Friday, November 16, 2007
Worst... Idea... Ever...
Online voting is, frankly, a boneheaded idea
In the three-year tradition of Martin Rayner saying incredibly fucking stupid things online, he has, of late, offered up another doozy.
In a post criticizing the Conservative government for tabling legislation that would allow Canadians two days to vote in a federal election, as opposed to merely one, Rayner relies on the speculation of Andre Blais and "Flying" David McGuinty, and instead suggests that Canadians should be allowed to vote via internet.
I shit you not.
What mr Rayner has probably declined to consider is the effect that online voting would have on Canada's electoral security -- our ability to assure that our elections are carried out in an equitable, transparent, and legal fashion. Electoral security is integral to the health of any democracy.
Yet, for some of the best reasons why Canada must not embrace internet voting is actually found in our neighbour to the south, and the debacle that transpired after their introduction of the infamous Diebold voting machines into their elections.
It was eventually discovered that the use of these machines allowed for the manipulation of election results. The machines could be hacked at absolutely any point between storage and use. In one particularly ingenious test scenario, an enterprising young hacker snuck a collapsable keyboard into the ballot booth and hooked it up to an unsecured port.
Once one considers expanding the use of automated voting methods beyond these machines and on to the internet, one encounters a plethora of problems. The internet is significantly less secure than the incredibly insecure Diebold platform, for a number of reasons. First off, one need not be in physical proximity to the machines in order to hack them: they can virtually do it from the comfort of their own homes. Secondly, the relative insecurity of the average user's computer helps them do this. Third, the investment in cyberwarfare technologies by countries such as China certainly renders them able to either outright sabotage an election, or manipulate its results in order to empower a government that would be amicable to them.
In regards to the data collection itself (in this case, the voting), we need to be assured that the data is collected in a secure and private matter. Also, data loss, data destruction, unauthorized access to the data, and improper disclosure all become issues.
Once a ballot is cast, an electronic ballot gives any potentially unscrupulous partisan tabulators an opportunity to change the vote – given that they possess the necessary skills (which, it should be noted are becoming more and more common) –- or even record the vote for a candidate other than whom it was cast in favor of. With no permanent, incorruptible physical record of how each ballot was cast, internet voting undermines electoral security.
At least our current balloting system ensures that our vote will be counted as cast, as opposed to however these aforementioned potentially unscrupulous individuals would prefer they be cast.
Underscoring this are numerous studies (“Loch & Carr, 1991; Anderson, 1993; Parker, 1998; Vardi & Wiener, 1996; Neumann, 1999 ”) show that a significant portion of security breaches –- electronic or otherwise –- can be attributed to an organizations’ own personnel.
An online ballot is not merely susceptible to threats internal to the system – it is also subject to external threat. A study of Australian firms (Dinnie, 1999) revealed that 16% of Australian firms involved in e-commerce either had suffered, or believe they had suffered, one or more violations of their network’s electronic security.
Cyptography –- the practice of encrypting information gathered or distributed online –- is the generally-accepted solution to the risk of online security violation. However, these decryptions are only as good as the individuals who design them, and are no better than the hackers who manage to break them.
Last but not least, there would also be no assurance that the individuals voting are the same individuals registered to vote, or even that they are Canadian citizens.
At least the process of having voters show up to cast a physical ballot on election day presents us with the most basic guarantees that our elections are being conducted in a secure fashion.
And while it shouldn't ever be pretended that there is no possibility for electoral fraud under these circumstances -- history has provided us with many examples -- the current process can at least claim to have withstood the test of time.
Internet voting, like other forms of electronic voting, can not and will not.
That being said, it's pretty safe to say we can send Mr Rayner back to the drawing board.