Norway has Second Great Success with Internet Voting

The Organization for Security and Co-operation in Europe (OSCE) has just released its Final Report on Norway’s Parliamentary Elections for 2013.¹  This was the second time Norway’s Parliament permitted Internet voting on a trial basis. Authorization was given again because Norway’s 2011 Internet voting trial went so well, as reported on this blog here and here  This year’s election was held in August-September, and the OSCE Report came out on December 16.  The Ministry of Local Government and Regional Development (“MLGRD”) is the primary government agency for administering elections in Norway, and the Report is essentially a review of its job performance. A summary of the Report’s findings follows.

Use of Internet Voting more than Doubles

In both 2011 and 2013, Internet voting was offered for early voting² for nearly a month prior to Election Day, which was on September 9^th this year.

17% of registered voters in the pilot districts voted online in 2011.  But the Report states that in this year’s 12 pilot districts, “36 per cent of registered voters voted over the Internet.” (p13)  That is more than a 100% increase in the use of Internet voting.  Since there were about 250,000 eligible voters in these pilot districts, approximately 90,000 voters voted online. (p7)

According to Christian Bull, a senior official in MLGRD, online voting increased as Election Day approached, and evenings were the preferred time for voting.³

Paper Ballots Delayed in the Mail

Norway also provides a vote-by-mail process for early voting and for overseas voters. Oddly, overseas voters did not have an Internet voting option.  A scandal erupted, and an investigation promised, when the press reported that “several hundred ballots,” from both domestic and overseas voters, arrived at government counting centers too late to be counted. (p13) There were NO reports of late or lost online votes.

Voter Verification

When voting, voters select candidates from a list. (p5)  Votes could be cast online by tablet or PC, as well as on paper. Each vote was encrypted in such a manner that it couldn't be tied to the voter's identity.

Voters using electronic means could verify that their vote was counted as cast via “return codes.” Each voter was mailed a polling card with instructions on how to vote and a unique four digit return code. Voters logged on, entered their identification, and were then guided through the voting process. After submitting a vote, voters received a return code electronically. If that code matched the one on their polling card, the voter could be assured that his or her vote was counted as cast. “Completing this verification step was not necessary in order to cast a vote.” (p8)

Christian Bull reports that there were some calls to the support line about non-matching return codes. Usually the problem was that the voter mistakenly used the polling card of a family member, rather than his own, to check the return code.

Only Final Vote Counts

Online voters could vote as many times as they liked, but only their most recent vote would be counted. This option was intended to mitigate the risk of voter coercion or vote buying.  Because polling places used an electronic poll book, an online voter could also cast his or her last vote on paper and immediately cancel prior votes. “The municipal authorities evaluated this process very positively, commenting that it simplified procedures.” (p6-7)

Transparency and Third Party Auditing

The latest code for every voter was also sent to a public web page, hosted by GitHub (without, of course, any vote or voter information). On Election Night an independent third party verified that the content of the digital ballot box matched the list published to GitHub. The third party also verified the integrity of the entire counting process, even checking the various mathematical proofs of integrity provided by the system. (p9)  “Experts on electronic voting,” consulted for the Report, “expressed satisfaction with the mechanisms to verify the integrity of election results and safeguard the secrecy of the electronic votes.” (p7)

For the Internet voting, MLGRD developed and hosted its own servers, and made itself the IT-provider for local election administrators, rather than contracting an outside vendor. However, to check itself, it hired an independent auditor to verify the operations of the Internet voting process.

A few days before the end of early voting MLGRD frankly announced that the auditors had found “a programming error that caused weak encryption in some 29,000 electronic votes. As a result, system administrators with access to the electronic ballot box could potentially decrypt the ballots without the need for the secret decryption key.” (p8)

To address this problem, MLGRD quickly corrected the software “and tightened access restriction to the servers holding the electronic ballot box by requiring a written authorization each time servers were accessed.” (p8) After discussing the issue, election authorities agreed that there was no violation of secrecy, and the integrity of the votes had not been violated. The Report noted that the reviewing experts agreed “the MLGRD’s action was sufficient.” (p8)

Prior to the election, MLGRD posted the voting source code on its website for anyone to inspect.  But even the nay-sayers have found no scandals to reveal.

High Levels of Trust

The Report also stated that the Internet voting system “enjoyed a high level of trust among [the Report’s] interlocutors, reflecting the overall trust in the electoral process and in the MLGRD to organize the process professionally and impartially.” (p6-7)  As a further example of that trust, the Report observed that although MLGRD expressed willingness to allow political parties and other groups to have their own experts inspect the system, they “showed no apparent interest.” (p7)

This widespread trust is justified because, as in 2011, there were NO reports of attacks on the Internet voting system, such as by spoofing or denial of service attacks.

No Political Bias in the Voting Technology

Anyone who worries that Internet voting technology favors liberals over conservatives will be put at ease by the results of the 2013 election. The incumbent government was a Red-Green coalition led by the Labor Party. But it was handily ousted by a center-right coalition led by the Conservative Party.

Conclusion

Why are Norway’s Internet voting trials important for observers in the USA?  Because nothing overcomes fear more effectively than knowledge based on experience. That is what Norway can provide the US.

Pilot programs, like those in Norway and the one in WestVirginia in 2010, will give voters confidence that the technology can be used securely when the process is managed by competent professionals.

Norway’s 2013 trial made the technology available to about 250,000 voters. (That is a fraction of its 3.6 million voters in total.) Internet voting in the US will emerge county by county, and district by district in the 50 states.  Many American pilot projects will be similar in size to those in Norway. Seeing that it has been done well elsewhere will encourage Americans to feel confident that it can be done well here, too.

The way to online voting in the USA is to spread the news of successes, and to be sure that your state and local elected officials know the facts when you demand that your state and local election system be brought into the 21^st Century.

Notes:

1. The Final Report is available for download at,

http://www.osce.org/odihr/elections/109503  It focused on the Internet voting pilot project, the electronic election administration system, and the political party finance regulations. This post is primarily concerned with the online voting pilot.

2. Technically, Norway election law distinguishes between “advance” and “early” voting. The main difference is that early voters are not able to mark preferential choices among candidates on their ballots.  (Report, page 13, note 26)

3. Private communication

******************************

William J. Kelleher, Ph.D.
Political Scientist, author, speaker,
CEO for The Internet Voting Research and Education Fund

Email: Internetvoting@gmail.com 

Blog: http://tinyurl.com/IV4All 

Twitter: wjkno1

LinkedIn: www.linkedin.com/pub/william-j-kelleher-ph-d/9/466/687/

Author of Internet Voting Now! 

Kindle edition: http://tinyurl.com/IntV-Now

In paper: http://tinyurl.com/IVNow2011

Student Election Hack – Is it a Bad Omen for Internet Voting?

Does the Cal State San Marcos class president election hack mean that Americans should fear Internet voting? Not if you think critically about it.

Facts:

Matthew Weaver, 22, pleaded guilty* to wire fraud, access device fraud, and unauthorized access to a computer. He was sentenced to a year in prison. His crime was to plug keylogging devises into 19 school computers. The devises record computer user's keystrokes without the user's knowledge. Thus he stole the email passwords of more than 740 students. He used this information to vote for himself 630 times during the online student elections in March 2012.

Votes had to be cast from campus computers. Network administrators noticed all the voting activity from one computer. They quickly notified school police, who nabbed Weaver in the act.

Implications:

This news report has fired up David Jefferson’s flare for spinning scary stories. He warns ominously, on the Election Law Blog, that “In a high stakes public election we will not be so lucky [as to catch the crook in the act].”

“Had this been a public election conducted via Internet voting, it would have been much more difficult to identify any problem or to capture the perpetrator, [because] people would vote from their own private PCs.”

Well, that is scary! But how would the crime be carried out? Consider how many votes a crook would have to control to win a presidential election.  In 2012, Obama beat Romney by roughly 4,000,000 votes.  As a comment below reminds us, to win a majority of Electoral votes, a hacker using Weaver’s technique would have to control tens of thousands of votes. Obviously, a guy like Weaver couldn’t run around plugging keylogging devices into that many computers to steal log on info. So, how would it be done?

Leaving his readers hanging, Jefferson skips any detailed discussion of how a crook could steal an online presidential, or other public, election.

Instead, he creatively imagines that if Weaver had “used one of his keylogging devices to capture the password of a system administrator” Weaver could have “then used that password to install keylogger software on other campus computers to capture the students’ passwords.”

Jefferson omits mentioning how Weaver would gain access to the administrator’s computer so he could plug in the devise. Maybe Weaver could don a custodian disguise, and plug it in while pretending to clean the office.

Anyway, Weaver would have had to return to the office to retrieve his device so that he could take it home to download the password. 

Details aside, after Weaver installs his keylogging software into the school network, he has to hope that nobody checks the network event logs before the election. The logs would show the activity, and an alert administrator would remove the software.

Imagination on fire, Jefferson then declares that Weaver didn’t have to cast votes one at a time; instead, he “could have run a program to automate the casting of all of those phony votes.” Of course!

But wait, what if the voting website had a challenge/response authentication mechanism. Weaver’s voting program couldn’t copy words or add numbers automatically. All his efforts would have been for naught. But let us imagine that he could get past this little security challenge. The network administrator would still see the spike in activity coming from one IP address. That signal could be blocked, and could also be traced back to Weaver.

Lesson: 
Jefferson spins a chilling tale, but it requires his readers to suspend their critical faculties to be affective. Is that what you want to do?

PS

Good news! Obama’s Commission on Election Reform has posted my recent scholarly paper on Internet Voting!

The paper recounts the history of Internet voting in the USA, and shows how NIST has misled Congress and the American people about online voting insecurity. I take the same practical approach there that I did here in this blog post.

Also, my book, Internet Voting Now, is listed in the “Research Bibliography” provided to the Commission by CalTec/MIT.

William J. Kelleher, Ph.D.
Political Scientist, author, speaker,
CEO for The Internet Voting Research and Education Fund

Email: Internetvoting@gmail.com 

Blog: http://tinyurl.com/IV4All 

Twitter: wjkno1

LinkedIn: www.linkedin.com/pub/william-j-kelleher-ph-d/9/466/687/

Author of Internet Voting Now! 

Kindle edition: http://tinyurl.com/IntV-Now

In paper: http://tinyurl.com/IVNow2011

* ABC News -

http://abcnews.go.com/US/cal-state-student-year-prison-rigging-campus-election/story?id=19682401

Has NIST Lied about Internet Voting Insecurity?

Article 1, section 8, of the US Constitution enumerates the specific powers of Congress.

Among these are: “The Congress shall have power … To regulate Commerce … To coin money … and fix the standard of weights and measures.” The Framers had learned from unhappy experiences under the Articles of Confederation that without uniform standards for money, the new nation’s economy had little chance of thriving. They had also learned that without uniform “weights and measures,” the growth of science and technology, industry, and commerce would be crippled by chaos.

Out of its continuing efforts to exercise these powers responsibly, in 1988 Congress created the National Institute of Standards and Technology (NIST), which is currently a non-regulatory agency within the Department of Commerce.

NIST has such a vital role in the progress of science that it can aptly be understood as the Voice of Science in the USA.

When Congress established the Election Assistance Commission (EAC), in 2002, in a display of foresight, it required NIST to provide the EAC technical support on the research and development of, among other things, “remote access voting, including voting through the Internet.”

Yes, Congress is thinking about Internet voting for all US elections!

So, what did NIST do in response to its mandate from Congress? NIST put its name on a copy of the old 2004 SERVE Security Report by Avi Rubin, David Jefferson, David Wagner, and Barbara Simons.

That Report is where all the scary stories about supposed Internet voting insecurity got started. Like, “a teenage hacker in Iran could change all the votes in a presidential election!”

Great scary story, but where’s the science?  Where’s the facts?

Internet voting has been tried in public elections nearly 100 times around the world w/o any security problems. (The 2010 DC hack occurred because it wasn’t built by pros, see DC Hack Fiasco and DC Hack Conspiracy ) Shamefully, NIST has done NO scientific research, but only reproduced a bunch of scary stories, and presented that to Congress.

Common Cause – that saintly source of democratic ideals – has also helped to promote scary stories about Internet voting w/o any facts or science. (See Common Cause )

So now there is a careful study of the BAD SCIENCE that has the whole country shaking in its boots whenever somebody says “I hate standing in lines! Why can’t we have voting online?”

The paper is being presented at a panel at the Western Political Science Association this month. Its ready for the most critical scrutiny a scholar can give it. It shows that the anti-Internet voting extremists have NO intellectual foundation for crying “wolf!”

Its time for an intelligent, informed, Reason-based debate on Internet voting!

 

Download my paper, in pdf form, for free at

http://ssrn.com/abstract=2229557

William J. Kelleher, Ph.D.
Political Scientist, author, speaker,
CEO for The Internet Voting Research and Education Fund

Blog: http://tinyurl.com/IV4All 

Twitter: wjkno1

Author of Internet Voting Now! 

Norway to Continue Internet Voting in 2013

As reported on this blog about a year ago Norway had a great experience with its first large trial of Internet voting. Now there is more good news.

“It's official,” proclaimed Christian Bull, head of the Internet voting project in Norway, “we're doing another Internet voting pilot in 2013.”

In a December 14, 2012, press release, The Ministry of Local Government and Regional Development made this announcement: *

After positive experiences with the experiment of 2011, the Parliament of Norway will continue the trial of Internet voting in the elections of 2013.

“We need to know more before we conclude whether this is a future way to vote for all voters in Norway,” says Secretary Dag Henrik Sandbakken.

The evaluation of the experiment in 2011 showed that voters have high confidence in the election process. 92% of the voters in the trial cities had positive opinions about their experience. They found it to be an easy and convenient way to vote.

Even 75% of the voters who did not take part in the initial trial expressed positive opinions about using Internet voting in the future.

One of the key findings from the evaluation is that Internet voting enabled voters with disabilities to vote alone and without assistance for the first time. This includes the blind and visually impaired voters.

“We have also received positive feedback from the Norwegian Association of the Blind, who welcome another trial in 2013,” says Sandbakken.

Two conclusions in the evaluation of the last election are that no evidence of violations of voter secrecy were found, and that there were no reports requiring official investigation of problems with attempts at undue influence or vote buying for either Internet voting users or other voters.^

The researchers point out that the initial Internet voting trial raises several unanswered questions to which this evaluation does not provide answers, and that there is a need for further testing and research. They want, for example, more data on the effects of Internet voting on turnout among the various groups of voters.

The ten municipalities that participated in the previous experiments will also participate in the 2013 trials.
[End]

William J. Kelleher, Ph.D.
Political Scientist, author, speaker,
CEO for The Internet Voting Research and Education Fund
Email: Internetvoting@gmail.com
Blog: http://tinyurl.com/IV4All
Twitter: wjkno1
Author of Internet Voting Now!
Kindle edition: http://tinyurl.com/IntV-Now
In paper: http://tinyurl.com/IVNow2011

* Google Translation used for this report

Just in - the English translation by Norway is up, at

http://www.regjeringen.no/en/dep/krd/press/press-releases/2012/nye-forsok-med-internettstemming-i-2013.html?id=710138

^ Translation corrected in consultation w/ Mr. Bull 12-18-12

Obama: We have to fix that

Dear President Obama:

This written note follows up on the message I posted on the White House form recently.

While I am happy that you have been re-elected, I am very disappointed about our election system. You know the problems, as you said “we have to fix that.”

A recent New York Times opinion mentioned a fabulous challenge by Harvard Prof Keyssar – President Obama should call up a Federal Election Tribunal to investigate whether or not digital voting can securely enhance the democratic process in the USA! I totally agree. The last presidential commission on Internet voting was called by Bill Clinton in 1999. A lot has changed in this technology since then.

Our election system is in decline compared to the world leaders. In Canada over 40 cities have used it w/o security incidents. Elections Canada wants it for federal elections. Estonia uses it. Cantons in Switzerland, overseas voters for France and Mexico City, and the largest state in India, Gujarat, have used it. West Virginia and Arizona have, too.

The Luddites, like Barbara Simons, Ron Rivest, and David Jefferson get too much coverage in the sensationalist press. They have half the nation afraid for no real reason.

The professionals who have actually run Internet voting elections, such as West Virginia Secretary of State, Natalie Tennant have recommended it for the whole country. But she doesn’t get 1/10 the coverage of the nay-sayers. Our nation needs a real debate, to get all the pros and cons out in the open!

Please call up a new Presidential Commission on the Use of Internet Voting in the USA.

I am qualified, and would be honored, to be a part of it.

Respectfully,

William J. Kelleher, Ph.D.
Political Scientist
CEO, The Internet Voting Research and Education Fund
Twitter: wjkno1

Author: Internet Voting Now!

Three Reasons to be PRO Internet Voting for All US Elections

Here are 3 reasons why I advocate Internet voting in all US elections –

1). Internet voting can take power away from Big Money, and bring more rationality into the campaign-election process.

IMAGINE: You are watching candidates debate online or on TV. After each debate you log on to your state’s secure voting website, using your own PC, cell phone, iPad, or other electronic device. Your voter registration is checked, and then the ballot appears. You mark it, and send it w/ a click.

This will neutralize the power of Big Money! How? Most of the Big Money spent on political campaigns is meant to impress, persuade, and even manipulate the decision of the voters. The theory is that if a voter repeatedly hears a lot of positive information about one candidate’s name, and negative information about the names of others, the voter’s mind will be conditioned to vote for the name with good stuff connected to it when he or she goes in to the voting booth.

But with secure Internet voting, there is NO TIME for campaign advertising to try to persuade or trick you, or to condition your mind like a pigeon trained to peck on the blue button rather than the red one. You watch the debate. You form your own opinion of what you have just seen, and you vote strictly on that basis.

All the advertising before or after the debate will be useless, because everyone will vote while their own views are fresh in their minds. Big Money will become irrelevant. Elected officials will owe their job only to the voters.

What could be more orderly and conducive to reason and deliberation, than to watch debaters trying their best to perform at a presidential level, and then to have each voter vote his or her considered assessment of each debater’s efforts?

2). The US requires TWO votes for a presidential election: one in the primary, and another in the general election. But Americans are a practical people. Many regard the first vote as too inconvenient, its not worth the effort of driving to the polls, looking for parking, then waiting in line; so only about 25% vote in primaries. The ones who do vote in primaries are highly motivated by partisan feelings. Hence, they elect extreme partisans to office. Now we have gridlock in the US Congress because the partisans refuse to cooperate with each other.

This need not be. Convenience is empowerment. Make voting more convenient, and more people will vote in both the primaries and general election. When more people vote, more moderate votes by ordinary Americans will be cast. When more moderate votes are cast, the partisan gridlock in Washington will diminish. The moderate voters will elect problem-solving officials. Because Congressional elections can be done online, special interests will have less power. Internet voting can get this country going again!

3). Voter ID: Currently, some states are requiring voters to show IDs. This is a problem for inner city folks who don’t drive cars, and thus don’t have a driver’s license. Old folks and poor folks are also affected. But w/ Internet voting, voters don’t have to show anybody an ID. When they log on to the secure website, their registration is checked. It’s the same convenient process for everyone. (Registration is moving to biometrics, and it will all be biometrics soon.)

Internet voting can greatly enhance democracy in the USA! All that is necessary to make this happen is a letter to your local election official asking that an Internet voting system be implemented. They will be happy to hear from their constituents, because they already know that online voting is a far less costly and troublesome process than the polling place and paper-based system currently in use.


Note:
Also see in this blog - 

The Political Argument for Internet Voting in California 

*********************
William J. Kelleher, Ph.D.

Political Scientist, author, speaker,
CEO for The Internet Voting Research and Education Fund
Email: Internetvoting@gmail.com
Blog: http://tinyurl.com/IV4All
Twitter: wjkno1
Author of Internet Voting Now!
Kindle edition: http://tinyurl.com/IntV-Now
In paper: http://tinyurl.com/IVNow2011


PS

Over 100 cities in Canada have used Internet voting - all w/o having even one vote changed. Sure, there have been attempted hacks, but none succeed. Why? Because professionals know how to prepare for the attacks, and fend them off. Elections Canada wants Internet voting for all national elections. Also, numerous other Internet voting trials around the world, have all worked well. These include Estonia, Norway, Switzerland, France, Mexico City, Australia (New South Wales), and Gujarat, India. West Virginia did it for their overseas military in 2010, and everyone loved it.  Search this blog for lots of info on Internet voting security.

Alex Halderman Debates Internet Voting Security w/ Me!

Kudos to Alex Halderman for not shrinking from a challenge! Our debate on You Tube runs from 21:30 to 42:00. What is more important to consider in the debate over Internet voting security -- known facts about the many successes of Internet voting trials, or scary possibilities that haven't happened? What evidence is RELEVANT to this debate. 

William J. Kelleher, Ph.D.
Political Scientist, author, speaker,
CEO for The Internet Voting Research and Education Fund

Email: Internetvoting@gmail.com 

Twitter: wjkno1

Author of Internet Voting Now! 

Kindle edition: http://tinyurl.com/IntV-Now

In paper: http://tinyurl.com/IVNow2011

For more on Alex Halderman see, in this blog,

Cyber Bullying in Connecticut: A Lesson in Empathy