Against online voting: Technologist prefers his voting analogue
Dave Lane is an engineer, software developer and voter from Christchurch and a firm believer that online voting cannot be made secure enough to protect democracy. IITP asked Dave to outline why the online voting trial for online voting next year shouldn't proceed.
I am a technologist. Technology is my passion. My expertise with computer and online technology has fed me and my family for 20 years. I would dearly love to see technology applied more effectively in every aspect of our society's democratic process. Every aspect that is, besides the most fundamental mechanism of democracy: the secret ballot, our vote. That bit should remain analogue.
Reflecting on recent local government decisions on binding online voting pilots ("trials" from central government's perspective), I tweeted "Too few realise that being a technologist comes with an implicit responsibility: having ethics to admit when tech is not the right answer." It is probably my most re-tweeted and favourited tweet to date.
My stance on online voting has got me labelled a "Luddite" by at least one pundit. A bit ironic, but so be it. History offers many examples where technology being wielded by those without sufficient ethics has resulted in utter disaster.
Surprisingly, the director of ElectionNZ one of two small local companies wanting NZ to move to online voting, recently characterised both me and others recommending against online voting in NZ, and groups like Verified Voting abroad, as "activists incentivised to disrupt online voting". Verified Voting's board looks petty credible to me, and if they choose to be activist, I'd say it'd be worth paying attention... but you can decide for yourself.
I have experience building security-critical government websites, a role which has given me serious respect for the online threats about which most people know little. As a technologist, it has been my role to protect others from these threats to the extent possible... and I feel an ethical obligation to speak out when I see technology being inappropriately sold as a solution to voter engagement and participation which is fundamentally a societal "people" problem. Particularly because also opens the process up to a whole host of new liabilities.
Even where online voting has supposedly succeeded, places like Estonia and Switzerland, they are proceeding despite substantial concerns from both security experts and voters. In Estonia, for instance, although in theory everyone can vote online, at most only 30% have. That suggests 70% of voters don't trust the system.
I had some involvement in the DIA's working group on online voting, and was pleased with most of the recommendations they offered. I did, however, note that only a few of those involved were experienced technologists, and got the impression that most of the others held an amazing faith in technologists: that there was no problem they couldn't solve.
The only thing more striking than this faith was the disdain with which technologists like me were regarded for suggesting that, unfortunately, we could not imagine a workable online voting solution.
Interestingly, a couple of us were told that the DIA received formal advice from "security experts", but our request to see that advice was formally denied. Does the report recommend against pursuing online voting? Guess we'll never know.
Perhaps the world's most respected online security expert Bruce Schneier characterised online voting this way: "Building a secure Internet-based voting system is a very hard problem, harder than all the other computer security problems we've attempted and failed at. I believe that the risks to democracy are too great to attempt it."
In the face of a problem so difficult, it is unsurprising that skilled software developers, who are in high demand allowing them to be picky with the work they take on, are unlikely to even attempt a solution, especially given the overwhelming likelihood - and massive ramifications - of failure.
Unskilled developers, on the other hand, often have a high opinion of their abilities (the so-called "Dunning-Kruger Effect"), generally have more time, and some seem willing to have a crack at it. Overseas trials have shown that at least some of the online voting systems, which were publically acknowledged to be exploited by external parties (which is at least half them), suffered from absurdly bad software design and code quality.
In the proposed local government "trials" we already see substantial corners being cut, with regard to public consulation, independent audits, red team testing, and other DIA recommendations. I'd love to say "I'm confident we plucky kiwis can succeed at building a viable online voting system where so many others have failed". But I'd be lying.
Remember, all Internet-accessible software has remotely exploitable security vulnerabilities. All of it. That we're not aware of an exploit to an online voting system offers no certainty that it is uncompromised. A smart cracker will probe the system during a trial, find an exploit, and save it until a high-stakes election, and use it subtly, just enough to alter the result to suit the highest bidder... or to create the greatest havoc. Or maybe they'll anonymously DDOS it from overseas with a local botnet-for-hire, just for the LOLs.
I don't think online voting is worth the risk. One of the best things about paper ballots is that just about anyone in society can scrutinise the election. It's a simple concept. It's a fundamentally local concept - it cannot be exploited remotely, or at scale. Online voting creates a globally accessible "attack surface" and it shifts scrutineering into the realm of highly specialised IT consultants, of which there are precious few. I get very nervous, and even rather stroppy, whenever someone in power waves their hands and says "just trust us" about things like online voting systems or secretly negotiated international trade protection treaties.
Rather than online voting, our focus should be on a mixture of new and proven methods for improving voter engagement and participation. Most of those do not rely on technology. We should be building community: creating opportunties for people to get together locally, and talk to each other.
Disclaimer: I've been moved by my conscience to speak out against pilots of online voting in NZ. I am a concerned citizen who also happens to have sufficient specialist knowledged to offer an informed perspective. I have absolutely nothing to gain financially from doing so, other than the satisfaction of doing the right thing.
What does the IT Profession as a whole think? We asked them - results here.
You must be logged in in order to post comments. Log In