I’ve been watching the e-voting concerns increase as the related technology proliferates across the country and have come to the conclusion that we are once again seeing the government act first and think second.
There is nothing inherently more unsecure with regard to electronically taking votes than in physically taking votes. What can make one more unsecure than the other are the practices that surround them. The important thing that is being forgotten is that, done right, e-voting can actually reflect more accurately the views of the people. It has the potential to make the U.S. more democratic.
But change impacts the status quo, and the concerns being raised about e-voting have a lot to do with that. They also have a great deal to do with the fact that the advantages of the changes are not being properly articulated and the risks are being overblown. In our industry, that is called fear-uncertainty-doubt, or FUD, and, in this case, it is focusing the nation on the wrong things.
The core argument surrounding e-voting is one of assuring voting accuracy. For instance, what if the system were hacked and the vote compromised? It is a good concern no different than what surrounds ATMs, and individual ATMs have been compromised. However, these compromises have been limited to a small number of machines and are generally caught by the bank long before it becomes material.
The process used to identify and catch bank fraud is one of audit, and effective electronic internal audit has existed for decades. With electronic audits, because the sample size can actually equal the entire population if need be, the chances of catching the fraud are actually much better, if the proper tools are used and the people are properly trained in their use. Both big and important “ifs.”
This has been one of the problems with e-voting, the machines have gone in but the tools to ensure accuracy seem to be more consistent with the last century than this one. With e-voting, you could e-mail or mail back an automated report to every voter detailing how they actually voted. If a voter had a problem, he or she could lodge a complaint electronically.
If the complaint number crosses a certain threshold, then it would trigger an investigation and might invalidate the vote. Doing this in real time is possible but might introduce a way to void an otherwise accurate vote that was trending against a favored candidate or issue.
The problem could be a confusing screen as much as it is any actual fraud, as in one part of Florida, during the last presidential election, where the voters found the form confusing and made errors. Whether by intent or not, caught early enough, the screens could be dynamically updated, and at least the potential is there to save the voting process without incurring the massive cost of a revote.
You could also stop the process early, make the call that the screens need to be redone and make a more timely decision on how to reschedule the vote. Granted, this would be only in the case where testing was incredibly inadequate, but at least you would have a less expensive option than you have today.
Protecting the Voter
When you currently go in to vote, there are practices to separate you from the vote you make. These practices are what make auditing the vote nearly impossible. What I said above would only work if you and the vote were connected to each other. The problem with a paper trail is that the trail isn’t connected back to the individual voters either, at least not without a lot of work to backtrack physically to the initial forms, and if that can be done, the privacy concerns exist anyway.
The foundation — which is so last century — for these practices is the feeling that if someone is voting under threat, once in the safety of the voting booth they will vote their conscious. Personally I think that, if that is our concern, we have much bigger problems. In today’s Internet age, the chance that an activity like this would go unnoticed is much lower in the first place.
Even if it were true, there is a reasonable chance that should the criminal candidate lose, they would assume that key voters had not kept their word and retaliate against them anyway. The goal needs to be to better deal with the threat and protect the independence and integrity of the voter in a more comprehensive fashion, not just during the few moments they are in the voting booth. Personally, I think this is mostly a smoke screen to prevent change, but that may simply be my own paranoia speaking.
Cost of Anonymity
As I watch the Democratic Convention, I see thousands of people who clearly are not afraid to show the world how they intend to vote. When the Republican Convention starts, we’ll see thousands more all at risk of not only being penalized for disagreeing with others who may have power over them, but of being killed by terrorists. That’s guts and, in my mind, every one in both parties that considered this last risk and went to their convention anyway is a hero.
I think that U.S. citizens have the guts to stand up and be counted and that when you separate the people from their votes, you introduce distrust and the potential for fraud, because if you can’t go back to the voters and assure their votes, you really have no sure way to know how they really voted. This is true regardless of the technology; the paper trail argument is incredibly flawed.
Years ago as part of executive training at IBM, we had a speaker come in and point out the problems associated with anonymous voting, which is commonly used inside companies to get employee opinions. The first was that surveys had shown that the employees didn’t really believe their votes were anonymous, and the second was the practice actually fostered distrust.
Much like a person who says, “I am not a crook” is immediately thought by many to be one, evidently the claim by a company doing a survey that the employees’ responses are anonymous implies that the employer can’t be trusted. Why would we want to reinforce the belief that the U.S. government can’t be trusted?
People need to feel free to express their political opinions, granted only where appropriate, but the use of anonymity implies that they cannot, and that implication is wrong. This suggests that by providing this anonymity, we are disengaging the voters and creating an unnecessary degree of distrust between politicians and their constituents.
We get a statement from the bank showing us what we deposited in an ATM, so why wouldn’t we want a receipt from our government showing our votes were, in fact, counted? This is supposed to be the country of the people, by the people, and for the people; isn’t it about time we assured the truth of that statement? What could possibly be more important?
Internet Voting Is Here
Strangely enough, politicians are using the Internet to ask their constituents about issues they are faced with. There is no great effort to preserve privacy, and they try hard to make you feel you are having a conversation with them. In some cases you probably are.
This engages people into the issues and undoubtedly has the potential to make the representative republic we live in more democratic. However, how do you know that when they do this that the results of the surveys provided back are really accurate? Could they not simply be used to convince you that you were in the minority even though you are not?
This is the power of information on the Web, and the voting process is moving to the Internet, ready or not. Voters can increasingly be influenced at the last minute by biased news groups, accurate and falsified surveys, and both real and phony Web sites.
Isn’t it time we stepped back and focused on driving democracy into our own country, anticipated the problems and actually use the potential available to create more informed and engaged voters, and, for once, actually think though the problem before implementing a solution?
I, for one, am getting really tired of watching my hard earned money wasted because our government wants to act first and ask the critical questions later. Let’s do it right this time, because if we can’t make democracy work here, we can’t make it work anywhere.
Rob Enderle, a TechNewsWorld columnist, is the Principal Analyst for the Enderle Group, a consultancy that focuses on personal technology products and trends.
I know Mr. Enderle is well informed about many IT matters, but I AM afraid he is writing with no real knowledge of elections or election security.
There are many reasons for secret voting, although Mr. Enderle mentions only the threat of coercion by opposing political operatives. Much more important is potential coercion within families (husband and wife, parent and child), coercion in institutional situations (e.g. nursing homes), and coercion by employers and other superiors. Beyond coercion is the danger of vote selling–massive, electronically brokered and mediated vote selling. Then there is the danger of discrimination on the basis of voting history–discrimination in hiring, employment, etc. And even if one were somehow to get past those concerns, the "get confirming notification of how you voted by email" proposal recommended by Mr. Enderle could be overwhelmed by phony email "confirmations" that appear authentic, so that vast numbers of voters are led to believe that their vote was recorded incorrectly when it was not, leaving chaos behind.
As for threats of attack on voting systems, Mr. Enderle seems to think that the greatest danger is from voter attacks, by analogy with customer attacks on ATM machines. But that is not even remotely the most dangerous attack: the real danger is insider fraud, especially malicious code inserted by the voting system’s programmers and designed to escape detection by testing. (Yes, it is possible–even easy.)
The only known even partial solution to the problem of insider fraud is a voter-verified paper audit trail (or paper ballots). Paper is ideal, not because it is traditional, because of its security properties: it is a write-once medium readable by machines, but also directly readable by humans without the need to trust any software.
As for Internet voting, which Mr. Enderle suggests is coming and seems to endorse, all I can say is that the danger there is 100 times greater. See http://www.servesecurityreport.org for authoritative discussion about the vast number of inherent threats to Internet voting systems for which there are no currently available solutions.
While Mr. Enderle is an acknowledged expert on a lot of subjects, voting system security is not one of them. He appears not to have even read the relevant literature.
__Rob Enderle either skipped some research on this issue or has political motivations not revealed in this commentary.
__A team of computer scientists from Johns Hopkins and Rice, some of whom are former NSA members, have reviewed E-Voting software and found it unsecure and unreliable:
__Also, Enderle conveniently dodged the issue of the lack of paper trails. The ATM machines use to back this argument produce paper receipts. The new DRE voting machines do not issue paper records that can be audited. Major bills AM mending HAVA are pending in Congress to remedy this situation, so that paper records held by election officials can be recounted.
__Millions of Americans were denied their right to vote in the last presidential election. Democracy is not served by unproven technology, meeting no verifiable standards, which can be manipulated or hacked.
__Don’t believe me–you can check it out for yourself. Just google:
Diebold voting error