Tuesday, March 09, 2010

Michael Geist on Internet voting issues

The enthusiasm for Internet voting is understandable. At first blush, there is a certain allure associated with the convenience of Internet voting, given the prospect of increased turnout, reduced costs and quicker reporting of results. Moreover, since other security sensitive activities such as banking and health care have gravitated online, supporters argue that elections can't be far behind.

Yet before rushing into Internet voting trials, the dangers should not be overlooked.


Caution on Internet voting appears prudent, since experts have identified a long and costly list of necessary precautions, including random spot checks and post-vote verification programs to preserve anonymity. Given the security risks, opening the door to provincial or federal Internet voting seems premature. In the zeal to increase voter turnout, the reliance on Internet voting could inadvertently place the validity of the election process at risk.

Toronto Star - Geist: Hackers, viruses threaten online voting validity - Monday March 8, 2010


November 15, 2006 Geist on e-voting

Labels: , , ,

Sunday, March 07, 2010

urban renewal, greenwashing, technoyouth, and Internet voting utopianism

This is in reaction to the Elections Canada Internet voting event, some of the followup to it, and the ongoing trend for Canadian municipalities to adopt Internet voting (as well as the announcement that the province of Alberta will investigate it as well).

Our society loves the new. This is sometimes good, and sometimes appallingly, disastrously bad.

We had decades of "urban renewal", starting in the 50s and gaining momentum in the 60s, that with traffic planning as an essential element, very nearly destroyed the downtown cores of many cities in Canada, and actually succeeded in destroying the cores of many US cities. New is not always better. We are now, with enormous effort and expense, slowly attempting to undo some of the worse excesses of urban renewal, rebuilding and reinhabiting city cores, restricting the previously unlimited role of the fast-moving car in urban planning.

The people at the time had legitimate concerns. They found their cities old and tired, the trolleys familiar and worn. They literally could not imagine that their dense urban neighbourhoods would, rather than being improved by sweeping expressways and demolishing "urban blight", instead be turned into a dead landscape of poverty and neglect. Good intentions can have terrible consequences. We almost always cannot predict the future.

But Internet voting is an area where we actually have a tremendous asset, a community of computer security experts. UPDATE: As well, we can look the the experiences of other countries and jurisdictions. And we can look at other types of online activities. We can make some good guesses about the future. The experts tell us that computer networks are very hard to secure. Other countries show us that the complexity of a good technology implementation can lead to high expenditures with private companies, unsatisfactory results, and law suits. The ongoing, continuous security compromises of existing systems, with credit card numbers and other high-value information repeatedly stolen, tells us we are far from a world of high security on the public Internet. ENDUPDATE

We also have a recent trend of greenwashing - corporations that want to make money, but cloak it in some new language of social responsibility or environmentalism. Less paper is not always good. What consumes more resources, a single piece of paper you use once, or a computer in a data centre that is on 24 hours a day, 7 days a week, 365 days a year, requiring round-the-clock high physical and network security? In any case, since when is the foundation of democracy about how "green" your election is? Elections hinge on trustworthy results. You want a green election? How about we just all hold up our hands and someone writes the result down on a chalkboard? No paper wasted! No electricity burned! Making some vague green claims about reduced paper consumption is a diversion from critical, core process and security issues associated with Internet voting.

This is not to mention the fact that a good chunk of the supposed "savings" from Internet voting comes from eliminating polling places, from eliminating polling place workers. Do you seriously want a voting system that is less human, that involves fewer people, that has fewer eyes to identify and report problems?

In the most egregious example of Internet voting mythmaking, the myth of the technoyouth. The argument, almost always made by someone who is not young, almost always made without any supporting evidence whatsoever, goes as follows: young people "naturally" use technology, enjoy technology, interact with technology. If you can just "technologize" something, young people will use it.

This is utter nonsense. Young people like doing young people things. They do them with whatever tools are at hand. They don't think about the technology, it's background noise. They think about the activity. Making an activity that people aren't interested in available on a platform that they use, will not make them interested. The examples for this are trivial. It's a signature of the myth of the new that we are able to actually believe that somehow "the old rules" don't apply once you put a blinking light on something. You want an easy example: I watch TV. I watch shows I like on TV. I am not interested in sports. There are acres of sports on TV. You know what, this does not make me interested in sports. No one cares about technology channel for technology's sake except actual technologists. If you put boring middle-aged leaders talking about boring policies for senior citizens in a little video windows on a 20-year-old's iPhone, this is not going to make them interested in politics. It's nonsensical.

The overwhelming majority of the evidence from the few large scale examples we had at the Elections Canada Internet Voting discussion is that putting voting on the Internet doesn't magically translate into everyone who uses the Internet suddenly voting. It's just makes it easier for the people who already vote.

If you want turnout, then have a TURNOUT STRATEGY. A button on a web page is not a turnout strategy. Real turnout strategies might include:

* online and offline engagement with voters on issues they actually care about
- This is not easy. Real citizens have inconvenient interests. If you want to see how inconvenient true engagement can be, watch supposed super-Internet-connector Obama immediately dismiss even the possibility of a rational discussion about drug (specifically marijuana) policy, every single time it inevitably rises to the top of an Internet engagement attempt.

* Make election day a holiday
* Hold elections on Saturdays
* Put polling places everywhere - in workplaces, in grocery stores, wherever people actually go in their actual modern lives, not some theoretical church and community centre life that hasn't existed for decades
* Making voting mandatory, as it is in Australia

Notice how little of this involves technology.

Lastly, I want to address Internet voting utopianism. I would have thought the dotcom boom would have killed this, but it didn't. Life is not an endless progress towards a better and better world. Just because something is new, doesn't mean it is either inevitable or beneficial. The French Revolution loved their clean, modern new technology: the guillotine. There are lots of things that make no sense to do over the Internet. Just because it's there, doesn't mean you have to use it, IF IT ISN'T THE BEST SOLUTION.

Internet voting solves no problems, and introduces huge new ones, including:
* massive security issues at every step of the very long chain
* massive chain of custody issues
* massive privacy issues
* massive coercion issues
* handing over the core infrastructure of democracy to private companies and/or invisible government technologists
* creating a voting system that no one without a degree in computer science can actually understand

It will not save money except in some narrow sense. You can work numbers so that it looks like you're saving - oh look how much we save if we don't provide some education or some healthcare, as long as we ignore the huge future costs of impoverished people who are in and out of prison and huge numbers of expensive emergency room visits.

Oh look how much we save if we don't provide paper ballots - as long as we ignore the ongoing costs of data centres, legal challenges, and fundamentally undermining trust in our democracy.

Here's a simple thought experiment: would you hand a stranger $10 and ask them to deliver it to City Hall? A $100 bill? A million dollar bill? How much is your vote worth, how much is a national election worth? This is not banking, where you know the bank, they know you, and every single step along the way is auditable and reversable. This is a one-time handover of a treasure, your vote, to layer after layer of systems programmed by strangers, that you cannot inspect the internal workings of, where even the administrators of the systems can never truly know what is going on internally (a computer can always pretend to be executing one program, while actually executing another), in a system where you CANNOT VERIFY THE RESULT (because any system that lets you check how you voted, must inevitably provide the capacity for someone malicious to determine how you voted).

Internet voting is a lose-lose situation. The easier you make it to vote online, the more convenient, the less complicated, the less encumbered by multiple steps and complexity, the easier you make it for a hacker to steal the election. Worse than that, it is quite likely it is actually impossible to secure the election to the multi-billion-dollar risk level that would be appropriate, you simply cannot provide that level of assurance using the public Internet. The best you can do is involve every possible computer security expert at every step of the process, and then have a very highly informed acceptance of an extremely high level of risk. I don't see anything even close to this happening, other than in the Estonian system, which requires a unique national ID certificate for every single citizen and even then doesn't address issues like coercion.

In brief, this is really hard, maybe impossible to do well, and just as with the half-assed Windows-based electronic voting machines visited upon the American people by Diebold (now part of ES&S, an elections vendor that provides technology to Canadian elections), I don't see anyone taking even close to the level of necessary care in the current Canadian Internet voting situations.

Which brings me to my concluding point: to do this well requires an extraordinary level of computer expertise, testing, auditing, risk assessment, and 24/7/365 datacentre security, and a huge set-aside for potential legal challenges in case of fraud accusations. This inconvenient truth exposes the lie of Internet voting as being an easy, cost-saving citizen convenience, and so in most cases what I see is Internet voting advocates who are either ignorant of these issues, ignoring these issues, or deliberately trying to spin them.

Labels: ,

<- Older Posts - Newer Posts ->

This page is powered by Blogger. Isn't yours?