Saturday, August 23, 2014

How Political Scientists Can Test Internet Voting Security



A public policy debate is brewing in the United States concerning whether or not our election technology should include Internet voting. While there are many dimensions to this debate, generally people are asking “if I can bank online and shop online, why can’t I vote online?”

Also, the inconvenience of our 19th Century practice of trekking to polling places to cast a vote is being questioned across the nation. After news reports about long waits in line at poling places during the 2012 election, President Obama said “we’ve got to fix that.”

To study the problem, in March, 2013, President Obama issued an Executive Order convening his Presidential Commission on ElectionAdministration.  The Commission was chaired by two Washington lawyers – Robert F. Bauer, a Democrat, and Benjamin L. Ginsberg, a Republican.

I submitted my research paper on Internet voting, and other comments, to the Commission in favor of encouraging states and local jurisdictions to implement online voting trials, especially for overseas military.

The Commission released its Report on election administration in January, 2014. The Report made some recommendations for trying to make polling place voting more efficient and convenient. It also praised the move by several states to implement online voter registration. More than 25 states now have online voter registration.  While recognizing the convenience and efficiency of registering to vote via the Internet, the Commission stated, without evidence or further comment, that “the internet is not yet secure enough for voting” (p 60).

What I find so interesting, even amazing, is that not only does a Presidential Commission on Election Administration simply assume, with no scientific evidence, that the Internet is too insecure for voting, but so do nearly all the key participants in this important public policy problem.  I also find it amazing, and regrettable, that the political science profession in the US is so quiet on the issue of Internet voting security.  Other than my paper, now being presented to the American Political Science Association, I know of no other studies testing the hypothesis of Internet voting insecurity.

Hypothesis Testing
The well known philosopher of science, Karl Popper, has argued that an essential function of any science is that of conjecture and refutation.  Since voting and elections are central to the domain of the political science profession, shouldn’t political scientists be engaged in the effort at least to test, if not refute, the hypothesis of Internet voting insecurity?

It appears to me that out of an excess of deference for computer scientists, political scientists are not using their expertise and methods to make any sort of contribution to this very consequential public policy debate.

Therefore, one of the primary aims of my paper is to show political scientists how they can test the widely accepted, but untested, hypothesis that the Internet is too insecure for voting.  I want political scientists to see that they can use their own methods of study – especially case studies – to test the hypothesis of Internet voting insecurity, and do so independently of whatever claims activist computer scientists assert.

I take two well known approaches to testing the hypothesis of Internet voting insecurity. First, I look carefully at the language used by its proponents to assert and to support it. Second, I examine the actual experience of Internet voting trials, as case studies, to see if these facts support or undermine the validity of the hypothesis.

Assertions that Internet voting cannot be done securely are presented in the form of factual statements.  Karl Popper has set the standard for assessing the scientific quality of statements about matters of fact. Statements that purport to be factual, but that cannot be disproven under any circumstances cannot be considered scientific statements, says Popper, but must be consider folk tales or myths. In other words, to be scientific a statement of fact must be falsifiable, that is, capable of disproof. If it can’t be tested, then it can’t be factual.

One example of an unfalsifiable argument is the ancient admonition, “The End is Nigh.”  This supposedly factual claim has never been disproven. Indeed, one discussion of false Armageddon predictions has it that the first warning on record is found on an Assyrian clay tablet from 2800 BC.

Because this fear mongering Armageddon claim is impervious to both logical criticism and empirical disproof, it creates the illusion of Indubitable Truth for its adherents.  By logic, just because the End has not yet occurred, does not mean it will not occur – and soon. Empirically, it is unfalsifiable because with each failure today the prediction can simply be moved to tomorrow.

In the paper, I discuss numerous unfalsifiable claims made by an avant-garde of activist computer scientists in support of their hypothesis of Internet voting insecurity.  I think it important to note that none of the computer scientists in this avant-garde have any experience building Internet voting systems that were actually used in elections for public office. I should also point out that the computer scientists who have set up such systems are confident that security threats can be adequately protected against.

Self-Erasing Bugs
One of the many unfalsifiable claims made against Internet voting is that malicious code can be installed in a computer that tallies votes, and can change the results of an election, and can then erase itself and never be detected.

If this is true, then the integrity of no election that relies on a computer to count the vote can be trusted. Every such election result could be the product of undetected, self-erasing malicious code.

I argue in the paper that very scary stories, such as this, are part of a strategy activist computer scientists have followed to put themselves in charge of election administration in the United States. I argue further that they have succeeded!

In my view, activist computer scientists have executed a coup d'état over the election administration function of government in this country.  Among other things, they have had laws passed in several states requiring what they call a “Voter Verified Paper Audit Trail” for every vote cast.  Having a paper record, they say, is the only way to be sure upon audit that the vote tally matches the votes actually cast, and that the count is not the product of undetected, self-erasing malicious code.

This coup d'état includes the conquest of territory that political scientists have traditionally thought to be a core element of their professional field of study. Since this conquest, it seems that political scientists can say nothing about implementing technological reforms in election administration for fear of attracting the public disapproval of activist computer scientists. Indeed, I show how this actually happened in 2004, when political scientists Thad Hall and Michael Alvarez, who favored Internet voting, were completely overruled by just a few very vocal doom predicting anti-Internet voting computer scientists – who also had a lot of help from the New York Times.

In their defense, political scientists can use the Popperian standard that says unfalsifiable claims are mythical and not scientific.  The charge that an election could have been the result of undetected, self-erasing malicious code does seem to be an unfalsifiable claim, and therefore not scientific.  But this argument, by itself, is not likely to assure a frightened public or the legislators who must answer to that public.

In my view, the only effective way to nullify, or falsify, this scary claim is through the use of case studies of actual Internet voting trials.

Case Studies as Tests
If political scientists produced study after study of elections involving online voting in which there were no doubts about the integrity of the results, then the conclusion may be fairly drawn that the integrity of the results can reasonably be trusted.

Case studies can describe the security measures taken in a given election. Then the study can state the results of interviews of key people, and of polling. Key people would include relevant elections experts, elections officials and administrators, the computer scientists involved, journalists, winning and losing candidates, party leaders and political activists, as well as voters. Opinions may vary, and the reasons for those opinions can be included. If the research shows that in the minds of these folks there is confidence in the legitimacy of the vote, then claims of doubt could be seen as just more baseless cries of “wolf.”

If activist computer scientists continue to dogmatically insist that “you can never know for certain whether a disappearing bug changed the outcome,” they can reasonably be dismissed as myth-makers and fear mongers.  Indeed, I have done some preliminary case studies of Internet voting trials for elections to public office.  These include West Virginia in 2010, and Norway in 2011 and 2013.  Here, only the same few activist computer scientists insisted on such notions as there could have been a disappearing bug at work, but the officials, experts, candidates, and public felt confidence in the results.

In Canada, about 50 different cities have conducted Internet voting trials, all without doubts about the legitimacy of the results --  except for anti-Internet voting activists. Case studies of these elections are being done by Canadian political scientist, Nicole Goodman.

My paper also closely examines a report issued by the Elections Division at NIST. Unfortunately, that report merely repeats all the unfalsifiable claims of the activist computer scientists, without any social scientific case studies, or any other kind of science.

Conclusion
In conclusion, political science has the methodology it needs to undo the coup in US election administration and its own ouster from the public policy debate over election technology reform. Our profession only needs to apply these methods and to assert itself.

******************************
William J. Kelleher, Ph.D.
Political Scientist, author, speaker,
CEO for The Internet Voting Research and Education Fund
Twitter: wjkno1

Author of Internet Voting Now! 
Kindle edition: http://tinyurl.com/IntV-Now

Saturday, August 2, 2014

Did Poor PR Kill Internet Voting in Norway?


Norway’s government ministry in charge of Internet voting has announced that future trials of the technology will be discontinued for the time being.  Irresponsible news sources, most prominently the BBC, have had a field day inventing reasons as to why Parliament and the Ministry of Modernization made this decision. Unheard through the din of Chicken Little histrionics, the Ministry has posted a “corrective statement” especially for the BBC on its website.  Also, Norway’s Institute for Social Research (ISR) has evaluated the 2013 experiment.  Here’s what the Norwegians say:

Turnout
Contrary to the BBC report, turnout was not a factor in Norway’s decision. The Ministry states that “Internet voting was never intended or expected to raise voter turnout. The main goal of the pilots was to increase accessibility for marginal groups, such as disabled or expatriate voters.”

These goals were achieved.  The ISR found that among those overseas Norwegians who were registered in the 12 trial towns, turnout was 9% higher than for those abroad who were not registered in participating municipalities. (p136) And, a whopping 66% of overseas voters who were eligible to do so voted online. (p137)

Back home, the use of Internet voting increased by nearly 10%.  In the 2011 trials, 26% of the votes were cast online; but in 2013 that number went up to 35%. (p135)

Folks who were non-voters in the past may have been drawn to vote by the new technology. “19 percent of the non-voters in 2011 cast their ballots online in 2013,” and among these, younger voters voted online more than other groups. (p136)

The ease of voting online was the major reason given by online voters. This was especially true for “people with special needs.”

With a low regard for veracity, the BBC reported that “the fact that the trials did not boost turnout also led to the experiment ending.” Small wonder why the BBC article would say this. Online voting has recently been suggested by Jenny Watson, the head of Britain’s Electoral Commission, as a way to boost turnout among young people.  The BBC editors oppose online voting, and twisted the truth about Norway to suit their own agenda.

Security
The BBC article is entitled, “E-voting experiments end in Norway amid security fears.”  Norway’s correction: “Quite to the contrary, [an] evaluation report shows very high levels of voter trust in Internet voting – as much as 94% of Internet voters report trust in Internet voting.”  In fact, as to the technology itself, “There have been no significant security concerns raised in the trials.”

Encryption
The BBC writes that some unnamed “Software experts” had criticisms of the “encryption scheme” used by Norway. But these jibs did not come from any of the real experts who actually built the system. Indeed, the Ministry counters that its system has “received widespread international acclaim for the use of a verifiable cryptographic voting protocol, which allowed third parties to perform robust audits of the count.”

Privacy
The ISR reports that most “of the internet voters cast their votes in private.”  But many of the online voters take a distinctly casual attitude towards privacy. A significant 27% of online voters “stated that they were not alone in the room when they voted,” and 7% reported that they willingly “let others [see] how they voted.” (p138)

Attitudes towards privacy vary between generations. Younger voters are somewhat less concerned with it than older voters. (p138)

Improper Conduct
Internet voting neither invited nor facilitated cheating. Only about 1% “stated that they experienced any pressure to vote for a specific party. Internet voters were not exposed to more pressure than others.” (p139)

Likewise, only about 1% “stated that others had tried to buy their vote, or that they knew about cases of vote-buying. There are no significant differences between internet voters and other voters in this respect.” (p139)

Coercion and Secrecy
A senior adviser on the Internet voting trials, Christian Bull, says that a closer look at the public opinion studies of voter concerns shows that “The ‘fear factor’ in Norway is all about secrecy of the ballot when ballots are cast outside of the polling stations. It has nothing to do with technology, and would apply equally to postal voting.”*

The Ministry admits on its website that there remains political controversy “over fears that the security mechanism of re-voting was insufficient, and that allowing votes to be cast outside of polling stations would diminish the sanctity of the vote.” By “re-voting,” the Ministry refers to the practice of allowing voters to vote multiple times, prior to Election Day voting, with the last vote cast canceling out all the prior votes. If a voter voted online, and then voted again on paper at the polling station, or vice versa, only the last vote would be counted. This option was meant to discourage coercion, violations of privacy, or buying/selling with online voting.

At least some of the voters in the 12 towns where the trials were conducted understood the re-voting process. Out of a quarter million eligible voters, “528 electronic votes were cancelled due to voters having cast a paper vote and 2281 electronic votes were cancelled because the voter had re-voted electronically.” These are the folks who knew how to use the technology, and trusted in it. In the Ministry, and among election observers, there “is no suspicion that any voters successfully voted both electronically and on paper.” The BBC suggestion that some voters cast two votes, both of which were counted, is just plain wrong.

Unfortunately, polling in the participating towns revealed that less than half the respondents understood the re-voting option. Apparently, those folks, and a great many of the voters outside the trial areas, didn’t understand that this re-voting measure could protect the “sanctity” of the vote, and they retained fears about the possibility of coercion, loss of privacy, and buying/selling of votes

Lessons
While attitudes towards voting online among the quarter million eligible voters in the trial areas were very positive, Norway has a population of over five million, and it is among these folks that resistance to Internet voting is highest.

Has there been a failure of public education outside the trial areas which has allowed a consensus based on uninformed fear to emerge in the country, and to influence Parliament?

“Due to the lack of broad political will to introduce Internet voting,” writes the Ministry (and under pressure from Parliament), it has “decided not to continue expending public resources on continuing the pilots.”  

Could the problem here be that the system technicians hyper-focused on getting the technology right, but neglected the human dimension; i.e., public relations? If so, then they need to re-focus their efforts if Internet voting is to ever take hold in Norway.

*Personal communication on Linkedin, also the source of the “1%” figure used.

************************
William J. Kelleher, Ph.D.
Political Scientist, author, speaker,
CEO for The Internet Voting Research and Education Fund
Twitter: wjkno1

Author of Internet Voting Now! 
Kindle edition: http://tinyurl.com/IntV-Now