​David Dill: Why Online Voting Is a Danger to Democracy.. (so why is Cambridge using it? )

By  | February 8, 2017 | 7 Comments | Filed under: uncategorized

If, like a growing number of people, you’re willing to trust the Internet to safeguard your finances, shepherd your love life, and maybe even steer your car, being able to cast your vote online might seem like a logical, perhaps overdue, step. No more taking time out of your workday to travel to a polling place only to stand in a long line. Instead, as easily as hailing a ride, you could pull out your phone, cast your vote, and go along with your day. Sounds great, right?

Absolutely not, says Stanford computer science professor David Dill. In fact, online voting is such a dangerous idea that computer scientists and security experts are nearly unanimous in opposition to it.

Dill first got involved in the debate around electronic voting in 2003, when he organized a group of computer scientists to voice concerns over the risks associated with the touchscreen voting machines that many districts considered implementing after the 2000 election. Since then, paperless touchscreen voting machines have all but died out, partly as a result of public awareness campaigns by the Verified Voting Foundation, which Dill founded to help safeguard local, state, and federal elections. But a new front has opened around the prospect of Internet voting, as evidenced by recent ballot initiatives proposed in California and other efforts to push toward online voting. Here, Dill discusses the risks of Internet voting, the challenge of educating an increasingly tech-comfortable public, and why paper is still the best way to cast a vote.

Why should we be so wary about introducing computers, and in particular the Internet, into the voting process?

Computers are very complicated things and there’s no way with any reasonable amount of resources that you can guarantee that the software and hardware are bug-free and that they haven’t been maliciously attacked. The problems are growing in complexity faster than the methods to keep up with them. From that perspective, looking at a system that relies on the perfectibility of computers is a really bad idea.

Compared with touchscreen voting machines, the opportunity for attacks on the Internet is much broader. Suppose masses of emails get sent out to naive users saying the voting website has been changed and, after you submit your ballot and your credentials to the fake website, it helpfully votes for you, but changes some of the votes. You also have bots where millions of individual machines are controlled by a single person who uses them to send out spam. There is a program just sleeping on there waiting for somebody to come in and use it. Think about the consequences of that when it’s time for an election. People would vote on their personal computers, not knowing that they were handing the ballot to a potential hostile middleman who could change the vote. And neither the voters nor election officials would see anything suspicious. Because of the secret ballot, there is no way for the voter to check that the ballot transmitted to the elections office is the one they filled out on their computer.

Just how disruptive could these risks become?

Without being paranoid, there are reasons to believe that people would want to affect the outcome of elections. Right now, they spend billions of dollars trying to do it through campaign contributions and advertising and political consultants and all of that. It’s like having a jewelry store. How good of an alarm system do you need for your jewelry store? Well, it depends how expensive your jewelry is. What is the value of controlling the U.S. presidency? There are people who would be very motivated to get something so valuable. Those people could include political zealots or campaigns, but they might also include organized crime or even other countries with huge resources.

How easy would it be to hack a computerized system? Not very hard, as we can see from the frequent news stories about massive thefts of data from government and corporate web servers. And there are many other threats, including voters who are not experts in computer security and may be easily fooled, and potential for corrupt insiders at companies that produce the Internet voting software.

The way I look at things is: How many people have to conspire to steal an election now? With paper ballots at polling places, to steal a significant number of votes, you’d have to have lots of poll workers or a lot of voters voting fraudulently, which would be very difficult and expensive. And with paperless touchscreen voting you maybe need a few programmers. If you had widespread Internet voting, on the other hand, the vulnerabilities are even more worrying.

Online voting could threaten the fundamental legitimacy of elections?

From the perspective of election trustworthiness, Internet voting is a complete disaster. While you can’t stop all election fraud, elections must have a higher standard of credibility. They need to have the perception of being low fraud. If you have an election system where fraud can be committed and – this is very important – that fraud is undetectable, then you don’t really have a reason to trust the outcome of the election. And that’s very bad in a democracy, because the whole goal of an election is to satisfy the people who lost the election that they lost fair and square and that the candidate who is elected is legitimate.

Can you tell us about some of the challenges your organization, Verified Voting, is tackling?

The dangerous thing about Internet voting is it appeals to a lot of people on the grounds that they use the Internet for other stuff and it seems like voting should be easy. They don’t stop to ask the computer scientists and don’t even think it’s controversial. Legislators say this sounds like a great idea and write a bill, and such bills have gotten passed without significant debate because it just seems like an obvious thing. There’s no technical input. The challenge is: How do we raise people’s awareness to the point where they can make an educated judgment about the risks of Internet voting?

For instance, this year there were proposals for an Internet voting initiative in California that made me shudder. I don’t think it has gotten enough signatures to get on the ballot, so we’re safe for a while. But ballot initiatives are something where it’s very expensive to educate people enough on the problems of the technology. It’s difficult enough to get legislators up to speed, much less the public. You’re talking about millions of California voters who look at something on the ballot and say, “Oh, this sounds like a good idea.” It could be a nightmare. I’m confident that if people actually do learn about it and take an objective look at the technology, they will conclude that it’s not time yet.

Ultimately, is paper the gold standard we should stick to?

Yes. Paper has some fundamental properties as a technology that make it the right thing to use for voting. You have more-or-less indelible marks on the thing. You have physical objects you can control. And everyone understands it. If you’re in a polling place and somebody disappears with a ballot box into a locked room and emerges with a smirk, maybe you know that there is a problem. We’ve had a long time to work out the procedures with paper ballots and need to think twice before we try to throw a new technology at the problem. People take paper ballots for granted and don’t understand how carefully thought through they are.




7 Responses to ​David Dill: Why Online Voting Is a Danger to Democracy.. (so why is Cambridge using it? )

  1. mjqsmith@bell.net'
    Maggie Smith February 9, 2017 at 10:08 am

    Wow – this is very interesting. But apparently online use has been proven faulty here in Cambridge – but was it faulty or CROOKED??? This article is so true – so let’s push for old-fashioned paper ballots or Ranked Ballots – which is so each and fair.
    2018 needs to be done right whether our crooked Mayor runs again or not – as someone pointed out – he may as he won’t want his errors found out by another Mayor and publicized. Boy does Cambridge need to wake up – but how to get the word out – this above letter needs to be printed in our local papers.

  2. Debbie Duff Vitez February 9, 2017 at 11:29 pm

    The local press won’t publish any of this..

  3. lvann_11@sympatico.ca'
    Tom Vann February 10, 2017 at 7:45 am

    The spineless P.M. Truedoe just reneged on one of his biggest election promises, to revamp the election process. So why would our Province or city do the right thing. He should enjoy his last part of the term he has left because come the next election in Ontario and our country the Liberals are done, period. They are liars, morally corrupt, and will have nearly bankrupted us. Just look what is going on in this city. Getting help from government levels is near impossible. The complaint safeguards for the people are nearly non-existent. Like True Doe said during the election “The budget will balance itself”. WTF? Take another selfie you bone head carbon taxing idiot. Where are all the good leaders gone? Well, I’m off to the Delta to pan handle to pay my taxes. Ole’.

  4. mjqsmith@bell.net'
    Maggie Smith February 10, 2017 at 8:34 am

    I’ll meet you there Tommy – I need my fix for the day!! And don’t count on the Liberals not getting in again as it is well-known that all the high-paid blood suckers vote Liberal – i.e. – Teachers, Firemen, Policemen, Immigrants, Medical, and so on. And us poor suckers help pay all the taxes “Baby” Trudeau is creating. And Wynn – what a useless pc. of humanity – just keeps swinging those hands & uping everything she touches. Hydro – what a mess she has made of this. Hydro One is one of the highest paid bunch of legal thieves.
    Well see you at the Delta – have you got your sign made up yet………

  5. lvann_11@sympatico.ca'
    Tom Vann February 10, 2017 at 11:13 am

    I don’t want to stick out too much so I must consider what to write so it is politically correct. I may just stand in the city hall parking lot while those 150+ grand a year employees toss me their pocket change. Compare our tax increase to other cities and duck.

  6. leskadar@rogers.com'
    les February 10, 2017 at 3:51 pm

    I share the general fear of computerized “everything” that is operated online. It is accessible by others regardless of passwords, firewalls and all the other neat stuff being invented to prevent hackers. The thought of self driving cars just makes me want to scream that we are actually spending money on their development. If even for one second somebody can tell me that a 13 year old whizkid standing in the middle of a desert 3 thousand miles away with a smartphone cannot hack a random car driven down the 401 and take it anywhere they want passengers and all, is complete bunk. Tell Mr. Putin it can’t be done and pick him up off the floor as he rolls around howling.

  7. lwhetham@live.ca'
    linda February 12, 2017 at 4:44 pm

    I had to chuckle to myself as I thought back to the Mayor at Election time thinking that I had hacked into the Computer when I obtained all the papers showing that he was running the Election out of the City Hall, he demanded that a full check was done on the Security of the Offices and that of the Computers, I was told he said “This could be so damaging to my Campaign” of course it was because it is against the law to run Campaigns out of the Office of the City, this many years later I will tell how I obtained these private papers from his Campaign Manager, Each Councillor receives a package every week and when mine was not delivered I looked on the Secretary’s Desk and found my package and quess what the private papers were right there in my package….mmmmmmmm

Leave a Reply

Your email address will not be published. Required fields are marked *