Electronic Voting in the US - Lagging But On the Way

At one point in time I might have said that voting and the democratic process was extremely important but boring to think about technically. No longer. In fact, this past Tuesday I had the nail biting experience of being on an airplane for most of election day with no idea what was going on. After circling in the sky for the final 30 minutes, with a possible threat of being diverted somewhere far away, we landed in the fog, I flew out of the plane into my car and boogied up the freeway to a friend's election night gathering, arriving just as they called the election for Barack Obama. Technology has come a long way when we can reliably report results so soon after the last polls close.

I had the satisfaction of knowing that I had been able to vote even though I was half way across the country on election day. That is because California provides the option of being a permanent mail-in voter. Very convenient for those of us who are often away from home.

But what about all those people who live places where you simply have to show up in your designated precinct polling place on election day? And all those people for whom this seemingly simple process is fraught with stumbling blocks? Why, as I was reminded last night at the monthly UX Speakeasy meeting, is our voting technology in the US 10-15 years behind our technology in other areas of society?

A few years ago I learned just how divisive the prospect of Internet voting is in this country. While researching the topic of Internet voting for my book, I posted both a blog post and a LinkedIn conversation on the topic and to my complete surprise there ensued a lengthy heated conversation and I received a few, um...spirited emails.

However, as I have suspected since then, the process of dragging and pushing the US towards secure, reliable electronic voting is continuing in spite of efforts from some quarters to stop it.

Last night at the UX Speakeasy meeting, Mike Joyce spoke at some length and in some detail about his experiences implementing electronic voting around the world. Mike covered many of the "usual" topics to those familiar with the subject (verification, validity, security ...) but there was a unique spin to his talk. He posed electronic voting and the challenges of universal enfranchisement as a usability issue. More than a user interface issue. More than a software issue. Voting should be accessible and easy for everyone, regardless of where you are, and what limitations you might have physically or cognitively.

Here in the US we are unlikely to go the way of the Australians any time soon and make voting mandatory for all citizens, however it was quite instructive to listen to how seriously the Australians take voting and how they put in place mechanisms to try and make everything run smoothly for people in far away Perth (look it up on a map and you'll see what I mean) or in the Outback.

Here in the US it sometimes seems as if, in contrast to what we heard last night about several other countries, we go out of our way to make it a challenge to vote. However, after listening to Mike last night, I am more convinced than ever that the US is going to get Internet voting implemented sooner or later. Of course it won't be perfect, but tell me, honestly, is the current system anywhere close to perfect? And shouldn't we make it easier for people to vote so that fewer people will view it as a burden or an inconvenience? Let's encourage and support participation in the democratic process.

Oh...we had our own little vote last night. UX Speakeasy is busily deciding what the theme of our next mini-conference will be. After polling our membership recently for ideas, we developed a ballot for people to mark up and submit. Not electronic alas, but truly in the spirit of the day and of the week.

Do you have an opinion about the next mini-conference? Then vote!

Internet Polling Coming to a District Near You

In my radio interview Monday, the moderator Flora Brown and I had an enthusiastic conversation about the controversies that surround Internet voting. One of the chapters in my book is about Internet voting, and I spoke with Flora about the unexpected controversies I encountered while conducting my research. Who would have known there were such passions surrounding the future of Internet voting?  Indeed, deep seated philosophical differences exist about using the Internet to vote. Highly accomplished computing professionals fall on both sides of the issue - should we, shouldn't we, can we, can't we employ the Internet as another method to cast ballots?

A few hours after the interview ended I learned about an interesting experiment underway in some parts of the country. Independent voters in certain districts (with tight races perhaps?) have the opportunity to take part in an "Online Voter Preference Survey", organized by a group called the Independent Voter Network, (IVN) and  implemented by a group called "Everyone Counts".

Not actually casting a ballot online, this survey is however asking voters to indicate how they intend to vote in the upcoming June primary (for California). It feels like voting and the ballot is said to be secret, even from the IVN.

What is the purpose? Interesting, actually. I looked at the paperwork sent to selected voters (apparently the list is drawn from people registered as Independents) and there aren't a lot of details. However, they provide the URL for their website (see above) which is full of information.

The voter preference survey is a form of modernized polling. By asking people how they intend to vote, and then shipping the aggregate results off to candidates, those candidates will presumably get a feeling for how Independents are leaning. In time to...do what?

Several interesting issues here. As essentially an online voting opportunity (albeit non binding) there are all the issues of security and privacy that cause Internet voting proponents and detractors to debate. In addition, there is a fascinating issue here about how a centuries old process of testing the winds of voter minds is changing.

Will Internet based vote polling be any more or less accurate than data gathered through phone call surveys and other traditional (labor intensive) mechanisms?

Will politicians react any differently to receiving this data? In a positive way? In a negative way? The same as always?

Perhaps someday there will be fewer robo-calls during dinner? One can only hope.

Internet Voting Revisited: It Could Go Viral

Quite some time ago I wrote a post on internet voting and it generated quite a bit of impassioned response, in great part on some of the computing discussion groups I cross-posted to. Computer scientists have some very strong opinions on internet voting.

Whatever you think of it personally or technologically, it looks like internet voting is coming. There is a really interesting new grassroots movement afoot. It reminds me (and probably will you too) of how the internet was first used to make one primary political campaign go viral (Howard Dean anyone?) - and now virtually all serious politicians recognize that the internet cannot be ignored if they want to win an election. Some use it more effectively than others, but no one brushes it off anymore as only for the "fringe".

There is a group called Americans Elect 2012 that is setting up an online voting system for the 2012 presidential primary so that people across the United States can pick the issues that matter to them and the people they wish to nominate. I heard an interview last night on the PBS NewsHour with 2 of the principals and it is very interesting - non partisan, and sounds like they are going full steam ahead with harnessing computing and the internet to get around the gridlock of our current political election system.

The group already has a presence in all 50 states and is working through the complex process, that varies state by state, of when and how they are legally permitted to operate.

Their system is in Beta, and you can check it out. The site I'm about to link you to includes, among other things, interview snippets with people from 5 states - people on the streets.

Technologically, what is cool about this is that it could very well work. They have apparently thought out how to harness the internet and to address what people are really upset about (according to national polls that were discussed on the news spot last night). The organization is not letting itself get tangled up in theoretical or philosophical or technical discussions about whether or not internet based voting is feasible, or a good idea - they are doing it.

Here they are: Americans Elect 2012. 

If this effort takes off, it could radically change politics as we know it. What do you think????

Internet Voting: Security, Networking, Politics and Some Heat

With social upheavals happening in countries across the middle east and northern Africa, the media and politicians have been talking a lot about democracy and the rights of individuals to freely express themselves politically. Although we are not in a similar situation here in the US - we are not risking civil war or overturning the government - we do have an issue that provokes heated debate and widely divergent perspectives among computer scientists: Internet Voting. The US Constitution guarantees the right to vote for its citizens. Most of us take this right for granted I suspect, whether we act on it or not. It amazes me when I hear how many people do not vote regularly, given that we can do so safely and without worrying about repercussions, but that is another issue.

For the past several years various groups and organizations have been debating, proposing legislation for, and running pilot projects using the Internet to vote. Why? A big motivator is to increase access. American citizens living overseas (civilian, military, government employees) often want to vote but if they have to rely on the postal services of several countries for ballot requests and return, or if they have to travel great distances to get to an approved polling place it can be a significant burden. State and county agencies in this country wonder if they can improve reliability and efficiency while reducing costs by implementing online voting. Given the current fiscal situation in this country that is a huge motivator. The problems of access, reliability and budgetary pressures just scream for consideration of a computing based solution. Maybe it will work, maybe it won't, but if it is going to happen it is going to be computer scientists who make it so (A Captain Picard reference in case you didn't pick up on it).

There are pros and cons and this is where opinions run hot. Let's take just one example: the need to guarantee the security and privacy of such sensitive data if it is sent over the Internet.

Why is a "guarantee" of correctness on the Internet so difficult? As many of you know, the Internet was originally designed by the US Department of Defense for use by a select number of trusted sites for the purpose of guaranteeing communications in the event of a national emergency such as a nuclear attack. Therefore, redundancy of data was the primary concern, not security of data. If Washington DC was attacked, multiple copies of sensitive data would be accessible in repositories across the country. This legacy lives on today, as the Internet has grown into a global network of diverse systems connected with everything from telephone lines to satellites, connecting state of the art computers and mobile devices to 25 year old legacy mainframes. As a result, it seems that we can communicate with almost anyone anywhere at anytime and because of built-in redundancy systems, data almost always gets through - unless someone intentionally interferes. And therein lies the problem. There will always be people who try to steal, or at least read and exploit, data that is not "theirs". Although not unique to electronic voting systems, the vulnerabilities of the Internet bring added attention to this old problem. We do *not* want anyone intercepting electronic ballots, or compromising a voting web site. How good is "good enough" when it comes to accountability and reliability?

How are these issues currently being tackled? I'm going to get technical for two paragraphs in order to provide a flavor of what computer scientists are currently doing in the realm of computer security for sensitive data.

The focus of much data security work is at the application and system levels. Onion routing is an interesting technique that supports anonymity across complex networks. As data is passed from an original source to a final destination it passes through many intermediate nodes (which may reach into the hundreds). Data that is “onion routed” has layers of encryption that are successively “peeled off” at each node, assuming the node in question has the correct cryptographic technique and knowledge to do so. Thus many successive security checks take place and a suspicious event at any node along the path will raise a warning flag. The action then taken is application dependent, and can include halting the process, rerouting the data or other customized response. Two other well known network level security technologies include strategic placement of firewalls and the use of Virtual Private Networks (VPNs). Various methods of authentication, encryption, verification, digital signature and hash functions find their way into this work. How well do state of the art data security efforts protect data and provide an audit trail?

Although the answer to that question invites a range of answers, computer security experts will generally agree that software alone will never be sufficient to detect or prevent tampering. Hardware level security checks are also needed. It is common practice in security intensive systems to include a Tamper Proof Module (TPM). This non-rewriteable chip contains check code to search for tampering. First the boot loader is checked, which then checks the Operating System, which then checks the application(s) for an integrity breach

There are high level issues to be addressed as well. Equally important requirements. An Internet voting system for US voters needs flexibility (to accommodate different state requirements), convenience for the user, training and education of both staff workers and voters. Particularly important is timeliness – the most flexible, friendly, convenient electronic voting system is pointless if the ballot arrives too late to be counted or has to be discarded due to suspicions of fraud.

There are always tricky issues when science and public policy intersect. Computing is particularly complicated because the field is so new, and technology changes so quickly. By the time consensus is reached on a contentious issue, the point may be moot. The technical issues alone for Internet voting are complex, but often come down to one issue: risk assessment. What degree of risk is tolerable in order to achieve a societal right guaranteed by the Constitution? In some cases entrenched opinion comes from holding a philosophical stance about whether or not the Internet can ever be an acceptable medium for any voting, overseas or otherwise.  Proponents argue that it is only a matter of time until Internet voting becomes reality, and also that the subject is a matter of morals, so we must address the problem directly. Critics counter that it is not possible with current technology to implement Internet voting at an acceptable level of security and privacy, so the risks of trying it outweigh the potential benefits.

If we can be successful, the payoffs are tangible: morally, ethically, fiscally. If we don't succeed the risks are serious: from disenfranchisement of citizens to interference with our democratic process in the worst case scenario.

What do we do? Move forward (how?), or sit it out and accept the current situation as good enough for now. What do you think?