Online Voting
March 17th, 2008 at 2:30 pm by David FarrarThe Electoral Commission has released the full data from some research UMR did for them last year, including a section on online voting. It starts on page 43 of this pdf.
- 41% of respondents use online banking once a week or more, whiel 34% do not use at all.
- 60% of under 30s use online banking at least weekly and only 16%
- Confidence in running of election on a 0 to 10 scale has 95% saying 5 or better and 74% an 8 or better
- On same 0 to 10 scale for whether one would choose to vote online, 58% are 5 or higher and 42% an 8 or higher
- For under 30s, 68% are 5 or higher on voting online, and 54% are 8 or higher.
- Over 60s though have only 41% as a 5 or higher and 26% as an 8 or higher.
- 76% say a confirmation screen would be an essential feature of online voting (I agree)
Pages and pages of interesting data. The 2010 local body elections provide a wonderful opportunity to trial online voting, and I hope necessary law and operational changes can be made so it can be used in a few areas.
March 17th, 2008 at 3:13 pm
I was Director of the NZ Electronic Electoral Trial in 1999 – a joint venture between the Campaign for Digital Democracy (a US lobby group), Victoria University and my political consultancy company. Nice to know I was a decade ahead of my time
Pollies from all sides were initially all for it, till I naively opened my gob and mentioned that if the system were sufficiently robust to run an election, it could just as readily be used to run referenda – regularly, not just simultaneous with elections, and cheaply, thus making a good case to lower the threshold for the number of signatures required to initiate one. And the “signatures” could be collected electronically, using the same system, so referenda directing our pollies what to do would become a regular event!
The silence was deafening, as they say. Suddenly our calls weren’t returned, and the parties who’d expressed an interest in adopting “will investigate e-voting” as part of their platform lost all interest.
So yes, it is to be hoped that law and operational changes are made to allow its introduction. But don’t expect our rulers to vote to hand over their power any time soon. If this is to happen, we need to lobby strongly to make it happen.
Although online voting doesn’t excite people the way more emotive issues do, in fact it’s the key to empowering people to make decisions on every topic, contentious or not. So I wish those who devoted so much energy to standing on one side of an issue or the other, claiming majority support, would devote half as much energy to this topic.
Vote:March 17th, 2008 at 3:49 pm
So what? Most people, without some background knowledge, are not equipped to judge the safety or reliability of an online voting system (or any other online system for that matter). The fact that many people like the idea does not mean that it is a good one.
How would it be audited? How would you know your vote was counted? What controls would prevent fraudulent voting?
I don’t see how an online system can compare with an in-person system that generates paper ballots (machine counting is good, but purely electronic voting is unverifiable).
In the end, a non-technical person can verify the validity of a paper-based election themselves. An election without a paper trail can only be kinda-sorta verified by a fairly small group of experts (and then there’s the problem of certifying their expertise…). No contest if you care about the integrity of election results.
Vote:March 17th, 2008 at 4:32 pm
I’d like to see online submissions to select committees first… (all of them that is)
Vote:March 17th, 2008 at 5:28 pm
It could be tested in one or two electorates and people can put on their election “return” card whether they wish to vote this way. The “on-line” screen could be opened at the start of polling and close when the polls close. People could be given a special unique key for their vote and so on. For it to be of value people should be able to vote on their own computer and that would be the whole point of it. About 50% of people have a computer and I assume half of them will vote by computer. So my guess is the number of people rolling up to a booth on election day will drop by about 25%. On election day I see no problem with votes starting to be counted from 4 pm say all votes up until then and pre-election day votes being counted. For votes cast between 4pm and 6pm those votes can be counted after the polls close.
Vote:March 17th, 2008 at 5:32 pm
How would it be audited? How would you know your vote was counted? What controls would prevent fraudulent voting?
You have the same issues to consider in a manual voting system. With paper-based voting you put a piece of paper in a box – I don’t know what happens with that piece of paper afterwards. If there was e-voting, I would like to see a some type of receipt of my vote – maybe a pdf version of a ballot paper to my email address.
I personally think there are larger issues around whether you are encouraging different demographics to vote, especially if you have two systems running side by side. For example, do voters with higher incomes have greater access to computers and therefore more likely to vote? I don’t have the answer but it’s certainly something to consider.
At the end of the day, the simpler the system is the less likely it is to go wrong and its a level playing field in terms of access. And there’s something nice about having to place a piece of paper in a box, that you’re actually participating in something instead of reducing it to an electronic transaction.
Vote:March 17th, 2008 at 5:35 pm
“People could be given a special unique key for their vote.”
Right, and that will work right up until some clever cookie starts brute-force guessing keys and making false votes from compromised PCs.
Or since there must be a procedure for people who never got their key, or who made a mistake, you might abuse it by falsely complaining and invalidating a vote.
And of course, how would this system work anonymously? Elections are supposed to be by secret ballot.
Vote:March 17th, 2008 at 5:51 pm
Electronic voting should not be attempted unless there is full transparency into the process and software.
That means none of this Diebold crap that’s going on in the USA… The source code and infrastructure architecture should be universally available and audited. Conducting matters like this takes away the “Security through Obscurity” facade that a lot of software hides behind. If the blueprints are universally available, your software actually has to be secure.
This presents another gotcha, if your internals are universally exposed you can not get away with using magic numbers, black box algorithms etc… for authenticating voters and votes.. Whats really needed is an agreed standard for digital signing and authentication, something like public-key cryptography. This can be utilised by open source applications such as GPG (based on PGP, pretty good privacy).
You have a private, secret key. You return a shared, public key. Your voting form is sent to you encrypted using your public key which only your private key can decrypt. You fill out the form, encrypt using the electoral commission’s public key which only they can decrypt. This creates authentication and encryption from snooping. However public-key cryptography is not very widespread and requires a fair amount of education before the masses will “get” it, but I don’t believe we should start online voting until we have something that is damned near failsafe.
Vote:March 17th, 2008 at 6:13 pm
one interesting side-effect of online voting would be the introduction-by-stealth of a universal id for every voter
Vote:March 17th, 2008 at 6:42 pm
as for an economical divide – use ATM and EFTPOS terminals to vote. Wire the TAB in even. use text messaging. power to labour voters!
as for the imperfections and ‘abuseability’ of electronic voting, please only restrict yourself to where this is a HIGHER risk than voting on paper
thank you.
Vote:March 17th, 2008 at 6:49 pm
stephenjudd aks:
As it is now, by an independent Electoral authority (from Returning Officers in each electorate up to and including the Electoral Commission if there’s an allegation of wrongdoing) and by party scrutineers. In this day and age there’s enough people with the nous to read a spreadsheet.
How do you know that money you just paid via internet banking actually got paid? Because the system generates a unique “receipt” and an electronic audit trail for each aspect of the transaction.
The mechanics of this would take a while to explain (edit: oh, I see ChrisS has taken the time to do so above
) but the simple answer is, again, the model of online banking. A unique identifier and a user-chosen password, together with systems which detect something as stupid as a brute force attack. Geez, I can’t even get into Hotmail accounts with brute force attacks any more (I used to do it for friends who’d forgotten theirs) because after three incorrect tries it locks you out and you have to close the browser, reopen it and try again. When it was possible, it took days to work through billions of combinations. And that would get you ONE vote. A brute force attack designed to access accounts in sufficient quantity to skew a result even in a marginal seat would a) bring the system to it’s knees, and thus be detected by the administrators and b) be detected by angry voters who’d be told “sorry, you’ve already voted” when they logged in legitimately.
Yes, there are concerns – mostly centred around deliberate fraud by the people running the equipment, not outside hackers. But they’re by no means impossible to address.
edit:
petal: A unique universal identifier would be necessary, yes. And we’d have to be on our guard that when it was introduced, it was illegal to use it for any other purpose. Your suggestion of ATMs is a good one – we look at that in the NZEET but at that stage they were dumb terminals that could do only a few things. Now, I suspect, they’d be far more adaptable.
Vote:March 17th, 2008 at 8:51 pm
“reading a spreadsheet”
But the problem is not totals. The problem is tallying the individual votes before they are aggregated.
You are reliant on every link end to end being trustworthy, and this is impossible to ascertain by inspection in an electronic system.
Online banking? *cough* You do realise that online banking fraud is a persistent problem? It is hardly the model of a robust system, it is one that is just barely good enough and where risk is mitigated by transaction amount and volume limits.
“How do you know that money you just paid via internet banking actually got paid? Because the system generates a unique “receipt” and an electronic audit trail for each aspect of the transaction.”
Er, no, it doesn’t. At least, there is no receipt. And a ballot is supposed to be anonymous.
petal: yeah, individual paper votes are easily a problem, but largescale fraud is hard in a paper system. Attacks on online/electronic systems are as easy to do on a large scale as on a small one once automated.
Basically, I don’t see that the problems with our current systems are so severe or so insoluble that we need to replace them with a whole new set of problems that are intrinsically much more difficult and in some cases impossible. People need to get over their belief that electronic solutions are always superior to paper – this is simply not so in this case.
See http://www.notablesoftware.com/evote.html for an exhaustive treatment of the subject.
What we have here is a proposal for a solution that doesn’t even exist yet and may be difficult if not impossible to implement, for a problem that can be fixed by paying a small amount for more labour.
Vote:March 17th, 2008 at 8:55 pm
PS: public key encryption is definitely a basis for a reliable solution, but there are problems with trust (key revocation), and of course people have to protect their private key. Given the success attackers have in obtaining online banking credentials, through keylogging etc, I am sure that any standardised key management system that uses ordinary people’s PCs will be vulnerable too.
Vote:March 17th, 2008 at 9:21 pm
And one last thought: the supposed reliability of electronic banking is held out as reassuring.
Well, here’s a counter for you. Diebold, whose voting machines are famously subject to abuse, make ATMs, and in fact their voting machines are based on their ATM designs. So why are their voting machines so bad? I don’t think it’s actually conspiracy. I think it’s because there is a low and acceptable level of loss which is good enough in a banking environment, but which is not tolerable in something as infrequent but important as an election.
Vote:March 18th, 2008 at 6:33 am
Sorry, but I would not trust the Labour / Greens government with an electronic voting scheme. I like the idea in principle and I believe that individual security can be guaranteed but I do not believe that the data is secure from those politicians. They’ve already shown they are remarkably adept at making all forms of electronic media dance to their tune – rigging polls and the like. It wouldn’t take much for them to steal an election as well. Their second one.
Vote:March 18th, 2008 at 8:27 am
Not only that, Stephen, but they make ATMs for KiwiBank! Pretty close to government owned
Vote: