Go to HHH home page.
Election Academy
 


Internet Voting: Why It Isn't "Someday" Yet

Bookmark and Share

Internet.Voting.jpg

[Image courtesy of QualityPoint]

Over the years, as I have traveled around the country to talk about the future of elections, I have noticed that a few common questions emerge. One popular question involves the use of the Internet to cast ballots; as more and more individuals become more and more familiar with using online merchants to bank and shop, they wonder why they can't use that same technology to cast their ballots.

While I always disclaim any kind of technical expertise, I have nonetheless evolved a stock answer that I think captures the essence of the Internet voting debate. It is:

In talking to people around the country, there appears to be near-consensus that we will have Internet voting in the U.S. someday. The fistfights start, however, when you start trying to define what "someday" is.

I will confess, however, that explaining why that's true is much more difficult - especially since I lack the kind of technical "chops" necessary to be clear and helpful. Fortunately, I (and the rest of the election community) have a terrific new resource in the form of a white paper by David Jefferson, a California computer scientist who has been an active participant in the national conversation about the future of voting in America.

Jefferson's white paper - posted at Rick Hasen's Election Law Blog - is entitled If I can shop and bank online, why can't I vote online? [NOTE: THE LINK GOES TO AN UPDATED VERSION DAVID SENT ME THIS MORNING.]

I can't really do the paper justice - just go read it for the full effect - but Jefferson makes some key observations that underscore the key questions that need to be answered before we can reach "someday" on Internet voting.

His first observation should be familiar to anyone who's been following the debate over the years: the Internet is a freewheeling and potentially dangerous place and there are concerns about the ability of current technology to protect voters from accidental or malicious misdirection of their ballots. This is actually where most of the debate has occurred, and as a result efforts to test Internet voting to date have tended to focus on populations (e.g. military voters) and technologies (e.g. secure military networks) where it is believed the risk of compromise is the smallest. There has also been interest in the experience of the small Baltic country of Estonia with Internet voting, which builds on a national ID system to allow voters to cast their ballots online.

Jefferson's second major observation, though, is the one I think that really captures the difficulty in bringing voting fully online. Quite simply, voting is fundamentally different from online commerce in several key ways:

  1. votes, unlike currency, are not fungible - they are specific to the voter and thus are unique;
  2. there is currently no good way to ensure that the person sitting at a keyboard is actually a specific voter - which isn't a requirement for online commerce;
  3. voting transactions need to separate a voter's identity from a voter's choices in order to protect the secrecy of the ballot; and
  4. yet the entire process (save voters' choices) needs to be transparent so that the process can be audited and promote confidence in the outcome.

These characteristics of the voting process - as much if not more than the general security of the Internet - are the primary obstacles that Internet voting supporters must address before it is possible to draw any kind of equivalence between online commerce and online voting. [I am not even considering the costs to states and localities to implement Internet voting - and my guess is most of them don't want to think about it either in the current fiscal environment.]

I don't know enough about the technology involved to say when Internet voting's "someday" will arrive, but thanks to David Jefferson's new paper, I have a pretty good idea why that someday isn't now - and likely isn't going to be anytime soon.

9 Comments


  • David Jefferson's essay is an excellent, clear explanation why is currently impossible to cast a secure, private ballot over the internet. It should be required reading for every election system policy maker.

    Doug Kellner
    Co-chair, New York State Board of Elections

  • Jefferson’s paper doesn’t cite even one FACT showing that Internet voting cannot be conducted securely. A recent EAC report states that the Swiss have had 36 Internet voting trials, and no security breaches have been reported. Elections Canada wants Internet voting for all Canadian national elections. Its being done here in West Virginia for overseas military. (DC wasn't a real vote)

    See my rebuttal of Jefferson’s paper at,
    http://internetvotingforall.blogspot.com/2011/11/rebuttal-to-david-jeffersons-brief.html

    William J. Kelleher, Ph.D.
    Internetvoting@gmail.com
    Twitter: wjkno1
    Author of Internet Voting Now! at,
    http://tinyurl.com/IVNow2011

  • None of these 4 points haven't been addressed already with absentee voting by mail.

    As for costs, it would seem vastly cheaper to conduct voting online for huge chunks of the population rather than set up and administer physical voting stations.

    It also has the benefit of drastically lowering barriers to voting, increasing turnout and democratic engagement.

  • Internet voting sounds like a great idea, at first.

    1. Proponents say internet voting would be cheaper.

    Maybe, maybe not.

    a) With internet voting, any reduction in cost is ofset by the fact that we have no way to verify the results of an internet election and no way to recount the ballots. Votes can be lost as happened in Estonia in 2007.

    b) We don't have real cost studies. Cost would depend on what type of security measures were used, whether you used a corporation's software and system, and tech support. At least one Internet vendors donated their services to the state of W.VA in order to have chance at being used in WV's internet voting pilot for overseas military.

    2. Proponents say internet voting would increase voter access.

    a). Access might be made easier for people who own computers and have internet access.

    b) The poor and elderly often do not have computers or internet access and would be "ghettoized".

    c) Turnout can drop dramatically or because we can't verify internet voting, turnout may be inaccurate, vote tally could be inaccurate.
    Honolulu Hawaii tried internet voting in 2009 and turnout dropped by 83%.
    See
    Voting Drops 83 Percent In All-Digital Election
    People Could Vote Online, On Phone For Neighborhood Board
    POSTED: 3:49 pm HST May 26, 2009
    Read more: http://www.kitv.com/politics/19573770/detail.html

    3. Consider the internet pilots in municipalities in Canada.
    a. Since voters could vote from home, some cast their spouses or family members FOR them.
    b. Some voters tried but couldn't vote.
    c. Some voters aren't tech savy and were frustrated by the system.
    Some news articles from October 2010 about internet voting in Canada:
    Canada: Online voting system a bust* (LTE)
    http://www.stratfordbeaconherald.com/ArticleDisplay.aspx?e=2819432

    Canada: Voter's vote wasn't counted*
    http://www.stratfordbeaconherald.com/ArticleDisplay.aspx?e=2819444
    "Too bad my vote wasn't counted in the process...I gave up in frustration."

    Canada: Arnprior voting extended by 24 hours due to technical issues*
    http://papervotecanada.blogspot.com/2010/10/arnprior-voting-extended-by-24-hours.html
    Many, many stories about this yesterday and today. Not just Arnprior was affected, but it's the only one that took the extraordinary step of extending voting by 24 hours. Other municipalities extended voting by an hour.

    This is a serious voting system failure. I think "glitch" is a bit of an understatement. First you hand your voting system over to a private company, and then it doesn't work? That's a surrender followed by a failure, not a glitch

    Canada: Technical snags won't be repeated: Intelivote
    http://www.thepeterboroughexaminer.com/ArticleDisplay.aspx?e=2818573
    Company's excuses for failures that blocked some people from voting

    4. Internet voting can not be verified, nor secured say computer scientists and technologies. With internet voting, the old Stalin saying applies:
    "Those who cast the votes decide nothing. Those who count the votes decide everything."

  • @Teddy:

    And absentee voting is likely the most abused "vector" for voter fraud these days (check Google News for a recent case of absentee voting fraud (alleged) in Florida). So that's not a very useful comparison...

    Your comments don't address the simple insecurity problem: there is just no hope of securing online voting in the near future. There are ways to take meaningful steps in that direction (online delivery of blank ballots without online marked ballot return... the Norwegian system where a code is sent to the voter for each choice is neat too (that reduces the malware problem on the client machine)).

    Finally, the current literature on online voting (and other methods of alternative voting like vote centers, etc.) shows that it decidedly does not increase turnout. I'd also argue that it may increase the barriers to voting as you underestimate how comfortable the public is with online environments... and I'm not sure how you define "democratic engagement" but simply moving to online voting will have little impact there (more compelling candidates, very active electorates, a polity that actively cares about democratic politics are key).

    Finally, there's just no support for costs of online voting being much of a savings. In fact, in each case I know of with online voting the cost per voter for that service was astronomical compared to costs per voter in the nominal case.

  • Call me a Luddite.

    The campaign to push the centralization of who counts votes and the secrecy of how votes are counted is a most pernicious effort that puts the entire election process into the hands of the elites.

    How can one observe an Internet vote being cast or being counted?

    In my opinion,

    a) Voters must cast votes in person at a precinct (ward) polling place on paper ballots on election day.
    b) Election officials must count all ballots at the precinct after close of voting in full public view.
    c) Election officials must secure the paper ballots at the precinct until the election is certified.

    Anything less than this is an invitation to manipulate the outcome of elections by the few behind a veil of secrecy.


  • This White Paper is a fantastic summation of the many legitimate concerns I have heard computer scientists discuss in various forums and meetings. I think it is the first time I have seen someone boil the concerns of the community down to their tangible threats.

    The question becomes now, who will begin to work to understand these issues and explore their possible solutions? I find it hard to believe that there isn't a group of election tech. geeks that aren't foaming at the mouth to begin to tackle each challenge and look for solutions. These solutions may not (or are not as Jefferson's article states) be readily available but this seems like an area that is ripe for research, particularly since DOD/FVAP are already researching these security challenges both within voting and outside of voting.

    We may not have solutions yet, but with the problems now properly outlined we can began to look at each challenge, learn from the mistakes of other sectors, and allow ingenuity to begin to solve the problems.

  • How does Oregon manage to survive with ALL postal snail paper ballots -- using e-scanners to count the votes ???

  • Matt, secure Internet voting has been an active area of research in the computer and network security community for years now. Papers on the subject are regularly published in such venues as the EVT (Electronic Voting Technology) proceedings. There is, in particular, a substantial literature on end-to-end cryptographic verification systems. But all of the researchers are aware of how extremely difficult the security requirements for voting are. Most researchers believe it will be a decade or more before all of the issues can be satisfactorily resolved. Resolving them may require major advances in basic Internet protocols, PC and mobile device architectures, cryptographic verification algorithms, or remote ID infrastructure, or a combination of them.

    I would not say that the DOD/FVAP is "researching" these security challenges. The recent history of the FVAP could be more accurately characterized as a persistent underestimation the severity of the problems and irresponsible encouragement of uncontrolled experimentation with Internet voting in live elections by jurisdictions that honestly want to better serve overseas voters but simply do not recognize the threat.

  • Leave a comment


    Humphrey School Sites
    CSPG
    Humphrey New Media Hub
    Electionline.org