Internet Voting In California?
Printer-friendly version
Send by email
By Jim Soper
Voting Rights Task Force
Election integrity advocates recently launched a campaign to block a bill, SB908, that would have introduced email voting for Californians living overseas. We fought it for several reasons.
First, paperless voting itself is dangerous because there is no independent way to check the results claimed by the machines, and no way to recover when something goes wrong, and it will. Voting across the Internet is worse, because it opens up the voting system to several more types of attack, from anywhere in the world, all of them dangerous. Voting by email attachment is even worse, because no attempt is made to encrypt the ballot as it travels from computer to computer across the globe on the way to its destination.
Any of these computers is quite capable of "photoshopping" or simply blocking any ballot that passes through. A ballot sent from Afghanistan could pass through computers in China, Iran, Russia, or any other country interested in "fixing" ballots headed for California. This is only one of several severe vulnerabilities in Internet voting.
Secondly, world class computer security experts have repeatedly and emphatically stated that Internet voting is dangerous. Nevertheless, Washington DC insisted on running a pilot Internet voting project last fall. DC officials prudently opened a "secured" pilot system up to red team (hack) testing. It took University of Michigan "wolverines" less than 36 hours to take complete control of everything - ballots, encryption codes, passwords, voter records, emails, the tabulator, operating system, network - everything. This was a "hardened" system using encryption that the officials were going to put into real use. What the pilot project did was put a huge exclamation point on the message that the best Internet voting system is none at all.
Thirdly, the most pernicious vulnerability comes from the people that can control the systems that collect and count the votes. Vendors program and install the voting systems. Election officials have insider access to them. Then there is the lone company that makes the uninspected and regularly "updated" operating system that runs on almost all the machines, Microsoft; plus the Chinese companies actually manufacturing the computers and the all-important chips.
Finally, if you add the Internet into the mix, we have hackers who can attack from anywhere in the world. Any of these individuals or companies have the possibility of rigging elections, and with that, decisions about how trillions of dollars are spent, and issues of war, peace, and justice. Rigging elections existed in America since long before the arrival of computers. This is not new. What is changing is the capability of fewer people to rig ever more elections from within an increasingly centralized, more powerful, and essentially invisible electronic system.
An Internet voting bill in California concerns the entire country. What happens in California does not stay in California. As an example, the republican primary looks like it will be hotly contested, and close. Everybody would like to know that the vote for delegates here was fair and accurate. If California ever introduces Internet voting, we will not have that assurance. As a prime example, there are at the very least 10,000 overseas voters registered in one county alone, Los Angeles. That's more than enough to make it worthwhile for someone to "fix" the ballots before or after they arrive at the single county server.
San Diego, with its large military vote, is another likely target. Nothing may happen during the primaries. We would probably not know, because there is no independent way of double-checking the electronic ballots. If we discovered that something actually did happen, it would be too late to recover because there is no paper record to recount.
Email voting is an effort to get a toe in the door. They are trying to spread it state by state, 19 so far. Then they will ask: if Pete can vote from Paris, why can't Linda in LA? And a highly technical issue will be hard to explain in the face of unrelenting propaganda. Their ultimate goal is paperless voting from your cell phone. The code for this is "meeting the expectations of young voters". I've heard this phrase used in Washington, and coming out of official meetings in Los Angeles. I write mobile apps. Reliable voting from a cell phone, while a cool idea, is decades away. So this well-meaning push for paperless Internet voting represents a threat to democracy everywhere.
While we knew that the people pushing Internet voting would not stop, we thought that California would be immune. Debra Bowen opposes email voting, and that should be enough to stop any right thinking individual from even introducing an email-voting bill in California. Well, someone did, and it sailed through the Senate, 23 to 11, with little opposition. This came as a surprise. A small but dedicated network of advocates including the Voting Rights Task Force and Verified Voting, working with Bowen's office, organized opposition to the bill.
We built information pages on the web, here and here. We got a clear, concise, compelling message out using email and Facebook groups. Technical experts wrote to the committee staff a week ahead of the meeting. This resulted in a staff report that reflected the dangers of email voting. At the same time, we met with assemblymembers and their staff. The result was that on July 5th, the Assembly Elections Committee blocked the email voting bill. This time it only got 2 "aye" votes. This was a great way to celebrate Independence Day.
What can you do?
1) SB908 is not totally dead. We've started a Facebook group, the "Calif. Election Integrity Network", for alerts and discussion.
2) On the national scene, you can go to http://www.VerifiedVoting.org to sign up for E-Mail Alerts about election legislation across the country.
3) You can find much more information about election integrity issues starting at www.CountedAsCast.com
4) If you have a chance, talk with your legislators about the dangers of paperless Internet voting, especially the following Senators who voted in favor of the bill : Alquist, Anderson, Blakeslee, Calderon, Correa, De León, Dutton, Fuller, Gaines, Harman, Huff, Lieu, Padilla, Price, Rubio, Runner, Simitian, Steinberg, Vargas, Walters, Wright, Wyland, Yee.
News flash: "Pentagon admits suffering major cyber attack". This is the point. No computers involved in elections are safe from attack over the Internet.
There has been a long struggle to establish fair and accurate elections in the United States, and it's not over. California has been at the forefront of maintaining countable paper ballots as the basis of those elections. We must keep it that way.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jim Soper is a senior software consultant and author of CountedAsCast.com. He is also co-chair of the Voting Rights Task Force in the San Francisco East Bay, which has been very active in voting systems issues since 2005.
- megan's blog
- Login or register to post comments
- Printer-friendly version
- Send by email
When you talk about "they" is it a particular government entity?
This entire article is just the classic strategy of trashing something that would be highly beneficial to our democracy, focusing only on scaring people and not a word about the promise of online internet voting.
No, the article quickly dismisses everything online internet voting has to offer with a "that would be nice but be afraid" attitude. Be afraid, be very afraid". This is classic fear-mongering.
Since the author never talks about the promise of online voting, I will. The issue of online internet voting is not simply one of convenience. It is much, much more important than that. Use your common sense for a moment and imagine how much more responsive to all of our needs government would be if everyone voted. We are told all our lives how important it is to vote. Here we have the technology in our lives that would make that happen, and all you read from guys like this is how horrible it would be.
And make no mistake, if we had online voting, everyone would vote. It is our voting system that keeps young people from voting. It is archaic in today's world to make people go to a polling place and pull levers or fill in ovals on paper to excercise their RIGHT to vote. We use the internet for EVERYTHING else in our lives, think about how silly the argument is that voting could not be safe.
The other tactic this writer employs here is the "paper trail" argument. Ask yourself this: Remember the hanging chad? How helpful were those paper ballots in resolving the problems in Florida in 2000? Those paper ballots CAUSED the problem to begin with.
The claims that voting results could be easily manipulated if voting in elections is done online are usually naive, misleading, or both. Again, use your common sense. Ecomerce, Ebanking, DMV transactions, you can go ON and ON. Our whole world is paperless today.
Do you know that about a trillion dollars a day in foreign currencies changes hands around the world EVERY DAY, and NOT A PENNY of it is kept track of on paper?
It is also unfair to lump online internet voting in with the standalone electronic voting machines used today, and the security problems they have. Server based systems carry multiple redundency. Today, with broadband, you could moniter the results of elections in real time from anywhere in the world. These systems are not unsecure. What are unsecure are our current voting systems, the ones the writer claims we should be afraid to outgrow.
You must also remember that the issue of voter fraud is a non-existent one. It is made up. It is a tool used to help suppress voter turnout. Voter suppression is and always has been a problem in this country. Poll tests, poll taxes. Making people wait in long lines to vote. And now Voter ID requirement laws.
What concerns you more - the phantom issue of voter fraud, or the real problem of voter suppression? There obviously are interests out there who don't want everyone to vote. Beware of them and their influence in this discussion.
Lastly, when you hear about all the "Computer experts" who swear that online voting could never be safe, think about how similar these cries are to the arguments made by climate-change deniers. Even though there is wide concensus amongst REPUTABLE climate scientists that man-made climate change is real, we are told about all the "experts" who disagree. With online voting the claims are even worse. They usually say that ALL "computer scientists" say it is bad. Beware of these claims!
Californians, use your head. Look around you at the world you live in. I have no doubt that the author's response to this comment will be to talk about how "naive" it is. Take a moment and ask yourself who is being played for naive here, and why.
The fear-mongering on this issue must stop.
Cyber The Vote!
Internet voting is not yet feasible, researchers from the National Institute of Standards and Technology have concluded.
"Malware on voters' personal computers poses a serious threat that could compromise the secrecy or integrity of voters' ballots," said Belinda Collins, senior advisor for voting standards within NIST's information technology laboratory, in an May 18 statement.
"And, the United States currently lacks an infrastructure for secure electronic voter authentication," she added.
...
Collins said NIST came to the conclusion that "additional research and development is needed…before secure Internet voting will be feasible" as a result of preparing a February 2011 interagency report on security considerations for electronic voting for uniformed and overseas citizens absentee voting.
The report, NISTIR 7770 (.pdf) concluded that Internet voting systems "cannot currently be audited with a comparable level of confidence in the audit results as for those for polling place systems," Collins said.
In coming out against Internet voting with current technology, NIST becomes part of an established consensus among most cybersecurity experts who have examined the issue.
Bruce McConnell, a Homeland Security Department senior cybersecurity counselor, told a March 29 gathering of election officials and watchdogs that it would be "definitely premature to deploy Internet voting in real elections."
...
http://www.fiercegovernmentit.com/story/nist-internet-voting-not-yet-fea...