Why Hasn’t the Internet “Disrupted” Traditional Voting Yet?
As I waited nearly two hours in line at 6am this morning to exercise my democratic right to vote, I was left thinking to myself: “I can conduct secure financial transactions over the Internet, I can renew my driver’s license online, I can file my taxes electronically over the Internet and I can transmit confidential medical information online… so why the hell do I have to get up at the crack of dawn and freeze my butt off for 2 hours just to cast my vote.” Given my line of work, my thoughts quickly turned to the lack of widespread Internet voting.
From a DisCo point of view, the operative questions are:
- Why hasn’t the Internet changed voting like it has changed rest of our social, political and economic landscape?
- What are the future prospects for Internet voting?
The truth is that there are many aspects of voting that are difficult to reconcile with the Internet. More than a decade ago the National Science Foundation (NSF) commissioned a study to examine the feasibility of Internet voting. It published four major findings:
- Poll site Internet voting systems offer some benefits and could be responsibly deployed within the next several election cycles.
- The next step beyond poll site voting would be to deploy kiosk voting terminals in non-traditional public voting sites.
- Remote Internet voting systems pose significant risk and should not be used in public elections until substantial technical and social science issues are addressed.
- Internet-based voter registration poses significant risk to the integrity of the voting process, and should not be implemented for the foreseeable future.
So, where do we stand now on each of these points: Well, electronic voting is at least an option in many states, but those machines are not connected to the Internet (but there are still security concerns). Kiosk voting in non-traditional locations hasn’t happened yet but is being debated (and kiosks are used in other countries such as Brazil) — but this is certainly a more likely near-term development than remote Internet voting (and whether the kiosks are connected to the Internet is another debate).
The one area from the NSF report where we have seen serious Internet-related progress however is Internet voter registration. Currently, 12 states offer online paperless voter registration.
At the margins, there has been some progress. At least 33 states allow some citizens to cast their ballots via email or the Internet, and Arizona has even begun a pilot project that allows eligible voters to use a secure web portal to submit their information. As part of this movement, there has been a growing reliance on Internet/e-mail submitted ballots for soldiers and citizens living abroad. Also, in the wake of Hurricane Sandy, New Jersey is letting displaced residents submit their ballots via email like soldiers stationed overseas (but they have to mail in a paper ballot as well). However, researchers have been loudly complaining about security vulnerabilities.
In order to move forward with online voting on a larger scale, there are still difficult–though not impossible–problems that would need to be solved:
- Systemic Risk: Although even traditional paper ballots are anything but foolproof, having remote Internet voting or dispersed e-voting machines connected to the Internet (especially if they are running on the same — or similar — proprietary operating systems) exposes them to the risk of well-funded, sophisticated attacks (similar to Advanced Persistent Threats in cybersecurity lingo) targeting millions of Americans.
- Secret Ballot: It’s difficult to ensure that one’s vote is not being coerced if the voter is not subject to non-partisan ballot monitoring ensuring the secrecy of the vote.
- One-way information flow: Once one’s vote is submitted online, there is no way to know if it was counted correctly or altered. There is also not a paper trail that can be audited. In other highly secure transactions, such as online banking, a person whose account has been compromised can tell if money is disappearing from their account or suspicious activity is occurring. Banks, financial intermediaries and major Internet retailers are also willing to insure against the low-frequency (although not insignificant) fraudulent activity because the upsides and increased profits are so great.
- Incentives: Perhaps no other activity in the world would create more incentive for sophisticated attacks or manipulation than the Presidential elections of the most systemically important (both financially and militarily) nation in the world (the Smartgrid poses similar problems).
So, are there any examples of countries aggressively turning to Internet voting that we can observe as a case study? Well, yes. Estonia.
Although the small Baltic nation may not be on the average person’s radar — Internet policy wonks know it well. The little nation has become somewhat of a digital Mecca. The country has one of the highest Internet penetration rates in the world (75% as of 1Q 2010), a national digital identification system, has the highest marks in the world for Internet Freedom and has even announced plans to teach computer coding to students as early as first grade. (The country’s heavy reliance on the Internet — as many cybersecurity analysts would be quick to point out — also makes them uniquely vulnerable. In fact, Estonia was also the first country to be temporarily crippled by a digital attack.)
For the purposes of this article though, it also has a nationwide system of online voting. They have also thought of some very unique safety and security measures to attempt to offset some of the above mentioned risks:
- An elector can cast as many votes as he or she can over an allotted timeframe, but only the last vote counts. Furthermore, the elector can still cast a ballot on election day and that vote voids all electronic votes. This makes is difficult to coerce or buy votes.
- As far as electronic security, Estonia employs a very sophisticated set of encryptions:
To ensure security during the electronic voting process, voters in Estonia are required to possess several pieces of equipment. This includes an electronic ID card, and two pin codes used to sign an electronic signature on their ballot. After confirming their vote with an electronic signature, the vote is sealed in an electronic “virtual” envelope, which bears personal information about the voter. When vote counting begins, the inner encrypted votes and the digital outer envelopes with personal data are separated. The outer envelopes are discarded and the electoral commission counts the anonymous encrypted votes. In addition to internet voting, the 2011 election will be the first that allows voters to cast ballots through their cell phones that contain specially designed SIM cards for verification.
Although Estonia offers some hope for the future (it is unclear if Internet voting has increased Estonian election turnout), it doesn’t appear that the full-scale Internet voting will be on the horizon in the U.S. anytime soon. But if studying the history of Internet disruption has taught me anything, it’s that one should be very skeptical when people say things are “never going to happen.” Baby steps are currently being made with overseas and military voters and as a greater percentage of the voting public is comprised of people who grew up with the Internet — and therefore are often more accepting of the associated “Internet specific” risks — expect politicians, election officials and, most importantly, private sector entrepreneurs to begin to solve or route around many of the above problems and bring voting into the 21st century as well.
[Note: In discussing this article with others, many people discussed for purely political reasons why opposition will arise to Internet voting, which pertain to both major political parties. Given that that is largely conjecture and political considerations can shift in the future, I chose not to focus on them in this piece.]