ApplicationsBlog

Why Can’t We Vote Online? [Video]

By September 23, 2016 2 Comments
[iframe id=”https://www.youtube.com/embed/VfQ2fM1nMVM” align=”left” mode=”normal” autoplay=”no” aspect_ratio=”16:9″ maxwidth=”720″]

Voting in elections is one of those essential modern tasks that seems as though it should knuckle under to current technology trends pretty easily. We can buy anything we want online, mostly; we can view our medical records online, check our bank balances. Renew a drivers’ license. So, why can’t we vote online? The question comes apart into two pieces; firstly, what are the specific practical obstacles to creating and running an online voting system, and secondly, even if we could build such a system, would it be a good idea to do so? Here are a few of the main practical challenges:

  1. Verification. How can we determine that a would-be voter is who they claim to be? How can we determine that this personally is legally permitted to vote, and has not already voted in this election?
  2. Security. How can we prevent an online voting system from being manipulated from the outside? Possible manipulations would include altering votes to affect an election’s outcome, or perhaps just reading data to see which way individuals voted.
  3. Performance. Studies show that web users are unwilling to wait more than a few seconds to get some kind of response from a web page. Elections are one of the “spikiest” of applications, meaning that user activity is concentrated intensely during a very short timespan (though this would be less the case if the main intent was to supplement absentee balloting, which has a longer window in which to vote. Even so, activity would tend to be concentrated around the voting deadline). An online voting system would need to be built to handle potentially very high peak loads.
  4. Usability. People give up very quickly on software applications that they feel don’t work well. With a physical ballot, once a voter has gotten to a polling place, they will slog through a complex physical ballot, though they may skip all but a few races. But a web user, confronted with a page that annoys them, will typically just close the browser tab and go back to giraffe videos without a second thought.

Can We?

Your first reaction might be to say that modern web sites already overcome all of these hurdles. Yes and no. Verification: Amazon and eBay don’t care how many different accounts the same real person creates. If you want to buy things under four different user names, with four different payment methods and eleven shipping addresses, have at it. For voting, it’s essential that each individual person vote once and only once per election. As a result, there would probably need to be a verification component that was not 100% online, much like a bank sending you a PIN in the mail. Security: When you’re online, the whole world can see you. As a result, public online systems have to be secure from any hacker, anywhere in the world. This includes international mafias, and it also includes nation-states. Performance and usability, on the other hand, are reasonably well-solved problems. An online voting system, especially one working at the state or county level, wouldn’t require major advances in either of these areas.

But the first two areas are more than enough to make any effort at online voting extremely challenging. A verification system that is sufficiently rigorous is likely to deal a significant blow to usability. Again, one would need to use something like a PIN mailed to a physical address. Banks can get away with this because onlin ebanking is a service that, once set up and running, people will use almost every day. People may be less motivated to wade through a complicated verification process for what is essentially a one-time interaction. The convenience edge of online voting would dissipate in a hurry if the verification process was remotely as complex as, say, renewing a driver’s license.
A verification system that is sufficiently rigorous is likely to deal a significant blow to usability.
As challenging as verification is, the challenge pales beside the issue of security.
As challenging as verification is, the challenge pales beside the issue of security. With enough dollars and expertise, any system on earth can probably be hacked. The reverse isn’t true — no amount of dollars or expertise can make the fundamental plumbing of the worldwide internet — technologies such as SSL, and TCP/IP itself — secure. These technologies were designed for use within academia, an essentially open world. These technologies weren’t designed to protect things as fundamental as core democratic processes, from possible interference by determined, malicious enemies the size of nation-states. The designers of these protocols would probably laugh at the idea. Technologies like IPv6 could mitigate some of these concerns, but adoption has been slow.

A Tough Combination

Online voting presents an almost unique challenge: voting requires strong identity verification, so that votes only come from legitimate voters, and each voter can only vote once, but voting also requires strong protection for anonymity, so that a given vote cannot be traced back to the voter who cast it. “Analog” voting solves both of these problems well: a ballot is prepared for you and you alone, but once you vote the ballot, a top tab with your identifying information is torn off and discarded, and the vote becomes anonymous. This is a physical process, that an in-person voter can see happening. (Absentee voters need to take it on faith.) In contrast, Internet applications that offer high security offer zero anonymity. My Amazon and online banking systems know exactly who I am, and track and store records of all my activity. An online voting system would somehow need to anonymize votes once they’ve been cast. And how to replicate the security of a process where an individual voter, in person, sees a ballot physically anonymized? We would have to trust that an online voting system would do this. We could have people audit the systems for compliance, but who chooses the auditors? We end up with a who-will-guard-the-guardians conundrum. Which leads to a final consideration, discussed in the next section.

Should We?

Suppose for a second that we can overcome the hurdles just discussed. Are there any reasons that, even if an online voting system CAN be built, that perhaps it should not? Perhaps the best argument against online voting systems comes from the technical sector itself, where giants like Apple, Microsoft and Google exert tremendous control over speech and culture simply by their control of the networks and software over which so many people communicate today. Apple can influence what songs we buy. Google tells us which web pages are worthy of our consideration. Networked computer systems are used by millions, but are built, maintained and controlled by much smaller numbers of people. The people in control have almost unfettered access to manipulate the software we use, as well as an ability to go in through “back doors” that they may have deliberately built in. It’s axiomatic that every system has a superuser, a person or persons who has unlimited privileges in the system. It’s generally accepted that superuser access is necessary for administration and troubleshooting. But superusers, who are generally few in number, with unknown identities, have extraordinary control over systems, and can cause extraordinary damage. So an online voting system would not only be vulnerable to subversion from outside, it would also be vulnerable to subversion or misuse from within.

You May Also Like

Further Reading

Steve Lane

Steve Lane

Steve is Soliant's Chief Technology Officer and has been working in the areas of databases and software development for over twenty years. From a background in academics and higher education, he moved into the technology industry and has been leading software teams for the last dozen years or so, working with hundreds of clients of all sizes. He is a recipient of the FileMaker Excellence award and has co-authored six books on database development. After graduating magna cum laude from Yale College, Steve earned a master's degree and Ph.D. in history from the University of Chicago, as well as an M.S. In Computer Science from the same university.

2 Comments

  • Estonia does its national elections via internet voting. Interesting an old soviet block country is ahead of USA and rest of Europe.

    • Steve Lane Steve Lane says:

      Hi Taylor: Estonia does indeed allow online voting. It’s a a great example since it highlights so many of the inherent challenges. On the one hand there have been critiques, some of them severe, of the Estonian system’s security. On other hand, defenders have condemned those critiques as politically motivated. Given Russian’s known ability to disrupt Estonian networks, I’d be inclined to be worried.

Leave a Reply