Wednesday, November 2, 2011

Rebuttal to David Jefferson’s Brief against Internet Voting

As Professor Hasen shows in his forthcoming book, Voting Wars, conflict over the way we conduct elections in the US is increasing. One of the areas of disagreement is whether or not the US should employ Internet voting as a means of conducting elections. Professor Hasen offers a statement against that move by the highly respected computer scientist Dr. David Jefferson. With all due respect, I offer another view.

Voting, of course, is a very serious matter. It is an essential, albeit not sufficient, requirement for democracy. Voting is one of the principle ways by which the people of a nation are empowered to have a voice in their own destinies. The process of voting, that is, the means by which a vote is conducted, must be one that commands the trust of the voters, or the results will not be legitimate. Illegitimate governments can only cause political unhappiness, and possibly political unrest and turmoil. Hence, the right to cast a vote is meaningless unless the means by which the vote is counted is trustworthy.

Dr. Jefferson alleges that Internet voting is untrustworthy, and therefore should not be used in US elections. Yet, we live in a time when the cultural and economic momentum around the world is pushing towards ever greater use of electronic technology. This is not just for social or entertainment uses. Professor of e-business and computer science at the Carnegie Mellon University, Dr. Michael Shamos, who has both a Ph.D. in computer science and a law degree, observers that electronic information is replacing paper-based information throughout international law. [1]

Electronic signatures are regarded in law as just as valid and binding as hand written signatures on paper. In fact, he says, electronic records are now preferred as evidence in courts all over the world. If there is a contract dispute, emails may be used as evidence to show how a party understood the paper contract. In cases where a bank customer offers an ATM paper receipt as proof of a transaction, courts routinely rely instead on the bank’s electronic records as the definitive source of proof. Even claims to have a winning lottery ticket can be disproven by the lottery administrator’s electronic records of both where and when the ticket was sold, and the winning number. In all these cases, where electronic records are shown to have been well-maintained, they are given preference over paper, which is regarded as far easier to modify or fake.

Dr. Jefferson’s position is that despite all the movement towards a 21st Century e-world, the means by which we conduct our elections must stay rooted in the tried and true tradition of the 18th Century. That is, trek to the polling place, mark a piece of paper, deposit it in a box, and return home hoping your piece of paper will be counted as cast.

One fact that Dr. Jefferson over-looks is the long history of voting fraud committed within our paper-based system of voting over the past 200 years. Another fact he conveniently over-looks is that all over the world, where Internet voting trials have been conducted, there have been no proven instances of voting fraud. Allegations or suspicions may exist, but no charges of fraud, or even of significant error, have been accredited in any Internet voting trial conducted in this century. (RE the DC fiasco, see below.)[2]

The first trials of Internet voting were conducted in the year 2000. The Republican Party conducted a straw poll in Alaska. The Democratic Party held a primary vote in Arizona. And, the Department of Defense conducted a small online vote for overseas military personnel, who were enabled to vote in their state, local, and federal elections on their own PCs. Other nations were inspired by these pioneering US trials. Now, Elections Canada, the agency that manages national elections in that country, has requested the House of Commons to allow Internet voting for all its national elections. Numerous municipal elections have been conducted online in Canada, without any security or technical problems. A recent EAC report notes that the Swiss have held at least 36 online elections over the past several years. Internet voting trials have been done in India, France, Spain, Norway, New South Wales, and other countries. No instances of voter fraud have been shown. Tarvi Martens, who designed the Estonia Internet voting system, says it’s “more secure than Internet banking” http://t.co/Jh6Onyd

Here, then, are numerous FACTS about actual instances of successful Internet voting trials. There are many more such facts. For example, West Virginia allowed its overseas military personnel, from a few select counties, to vote online in the 2010 election. Secretary of State Natalie Tennant was so pleased with the initial trial that she asked the state legislature to expand the number of participating counties, which it promptly did.

Take a second look at Dr. Jefferson’s brief against Internet voting. See any facts in support of his claims of incurable insecurity? Does he cite even one instance of an Internet election gone wrong? How about one time when voter privacy was violated? Answer: no, not one.

Instead, he recites a litany of scary stories about what he says COULD happen. For example, “Zeus [botnets] exemplifies what could just as easily happen if online voting becomes widespread.” Or, “Anyone from a disaffected misfit individual to a national intelligence agency can remotely attack an online election …” “Anyone,” really?

Here’s a frightening thought: “Eventually someone, perhaps a partisan political operative or a foreign intelligence agency, will deploy a similar botnet to infect thousands of voters’ computers and modify their votes invisibly as they are being transmitted.”

That’s a really scary story, but has it been done in any actual Internet voting trials? Well, no – but Dr. Jefferson is certain that it COULD be done. How can he be so sure? Answer, “computer and network security experts are virtually unanimous in pointing out that online voting is an exceedingly dangerous threat to the integrity of U.S. elections.” But wait, if there is such unanimity, then why are Internet voting trials increasing world wide? Have all those systems been set up without first consulting “computer and network security experts”? Or have all those election officials gone against this unanimity, just foolishly hoping for the best? Has Natalie Tennant, her staff and advisors, and the West Virginia legislature, and its staff and advisors, all proclaimed “to heck with the experts! Let’s just do it!” Have all the responsible Swiss and Canadian officials been just as reckless?

Dr. Jefferson declares that an attacking bad guy “can probably automate that attack to allow thousands of phony votes to be recorded.” Upon what experiments, trials, or other experience does Dr. Jefferson base his probability statement? Does he have any facts, or is it just a fearful “feeling”?

The issue here is whether the United States should use electronic technology in all areas of life, but the one upon which we take the most national pride – our democracy. Moving to Internet voting is a big step, and it should not be taken without a thorough national debate. But such a debate ought to be conducted on the basis of fact and counter-fact. It should not be conducted on the basis of unsubstantiated scary stories, which conjure up such terrifying prospects that the mind shutters, and shuts itself off to all the contrary facts.

1. Dr. Shamos’s Ph.D. in computer science is from Yale University. He also teaches classes on electronic voting technology security. An elections law and patent law expert, he is licensed to practice law before the United States Supreme Court, as well as numerous federal and state courts. For 20 years, from 1980-2000, he was Pennsylvania‘s official examiner of electronic voting systems. See Shamos’s resume at,
http://euro.ecom.cmu.edu/people/faculty/mshamos/resshort.htm His arguments are in a paper presented to the National Institute of Standards and Technology at,
http://vote.nist.gov/threats/papers/paper_v_electronic_records.pdf

2. The DC hacking occurred in a practice run, not an actual vote. The hacking revealed that the system had been incompetently set up by amateur technicians. For more on this see http://tinyurl.com/DCin2010


William J. Kelleher, Ph.D.
Political Scientist, author, speaker,
CEO for The Internet Voting Research and Education Fund
Author of Internet Voting Now!
Twitter: wjkno1

7 comments:

titan saturnae said...

I don't see any of Dr. Jefferson's points refuted there.

We haven't had any large scale US internet voting yet, so there hasn't been an opportunity to steal one done that way.

The fact that existing and past systems have had fraud should only clue us into the substantial risk that if build internet voting, then the fraudsters will come.

Mitch Trachtenberg said...

I'm somewhat bewildered by this "rebuttal," as it does not appear to address the important points David Jefferson makes in his argument.

Yes, the internet is widely used for many transactions. Jefferson's well-argued point is that voting has different and more stringent requirements than other transactions, and you do not address this at all.

Jefferson also points out that there is a routine acceptance of a small level of fraud in ecommerce, as a cost of business. Yet you didn't reply to that either.

Instead, you appear to have offered non sequiturs, such as the use of digital signatures in e-commerce.

Jefferson was not arguing against digital signatures. The fact that digital signatures work indicates nothing about whether internet voting can work.

Your most inexcusable argument, in my opinion, is that there has been no proof of fraud in internet voting trials. Surely you understand that, precisely because of the anonymity and other requirements involved in voting, fraud can be difficult to prove, perhaps impossible. This is one excellent reason that internet voting cannot be considered trustworthy, not a reason to consider it trustworthy.

If you are concerned that paper-based processes are subject to fraud themselves, please work to improve them, not to subject us all to approaches that may well be convenient and "modern" but that are, for the reasons Dr. Jefferson clearly explains, simply not worthy of trust.

John Sebes said...

Actually, Estonia's Taarvi Maarten is no longer saying that Estonia's Internet voting system is more secure than banking. The Organization for Security and Coooperation in Europe performed an audit of Estonia's Internet voting operation, and found several serious security problems with the operation. I respect Taarvi's efforts devoted to an extremely difficult and important goal, but in terms of equaling the operation maturity of online banking, it is not "mission accomplished." In fact there is no Internet voting operation that has seen detailed scrutiny (and good on Estonia for seeking it) and actually passed muster.
John Sebes
Open Source Digital Voting

John said...

Anything we can do to make it easier for people vote is a good thing. Democracy gets lost when people stop voting. There is an incentive for the powerful to make it difficult for people to vote - it keeps them in power.

If electronic voting helps get the vote out, and indeed it should, well then that is a good thing.

Electoral fraud is possible perhaps regardless of the system used. Paper-based voting systems are provably insecure, but they have been used for centuries. Now we have the possibility to do electronic voting. Perhaps it is not yet 100% secure. Lets work at it to make at least as secure as paper-based systems, if it isn't so already.

As a necessary but not sufficient condition for democracy, electronic voting seems to be the way to go.

In parallel and as another necessary condition for a real democracy where the will of the people is heard and and known, I look forward to the day we will see people debate and deliberate online on governance decisions that will affect them between elections. If we are having this conversation, it means that perhaps we no longer need to have all decisions being mediated exclusively via our elected representatives. The current system was designed centuries ago when very few people actually knew how to read and write.

VC said...

I think this is my favorite quote of all:

"One fact that Dr. Jefferson over-looks is the long history of voting fraud committed within our paper-based system of voting over the past 200 years. Another fact he conveniently over-looks is that all over the world, where Internet voting trials have been conducted, there have been no proven instances of voting fraud. Allegations or suspicions may exist, but no charges of fraud, or even of significant error, have been accredited in any Internet voting trial conducted in this century."

It can't possibly be that you're unaware of the fact that this is EXACTLY THE PROBLEM. The inability to prove the covert centralized fraud? Have you really done all this research into computerized voting without understanding its most fundamental problem?

VC said...

The flat out fact is that Internet voting is a no-go. It is going in exactly the opposite direction from where we need to be going -- BACK to publicly observable hand-counted paper ballots that every voter can verify were accurately tallied at the precinct on election day. Computers have been the death of the democratic electoral process since the 1960s and MORE computers are not the answer.

The people who promote Internet voting have usually never been involved in the process, and they know nothing of the the battles that election integrity activists have been waging for decades, against the corrupt corporations like Diebold and ES&S who manufacture our secretly riggable computerized voting machines.

These techies don't think about the fact that , #1 most people can't read code and there fore even with open source software we have to take the results based on faith and can't verify them, #2 many people don't have Internet access, #3 there is NO WAY to make computerized systems fully safe and also keep the privacy of the voter's intent, PERIOD

This is has been studied at length and dismissed by everyone who understands what is required of true democracy and an open, honest vote counting system.

You can DETECT and PROVE fraud with paper ballots. You CAN'T detect and prove all kinds of "black box" hacking and rigging.

Rob Weber said...

The sometimes vociferous comments left regarding this post are so typical of those who bash digital voting that one can only assume those writing them believe they are effective, even on a blog that clearly supports digital voting.

All any OBJECTIVE reader who is resarching this subject has to do is google it and see the patterns of comments online. They are all the same. These writers must assume that if the only things people read about online voting are negative, everyone will assume what they read is true.

This was not the case with me, and I was just an average reader a year ago. I was interested in the subject, googled it expecting to read mixed reviews, and encountered the bashing. My reaction was to realize that something was quite fishy about such universal over-the-top "be afraid" rhetoric. I certainly found the typical "technical analysis" by those who almost universally are not cyber security experts who have built current online systems insulting to my intelligence regarding the digital world I live in. I also found Bill Kelleher to be quite brave to stand virtually alone against the bashers.

A few years ago I saw the documentary "Who killed the electric car". I realized I was looking at a "Who killed the online voting system" scenario.

I decided that this issue needed balance in its discussion and decided to become an advocate for online voting, the first issue I have ever advocated for in any way in my life.

So those of you who regurgitate this rhetoric might want to consider if your remarks might be achieving the opposite of what you seem to intend.

The movement to bring our voting system out of the dark ages is growing.

The historically notorious paper ballot/polling place voting systems that you defend are beginning to be replaced around the world with digital voting.

Paper ballots are not auditable, verifiable or transparent, and certainly are not secure. History proves time and time and time and time again how flawed paper ballot systems are. Often the biggest flaw lies in the human error of hand recounting that is touted as the key to security by the digital voting bashers.

We know what hand recounters do
when they don't like a ballot-they throw it in the garbage.

Have we forgotten the hanging chad?

I have no clue why any objective voter would listen to the hand recounters or the polling place officials when it comes to understanding digital voting. It would be akin to having let the gas lamp lighters talk us out of electic lights 100 years ago.

We live in a digital world. We trust matters of life or death such as air traffic control to the internet. The bashers say voting is different.

Here is how voting is "different": Voting is our most important fundamental RIGHT. We should not allow its suppression in any form-particularly allowing the status quo of grossly antiquated voting systems to continue.

So keep up the one-sided "analysis" if you want, guys.

From one average reader who you turned into an advocate with your typical intelligence-insulting fear-based rhetoric.

Rob Weber
www.cyberthevote.org
Twitter:@cyberthevote