Carter Center: Study of Norway’s Internet Voting

A recent post, brought the Carter Center’s report to our attention: Expert Study Mission Report The Carter Center Internet Voting Pilot: Norway’s 2013 Parliamentary Elections. <.pdf> The Carter Center report is highly enlightening, covering Norway’s pilot, Internet voting in general, and the challenges of credible observation of elections.

Today we highlight Scott M. Fulton’s thoughtful post based on the report: Scytl e-voting exposes the dangers of automating a democracy <read>

The truth is, any forward progress we make toward better communication with one another, toward social awareness, toward even expanded conscience of the world around us, can only be accomplished by each of us individually. Technology can empower us to do that, or to do the precise opposite. It is neither to credit nor to blame.

But the corollary to that principle is this, and it is a caution I try to repeat as often as possible: Because technology has no inherent polarization toward progress, simply applying it to a problem does not solve it…

The process of voting in Norway, according to that [Carter Center] report, was not at all dissimilar to the way B-52 bombers were told to attack Moscow in the movie Dr. Strangelove:

In order to vote, a voter had to register their mobile phone with a centralized government register (one could do so online while the voting was underway). The voter should have also received a special card… delivered through the postal service, with personalized numeric return codes. These cards provided the voter a list of four-digit numbers corresponding to each party running for election. The four-digit numbers were randomly assigned for every voter so that, for example, any two voters who wanted to cast their vote for Labour would unlikely have the same return codes associated to the Labour party.

The Carter Center charted the conceptual model of the technology involved:

Imagine your local school board election being charted by a process model this complex. Consider the degree to which people who are already disenchanted by the whole concept of contributing their 1/10,000 of a preference, will simply avoid the process altogether. Maybe this fact alone is what makes it so attractive to people in the election business.

As someone who has regularly sat next to security engineers, I look at a chart like this and see a gold mine of potential exploits–handoffs, air-gaps, SMS as the communications medium. Perhaps Scytl’s system is lock-tight today, but the very fact of its complexity, coupled with its wide-ranging impact on the public, makes it an automatic target. How long before such a system is cracked once, someplace in the world? And when that happens, how many other elections’ veracity will be called into question? How many Bush v. Gore cases will this nation withstand?

The Carter Center report goes into further details that add to the understanding of complexity of the system. Thinking about each part it is easy to speculate on the risks of attack, especially attacks by insiders – from public employees, vendor personnel from the system vendor, and various network support contractors.  Add that the near impossibility of independent verification of every possible critical point; along with the impossibility of public trust in any such complex and technically sophisticated evaluation.


Leave a Reply

You must be logged in to post a comment.