An opinion piece by NZRise board member, Laurence Millar.
I do all my banking, travel booking, shopping and communicating online. Surely in the 21st century, I should be able to vote online?
If you are voting to elect the president of your sports club, then online voting is convenient and easy. But it should never be used to elect our government, and this article explains why. This view is not universally shared, and if you want both sides of the story, you can read this published in 2016, when online voting was being considered for local body elections.
Technology can improve elections in many ways –online voter registration, managing workflow in the election process, recording votes, and presenting the results for mass consumption in realtime. The NZ election system does all these functions, and does them amazingly well. At the 2017 General Election, votes were cast at 2,863 voting places around the country, and around 20 million requests for updates were served, providing the public with real-time updates throughout the evening, and making the results at the individual voting station available for analysis.
But for the actual voting process? Under examination, the case is fundamentally flawed.
The number one reason is risk – specifically the risk that voting data is manipulated. The level of any risk is determined by the impact and the probability of the risk occurring. For elections, the impact of a stolen election is huge; put another way, the benefit from stealing an election is massive, securing power and money for three years. This level of reward will attract hacking from multiple sources with limited ability to recover from a successful attack. In fact the chimera of manipulated votes is in itself sufficient to undermine confidence in the result of the election.
All the evidence suggests that an electronic voting system will be successfully hacked. Def Con is an annual hackers convention that runs a “Voting Village” where voting systems and machines are tested for resilience to attacks, and are found wanting. At this year’s event, attention turned to nation-states or other actors waging disruptive attacks to influence the outcome of elections and sow distrust of the election process.
Think about all the components that make up an online session – browser, OS, wifi, router, modem, network, the layers of software and hardware that support the server – all built by different companies from different countries. None of them are 100% secure from intrusion. And remember that security is as strong as the weakest link, which is the target for attack vectors.
Absolute trust in a computer system is rarely required. Banks can fix any fallout when on-line banking goes wrong – real world actors can get involved to sort things out. But there is no-one to fix things if voting is hacked (since a smart hacker will leave no traces). Where absolute trust is required, security agencies use specialised, dedicated and isolated networks and hardware.
But wait there’s more..
As well as the certainty that the system will be successfully hacked, there are other reasons why online voting is not a good idea.
The impact on community cohesion.
The election process is one of a few pieces of modern life that has not been atomised, joining participants in a common social ritual – visiting the polling station to cast a vote, and then watching as the results unfold on election night. The only other events that even come close to creating a similar scale of shared experience are major sporting events.
Every vote cast can be scrutinised by participants to ensure that it is cast correctly. When this is buried under code, compilers, networks and hardware, there is no vantage point from which scrutineers can observe.
The paper-based voting system have a unique number for each vote, which is recorded against the voter’s name on the register to ensure the integrity of the voting system. This video explains how paper based voting systems were designed for private voting with public scrutiny (at 3’00). Compare this to all individual voting records being stored digitally, creating a an incredibly valuable database for campaign managers.
And for a final red flag, the Digital Inclusion challenge, reported elsewhere in this newsletter. Voting is a universal right and making it harder for some is disenfranchisement. This would be deeply ironic and a backward step in the first country to implement universal suffrage.
But online voting will increase turnout. The concern about democratic deficit and non-participation of the public in elections has been around for decades. Many approaches have been tried, with some spillover side effects. The ability to vote up to 2 weeks ahead of the last election made a mockery of the legal requirement for no campaigning on election date. Postal votes were seen as a saviour in local body elections, but there have been, possibly apocryphal, stories of young voters not knowing how to post a letter. The root cause of low turnout is not ease of voting, it is lack of interest, lack of engagement and lack of trust.
But online voting is inevitable: No, it’s a solution looking for a problem.
But technology will fix all the problems: xkcd nails it.
Want to know more? Check these out:
Read some articles that are NZ specific content
Politics – the myths of online voting
Security concerns with Online Voting, outside the system
Or, if it’s the trust behind online voting you’re interested in, these articles might be of interest to you
I’m a Computer Scientist. Here’s Why You Should Never Trust a Computer.
Blockchain-based elections would be a disaster for democracy
Online voting is a cybersecurity nightmare
And we all like real world examples of what is happening and things to consider to form our own opinion, these articles will help with that
A critical flaw in Switzerland’s e-voting system
Hackers were told to break into U.S. voting machines. They didn’t have much trouble
Could the 2016 Election Be Stolen with Help from Electronic Voting Machines?
Online voting is impossible to secure. So why are some governments using it?
Election explainer: why can’t Australians vote online
Vanessa Teague at linux.conf.au in 2017 (video)
For even more reading, try this opinion piece by NZRise Co-Chair Breccan McLeod-Lundy.
Laurence Millar is a Board Member of NZRise who has more than 35 years experience in the innovative use of technology to support organisational change. He has worked on projects in the government, banking, telecommunications and distribution sectors; and has worked extensively in New Zealand, Asia, the Middle East, Australia, USA and UK/Europe.
He is involved with NZRise because it is the voice of the NZ owned tech sector and has been with us since the start because the cause is important and he thinks he can help make a difference in the transition to a digital nation.
Laurence is the Executive Director of the 20/20 Trust.
This is an opinion piece and does not necessarily reflect the opinion of NZRise. Questions and comments can be directed to [email protected]
Your big problem is that you assume that the present paper system can’t be hacked, that it’s infallible. This is, of course, bollocks. Recall a few years ago when the Waitakere seat went to the National candidate and then to the Labour candidate and then back to National on recounts? The swap each way was only about 20 votes. So, how many National voters on the first, second and third counts? We have no way of knowing and thus no way of knowing if any votes were purposefully miscounted.
Do some miscounting here and there and, woah, a stolen election and not a computer in sight.
And yet you seem to think that a paper system is worthy of your ‘absolute trust’.
And, no, its not a certainty that the voting system will be cracked. Same as its not a certainty that the bank will be.
And going on about banks, if they can find a crack in their system then so can the government. The government isn’t a thick conglomeration but is made up of individuals all of whom are quite bright and probably not quite as greedy as those in the private sector.
The election process is as atomised as its possible to get. Going to the voting booth is NOT a social occasion. The majority of people will go there, vote and then leave and not speak to anybody at all. Same as when they go to the shop.
The paper system creates a valid database just as any electronic one would – that’s what the voting number is. Information that’s available for months afterwards. Anyone who gets hold of that data will have all the same information as someone with a digital copy. And with OCR it’d be easy to digitise once some criminal got a hold of it. It’s not that the database will exist or not – both system require it – its about who has access while it exists and we’ve all heard the true stories about critical stuff that was supposed to be destroyed but ended up in the criminals hands through base corruption and greed.
As for postal voting – jeeze, that’s got to be the absolute worst possible voting system as far as security goes. No clue if the letter even arrives, no clue who actually filled it out and then a possibility that it doesn’t get to the count. There was even, a few years ago, some saying that they’d grabbed hundreds out of letter boxes, filled them in, and sent them off.
Electronic voting has issues, no doubt about that, but it also has huge possibilities. Instead of voting once every three years for a representative that then goes and does whatever they want while ignoring the people (Its law that the representative goes by their conscience and NOT the will of the people and people’s ‘conscience’ can be bought) we could vote on every policy.
Electronic voting can bring us democracy rather than leaving us at the whims of a small clique. Which means that its down to a question of risk/reward. Is a better democracy worth the risk of electronic voting?
Oh, and voting machines need to be banned.