Perspective: The Democratic Party's dangerous experiment

By David Dill and Barbara Simons Published: February 4, 2008 6:03 PM PST See all Perspectives

Tools

Related Stories: E-voting predicament: Not-so-secret ballots
August 20, 2007; Senators to abandon '08 e-voting paper trail mandate
July 25, 2007
Related Blogs: Senate bill urges e-voting paper trail
News Blog
February 13, 2007

perspective As most of us now understand, paperless electronic voting is a really bad idea. But there is a still worse idea: voting over the Internet.

Voters may worry about whether voting machines were hacked by programmers or poll workers who have machines stored in their homes prior to an election. But with Internet voting, we must also worry about whether the system has been hacked by a teenager in Eastern Europe, organized crime, or even an unfriendly government. We must worry about network failure, denial-of-service attacks that shut down selected machines on the Internet, counterfeit Internet Web sites, and spyware or viruses on the computers used to cast votes. And we must worry about whether the people running the system are engaging in electronic ballot-stuffing.

Like whack-a-mole, Internet voting proposals have reappeared in different guises in the U.S. for much of the past decade. When an extremely ambitious U.S. Department of Defense proposal for Internet voting in the 2004 presidential election was reviewed by computer security experts, it was terminated because of security concerns documented by those experts--the same concerns that should cause all citizens to view any proposal for Internet voting with extreme skepticism.

Like whack-a-mole, Internet voting proposals have reappeared in different guises in the U.S. for much of the past decade.

Nonetheless, on Super Tuesday, the Democratic Party is going to deploy Internet voting. Democrats living outside the country will be treated as a 51st state, called Democrats Abroad, and will elect delegates to the convention. This approach adroitly sidesteps almost all regulation on election technology, which typically are matters of state, not Federal, law.

Internet voting won't even be subjected to the notoriously inadequate certification process that applies to almost every other voting system in the U.S. The organizers apparently maintain their confidence in the security of Internet voting by not consulting anyone who might, as happened in 2004, warn them of risks. (We know most, if not all, of the independent experts in Internet voting in the U.S., and none of them has been asked to examine this system.)

Security may not be the only issue with this system. On its Web page, Everyone Counts cites the recent "successful" election in Swindon, U.K, even though the U.K. Electoral Commission reports: "Electronic polling stations in Swindon proved more problematic, with many experiencing connectivity and application issues on polling day." For this and other reasons, the Electoral Commission recommended a moratorium on further e-voting trials in the U.K. until security and other concerns are resolved.

So, why should expatriate Democrats trust Everyone Counts with their votes? We don't know. What we've been able to discover in a few Internet searches is that the company was spun off from an Australian company (PDF) in 2003, and (as of two years ago) the majority shareholder is an Australian. In 2006, the company received an "injection of U.S. private equity" from an undisclosed source. We can't tell you which candidate, if any, the source of the private equity supports.

There are only a few delegates allocated to Democrats Abroad. So it is unlikely, but not impossible, that the delegate selection resulting from the Internet voting process will be decisive in choosing the Democratic nominee for president. Whatever the outcome, it will be impossible for a candidate to obtain a recount, because there will be no meaningful ballots to recount.

Even if Internet voting does not affect the presidential nomination, there is a big risk. Although no one will know if the votes were correctly recorded and counted, the "success" of this experiment will be cited as a reason to expand the use of Internet voting.

We understand that voting is unnecessarily difficult for many expatriate Americans. That is unacceptable. But it is also unacceptable to force citizens to trust their votes to a system that has not been demonstrated to be trustworthy. We need to consider more sensible and secure ways to assist Americans living abroad. For example, we might develop a uniform system for printing absentee ballots remotely, so that it is not necessary to mail ballots to voters weeks in advance. We might consider making deadlines for receiving voted ballots a bit more flexible. Perhaps ballots could even be delivered by FedEx or DHL.

This radically new and untested voting scheme was announced only a short time ago. Press coverage has been minimal and uncritical. Unfortunately, because voters planning to vote over the Internet no longer have time to obtain absentee ballots before the primary, it is too late to kill this dangerous proposal. We urge American expatriates to vote, however they can--even if it involves using this system--and then tell their representatives that paper ballots must be required in the future for all voters, including those outside the country.

Americans living abroad should not be treated as second-class citizens.

Biography
David Dill is a professor of computer science at Stanford University and founder of the Verified Voting Foundation, which supports voter-verified paper ballots and has criticized some electronic voting machines. Barbara Simons is a past president of the Association of Computing Machinery who is retired from IBM and lives abroad. Simons participated in a peer review of the Defense Department's Internet voting project and was a member of the National Workshop on Internet Voting.

More Perspectives

More from News.com on this story's topics: Politics
Create an email alert | RSS feed

See more CNET content tagged:
e-voting, private equity, Democrat, proposal, vote

20 comments (Page 1 of 2)

Thank you
by Blake4 February 4, 2008 7:18 PM PST: This is a much-needed story. I was flabbergasted when I previously read coverage citing the "success" of the recent UK experiment.; Reply to this comment

Wow!!!
by MadKiwi February 4, 2008 7:29 PM PST: This only goes to show how truly out of touch political parties and their advisers are concerning the internet. Unless it is an attempt to promote a system that CAN be hijacked. Out with the tinfoil hats people.; Reply to this comment

No SSL
by decoycop February 4, 2008 8:05 PM PST: Not to mention, the website does not employ standard internet security measures such as secure sessions or even secure log-ins. This is a sure-fire way to undermine any internet voting effort.; Reply to this comment View reply
Processing

Just so long as you know
by wildchild_plasma_gyro February 4, 2008 8:42 PM PST: There is a real problem in the human Ecosystem and much more we could be quite easily. its not some dame voting system and there are people who are more to blame so very much so. Direct Conflict is the solution to all problems.; Reply to this comment

Checks and Balances
by cchenoweth6 February 4, 2008 8:44 PM PST: It's easy to make internet voting work. Attach the voting to your SSN and special pin number that each person gets. That person can check on their vote anytime. Not only that, you can get statistics on your area. If something is wrong, it would be easy to spot this way. Anyone could easily do an audit of any random areas or individuals who know their area is usually republican can can initiate a audit of the area.; Reply to this comment View reply
Processing

Absentee ballots are the way to go...
by gerrrg February 4, 2008 9:01 PM PST: Forget electronic voting...you're still stuck with the problem of long lines. No, the answer is absentee ballots. Oregon has the best system in the world, where everyone gets a ballot that can be mailed in or dropped off in dozens of boxes at all sorts of locations including libraries. No more lines, no more mistakes and untrackable voting. Go Oregon.; Reply to this comment View reply
Processing

Fraud
by georgiarat February 4, 2008 9:22 PM PST: The Democrats have always been about fraud from Lyndon Johnson in Texas to the Chicago machine of Daly. This is just the latest way they can stuff a ballot box. Yes every vote will be counted, the dead and the illegals. The only reason they have control of Congress now is the illegal voters in certain districts.; Reply to this comment View reply
Processing

Too One Sided
by NYCmicah February 4, 2008 10:09 PM PST: While I can agree on a topical level that Internet voting is quite concerning, especially when it is being run by a company whose financial sources are unknown, let's not throw the baby out with the bath water. I have lived all over this country and had the pleasure of voting in 5 different states in my 8 years as an eligible voter. I have voted with the absentee ballot in Arizona, caucuses in Iowa, touch screen in New York, butterfly ballot in Chicago, and optical scan in Kansas City. I completely understand the security issues that have been raised by you regarding Internet voting. Many of the issues raised are legitimate, but the opportunities that are overcome through Internet voting are far greater. Millions of Americans who live abroad are disenfranchised via the current system, especially during the general election. Mail delivery service is wholly unreliable outside of places like Western Europe, Australia, and Canada. Even expedited service from a company like FedEx does not always ensure that a ballot will arrive in time. Military personnel are also left out in the cold with many of their ballots not received or counted, and these are the people who should most certainly have their votes counted. A paper ballot, due to the many requirements placed on absentee and overseas voting, is just not going to cut it. I also have to raise a far greater concern. In every election I have ever voted in, I have yet to have any assurance that my vote actually counted with the one great exception of the Iowa caucuses. Now many decry what happens at the caucuses as being somewhat undemocratic, but the reality is that I vote and I physically see that my vote is counted right there in front of me. No other process that we use to manage voting offers that assurance. With the dramatic rise of absentee voting, we should be even more concerned about our votes actually counting. Most people do not take the time to verify with their county board of elections to determine whether their ballot was received if it was mailed in. We have little assurance or easy verification that our vote was received and counted properly. Even if we hand deliver the ballot, do we know it was put in the right place to be counted with the correct set of votes? The reasons above are why I am a huge advocate of pushing forward with a very specific Internet-voting proposal. We should have voting over a weekend or a week long period. Anyone could vote online during that time. The advantage of doing the voting over an extended period of time would ensure that even with an attack or malicious behavior, that the voting could be carried out with less concern on how it would affect the vote. An important aspect though is that every voter receive a unique voter ID. The voter ID would be linked to the individual only in an offline system. Meaning: John Doe @ 1100 Grand is voter ID NY1234. The online system would know me simply as voter ID NY1234. Only the offline elections system would know who voter ID NY1234 is. There could be a security question or something of the sort linked with the voter ID, but the only way to find out what my voter ID would be through the election office. Only myself and authorized personnel would have access to that. The security question would ensure that only I vote with my voter ID. IP addresses could be logged, verification of the location that I am voting in would be required, VPNs would not be allowed, etc. There are many basic steps that could be taken to ensure the security of the vote. If this were done on a national scale, then the costs of it would most likely be less than the ridiculous amount we spend on elections right now. The most important aspect of what I propose though is that I can verify my vote was counted under my voter ID. I can see a tally of my precinct, county, and state. I can see where my vote was counted along with everyone else, and I can be sure that it was counted correctly. Like I stated above, aside from the caucuses that I have participated in, every other vote is a perpetual black box. It does not matter if it is paper with optical scan, absentee, touch screen, or anything else. I have little capability without raising heaven and earth to ensure that the ballot I specifically cast was counted toward the total of the vote count. Internet voting offers an amazing ability to also quickly eliminate the names of candidates who are no longer seeking an office. Just look at New Hampshire, South Carolina, and Florida where literally tens of thousands of votes were cast for candidates who were no longer seeking the office of president. You have to assume that these were not cast correctly or the vote was cast too early. Internet voting could change the game, offering the ability for a candidate to easily have their name removed from a ballot with little cost or hassle. With all the security issues that you can come up with to write off Internet voting as a potential danger to democracy, I have to ask myself, aren't we engaging in more risks already? The integrity of the vote has been a problem in our country since its foundation, and I expect that the integrity of the vote will only improve as the years move forward. I think that providing citizens the ability to see that their vote was tabulated in a way that does not hinder the private voting habits that we cherish is the best way for us to move our elections forward. Internet- based voting is the best tool to provide that opportunity. Paper ballots do not ensure the integrity of the vote, as you seem to advocate. Only creating a system ensuring that Americans can verify their vote will improve the integrity of the vote.; Reply to this comment View reply
Processing

Malware:
by ethana2 February 5, 2008 3:42 AM PST: I'm not pleased to see Microsoft's operating system holding us in the past anymore. This must end. For that technical point, I present this: www.ubuntu.com NEXT ISSUE: DDoS attacks.. well now lets's see, how are those usually performed? See above. NEXT ISSUE: foreign nations tampering with stuff.. well, those foreign nations would have foreign IP's with no citizen voting accounts, wouldn't they? Keep it secure-- avoid IIS.; Reply to this comment

Internet voting is NOT about voting...
by mbenedict February 5, 2008 7:36 AM PST: It's about Marketing and Public Relations. At this primary stage, Democrats Abroad and the Democratic Party does not really care if the internet voting system is secure or not. That's irrelevant. The real prize is the general election in November. Having Internet Voting now allows Democrats Abroad to collect names of potential voters for November. It "excites" their activist base and "engages" them into the Party. With Internet Voting the party can be seen as being "in touch" with the needs of a young, internet-savvy constituency, while building a calling list at the same time. Concepts like voting security is a distant concern.; Reply to this comment View reply
Processing