Perspective: The Democratic Party's dangerous experiment

As most of us now understand, paperless electronic voting is a really bad idea. But there is a still worse idea: voting over the Internet.

Voters may worry about whether voting machines were hacked by programmers or poll workers who have machines stored in their homes prior to an election. But with Internet voting, we must also worry about whether the system has been hacked by a teenager in Eastern Europe, organized crime, or even an unfriendly government. We must worry about network failure, denial-of-service attacks that shut down selected machines on the Internet, counterfeit Internet Web sites, and spyware or viruses on the computers used to cast votes. And we must worry about whether the people running the system are engaging in electronic ballot-stuffing.

Like whack-a-mole, Internet voting proposals have reappeared in different guises in the U.S. for much of the past decade. When an extremely ambitious U.S. Department of Defense proposal for Internet voting in the 2004 presidential election was reviewed by computer security experts, it was terminated because of security concerns documented by those experts--the same concerns that should cause all citizens to view any proposal for Internet voting with extreme skepticism.

Like whack-a-mole, Internet voting proposals have reappeared in different guises in the U.S. for much of the past decade.

Nonetheless, on Super Tuesday, the Democratic Party is going to deploy Internet voting. Democrats living outside the country will be treated as a 51st state, called Democrats Abroad, and will elect delegates to the convention. This approach adroitly sidesteps almost all regulation on election technology, which typically are matters of state, not Federal, law.

Internet voting won't even be subjected to the notoriously inadequate certification process that applies to almost every other voting system in the U.S. The organizers apparently maintain their confidence in the security of Internet voting by not consulting anyone who might, as happened in 2004, warn them of risks. (We know most, if not all, of the independent experts in Internet voting in the U.S., and none of them has been asked to examine this system.)

Security may not be the only issue with this system. On its Web page, Everyone Counts cites the recent "successful" election in Swindon, U.K, even though the U.K. Electoral Commission reports: "Electronic polling stations in Swindon proved more problematic, with many experiencing connectivity and application issues on polling day." For this and other reasons, the Electoral Commission recommended a moratorium on further e-voting trials in the U.K. until security and other concerns are resolved.

So, why should expatriate Democrats trust Everyone Counts with their votes? We don't know. What we've been able to discover in a few Internet searches is that the company was spun off from an Australian company (PDF) in 2003, and (as of two years ago) the majority shareholder is an Australian. In 2006, the company received an "injection of U.S. private equity" from an undisclosed source. We can't tell you which candidate, if any, the source of the private equity supports.

There are only a few delegates allocated to Democrats Abroad. So it is unlikely, but not impossible, that the delegate selection resulting from the Internet voting process will be decisive in choosing the Democratic nominee for president. Whatever the outcome, it will be impossible for a candidate to obtain a recount, because there will be no meaningful ballots to recount.

Even if Internet voting does not affect the presidential nomination, there is a big risk. Although no one will know if the votes were correctly recorded and counted, the "success" of this experiment will be cited as a reason to expand the use of Internet voting.

We understand that voting is unnecessarily difficult for many expatriate Americans. That is unacceptable. But it is also unacceptable to force citizens to trust their votes to a system that has not been demonstrated to be trustworthy. We need to consider more sensible and secure ways to assist Americans living abroad. For example, we might develop a uniform system for printing absentee ballots remotely, so that it is not necessary to mail ballots to voters weeks in advance. We might consider making deadlines for receiving voted ballots a bit more flexible. Perhaps ballots could even be delivered by FedEx or DHL.

This radically new and untested voting scheme was announced only a short time ago. Press coverage has been minimal and uncritical. Unfortunately, because voters planning to vote over the Internet no longer have time to obtain absentee ballots before the primary, it is too late to kill this dangerous proposal. We urge American expatriates to vote, however they can--even if it involves using this system--and then tell their representatives that paper ballots must be required in the future for all voters, including those outside the country.

Americans living abroad should not be treated as second-class citizens.

Biography
David Dill is a professor of computer science at Stanford University and founder of the Verified Voting Foundation, which supports voter-verified paper ballots and has criticized some electronic voting machines. Barbara Simons is a past president of the Association of Computing Machinery who is retired from IBM and lives abroad. Simons participated in a peer review of the Defense Department's Internet voting project and was a member of the National Workshop on Internet Voting.

More Perspectives

[Blake4]

Thank you

This is a much-needed story. I was flabbergasted when I previously read coverage citing the "success" of the recent UK experiment.

[MadKiwi]

Wow!!!

This only goes to show how truly out of touch political parties and their advisers are concerning the internet. Unless it is an attempt to promote a system that CAN be hijacked. Out with the tinfoil hats people.

[decoycop]

No SSL

Not to mention, the website does not employ standard internet security measures such as secure sessions or even secure log-ins. This is a sure-fire way to undermine any internet voting effort.

[The_Decider]

SSL won't save you

Online voting would be a HUGE man in the middle attack target.

[wildchild_plasma_gyro]

Just so long as you know

There is a real problem in the human Ecosystem and much more we could be quite easily.
its not some dame voting system and there are people who are more to blame so very much so.
Direct Conflict is the solution to all problems.

[cchenoweth6]

Checks and Balances

It's easy to make internet voting work.

Attach the voting to your SSN and special pin number that each person gets. That person can check on their vote anytime.

Not only that, you can get statistics on your area. If something is wrong, it would be easy to spot this way. Anyone could easily do an audit of any random areas or individuals who know their area is usually republican can can initiate a audit of the area.

[My-Self]

ain't the vote supposed to be secret ?

What you remove with this is vote secrecy. since the system will be government authorized, regulated and paid, the 'accidental leak' of the data matching everyone's SSN and vote will happen, rather sooner than later.
Internet is useful for many things, voting is not one of them.
However, being able to remotely print the ballot would be both safe & useful, but nothing more than that.

[gerrrg]

Absentee ballots are the way to go...

Forget electronic voting...you're still stuck with the problem of long lines.

No, the answer is absentee ballots. Oregon has the best system in the world, where everyone gets a ballot that can be mailed in or dropped off in dozens of boxes at all sorts of locations including libraries. No more lines, no more mistakes and untrackable voting.

Go Oregon.

[The_Decider]

Those are not foolproof

Mail gets lost.

It is possible for people to divert ballots in transit, especially in areas heavily for the opposition candidate.

[georgiarat]

Fraud

The Democrats have always been about fraud from Lyndon
Johnson in Texas to the Chicago machine of Daly. This is just the
latest way they can stuff a ballot box. Yes every vote will be
counted, the dead and the illegals. The only reason they have
control of Congress now is the illegal voters in certain districts.

[Dalkorian]

lol

You have your parties mixed up. The lies that allowed 9/11 didn't
come from Democrats. The lies about illegal domestic wiretaps
didn't come from Democrats. The lies about illegal rendition and
torture didn't come from Democrats. The lies about Iraq didn't
come from Democrats.

In fact, if Democrats have been stuffing ballot boxes, why have we
been mired in this fuhrer bushit nightmare for the last 8 years?

[NYCmicah]

Too One Sided

While I can agree on a topical level that Internet voting is quite
concerning, especially when it is being run by a company whose
financial sources are unknown, let's not throw the baby out with
the bath water.

I have lived all over this country and had the pleasure of voting
in 5 different states in my 8 years as an eligible voter. I have
voted with the absentee ballot in Arizona, caucuses in Iowa,
touch screen in New York, butterfly ballot in Chicago, and
optical scan in Kansas City. I completely understand the security
issues that have been raised by you regarding Internet voting.
Many of the issues raised are legitimate, but the opportunities
that are overcome through Internet voting are far greater.
Millions of Americans who live abroad are disenfranchised via
the current system, especially during the general election. Mail
delivery service is wholly unreliable outside of places like
Western Europe, Australia, and Canada. Even expedited service
from a company like FedEx does not always ensure that a ballot
will arrive in time. Military personnel are also left out in the cold
with many of their ballots not received or counted, and these are
the people who should most certainly have their votes counted.
A paper ballot, due to the many requirements placed on
absentee and overseas voting, is just not going to cut it.

I also have to raise a far greater concern. In every election I have
ever voted in, I have yet to have any assurance that my vote
actually counted with the one great exception of the Iowa
caucuses. Now many decry what happens at the caucuses as
being somewhat undemocratic, but the reality is that I vote and I
physically see that my vote is counted right there in front of me.
No other process that we use to manage voting offers that
assurance. With the dramatic rise of absentee voting, we should
be even more concerned about our votes actually counting. Most
people do not take the time to verify with their county board of
elections to determine whether their ballot was received if it was
mailed in. We have little assurance or easy verification that our
vote was received and counted properly. Even if we hand deliver
the ballot, do we know it was put in the right place to be
counted with the correct set of votes?

The reasons above are why I am a huge advocate of pushing
forward with a very specific Internet-voting proposal. We should
have voting over a weekend or a week long period. Anyone
could vote online during that time. The advantage of doing the
voting over an extended period of time would ensure that even
with an attack or malicious behavior, that the voting could be
carried out with less concern on how it would affect the vote. An
important aspect though is that every voter receive a unique
voter ID. The voter ID would be linked to the individual only in
an offline system. Meaning: John Doe @ 1100 Grand is voter ID
NY1234. The online system would know me simply as voter ID
NY1234. Only the offline elections system would know who
voter ID NY1234 is. There could be a security question or
something of the sort linked with the voter ID, but the only way
to find out what my voter ID would be through the election
office. Only myself and authorized personnel would have access
to that. The security question would ensure that only I vote with
my voter ID. IP addresses could be logged, verification of the
location that I am voting in would be required, VPNs would not
be allowed, etc. There are many basic steps that could be taken
to ensure the security of the vote. If this were done on a
national scale, then the costs of it would most likely be less than
the ridiculous amount we spend on elections right now.

The most important aspect of what I propose though is that I
can verify my vote was counted under my voter ID. I can see a
tally of my precinct, county, and state. I can see where my vote
was counted along with everyone else, and I can be sure that it
was counted correctly. Like I stated above, aside from the
caucuses that I have participated in, every other vote is a
perpetual black box. It does not matter if it is paper with optical
scan, absentee, touch screen, or anything else. I have little
capability without raising heaven and earth to ensure that the
ballot I specifically cast was counted toward the total of the vote
count. Internet voting offers an amazing ability to also quickly
eliminate the names of candidates who are no longer seeking an
office. Just look at New Hampshire, South Carolina, and Florida
where literally tens of thousands of votes were cast for
candidates who were no longer seeking the office of president.
You have to assume that these were not cast correctly or the
vote was cast too early. Internet voting could change the game,
offering the ability for a candidate to easily have their name
removed from a ballot with little cost or hassle.

With all the security issues that you can come up with to write
off Internet voting as a potential danger to democracy, I have to
ask myself, aren't we engaging in more risks already? The
integrity of the vote has been a problem in our country since its
foundation, and I expect that the integrity of the vote will only
improve as the years move forward. I think that providing
citizens the ability to see that their vote was tabulated in a way
that does not hinder the private voting habits that we cherish is
the best way for us to move our elections forward. Internet-
based voting is the best tool to provide that opportunity.

Paper ballots do not ensure the integrity of the vote, as you
seem to advocate. Only creating a system ensuring that
Americans can verify their vote will improve the integrity of the
vote.

[My-Self]

client - server trust

Your proposal fails since you simply shifted the need to trust the online vote to a need to trust the online verification, losing vote secrecy in the process.

---

Any online voting system is flawed from the start.

All internet operations are based on the client-server model (P2P being a variation) and that require cooperation of both ends for the transaction to succeed.

In a voting system, you can't trust the servers and those operating them, so it's impossible to certify that the transaction really occured according to what the server tells you and it's equally impossible to know for sure that the results were properly counted.

With such a low tech system as pen and paper, the whole process is observable by eyewitnesses and massive fraud is next to impossible. When a fraud is suspected, a recount is possible. Can't beat that.

[ethana2]

Malware:

I'm not pleased to see Microsoft's operating system holding us in the past anymore. This must end.
For that technical point, I present this:
www.ubuntu.com
NEXT ISSUE: DDoS attacks.. well now lets's see, how are those usually performed? See above.
NEXT ISSUE: foreign nations tampering with stuff.. well, those foreign nations would have foreign IP's with no citizen voting accounts, wouldn't they? Keep it secure-- avoid IIS.

[mbenedict]

Internet voting is NOT about voting...

It's about Marketing and Public Relations.

At this primary stage, Democrats Abroad and the Democratic Party does not really care if the internet voting system is secure or not. That's irrelevant.

The real prize is the general election in November. Having Internet Voting now allows Democrats Abroad to collect names of potential voters for November. It "excites" their activist base and "engages" them into the Party.

With Internet Voting the party can be seen as being "in touch" with the needs of a young, internet-savvy constituency, while building a calling list at the same time.

Concepts like voting security is a distant concern.

[goosgog]

Internet Voting is not about voting!

By this one's comment, I would guess a "Republican?"
What makes you think the Republicans are just gonna sit by with their thumbs up their posteriors while the Democrats do this. Both sides play the same nasty game, or haven't you figured that out yet??

[Greg5A]

Unbelievable!

What a system for "crookifying" the election results!

If the Republicans were trying to pull something like this, the news media would be screaming about it.

This sort of thing will increase the public's cynicism about politics and the political process.

Faster your seatbelts, America. We're in for a bumpy ride.

[poindexteriii]

Being a Network Security Admin..

?and a member in good standing with SANS.org, I, and most likely every one of my colleagues, would be the first to tell you that this is a bad idea from the word go. With the track record our Government has on making secure electronic procedure policies that cover all vectors of attack and compromise, and then actually following the procedures they do intend to implement, it will plainly tell you the only tried and true way to cast a vote is by the use of a physical absentee ballot. Even under the best conditions, electronic internet voting requires no other verification other than knowing key personal information about the voter, which itself is a commodity for sale on the internet.

Internet voting = governmently insanity

[umbrae]

Secure Internet Voting is possible...

Of course, Secure Electronic Voting machines are possible too. It just takes proper funding and the right people. It should not be trusted to corporations that only care about profit. The Government needs to staff itself with qualified people and create the system. Open Source the code for transparency, provide a machine readable paper trail and a voter copy.

On the internet, issue public/private keys to every eVoter and use this as an identifier. Of course, the government will need to setup a tech support number, but if internet voting is not a "requirement" those that cannot handle the process can go vote in person.

No system will be fool proof. Voter fraud has been around a long time (and got George W into office twice :) ). However, make it secure as possible, transparent as possible. I would love to see when my vote is counted and what it was registered as. I am even willing to sacrifice my privacy on this issue just to ensure it was counted and was correct. Since I vote exclusively absent ballot, many times my vote is not counted at all, which is worse than any other alternative.

[cndjc]

See my RISKS article about this

Own-horn-tooting: see my article in the RISKS newsletter giving details of the misdesign of security and usability for the Global Primary. To date, at least based on Google, Democrats Abroad has no comment on this. And they still have never responded to me directly on this topic, though I tried to bring it up well before the Internet vote.

<a class="jive-link-external" href="http://catless.ncl.ac.uk/Risks/25.06.html#subj4.1/D" target="_newWindow">http://catless.ncl.ac.uk/Risks/25.06.html#subj4.1/D</a>

Pete Kaiser