Do IT Professionals support online voting?
As most will be aware, it's highly likely that a trial of online voting will take place in New Zealand at next year's local body elections. This will see online voting as an option alongside postal voting in participating regions.
Views on the technical viability of online voting vary and opinion certainly appears divided at times. While there are vocal opponents and proponents for online voting, what do the majority of IT professionals think? We thought we'd find out, and the results might surprise you.
Poll of IT Professionals
While IITP has been broadly supportive of a trial of online voting at local body level up until now, we needed to ensure that this was still the general view of our membership, especially given the level of debate in recent weeks.
As we have done with other contentious issues, IITP conducted a poll of IT Professionals looking for a strong indication of the tech sector's views on the upcoming online voting trial. With the largest membership of thousands of IT Professionals in the country, a poll of IITP's members provides a strong indication of the views of IT Professionals in New Zealand.
The poll received 425 responses, giving a margin of error of 5% at a 95% confidence level. While this is a strong indicator, it should be noted that the poll, while targeted, wasn't random; the result should be considered an indication rather than scientific conclusion. However the result is fairly conclusive.
IT Professionals overwhelmingly support online voting trial
We asked several related questions (see below), however the real clincher was a yes/no question asking:
Weighing up the benefits and risks, do you believe online voting should be trialled in local body elections in New Zealand?
The results were conclusive:
With 84.6% of IT Professionals polled supporting the trial of online voting in local body elections next year, we can conclude that the bulk of IT Professionals are in favour. With 86.7% also supporting IITP retaining its position "cautiously supporting" the trial, the Institute intends to continue to do so unless circumstances change.
This doesn't mean that the issues raised by the smaller group aren't valid - they are. Both central and local governments need to ensure that world-class security and other mechanisms are in place and no corners cut. The trial could still be a huge failure with just a single major security vulnerability uncovered.
Confidence in technical feasibility of online voting
There was a smaller, but still conclusive, group (73.7%) prepared to express confidence in the technical feasibility of online voting, with even fewer (39.7%) prepared to express strong confidence.
There are a number of explanations for why a number that felt they couldn't express confidence believed we should continue anyway. A small re-poll of those folks found that many in that position didn't feel technically qualified to express support for it, but believed Government wouldn't be progressing without protections in place.
Some interesting demographics
It gets even more interesting when we start to break it down by demographics, such as age, location and gender. It's important to note that when we look at smaller groups within the results of any dataset the margin of error increases substantially, however these are still strongly indicative of perceptions in different groups.
Note we've been a little naughty and put the scale of these graphs from 60% to 100% (rather than 0% to 100%), so be aware that the differences will appear more visually pronounced.
Support by age
The different level of support for online voting by age is fascinating, and starts to paint an interesting inter-generational story.
92.1% of those under 35 supported online voting. Interestingly, many of the comments from this demographic were along the lines of "why don't we have this already?" and "just get on with it". It's fair to conclude that those under 35 in the tech sector - the demographic that online voting is most intended to engage with - want to vote online.
Interestingly, the lowest level of support (while still high) was from those in the 45-54 age group (78.9%). It may be no coincidence that this age was the most disrupted by technology - i.e. lived through the early years of widespread computing as a kid, but aren't generally considered "digital natives". Or maybe it is. Either way, their support is high, but statistically significantly lower than other age groups.
Support by city
We don't hold address details for everyone who responded, so this is likely to be slightly skewed towards IITP members. However it still provides a good indication of sentiment between the larger cities and the regions:
So fairly similar and not statistically significantly different levels of support between Auckland (87.2%), Wellington (85.7%) and the regions (85.5%), with a noticeable statistically significant drop in support from Christchurch (78.0%)
Support by closest IITP branch
Breaking down by branch is different than by city, as members identify with their "closest branch" and thus it includes those in larger cities as well as the smaller cities and towns in each vicinity. This also includes those whose address we don't hold and thus don't appear in the City stats, as everyone has an identified closest branch, member or not:
Again we have to note a higher margin of error, however… Go Tauranga! 100% of respondents from Tauranga support the online voting trial, which is significant. Hamilton also had a very high level of support (85.4%), with the southern branches not as convinced - 81.0% in Dunedin and 78.4% in Christchurch. That's still strong support of course - 4 out of every 5 IT Professionals.
Support by Gender
This was an interesting result. One reviewer hypothesised that this was linked to the relatively fewer participating females in identifiable developer roles vs non-dev roles (see those demographics below) rather than a causative gender bias:
92.7% of females supported online voting, versus 83.6% of males.
Student vs Full Professional IITP Members
We looked at the difference between support from student members and full/professional members. IITP full members need to meet experience requirements, meaning this is really looking at students vs generally highly experienced IT professionals.
While there was a difference in levels of support, a significant factor was the average age of each category. This difference is thus better explained by the difference in age (above), and when this factor is removed, there is no significant difference.
Developers and security professionals
Lastly, we wanted to look at what developers and security professionals specifically thought, versus all IT Professionals. Note that we only retain this information for some members, so the numbers we could identify as developers and security professionals were relatively low (meaning a high margin of error).
Security professionals and devs were naturally significantly more conservative about online voting, however two out of three still supported progressing to a trial of online voting.
Online Voting at General Elections
And lastly, should online voting be extended to nationwide general elections, as per some other countries? A smaller, but still conclusive 74.9%, group of technologists believe so:
Judging by comments, it's likely that the reason for the drop is due to (1) the increased stakes for national elections, and (2) the lower equivalency of booth vs online (as opposed to booth vs postal) ballots.
Great comments from IT Professionals
We also gave all participants the opportunity to comment about any aspect of online voting. For or against, the quality of commentary was seriously impressive and showed that most respondents had given online voting considerable thought.
We've temporary removed the PDF containing the comments due to some being mistakenly left off. This will be available again soon.
One thing that the comments brought home to me was how thorough the Department of Internal Affairs, and the Online Voting Work Group, were in considering matters related to online voting. Almost every point raised was considered at one stage or another during the consideration process.
So why is there concern from some about online voting?
While the results show a strong level of support for online voting from the tech sector, some still obviously hold very legitimate concerns. These concerns shouldn't be discounted because of this overall result.
While online voting is used successfully in a number of jurisdictions around the world, there have been security-related incidents involving online voting systems in the past. Given the importance of voting to the democratic process, some IT Professionals (and others) are very concerned about the security, as well as the auditability, of votes cast online versus via paper.
Arguably the worst incident was the 2010 takedown of a Washington State voting trial system during a public mock election, prior to their full election. This wasn't technically a full online voting system, but rather a system that allowed votes in PDF documents to be uploaded. The system was developed by the Open Source Digital Voting Foundation (now OSET Foundation). As a result of the system's open source nature, a group from the University of Michigan analysed the code and managed to completely take over the voting server.
Interestingly, some online voting experts now recommend against open source for online voting systems as a result of this takedown. We think they're missing the point - if vulnerabilities exist in the software, it's better for it to be open to all eyes and thus them become aware of vulnerabilities than not - especially given a core component of democracy is at stake.
However despite these issues, Washington State provides online voting today for overseas or military voters, the initial target groups, along the lines of their failed 2010 trial. Presumably with better security standards in place.
A more recent example was a security certificate being found to have not been updated in a server associated with the New South Wales online elections in Australia this year. Despite some media reports and activist claims to the contrary, it wasn't their vote collection server and no votes were compromised or exposed.
NSW have been successfully running online voting since 2011, when five times the expected number utilized online voting and 96% of participating voters were either satisfied or very satisfied with the iVote system.
Some other potential vulnerabilities, such as one identified in Estonia (which has been running online voting for many years), are only theoretical in nature. In that case, activist researchers concluded that theoretically it would be possible to repeat-vote for someone if you could use conventional means to hack and take over their individual machine, use a key-logger to log their election credentials when they voted, and re-log into the voting system on their computers, after they'd cast a vote, and cast another - but only if they'd left their ID card in their card reader.
There was no evidence this theoretical vulnerability was ever used, but it did cause some concern. However Estonia has continued to offer online voting and the percentage using it - and voting - has continued to increase while similar countries not offering online voting have seen a drop in participation in the voting process. Interestingly, by design this theoretical vulnerability couldn't be used in the NZ trial as New Zealand's voting credentials will be single-use.
Where there has been documented major concerns is with voting machines in polling booths, especially with the first generation of machines. However this is not what is being proposed in the Trial and is therefore out of scope for New Zealand at the moment.
However, regardless of the lack of evidence of widespread online voting fraud in actual elections, when it's related to democracy the stakes are still worryingly high. While New Zealand currently enjoys other critical services such as the Census and passport applications online, the fallout from someone hacking a voting system would be significant.
Some problems with New Zealand's online voting trial
Despite our support for the online voting trial, we do hold some concerns, including where the implementation appears to be deviating from the carefully considered recommendations of the Online Voting Working Group.
The decision of central government to pass the entire cost onto the participating local bodies is disappointing and led to at least two councils choosing not to be involved. Implementing online voting is a nationally significant activity, and while we do have a structure in NZ where every single Council in the country runs their own elections, the benefits of implementing one hardened online voting system - paid for centrally - outweighs potentially many different systems around the country (and the increased attack vector that creates).
We're also not happy with DIA's decision to quietly drop the strongly recommended bug bounty requirement, possibly due to an ill-considered view that it might cause more people to try to break it. Fact is, people are going to try to break it. Far better that they're working for you when they do so. We'll be taking this up with both DIA and participating Councils.
And lastly, after carefully examining the evidence from overseas, the working group recommended no pre-registration (as it was seen in to be a barrier to participation). So in short, everyone would have a code on their voting papers they could then use to easily cast their vote online rather than posting it.
However it appears that Government has indirectly mandated pre-registration - those wanting to vote online must first request a separate code, which is then posted to them - increasing cost significantly, and creating an additional barrier to voting online (postal being 1-step, online now being 2-steps). It's likely that this decision will lead to a far lower takeup of online voting than would otherwise be the case for not much gain.
As one poll respondent noted, a debate on the security of online voting is both good and correct. Indeed. And in that vein, this week we've also asked two IITP members - one for online voting and one against - to summarise the arguments for and against. You can view these posts by Ian Apperley for, and Dave Lane against. NOTE: Neither of these viewpoints are wrong and regardless of your view, we ask for comments and debate to be respectful.
IITP will continue to cautiously support online voting in New Zealand, or in other words support progressing cautiously, however we'll also continue to support debate and discussion on the relative merits and technology issues. It's good to have confirmed that the vast majority of our members support this position.
And lastly, were these results a surprise to you? Feel very free to comment below and join the conversation.
Paul Matthews is CEO of the Institute of IT Professionals.
You must be logged in in order to post comments. Log In