people involved in that chain, and all of the one billion people on the Internet can't outsmart their security, then your vote is fine.
And the above is all if it's done WELL, not if it's some bogus "the counting computer is in my back closet" ridiculously compromised chain of custody.
Or alternatively, you could set things up so local people from competing political parties are watching one another, mark the votes on paper, watch the ballot box containing the votes, and count all the votes in public. In minutes (for a Canadian election).
So your choice is:
1. If you trust everyone who has ever created or maintained any device or software in the chain from your keyboard to the vote-counting server, and everyone with access to the server room, and everyone else in the world who is on the Internet, then Internet voting is a great choice.
2. If you trust people from your neighbourhood who have the very human motivation of competing interests, with a process that is visible to you end-to-end, and immediate local consequences if fraud is found, then you might want to vote on paper instead.
We are very very good at understanding voting risk scenarios in the physical world. We are very very bad at understanding risk in the digital world.
Where would you rather have your voting taking place?
Like say a former computer programmer.
Who counts the vote on a stand-alone computer. In her office.
And discovers over 7500 extra votes due to a spreadsheet copy error.
Is this kind of farce how you want to run elections?
Waukesha County Clerk Kathy Nickolaus' decision to go it alone in how she collects and maintains election results has some county officials raising a red flag about the integrity of the system.
Nickolaus said she decided to take the election data collection and storage system off the county's computer network - and keep it on stand-alone personal computers accessible only in her office - for security reasons.
"What it gave me was good security of the elections from start to finish, without the ability of someone unauthorized to be involved," she said.
Nonetheless, Director of Administration Norman A. Cummings said because Nickolaus has kept them out of the loop, the county's information technology specialists have not been able to verify Nickolaus' claim that the system is secure from failure.
...
In March, Nickolaus said, she moved the data off that server and into her own stand-alone system. She has a backup on a second computer, she said. In addition, she said, as she programs for elections, she does frequent backups during the day.
Nickolaus said she was a programmer for 15 years before becoming county clerk. And she said her staff knows how to operate the system, so "if I get hit by a bus, this election is going to run just fine."
from August 13, 2010 Journal Sentinel - Officials dispute reliability of Waukesha County clerk's election data system
and what happened in 2011?
David Prosser gained 7,582 votes in Waukesha County, after a major counting error of Brookfield results was detected, County Clerk Kathy Nickolaus announced in a stunning development this afternoon.
Nickolaus says the reason for the big change is that data transmitted from the City of Brookfield was imported but that she failed to save those results to the database. Brookfield cast 14,315 votes on April 5 -- 10,859 of those votes went to Prosser and 3,456 went to JoAnne Kloppenburg.
"The purpose of the canvass is to catch these kind of mistakes," Nickolaus said. She called it human error that is "common in this process." "I apologize," Nickolaus said.
April 7, 2011 - Journal Sentinel - Prosser's huge gain comes after Waukesha County flub is caught
Now let us imagine this story told this way:
* for security purposes, the elections official has boxes containing all the votes, in her private office
* oh and she's an expert in creating ballots
* oh and she just discovered another box of ballots over there in the corner
Do you think any elections observer in the world would buy this?
But it's all done with computers, so I guess it's impossible there could be anything suspicious.
Human nature doesn't change.
And humans program computers.
And humans create the security for computers.
Computer security does not exist in the abstract. Computers do not defend themselves or program themselves. But somehow people think it is a realm beyond human emotion and failings. In the end it's systems created by humans, used by humans, that have to resist threats from humans.
This is what happens when you vote over the Internet:
* Someone with some credentials they got somewhere votes. Hopefully it's you, with your rightful credentials. But it could be anyone who gained valid credentials, anywhere in the world.
* These credentials are used to vote. This involves your computer, full of hundreds of competing programs created by fallible humans, interacting with a website created by humans, over a network built managed and run by humans.
* The vote... or at least a vote, lands on a server... somewhere, a server running thousands of pieces of human-created software. A server installed, controlled, and managed by humans.
So the good news is, as long as you can absolutely trust every one of the thousands of people involved in that chain, and all of the one billion people on the Internet can't outsmart their security, then your vote is fine.
And the above is all if it's done WELL, not if it's some bogus "the counting computer is in my back closet" ridiculously compromised chain of custody.
Or alternatively, you could set things up so local people from competing political parties are watching one another, mark the votes on paper, watch the ballot box containing the votes, and count all the votes in public. In minutes (for a Canadian election).
So your choice is:
1. If you trust everyone who has ever created or maintained any device or software in the chain from your keyboard to the vote-counting server, and everyone with access to the server room, and everyone else in the world who is on the Internet, then Internet voting is a great choice.
2. If you trust people from your neighbourhood who have the very human motivation of competing interests, with a process that is visible to you end-to-end, and immediate local consequences if fraud is found, then you might want to vote on paper instead.
We are very very good at understanding voting risk scenarios in the physical world. We are very very bad at understanding risk in the digital world.
Where would you rather have your voting taking place?
Labels: electronic voting
Tuesday, April 05, 2011
Cyber attacks hit Canadians. Again.
The threat of cyberattack is not abstract. When there is information of value, there are now very sophisticated attackers who will attempt to penetrate your systems.
Two recent incidents are:
* the Epsilon breach in the US, where Canadian email addresses were compromised
Air Miles among firms hit by huge data breach
* the attack on four Bay Street law firms
Major law firms fall victim to cyber attacks
Now imagine that instead of email addresses and mergers and acquisitions information, the prize was the entire Canadian election, the direction of the entire Canadian economy.
Do you imagine for a second that the same sophisticated computer attackers that have already successfully broken into computer systems will somehow not decide to attack an online voting system? Keep in mind that corporations and law firms have huge financial and reputation incentives to protect their systems, and they still fail. Do you think the government will do any better? Do you think that the millions of Canadians using their personal computers to vote will have better Internet security than Bay Street law firms?
Voting over the Internet is an invitation to successful cyberattack. And following such an attack, the entire integrity of your voting system is compromised. To compromise a paper-based election you need people to physically intervene simultaneously at locations all across Canada, somehow escaping detection of all the citizens and elections officials present. It would require massive coordination and risk of detection and capture. To compromise an Internet-based election, all you need is one person with an Internet connection anywhere in the world, pushing a button.
Two recent incidents are:
* the Epsilon breach in the US, where Canadian email addresses were compromised
Air Miles among firms hit by huge data breach
* the attack on four Bay Street law firms
Major law firms fall victim to cyber attacks
Now imagine that instead of email addresses and mergers and acquisitions information, the prize was the entire Canadian election, the direction of the entire Canadian economy.
Do you imagine for a second that the same sophisticated computer attackers that have already successfully broken into computer systems will somehow not decide to attack an online voting system? Keep in mind that corporations and law firms have huge financial and reputation incentives to protect their systems, and they still fail. Do you think the government will do any better? Do you think that the millions of Canadians using their personal computers to vote will have better Internet security than Bay Street law firms?
Voting over the Internet is an invitation to successful cyberattack. And following such an attack, the entire integrity of your voting system is compromised. To compromise a paper-based election you need people to physically intervene simultaneously at locations all across Canada, somehow escaping detection of all the citizens and elections officials present. It would require massive coordination and risk of detection and capture. To compromise an Internet-based election, all you need is one person with an Internet connection anywhere in the world, pushing a button.
Labels: canada, cybersecurity, online voting, security
Sunday, April 03, 2011
Liberal Party platform proposes online voting
Links it to voter turnout (a false linkage).
Full Liberal platform (PDF) - Chapter 4, page 73 "Modernizing the Voting System". Released April 3, 2011.
If you want a pilot of overseas online voting, look no farther than the US. The problems identified in the analysis of their online voting system - "A Security Analysis of the Secure Electronic Registration and Voting Experiment (SERVE)" - were so severe that the system was scrapped. So we can save a lot of time by not repeating their experience.
Modern is not always better. Actually working is better. We have a system that works.
A Liberal government will direct Elections Canada to develop an online voting option, starting with a pilot project for individuals serving overseas in the Canadian Armed Forces and the federal public service, and post-secondary students living outside their home ridings. The pilot will support a broader discussion with Canadians about an online voting option for every voter.
Full Liberal platform (PDF) - Chapter 4, page 73 "Modernizing the Voting System". Released April 3, 2011.
If you want a pilot of overseas online voting, look no farther than the US. The problems identified in the analysis of their online voting system - "A Security Analysis of the Secure Electronic Registration and Voting Experiment (SERVE)" - were so severe that the system was scrapped. So we can save a lot of time by not repeating their experience.
Modern is not always better. Actually working is better. We have a system that works.
Labels: canada, internet voting, online voting
Wednesday, March 09, 2011
Ontario man allegedly uses multiple PIN codes to vote multiple times
“Wasn't he sweet?” said Yossarian. “Maybe they should give him three votes.” - Catch-22 by Joseph Heller
CBC News - Ont. man cast more than one vote in election: OPP - March 8, 2011
So now we have the cost of an investigation, and doubt is cast on the election.
But remember, Internet voting is cheap and easy!
This is just the tip of the iceberg of the catastrophic risk municipalities expose themselves to with this technology.
Or, as they say: “The municipalities are perhaps naive about the amount of risk they’re assuming,” warned ... the PaperVoteCanada.ca blog (The Hill Times, February 1, 2010).
Ontario Provincial Police allege Peter Byvelds, 60, cast more than one vote in the Township of South Dundas' municipal election on Oct. 25. Police said he used the "pin" code of others to cast extra online votes, but did not disclose how many times he voted.
...
[Steven] Byvelds [cousin of Peter Byvelds] beat out four other candidates to become mayor, garnering 433 more votes than his nearest rival. He said it would be up to the township's chief returning officer to decide whether the charges call the election results into dispute.
South Dundas was one of several eastern Ontario municipalities to use a mix of internet and telephone voting during its election.
CBC News - Ont. man cast more than one vote in election: OPP - March 8, 2011
So now we have the cost of an investigation, and doubt is cast on the election.
But remember, Internet voting is cheap and easy!
This is just the tip of the iceberg of the catastrophic risk municipalities expose themselves to with this technology.
Or, as they say: “The municipalities are perhaps naive about the amount of risk they’re assuming,” warned ... the PaperVoteCanada.ca blog (The Hill Times, February 1, 2010).
Labels: internet voting, ontario
Tuesday, March 08, 2011
Estonian vote-counting system fails
I was impressed by the Estonian presentation at the Internet Voting dialogue (event page: Internet Voting – What Can Canada Learn?). Estonia has done a good job of thinking seriously about the technical issues.
But not good enough apparently, since their Internet vote-counting system failed during the election period.
Estonian Public Broadcasting (ERR) - Elections Agency Fines E-Voting Company - March 7, 2011
via @VerifiedVoting
In Estonian, with video: Valimiskomisjon nõuab Helmeselt kahjude hüvitamist.
There's a bit more information in another ERR story
ERR - Electoral Committee Chief Apologizes for Website Collapse - March 7, 2011
There were also browser errors, which is a reminder that an Internet election is orders of magnitudes more complicated than a paper-based one. There are many different operating systems, web browsers, mobile devices... can you guarantee that your voting system will support all of them correctly? Or are you simply going to exclude people who have a particular set of technology?
ERR - Electoral Committee Chief Apologizes for Website Collapse - March 7, 2011
Although the election itself was March 6, 2011, voters could cast ballots in advance, including over the Internet. However, this option is not how the majority of votes are cast.
ERR - Estonians Head to the Ballot Box - March 6, 2011
In all, the turnout was 63%.
So you have a choice: either our paper-based system, in which results are rapidly counted and posted, as they have been decade after decade, a system that isn't broken, or a future Canadian elections official apologising when some or all of our elections system doesn't work, because of computer systems failures. If you think that Canada might somehow be exempt from these kinds of failures, keep in mind it already happened in Quebec: Report on Quebec's municipal electronic voting disaster.
But not good enough apparently, since their Internet vote-counting system failed during the election period.
After the internet ballot-counting system temporarily crashed on Election Day evening, the National Electoral Committee said it will demand compensation from Helmes, the company responsible for the country's vote-counting software.
...
"The database did not perform queries with the prescribed speed [...] Reliability had thoroughly been tested and it worked flawlessly," said company spokesperson Evelin Lang.
Estonian Public Broadcasting (ERR) - Elections Agency Fines E-Voting Company - March 7, 2011
via @VerifiedVoting
In Estonian, with video: Valimiskomisjon nõuab Helmeselt kahjude hüvitamist.
There's a bit more information in another ERR story
Estonia's much-talked-about e-innovation fell under doubt by its advocates last night, when, after preliminary results came in at 20:00, a website breakdown impeded election results from arriving for more than 1.5 hours in the most critical time.
An unprecedented software error with the web system was a blow to the trustworthyness of the elections, said National Electoral Committee Chairman Heiki Sibul. "That fact that we have a problem with something as simple as displaying the website - that is not acceptable," said Sibul on ETV, asserting nevertheless that there is no reason to doubt the results.
ERR - Electoral Committee Chief Apologizes for Website Collapse - March 7, 2011
There were also browser errors, which is a reminder that an Internet election is orders of magnitudes more complicated than a paper-based one. There are many different operating systems, web browsers, mobile devices... can you guarantee that your voting system will support all of them correctly? Or are you simply going to exclude people who have a particular set of technology?
Further hinting to the technology's imperfections, another type of error, a browser malfunction, emerged while e-voting was still in progress, due to which voters in three known instances could not view several listed candidates. The voters were, nevertheless, able to cast their votes.
ERR - Electoral Committee Chief Apologizes for Website Collapse - March 7, 2011
Although the election itself was March 6, 2011, voters could cast ballots in advance, including over the Internet. However, this option is not how the majority of votes are cast.
For a large portion of Estonians, election day is already past. More than 27 percent of eligible voters cast their ballots in an early voting period, most of them via the nation's internet voting system which the tech-savvy nation first pioneered in 2005.
ERR - Estonians Head to the Ballot Box - March 6, 2011
In all, the turnout was 63%.
So you have a choice: either our paper-based system, in which results are rapidly counted and posted, as they have been decade after decade, a system that isn't broken, or a future Canadian elections official apologising when some or all of our elections system doesn't work, because of computer systems failures. If you think that Canada might somehow be exempt from these kinds of failures, keep in mind it already happened in Quebec: Report on Quebec's municipal electronic voting disaster.
Labels: Estonia, fail, internet voting
Sunday, March 06, 2011
organise online, act offline
... security and reliability problems have plagued the rollout of both electronic, kiosk-based, voting and Internet-based vote-from-home technologies in the United States. Annual political elections are hard enough to run without introducing yet more possibilities for voter fraud and abuse. Instead, new services, such as Smartvote.ch from Switzerland, use the Internet to inform voting at the polling booth.
Dr. Beth Noveck, Professor of Law - writing in her book Wiki Government, page 35
Dr. Noveck was United States Deputy Chief Technology Officer (2009-2011) and leader of the White House Open Government Initiative (@opengov). She tweets at @bethnoveck and blogs at http://cairns.typepad.com/
Labels: electronic voting, internet voting
Saturday, March 05, 2011
BC Premier-designate has online voting in platform
pp. 12-13 "The Family First Agenda for Change" - from a copy of the document posted at http://www.scribd.com/doc/49198972/ChristyClark-FamiliesFirstAgenda
ONLINE VOTING
When only half of registered voters in the province participate in the democratic process something is fundamentally wrong and it’s time to look at new solutions. Canadians have repeatedly identifed online voting as an option that could increase their participation.
Our government will:
- Ask Elections B.C. to name a non-partisan, expert panel to begin reviewing best practices from across Canada and around the world to investigate the potential of using an online system in British Columbia.
- Online voting will only be implemented if security concerns are addressed.
(The entire ChristyClark.ca site, including multiple blog postings that were under christyclark.ca/cc/ now redirects to http://www.christyclark.ca/designate/ - neither Google nor archive.org have copies of e.g. http://www.christyclark.ca/cc/2011/01/christy-clark-commits-to-being-most-connected-and-responsive-premier-in-canadian-history/ as it is blocked in robots.txt)
UPDATE 2011-03-06: Platform is available on Clark's site http://www.christyclark.ca/cc/wp-content/uploads/2010/12/ChristyClark-FamiliesFirstAgenda.pdf - thanks to @jordantsimmons for the link. ENDUPDATE
SIDEBAR: Thanks to @interchangepa for pointing me to this information, both in their blog post and then subsequent tweets. Also note Christy Clark is on Twitter: @christyclarkbc ENDSIDEBAR
"Only if security concerns are addressed" is reasonable-sounding, but very tricky. If this focuses on anti-virus scanning and firewalls, it will completely miss the point. First of all, it is impossible to secure consumer desktops. The number of potential attack vectors is huge. Not just network-bound attacks, but phishing as well. How bad is this situation?
IEEE Spectrum - The Risk Factor Blog - Canadian Government Restricts Web Access due to Phishing Attacks
The Treasury Board Secretariat of the Federal Government of Canada was penetrated by various attacks, to the point that Internet access is now blocked for employees.
In an environment where a Canadian government has already been successfully attacked online, does it make sense to put the entire Canadian voting infrastructure online? Does anyone imagine that those voting servers, and the desktops (and perhaps mobile devices) that connect to them, won't be an even more attractive target than the running government? Considering that the Federal Government is a completely managed computer desktop environment (all desktops overseen and monitored by system administrators) and it was still compromised, while public voters use completely unmanaged desktops, does anyone imagine the situation will be better in a public vote?
In any case, as I said, security is a distraction. Non-experts are not good at making computer security judgements, and companies with agendas can throw up all kinds of technical obfuscating arguments about secure monitoring of networks etc. etc. etc.
The real fundamental questions are core elements of our current system, which CANNOT BE REPLICATED online:
* simplicity and ease of understanding
- anyone can understand how a paper voting system works; only a tiny percentage of the population can understand how an Internet voting system works - assuming they actually are provided with all the details, which they usually aren't
This is why online voting is the OPPOSITE of open government. You can't get any more open than ballots publically cast in secret, publically counted. You can't get any more closed than bits travelling invisibly across wires, to systems people cannot see and cannot understand.
* verifiability
- anyone can verify a paper vote by recounting the ballots; no one can verify an online election, because no matter how many levels deep you dig, at the bottom the answer is "trust the numbers in the computer" - there is no outside evidence you can examine
* anonymity
- It is difficult to determine who marked a paper ballot. It is very very difficult to design a system where you can't determine exactly who submitted an electronic vote.
* non-coercion
- Does anyone imagine that someone sitting at home clicking a button on a computer can't be forced to do so by someone watching over them? Or even if force isn't used, what is the impact of peer pressure as people watch your vote on screen at "voting parties"?
The list continues - cost, ownership of voting infrastructure...
And last but not least, voter turnout.
This voter turnout issue is total BS. It's a complete backwards view of voter engagement.
If you start with the assumption that people don't vote because it is "hard" or "inconvenient" then the logical conclusion is to make it "easy" and "convenient".
The problem is this assumption is WRONG.
Voting is maybe an hour of your time outside your house. This is not a huge barrier. The same young demographic that is supposedly the problem area that is fixed by online voting is quite happy to spend many many hours outside their houses, doing things they care about.
People don't vote because they don't care. They're not engaged.
You can use online technology to tremendous effect to engage and organise people online. However this does not in any way shape or form mean that that engagement needs to end with clicking a "Like" button to elect a political party online. That online engagement can and should turn into tremendous voter turnout at the physical ballot boxes.
As we've seen in Tunisia, Egypt, Libya, Bahrain and many other countries, you can get people outside, not just for an hour, but for days and weeks with their lives in danger, if they care.
You want to fix voter turnout, get voters engaged.
If you think instead the solution is to make a voting button on a screen, you're not only missing the point, you're insulting the fundamental concepts of democratic participation.
Labels: bc, british columbia, internet voting
DOMAIN NAME OUTAGE
UPDATE April 3, 2011: The domain and email should be working again. ENDUPDATE
Unfortunately I just discovered that in the ZoneEdit DNS service migration to a new platform, my papervotecanada.ca domain has gotten completely broken - no web redirects and no email. My apologies. I have contacted them to get this repaired.
In the meantime, blog URL http://papervotecanada.blogspot.com/ as well as this temporary gmail email address will work.
Unfortunately I just discovered that in the ZoneEdit DNS service migration to a new platform, my papervotecanada.ca domain has gotten completely broken - no web redirects and no email. My apologies. I have contacted them to get this repaired.
In the meantime, blog URL http://papervotecanada.blogspot.com/ as well as this temporary gmail email address will work.
Labels: meta
Tuesday, October 26, 2010
CNN reports on voting tech
"Use of any touch-screen voting machine is the equivalent of a 100% faith-based election. No votes cast during an election -- none -- can be verified as having been accurately recorded on such systems. Ever."
CNN - Analysis: Our votes are counted accurately -- aren't they? - By Dave Schechter - September 30, 2010
The quote comes from Brad Friedman of The Brad Blog - Pac-Man Hacked Onto a Touch-Screen Voting Machine Without Breaking 'Tamper-Evident' Seals - August 21, 2010
Incidentally, this statement also applies to Internet and telephone voting.
Labels: electronic voting
Arnprior voting extended by 24 hours due to technical issues
Many, many stories about this yesterday and today. Not just Arnprior was affected, but it's the only one that took the extraordinary step of extending voting by 24 hours. Other municipalities extended voting by an hour.
This is a serious voting system failure. I think "glitch" is a bit of an understatement. First you hand your voting system over to a private company, and then it doesn't work? That's a surrender followed by a failure, not a glitch.
Incidentally "we are just too popular a service" is not an explanation, it's an excuse.
If your system doesn't work, that is a technology planning failure. If the obvious visible parts of the system don't work, how much should we trust the parts of the system that we can't see?
It's interesting to compare this result with the glowing pre-election news stories about how wonderful this would all be.
Kemptville EMC News - North Grenville begins electronic voting Oct. 18 - October 14, 2010
Apparently it is not voting-day Internet-traffic-proof, sadly.
Incidentally, there is no difference between high real traffic and a denial of service attack - presumably a botnet could just as easily have shut this site out.
There's so much to mock about the tone and unseriousness of this article - it totally misses the point about Internet voting. The issue is not whether it's easy to click a website button or the server room is hurricane-proof. The issue is whether YOUR VOTE IS SECURE, ANONYMOUS AND CORRECTLY COUNTED. None of which the system can guarantee.
More pre-election fluff:
Arnprior EMC News - Town staff provide overview of electronic voting process Voting in municipal election runs from Oct. 18-25 - October 14, 2010
So first you pay the private company to use their Internet voting system (which turns out I guess to be a shared voting system), and then you pay to promote it to your citizens?
Plus which, define secure. Secure as in, it uses SSL? Secure as in you have a consultant report that says it's secure? Or secure as in you paid for a penetration test by computer security experts and they failed to compromise the system AND they failed to compromise the desktop endpoints that users voted? And you also paid business continuity experts to ensure it held up under denial of service AND network connection failure AND under high load?
People standing in a room counting paper is a highly resilient, low points of failure system.
Computer desktops + the entire Internet + server room(s) + the entire power grid + many many other technology elements is a many points of failure system.
This is a serious voting system failure. I think "glitch" is a bit of an understatement. First you hand your voting system over to a private company, and then it doesn't work? That's a surrender followed by a failure, not a glitch.
Incidentally "we are just too popular a service" is not an explanation, it's an excuse.
If your system doesn't work, that is a technology planning failure. If the obvious visible parts of the system don't work, how much should we trust the parts of the system that we can't see?
- CTV Ottawa - Electronic voting creates problems across eastern Ont. - Updated: Tue Oct. 26 2010 5:14:43 PM
- CBC News - Technical glitch extends Arnprior vote 1 day - Last Updated: Tuesday, October 26, 2010 | 12:05 AM ET
- Arnprior EMC News - Intelivote explains voting problems in Arnprior - Oct 26, 2010
- Ottawa Citizen - Overloaded e-vote system means Arnprior voters get another day to cast ballots - October 26, 2010 - also republished in the Vancouver Sun
- 580 CFRA News - Election Extended in Arnprior - by Josh Pringle - October 26, 2010
It's interesting to compare this result with the glowing pre-election news stories about how wonderful this would all be.
Kemptville EMC News - North Grenville begins electronic voting Oct. 18 - October 14, 2010
According to director of corporate services/clerk Cahl Pominville, residents shouldn't be afraid of the process, noting that if "you can order from Sears over the phone, you can use electronic voting." ...
"It's not a big scary monster," he says of electronic voting, which will be handled by Intelivote Systems Inc. in eastern Canada. "It's been done by thousands and thousands of people in eastern Ontario in previous elections."
...
Pominville stressed that residents using the Internet voting method needn't be concerned about the security issues of the website they are being asked to visit.
"Residents will be connecting to a website in a very large, secure room in Nova Scotia," he explained. "It's a disaster-proof building that houses this kind of stuff."
Apparently it is not voting-day Internet-traffic-proof, sadly.
Incidentally, there is no difference between high real traffic and a denial of service attack - presumably a botnet could just as easily have shut this site out.
There's so much to mock about the tone and unseriousness of this article - it totally misses the point about Internet voting. The issue is not whether it's easy to click a website button or the server room is hurricane-proof. The issue is whether YOUR VOTE IS SECURE, ANONYMOUS AND CORRECTLY COUNTED. None of which the system can guarantee.
More pre-election fluff:
Arnprior EMC News - Town staff provide overview of electronic voting process Voting in municipal election runs from Oct. 18-25 - October 14, 2010
(Town clerk Jacquie Farrow-Lawrence), along with deputy-clerk Maureen Spratt, provided a demonstration of how the electronic voting system, provided by Intelivote System Inc., would work. She then explained the extensive publicity campaign that has gone into preparing the electorate for the new system.
...
"It is a secure process," Spratt explained as she proceeded to demonstrate voting by computer.
So first you pay the private company to use their Internet voting system (which turns out I guess to be a shared voting system), and then you pay to promote it to your citizens?
Plus which, define secure. Secure as in, it uses SSL? Secure as in you have a consultant report that says it's secure? Or secure as in you paid for a penetration test by computer security experts and they failed to compromise the system AND they failed to compromise the desktop endpoints that users voted? And you also paid business continuity experts to ensure it held up under denial of service AND network connection failure AND under high load?
People standing in a room counting paper is a highly resilient, low points of failure system.
Computer desktops + the entire Internet + server room(s) + the entire power grid + many many other technology elements is a many points of failure system.
Labels: fail, internet voting, ontario, telephone voting
