Category: Internet Voting

On July 19th a Military Voting Conference was held in Washington, D.C. by the Heritage Foundation: <video>

As one might expect a conference sponsored by the Heritage Foundation, introduced by former Attorney General Ed Meese, with keynote by Senator Cornyn, did get political at times.  For those interested in Military voting and the risks of Internet voting, overall the conference was quite informative and provided a variety of views, even though did not include computer scientists or security experts.

8:45 a.m. Welcome and Opening Remarks
Edwin Meese III, Chairman, Center for Legal & Judicial Studies, The Heritage Foundation

9:00 a.m.  Panel 1 – A State Perspective on the MOVE Act and Military Voting
Natalie Tennant, Secretary of State of West Virginia
Beth Chapman, Secretary of State of Alabama
Mike Ertel, Supervisor of Elections, Seminole County, Florida
Charles “Cully” Stimson, Senior Legal Fellow, The Heritage Foundation (Moderator)

9:45 a.m. Panel 2 – Exploring Ways to Increase Military Voting Participation in the 2012 Election
Bob Carey, Director, Federal Voting Assistance Program
Donald Palmer, Secretary, Virginia State Board of Elections and former Director of Elections for Florida
Eric Eversole, Executive Director, Military Voter Protection Project (Moderator)

10:30 a.m. Keynote Address:
An Author’s Assessment of the Effectiveness of the MOVE Act
The Honorable John Cornyn (R-TX), United States Senator

11:15 a.m. Panel 3 – Exploring Ways to Enforce Military Voting Rights in Federal and State
CourtsChris Coates, Former Section Chief, Voting Section, Civil Rights Division, U.S. Department of Justice
Christian Adams, Founder, Election Law Center
Hans von Spakovsky, Senior Legal Fellow, The Heritage Foundation (Moderator)

12:00 p.m.Keynote Address:
Understanding the Sacrifices of Our Men and Women in Uniform and the Importance of Protecting Their Rights at Home
Admiral Edmund P. Giambastiani, Jr., USN (ret.), former Vice Chairman of the Joint Chiefs of Staff

Some specific observations:

• Many panelists expressed concern with online voting but also strong support of electronic ballot delivery and its value to resolve most problems (I agree).
• Other panelists have no fears of Internet voting, say the risks are worth it, and misinterpret or attempt to transfer opposition to online voting as distrust of the military voter. They imply security experts are worried about military voters, rather than hackers and insiders.
• Mike Ertel, Supervisor of Elections, Seminole County, Florida is concerned that people view online blank ballot delivery as ‘online voting’ and taint it with the same brush.
• Several expressed upset with low compliance by states and the Dept of Defense with the MOVE Act and were disappointed that Eric Holder has not prosecuted (here I suspect political bias). Others defended the states and DOD for the short time and lack of funding for implementation.
• I was  surprised to learn that there is significant disagreement about the statistics on military participation in elections – the figures always look low, but some claim that all ‘in person’ military voters are not counted as voting, but are counted in the statistics as if they have not voted. Bob Carey, FVAP Director said, that when adjusted for age, the participation is about the same as the general population. It is still clear that there is a problem when many request ballots, but in the end are unable to vote!
• Several mentions of the Military’s “right to vote”.  That sounds fine to me, yet my recall is that citizens do not have a right to vote and that several in Congress have pressed for legislation to provide that right, apparently in Bush v. Gore the Supreme Court agreed.

Among the missing from this and some other discussions:

• Computer Scientists and Security Experts, including those from the Department of Defense
• We note lack of concern for the rights, convenience, and support of other overseas voters in addition to Military voters. Such voters include: Military Contractors, State Department Employees, Peace Corps volunteers, business people, and NGO staff.
• Actual recent experience of Military and Overseas voters.  Generals’ experience can be outdated. When they are in the field, they do not live the same life as the average soldier or overseas citizen.
• Despite the claims of success in West Virginia’s Internet  voting pilot, it has not been continued by the Legislature, and, as we understand it online delivery of ballots and absentee applications, followed by return in a single envelope would be much more economical, much less risky, and more effectively relieve barriers, which hamper military voter and keep their votes from being counted.

Once again, despite the limitations, the conference is well worth viewing for what it does provide.

Update 8/7:  Tom Tomorrow explains the politics in cartoon: Thomas Friedman, Private Eye<view>

A [thought] provoking, yet worrisome op-ed by Tom Friedman in the New York Times: Make Way for the Radical Center <read>

Wherein the observer of a flat world, endorses an Estonian election system embraced by a third party looking to elect our President, chosen in a nationwide Internet primary:

Thanks to a quiet political start-up that is now ready to show its hand, a viable, centrist, third presidential ticket, elected by an Internet convention, is going to emerge in 2012. I know it sounds gimmicky — an Internet convention — but an impressive group of frustrated Democrats, Republicans and independents, called Americans Elect, is really serious, and they have thought out this process well. In a few days, Americans Elect will formally submit the 1.6 million signatures it has gathered to get on the presidential ballot in California as part of its unfolding national effort to get on the ballots of all 50 states for 2012.

If it is successful, as Tom predicts, we should know in about three “Friedman Units“. We are skeptical of Friedman’s predictions of its effect, even it it succeeds. From the op-ed:

to take a presidential nominating process now monopolized by the Republican and Democratic parties, which are beholden to their special interests, and blow it wide open — guaranteeing that a credible third choice, nominated independently, will not only be on the ballot in every state but be able to take part in every presidential debate and challenge both parties from the middle with the best ideas on how deal with the debt, education and jobs.

Would it be free from such influences, far from the center of power? Hardly, if Friedman accurately describes the force behind the initiative:

Kahlil Byrd, the C.E.O. of Americans Elect, speaking from its swank offices, financed with some serious hedge-fund money, a stone’s throw from the White House.

Let us look at last week’s article in the Daily Beast describing more details, as imagined and actually proposed, <read>

Imagine what our election system might look like if it were designed today: No Byzantine electoral college, no long lines on a random Tuesday, no closed primaries that force candidates into the arms of their party’s special interests. Modern Madisons and Hamiltons would try to devise a process that’s open, online, citizen-driven, and capable of producing leaders that can unify the nation once in office…

consumers have shown in every other field that they are no longer satisfied with a choice between Brand A and Brand B.

Unlike cable service, where it would seem to a Martian visitor we love only a single choice, Brand C,  high cost and low service.

Another indication of how different and grassroots-like this effort is:

A bunch of political pros—“politically homeless,” in the words of Michael Arno, the California-based political consultant overseeing Americans Elect’s national ballot access—have signed on. CEO Kalil Byrd is a Republican who served as communications director for Democrat Deval Patrick’s victorious gubernatorial campaign in Massachusetts. Senior political adviser and pollster Doug Schoen worked for President Clinton and Mayor Bloomberg (and often polls for Newsweek/The Daily Beast). An impressive board of tri-partisan advisers ranges from former FBI Director William H. Webster to former CEO of Hallmark Irvine Hockaday to the dean of Tufts’ Fletcher School of Diplomacy, Stephen W. Bosworth.

And how transparent:

 Over the past several months, I attended one of 400 off-the-record fundraisers

Like many movements and half-baked ideas, this one is ready with a preemptive shot at its critics:

Skeptics, of course, can have a field day with this techno-utopian political fantasy. Casting aside technical hurdles regarding the system’s security and integrity (“We’ve taken measures stronger than banks and brokerage firms in the financial industry,” says designer Joshua S. Levine, who cut his professional teeth as chief technical officer and chief operating officer of E*Trade), there’s the even more daunting prospect of getting on the ballots, when neither Democrats nor Republicans want them to succeed

This is  reminiscent of the article on Estonian voting we covered yesterday. No mention of any transparency in the development, testing, and operation of the actual system. Rather than quoting independent technical experts, we see the system pronounced safe by the architect. Did Ronald Reagan say “Trust Me”?  Of course not. Actually it sounds like something Bernard Madoff might have said. President Reagan actually said “Trust But Verify”.

And that’s all before the candidate-selection process, and the chance that an organized faction could hijack the process, delivering the nomination to a charismatic joke candidate (think Donald Trump).

But what if, on the other hand, a civic celebrity like Tom Brokaw emerged? Or a frustrated would-be-nominee, whether one with an intense ideological fanbase like libertarian Congressman Ron Paul or a center-right candidate like former Utah Governor Jon Huntsman, who finds the current composition of the GOP primaries too conservative to survive. More likely is the nomination of a centrist dream team, like a Mike Bloomberg-Colin Powell competence ticket or a fiscal-responsibility double bill of Erskine Bowles and Alan Simpson. Mark Warner, Chuck Hagel, David Petraeus—the possibilities are infinite.

Or maybe the process is not “hijacked” but the people create a party platform close to some of the results we have seen in some recent polls? A platform of banning guns, protecting Social Security, universal health care, and decriminalization of pot? (Remember when Obama asked his supporters to vote on initiatives after the election? Not much publicity after they voted pot decriminalization as the top priority). What is scary is the potential for insiders to actually hijack the process by disqualifying or discrediting such votes. Or outsiders successfully attacking the system undetected.

No mention here of the possibility of candidates being chosen such as Dennis Kucinich, Bernie Sanders, Elizabeth Warren, or, Pat Roberson forbid, Michael Moore, Keith Olberman, or Ralph Nadar.

It does not sound transparent financially or electorally. Yet, I can see why almost everyone would want to sign-up to promote their favorite type of candidates and party platform.

Updated: 7/25/2011

Last night I joined the site to try the system.  At this point they ask opinions on some 64 items. My impressions:

• Each question offers a choice of 3 or 4 items and an ‘Unsure’ option.
• Perhaps 1/3 of the time, I am not completely happy with the options. I would prefer another option. I noticed at least one question with a false dichotomy. Otherwise the choices seem reasonable.
• After choosing each question, the system shows the vote %’s for each answer so far. As I predicted the votes seem to me to correlate with polls I have seen (e.g. a strong preference to raise taxes, stimulate the economy, and support gay marriage.)
• Disappointing, there is no option to suggest other alternative answers and, perhaps more significantly, no mechanism to submit additional issues. (So its unlikely we will see votes on decriminalizing pot or banning Internet voting etc.)

Update: F.A.I.R also some interesting comments. It seems Tom Friedman advocated similarly in 2004 and in 2007: <read>

This isn’t to say there’s anything wrong with efforts to challenge the two-party system, which certainly limits political expression. But it’s curious that Friedman assumes that the “center” isn’t being adequately represented–or that, more importantly, a truly democratic nominating process would yield a “centrist” ticket. There’s no reason to believe that would happen. Friedman’s candidate would “challenge both parties from the middle”–but why would the people choose such a candidate? And is a third party “financed with some serious hedge-fund money” really a step in the right direction?

One rule Americans Elect has set down: A presidential candidate has to cross the party line to find his or her running mate–as Friedman puts it, “a Democrat must run with a Republican or independent, and a Republican with a Democrat or independent.”

This sounds like… well, something that Tom Friedman would advocate. Which he did, in 2004: “I want to wake up and read that John Kerry just asked John McCain to be his vice president.” Or consider the Tom Friedman who, in 2007, suggested that if Obama were to win the Democratic nomination, he “might want to consider keeping Dick Cheney on as his vice president.” The reason had something to do with Iran policy: “Mr. Obama’s gift for outreach would be so much more effective with a Dick Cheney standing over his right shoulder, quietly pounding a baseball bat into his palm.” Ah, the magic of centrism!

One city, Tallinn Estonia, holds a conference on the risks of Internet voting, under apparent national and at least some media opposition to recognizing security concerns <read>

Yes­ter­day, July 20, the City of Tallinn bol­stered its drive to bar the nation’s much-touted e-voting sys­tem from local elec­tions, hold­ing a press con­fer­ence where promi­nent US com­puter sci­en­tist Bar­bara Simons said that such sys­tems are inher­ently vulnerable.

The Uni­ver­sity of Cal­i­for­nia, Berke­ley PhD and for­mer Asso­ci­a­tion for Com­put­ing Machin­ery pres­i­dent spoke about risks such as mal­ware, attacks on the server man­ag­ing the elec­tion, insider threats and false websites.

Speak­ing in gen­eral terms, not about Estonia’s sys­tem in par­tic­u­lar, she said that the nature of e-voting makes it impos­si­ble to audit or recount the votes. She also warned of the pos­si­bil­ity of soft­ware viruses or worms that could infect a com­puter, cast­ing votes with­out the user’s knowledge.

Along with the tech­ni­cal infor­ma­tion gleaned from Simons’s pre­sen­ta­tion, those present at the press con­fer­ence were also able to gain a clear sense of the agenda behind the event.

The con­fer­ence was con­ducted in a tightly-controlled man­ner, end­ing as jour­nal­ists were cut off after only three ques­tions. A 158-page book enti­tled “Today’s Inter­net is Not Ready for E-Voting,” pro­duced by the City Coun­cil, was also dis­trib­uted to those in attendance.

Was there an “agenda behind the event” or behind the article?

Counter Argu­ments

Tarvi Martens, archi­tect of the nation’s e-voting sys­tem and a key fig­ure in the Eston­ian IT and infos­e­cu­rity field, shrugged off the US expert’s claims.

“Her story is noth­ing new,” he told ERR radio. All of the risks that Simons brought up, he said, are well-known and have been taken into account.

Martens said that exper­i­ments have been run with hack­ers hired to attempt to crack Estonia’s vot­ing sys­tem. “Tests have been con­ducted repeat­edly. Only low-level prob­lems were found and these were addressed. No one has man­aged to ruin any­thing,” he said.

If some­thing should hap­pen, he added, there is a backup plan. “If an attack takes place, then we have a legal basis to annul the results of e-voting […] Elec­tronic elec­tions have already been held five times [in Esto­nia] and noth­ing hap­pened. Every­thing works cor­rectly,” said Martens…

Ear­lier this year, ques­tions were raised about the sys­tem when a stu­dent claimed to have found a flaw that would the­o­ret­i­cally allow a virus to block can­di­dates from appear­ing on an affected voter’s bal­lot screen…

In May a report by the Office of Secu­rity and Coop­er­a­tion in Europe (OSCE) gave the country’s inter­net vot­ing sys­tem an over­all clean bill of health, but cited a num­ber of tech­ni­cal and pro­ce­dural holes that they rec­om­mended plug­ging. Par­lia­ment later set up a work­ing group to address the issues.

Let us look at that OSCE report and the ‘overall clean bill of health’ and ‘technical and procedural holes’ to plug:

Most actors involved in the Internet voting process had been involved in the past elections and collaborated very efficiently. However, the OSCE/ODIHR EAM was concerned that this led to an environment where critical questions were no longer asked and where detailed protocols of proceedings were too rarely part of the process.

The OSCE/ODIHR recommends that the NEC builds its own in-house IT expertise and capabilities on Internet voting and retains detailed written records at all stages of the Internet voting process…

In a parallel process, a [single] programmer, who was contracted by the NEC, verified the software code. The identity of the programmer and his report to the NEC was kept secret. It was not made available to the OSCE/ODIHR EAM, other observers or political parties…

Testing is a crucial exercise to find any deficiencies in the system. The NEC made a substantial effort to test various components of the Internet voting, including by members of the public. However, reporting on the performed tests was often informal or kept secret.

The OSCE/ODIHR recommends that the NEC issues formal reports on testing of the Internet voting system and publishes them on its website in order to further increase transparency and verifiability of the process.

The OSCE/ODIHR EAM was informed that the project manager was able to update the software of the Internet voting system until right before the elections started, and without a formal consent of the NEC. This was done without any formal procedure or documented acceptance of the software source code by the NEC, which limited the information on which version of the software was ultimately used…

The OSCE/ODIHR recommends that the NEC adopts formal procedures for software deployment and establishes a deadline for its updates...

As in previous elections, and despite the recommendation made by the OSCE/ODIHR in 2007, the time of casting a vote was recorded in a log file by the vote storage server along with the personal identification code of the voter. This could potentially allow checking whether the voter re-cast his/her Internet vote, thus circumventing the safeguards in place to protect the freedom of the vote...

Daily update of the voter register during the voting period as required by the Election Act was performed together with the daily backup of data. The project manager accessed the servers for daily data maintenance and backup breaking the security seals and using a data storage medium employed also for other purposes. This practice could potentially have admitted the undetected intrusion of viruses and malicious software.

It is recommended that no maintenance of the Internet voting system servers is performed from the start to the end of the Internet voting process...

During the counting, one vote was determined invalid by the vote counting application since it was cast for a candidate who was not on the list in the corresponding constituency. The project manager could not explain how this occurred – the investigation was still ongoing at the time of issuing the report.

It is recommended that a provision is introduced to provide clear criteria for determination of the validity of the votes cast via the Internet…

In addition, there are algorithms that enable universal verifiability, meaning that anyone is able to verify that the cast votes have been decrypted and counted properly. Estonia’s Internet voting system does not employ such tools. The OSCE/ODIHR EAM was given the explanation that this was due to concern that enabling verifiability might confuse voters.

The OSCE/ODIHR EAM was made aware of a program that could, if it was running on a voter’s computer, change the vote without the possibility for the voter to detect it. The case was brought to the attention of the project manager who assessed this threat to be theoretically plausible but nearly impossible to implement in reality. The author of the program filed a petition with the NEC that was dismissed and subsequently appealed to the Supreme Court. The introduction of an opportunity for the voter to verify that his/her vote was cast and recorded as intended would mitigate that risk.

The OSCE/ODIHR recommends that the NEC forms an inclusive working group to consider the use of a verifiable Internet voting scheme or an equally reliable mechanism for the voter to check whether or not his/her vote was changed by malicious software...

The 2004 Council of Europe (CoE) Recommendation on electronic voting and the CoE recent guideline on certification35 recommend that technical requirements are established and that its component are tested for their compliance with these requirements. The NEC made comprehensive and commendable efforts to test the Internet voting system, including by members of the public. However, this testing was not preceded by the establishment of comprehensive technical requirements and was only overseen by the Internet voting project manager, who also administered the necessary amendments. The NEC decided, as in 2007, not to have the Internet voting system certified by an independent third party.

The OSCE/ODIHR recommends delegating the responsibility for certification of the Internet voting system to an independent public body that would evaluate and then digitally sign the final version of the Internet voting software and publish a public evaluation report…

The NEC contracted an auditor to assess compliance of the Internet voting with technical, legal and procedural requirements. The NEC considered that the audit ensures the necessary accountability of the system which makes formal certification unnecessary.

KPMG Baltic was contracted by the NEC, after a public tender, to check the compliance of the NEC actions with an operation manual. The only obligation specified in the contract was that KPMG had to be present at the execution of procedures and check that they were followed in accordance with the manual. The OSCE/ODIHR EAM observed that both the auditor and the NEC only occasionally made detailed notes about deviations from the manual, thus limiting the opportunities for follow up on possible shortcomings.

The operation manual for the Internet voting comprised a number of separate documents that were originally written by the software vendor and were later updated by the project manager. The NEC published these documents on its website, but did not organize any review or a formal acceptance procedure for them.

It is recommended that an operation manual is consolidated in a single comprehensive document and describes all Internet voting procedures…

The OSCE/ODIHR recommends that an independent public body is appointed to perform a compliance audit of the whole Internet voting process with a consolidated operation manual…

While publicly-available documentation covers most stages of the Internet voting in a detailed manner, it is not presented in a way that makes it readily comprehensible to all interested actors. Similarly, the OSCE/ODIHR EAM notes that a substantial knowledge of IT was necessary for observers to follow the training sessions.

The OSCE/ODIHR recommends that further measures are taken to enhance the transparency of the Internet voting process, possibly through providing additional materials and training that are readily comprehensible by all interested actors and the public even without special knowledge of IT.

Hardly what we would call a clean bill of health.

Some good news amidst the government huffing and puffing. A city is fighting for election integrity and that the OSCE report was created and is so thorough.

Sadly, Estonia is the last place we would expect to dismiss as unrealistic, the real threats to government internet facilities.

Perhaps Connecticut will learn more from all this than Estonia has, before it is too late to actually implement risky, expensive online voting. The Constitution State could be the Tallinn of America.

Mark Ritchie is Minnesota Secretary of the State and also the most recent past President of the National Association of Secretaries of State. He spoke at the Overseas Vote Foundation conference earlier this year: <video>

Mark Ritchie covers:

• The success of implementing MOVE in Minnesota without Internet voting
• The risk of Internet voting – Minnesota has been hacked
• Understanding the difference between using electronics to send ballots vs. receiving them via the Internet
• Why just supporting Military Voters is insufficient – there are many other overseas voters
• The importance of the move of primaries from September to August

Secretary Ritchie’s talk is followed on YouTube (on the right) by talks by others on the panel and a Q&A. These are all very interesting and contribute to understanding the challenges faced by military and overseas voters.

• Ultimately a low percentage of military voters apply for absentee ballots and a disappointing percentage of those are actually returned. We should not expect a military voting rate equal to the general public, but most of those motivated to request ballots should find it convenient enough to vote.
• New York and Washington make a good case for why overseas voters should be served as well as military voters
• New York was also quite successful with voters choosing to obtain materials from the web, working in conjunction with a vendor, Scytl and the Overseas Vote Foundation. In 2010 the process was labor intensive for local officials in 2010, yet they are working to improve that in 2011. <video>
• Many of the existing systems non-online voting systems are actually very similar to the process of the West Virginia online voting pilot and do on result in significant numbers actually voting
• In Maryland they found that overseas voters made use of electronic ballot delivery of materials at twice the rate of military voters
• In the Q&A Mark Ritchie discusses the problems that spam filters cause with the actual receipt of emails by voters
• Many states like the West Virgina  pilot require an absentee application, followed by an ID and Password to be sent to voters for them to retrieve materials or to vote.
  (It seems obvious to us: This can result in problems with mailed information getting to military voters with frequent changes in addresses. If sent via email then there would be security issues and many might well be lost in transmission to the voter)

 

Earlier this year we pointed to and covered a technologists panel on Internet voting at the same conference.

We believe Connecticut can do better at supporting Military and Overseas Voting. We should be following and improving on the success of states like Minnesota and New York. We should avoid risky, expensive, insufficient solutions like the West Virgina prototype.

As CTVotersCount readers know, our Secretary of the State has been charged by the Legislature “within available appropriations, recommend a method to allow for on-line voting by military personnel stationed out of state”. Its quite a task to do what the Defense Department, scientists, and security experts say cannot be done with today’s technology, at any cost, while taking resources from operations and other initiatives to make the report.

Grande Prairie, Alberta, Canada is considering the same thing for its elections, but wisely is considering funding a detailed business case, including security and recountability before proceeding: <read>

Munic­i­pal Affairs Min­is­ter Hec­tor Goudreau requested the busi­ness case in order to for­mal­ize a city request to pilot online voting.

“The busi­ness case would need to address the per­ti­nent issues, such as the need for Inter­net vot­ing in the city, who is the licensed provider, how is secu­rity guar­an­teed, how is voter val­i­da­tion dealt with, what are the costs, and how are results ver­i­fied and recounts con­ducted,” Goudreau wrote.

The estimated costs of the business case?

Audrey Cerny, City Hall’s leg­isla­tive ser­vices man­ager, told the com­mit­tee it would take at least four to five weeks of staff time to develop a busi­ness case. But she said it is pos­si­ble to develop one that is less costly than the esti­mated $30,000.

“It is depend­ing on how much exter­nal con­sul­tant time is needed,” she said. “If the con­sul­tant is uti­lized for a fewer num­ber of days, the costs obvi­ously could be lower. So essen­tially it could be $10,000.”

In order for the province to study the con­cept and make a deci­sion in time for the 2013 munic­i­pal elec­tion, a busi­ness case would have to be fin­ished by Sep­tem­ber or Octo­ber, she said. That means an out­side con­sul­tant would be necessary.

“There’s no guar­an­tee (our) inter­nal resources may be able to fully com­plete this with­out using an exter­nal con­sul­tant,” she said.

It sounds like they are asking the right questions, but may be getting in over their head in doing the “business case”. We are bit skeptical that it can be done will for $30,000 or $10,000. Yet, perhaps with effective research into what others have tried a general cost estimate can be obtained and a review of the the security risks can be developed. They should also be wary of the vendor being selected as part of the business case, or of relying on vendors for “helping” with the security and recount portions of the evaluation.