Sunday, December 22, 2013

Norway has Second Great Success with Internet Voting

The Organization for Security and Co-operation in Europe (OSCE) has just released its Final Report on Norway’s Parliamentary Elections for 2013.1  This was the second time Norway’s Parliament permitted Internet voting on a trial basis. Authorization was given again because Norway’s 2011 Internet voting trial went so well, as reported on this blog here and here  This year’s election was held in August-September, and the OSCE Report came out on December 16.  The Ministry of Local Government and Regional Development (“MLGRD”) is the primary government agency for administering elections in Norway, and the Report is essentially a review of its job performance. A summary of the Report’s findings follows.

Use of Internet Voting more than Doubles
In both 2011 and 2013, Internet voting was offered for early voting2 for nearly a month prior to Election Day, which was on September 9th this year.

17% of registered voters in the pilot districts voted online in 2011.  But the Report states that in this year’s 12 pilot districts, “36 per cent of registered voters voted over the Internet.” (p13)  That is more than a 100% increase in the use of Internet voting.  Since there were about 250,000 eligible voters in these pilot districts, approximately 90,000 voters voted online. (p7)

According to Christian Bull, a senior official in MLGRD, online voting increased as Election Day approached, and evenings were the preferred time for voting.3

Paper Ballots Delayed in the Mail
Norway also provides a vote-by-mail process for early voting and for overseas voters. Oddly, overseas voters did not have an Internet voting option.  A scandal erupted, and an investigation promised, when the press reported that “several hundred ballots,” from both domestic and overseas voters, arrived at government counting centers too late to be counted. (p13) There were NO reports of late or lost online votes.

Voter Verification
When voting, voters select candidates from a list. (p5)  Votes could be cast online by tablet or PC, as well as on paper. Each vote was encrypted in such a manner that it couldn't be tied to the voter's identity.

Voters using electronic means could verify that their vote was counted as cast via “return codes.” Each voter was mailed a polling card with instructions on how to vote and a unique four digit return code. Voters logged on, entered their identification, and were then guided through the voting process. After submitting a vote, voters received a return code electronically. If that code matched the one on their polling card, the voter could be assured that his or her vote was counted as cast. “Completing this verification step was not necessary in order to cast a vote.” (p8)

Christian Bull reports that there were some calls to the support line about non-matching return codes. Usually the problem was that the voter mistakenly used the polling card of a family member, rather than his own, to check the return code.

Only Final Vote Counts
Online voters could vote as many times as they liked, but only their most recent vote would be counted. This option was intended to mitigate the risk of voter coercion or vote buying.  Because polling places used an electronic poll book, an online voter could also cast his or her last vote on paper and immediately cancel prior votes. “The municipal authorities evaluated this process very positively, commenting that it simplified procedures.” (p6-7)

Transparency and Third Party Auditing
The latest code for every voter was also sent to a public web page, hosted by GitHub (without, of course, any vote or voter information). On Election Night an independent third party verified that the content of the digital ballot box matched the list published to GitHub. The third party also verified the integrity of the entire counting process, even checking the various mathematical proofs of integrity provided by the system. (p9)  “Experts on electronic voting,” consulted for the Report, “expressed satisfaction with the mechanisms to verify the integrity of election results and safeguard the secrecy of the electronic votes.” (p7)

For the Internet voting, MLGRD developed and hosted its own servers, and made itself the IT-provider for local election administrators, rather than contracting an outside vendor. However, to check itself, it hired an independent auditor to verify the operations of the Internet voting process.

A few days before the end of early voting MLGRD frankly announced that the auditors had found “a programming error that caused weak encryption in some 29,000 electronic votes. As a result, system administrators with access to the electronic ballot box could potentially decrypt the ballots without the need for the secret decryption key.” (p8)

To address this problem, MLGRD quickly corrected the software “and tightened access restriction to the servers holding the electronic ballot box by requiring a written authorization each time servers were accessed.” (p8) After discussing the issue, election authorities agreed that there was no violation of secrecy, and the integrity of the votes had not been violated. The Report noted that the reviewing experts agreed “the MLGRD’s action was sufficient.” (p8)

Prior to the election, MLGRD posted the voting source code on its website for anyone to inspect.  But even the nay-sayers have found no scandals to reveal.

High Levels of Trust
The Report also stated that the Internet voting system “enjoyed a high level of trust among [the Report’s] interlocutors, reflecting the overall trust in the electoral process and in the MLGRD to organize the process professionally and impartially.” (p6-7)  As a further example of that trust, the Report observed that although MLGRD expressed willingness to allow political parties and other groups to have their own experts inspect the system, they “showed no apparent interest.” (p7)

This widespread trust is justified because, as in 2011, there were NO reports of attacks on the Internet voting system, such as by spoofing or denial of service attacks.

No Political Bias in the Voting Technology
Anyone who worries that Internet voting technology favors liberals over conservatives will be put at ease by the results of the 2013 election. The incumbent government was a Red-Green coalition led by the Labor Party. But it was handily ousted by a center-right coalition led by the Conservative Party.

Conclusion
Why are Norway’s Internet voting trials important for observers in the USA?  Because nothing overcomes fear more effectively than knowledge based on experience. That is what Norway can provide the US.

Pilot programs, like those in Norway and the one in WestVirginia in 2010, will give voters confidence that the technology can be used securely when the process is managed by competent professionals.

Norway’s 2013 trial made the technology available to about 250,000 voters. (That is a fraction of its 3.6 million voters in total.) Internet voting in the US will emerge county by county, and district by district in the 50 states.  Many American pilot projects will be similar in size to those in Norway. Seeing that it has been done well elsewhere will encourage Americans to feel confident that it can be done well here, too.

The way to online voting in the USA is to spread the news of successes, and to be sure that your state and local elected officials know the facts when you demand that your state and local election system be brought into the 21st Century.

Notes:
1. The Final Report is available for download at,
http://www.osce.org/odihr/elections/109503  It focused on the Internet voting pilot project, the electronic election administration system, and the political party finance regulations. This post is primarily concerned with the online voting pilot.

2. Technically, Norway election law distinguishes between “advance” and “early” voting. The main difference is that early voters are not able to mark preferential choices among candidates on their ballots.  (Report, page 13, note 26)
3. Private communication
******************************
William J. Kelleher, Ph.D.
Political Scientist, author, speaker,
CEO for The Internet Voting Research and Education Fund
Twitter: wjkno1

Author of Internet Voting Now! 
Kindle edition: http://tinyurl.com/IntV-Now

Thursday, July 18, 2013

Student Election Hack – Is it a Bad Omen for Internet Voting?



Does the Cal State San Marcos class president election hack mean that Americans should fear Internet voting? Not if you think critically about it.

Facts:
Matthew Weaver, 22, pleaded guilty* to wire fraud, access device fraud, and unauthorized access to a computer. He was sentenced to a year in prison. His crime was to plug keylogging devises into 19 school computers. The devises record computer user's keystrokes without the user's knowledge. Thus he stole the email passwords of more than 740 students. He used this information to vote for himself 630 times during the online student elections in March 2012.

Votes had to be cast from campus computers. Network administrators noticed all the voting activity from one computer. They quickly notified school police, who nabbed Weaver in the act.

Implications:
This news report has fired up David Jefferson’s flare for spinning scary stories. He warns ominously, on the Election Law Blog, that “In a high stakes public election we will not be so lucky [as to catch the crook in the act].”

“Had this been a public election conducted via Internet voting, it would have been much more difficult to identify any problem or to capture the perpetrator, [because] people would vote from their own private PCs.”

Well, that is scary! But how would the crime be carried out? Consider how many votes a crook would have to control to win a presidential election.  In 2012, Obama beat Romney by roughly 4,000,000 votes.  As a comment below reminds us, to win a majority of Electoral votes, a hacker using Weaver’s technique would have to control tens of thousands of votes. Obviously, a guy like Weaver couldn’t run around plugging keylogging devices into that many computers to steal log on info. So, how would it be done?

Leaving his readers hanging, Jefferson skips any detailed discussion of how a crook could steal an online presidential, or other public, election.

Instead, he creatively imagines that if Weaver had “used one of his keylogging devices to capture the password of a system administrator” Weaver could have “then used that password to install keylogger software on other campus computers to capture the students’ passwords.”

Jefferson omits mentioning how Weaver would gain access to the administrator’s computer so he could plug in the devise. Maybe Weaver could don a custodian disguise, and plug it in while pretending to clean the office.

Anyway, Weaver would have had to return to the office to retrieve his device so that he could take it home to download the password. 

Details aside, after Weaver installs his keylogging software into the school network, he has to hope that nobody checks the network event logs before the election. The logs would show the activity, and an alert administrator would remove the software.

Imagination on fire, Jefferson then declares that Weaver didn’t have to cast votes one at a time; instead, he “could have run a program to automate the casting of all of those phony votes.” Of course!

But wait, what if the voting website had a challenge/response authentication mechanism. Weaver’s voting program couldn’t copy words or add numbers automatically. All his efforts would have been for naught. But let us imagine that he could get past this little security challenge. The network administrator would still see the spike in activity coming from one IP address. That signal could be blocked, and could also be traced back to Weaver.

Lesson: 
Jefferson spins a chilling tale, but it requires his readers to suspend their critical faculties to be affective. Is that what you want to do?

PS
Good news! Obama’s Commission on Election Reform has posted my recent scholarly paper on Internet Voting!

The paper recounts the history of Internet voting in the USA, and shows how NIST has misled Congress and the American people about online voting insecurity. I take the same practical approach there that I did here in this blog post.

Also, my book, Internet Voting Now, is listed in the “Research Bibliography” provided to the Commission by CalTec/MIT.

William J. Kelleher, Ph.D.
Political Scientist, author, speaker,
CEO for The Internet Voting Research and Education Fund
Twitter: wjkno1

Author of Internet Voting Now! 
Kindle edition: http://tinyurl.com/IntV-Now

* ABC News -




Friday, March 8, 2013

Has NIST Lied about Internet Voting Insecurity?



Article 1, section 8, of the US Constitution enumerates the specific powers of Congress.
Among these are: “The Congress shall have power … To regulate Commerce … To coin money … and fix the standard of weights and measures.” The Framers had learned from unhappy experiences under the Articles of Confederation that without uniform standards for money, the new nation’s economy had little chance of thriving. They had also learned that without uniform “weights and measures,” the growth of science and technology, industry, and commerce would be crippled by chaos.

Out of its continuing efforts to exercise these powers responsibly, in 1988 Congress created the National Institute of Standards and Technology (NIST), which is currently a non-regulatory agency within the Department of Commerce.

NIST has such a vital role in the progress of science that it can aptly be understood as the Voice of Science in the USA.

When Congress established the Election Assistance Commission (EAC), in 2002, in a display of foresight, it required NIST to provide the EAC technical support on the research and development of, among other things, “remote access voting, including voting through the Internet.”

Yes, Congress is thinking about Internet voting for all US elections!

So, what did NIST do in response to its mandate from Congress? NIST put its name on a copy of the old 2004 SERVE Security Report by Avi Rubin, David Jefferson, David Wagner, and Barbara Simons.

That Report is where all the scary stories about supposed Internet voting insecurity got started. Like, “a teenage hacker in Iran could change all the votes in a presidential election!”

Great scary story, but where’s the science?  Where’s the facts?

Internet voting has been tried in public elections nearly 100 times around the world w/o any security problems. (The 2010 DC hack occurred because it wasn’t built by pros, see DC Hack Fiasco and DC Hack Conspiracy ) Shamefully, NIST has done NO scientific research, but only reproduced a bunch of scary stories, and presented that to Congress.

Common Cause – that saintly source of democratic ideals – has also helped to promote scary stories about Internet voting w/o any facts or science. (See Common Cause )

So now there is a careful study of the BAD SCIENCE that has the whole country shaking in its boots whenever somebody says “I hate standing in lines! Why can’t we have voting online?”

The paper is being presented at a panel at the Western Political Science Association this month. Its ready for the most critical scrutiny a scholar can give it. It shows that the anti-Internet voting extremists have NO intellectual foundation for crying “wolf!”

Its time for an intelligent, informed, Reason-based debate on Internet voting!
 
Download my paper, in pdf form, for free at


William J. Kelleher, Ph.D.
Political Scientist, author, speaker,
CEO for The Internet Voting Research and Education Fund
Twitter: wjkno1

Author of Internet Voting Now!