If you don't follow developments in e-democracy, and haven't been involved in the e-voting UK pilots then you might think it a pretty obvious good idea. You just press some buttons in a kiosk instead of putting your cross on a ballot paper, and get a a quicker result, don't you? Must save money at the count, mustn't it?
It's not that simple, as I discovered at the recent e-democracy '06 conference. My rather dim recollections of controversy in the US and Ireland were brought smartly to the fore by a showing of the US film Hacking Democracy, and an interview with its co-director Russell Michaels. Then UK-based consultant Jason Kitcat weighed in with a withering attack on the whole idea. His message: stop now. Jason trailed the film a few weeks back:
'Hacking Democracy' is an 80 minute documentary film which completely lifts the lid on the corruption, fraud and ignorance surrounding e-voting in the US. Included in the film is an on-camera successful exploit of a certified e-voting machine. While for those who have followed the US developments in details, there may be few surprises, for most viewers the impact of seeing this stuff on film is going to be huge.
What's extraordinary about the film - besides showing how e-voting machines and their software can be hacked - is the three-year story it tells of how a US citizen Bev Harris was dissatisfied with the answers she was getting about e-voting, started investigating, and as distributors HBO report:
In the course of her research, which unearthed hundreds of reported incidents of mishandled voting information, Harris stumbled across an "online library" of the Diebold Corporation, discovering a treasure trove of information about the inner-workings of the company's voting system.
Last week was the deadline for applications from councils for the next round of pilots in England due for May 2007. We should soon know whether councils have heeded the warnings of Jason and others that the timetable is crazy, and it's all a bad idea anyway.
Update: I invited those I interviewed to add points if they wished, and Jason added:
I'm all in favour of experimentation and using technology. But e-voting is a difficult technology to get right which delivers little if any perceived benefit at great cost, both financial and in terms of trust.
As the 2007 e-voting pilots unfold I will be watching them carefully, reporting on my blog and campaigning through the Open Rights Group.
Additional video (very good):
Veteran Leon County Election Supervisor Ion Sancho explains the dependency that election officials come to develop for vendors and their personnel.
[Ion was the guy in Hacking Democracy who let his county's machines be hacked. Since then then ALL the major vendors have refused to supply him - they don't want their systems tested either. So much for competition.]
Hello David,
Can you elaborate on e-voting? Do you mean desk-top and PC voting, or do you mean the electronic device at the volting booth?
I agree that software can be hacked, but so is paper and pencil (such as US 2000 in Florida???) But I also think it has alot to do with the 'democractic' climate of the country.
Whether one is using pen & pencil, high tech, or thumb printing, if the top is not showing good example, what could one expect from the rest? PC, Internet, pen&pencil, thumb prints are nothing, but just tools.
As we have seen in recent years in some developing countries that either tasting their first voting rights, or to remostrate, the turned out were huge. Take the case of Zimbawe. How eager were the citizens looking for 'democracy'? They did not have e-democracy. They stood in long lines, in rain and in hot sun. They wanted democracy bad. And who were the "HACKERS"? The tugs sent to threaten them, abused them ...
What if we have the most 'secure' e-democracy, e-voting BUT then we have to watch our leaders slinging muds at one another during debates? Would that bring e-democracy any better?
Let's concentrate on the issue of rights and just. Of honesty and decency. When we have all that, when can make human kind understand that, democracy comes automatically.
Posted by: cindy | November 26, 2006 at 04:15 AM
A comment from a crypto point of view - although some of the ideas could be translated easily into political and corporate lingo too. What amazes me is the apparent (perceived?) and complete separation from the established electronic security industry - and history - that Diebold seem quite happy to foster.
These are *not* new issues - I know many cypherpunk-style fora have been kicking the nitty-gritty (both political and mathematical/technical) details around for many years, and even basic security practice for developing simple applications has undergone increased renewal. Indeed, if Microsoft have finally woken up to security methodology, there's no excuse for Diebold ;)
It's a shame, in a way, that many of these details are highly complex in nature - there's no way, for instance, that I could get my head round much of the maths involved in secure distributed networking. On the one hand, a public understanding of these complexities isn't necessary - in the same way that understanding the maths behind PGP isn't necessary to use it.
On the other hand, we must place this complexity alongside the infrastructure that it operates within - the voting system. The beauty of the current system here is simplicity (and hence understandability). Complexity opens the system up to uncertainty, which is inherently related to the links that information is transmitted over.
How can you be certain, for instance, that the "strong" crypto-protocols you're relying on aren't militarily-weak, or that man-in-the-middle attacks are a plausibility?
The open-source vs closed-source debate over better security models is far from being decided. The attitude of Diebold is fundamentally removed from this anyway, and hence fundamentally depressing. But even if it wasn't, the complexity remains.
I'm not sure that this isn't a completely intractable problem, but I do know that security starts with attitude. And paranoia. And, most importantly, *people*. Currently the attitude towards e-voting (and postal voting too) is of blank-faced naivety.
Posted by: Graham Lally | November 28, 2006 at 05:31 PM
Actually, following on from my previous article, and having just read an EFF description of the *functional* problems plaguing some of the e-voting machines, the problem doesn't seem to just be attitude towards security. Basic software/product development processes (such as testing) seem to be being ignored as well.
This does, I think, highlight the debate in terms of whether we can trust machines, and whether we can trust the people developing those machines. We trust banks, for instance, and the networks over which transactions flow, and/but how is this different to trusting machines over which votes flow? Different people, different institutions, sure. Different technology? Different "moral" values of the transactions? Different compensation" models? I think these are all aspects of the question of whether we can "trust" e-voting mechanisms or not, but most are often ignored AFAICS.
Posted by: Graham Lally | November 30, 2006 at 01:51 PM