Despite the recent hack during public testing of DC’s Internet voting pilot and the rash of other security problems that have plagued the short history of online voting systems, elections entrepreneurs, along with some state officials and voter advocates, continue to make headway as they push for the adoption of i-voting technology. The practice – and the private voting systems industry that appears poised for more widespread adoption – has found an inroad via military and overseas voters. As the November midterms near, 33 states have laws on the books that allow for some form of Internet voting for citizens living abroad and for military members and their families.
In 2004, the Department of Defense’s Federal Voting Assistance Program (FVAP) called off its $22 million pilot to collect 100,000 online votes from military and overseas voters from seven states, citing security concerns. In the Netherlands, Internet voting was banned outright after an unpromising 2006 test of the country’s fledgling system. Although little evidence has since appeared to assuage the concerns of the computer scientists and election integrity experts who are i-voting’s most vocal critics, the demand for so-called “digital democracy” appears to be growing. Investors expect Internet voting to make up an increasing share in the electronic voting systems market, which was recently estimated to be worth $1.5 billion.
This election, counties in 25 states will digitally deliver blank ballots to military and overseas voters. Colorado’s four participating counties and Texas will also allow ballots to be marked electronically. West Virginia’s eight participating counties and Arizona are permitting voted ballots to be returned via Internet voting systems. Arizona has allowed the practice via its state-designed system since 2008, and West Virginia will use systems supplied by private vendors Everyone Counts and Scytl. All but 11 of the remaining states will allow votes to be returned via fax or email (although Idaho, Maine and Missouri only permit this practice under special conditions), methods which effectively require voters to forfeit ballot secrecy and present additional problems that overlap with those of dedicated Internet voting systems.
For one, notes Pamela Smith, president of the elections integrity organization Verified Voting, anytime “you’re sending a ballot through the ether, you also have chain of custody issues.”
Act Two of the DRE Drama
“Internet voting is regarded by many governments as the next natural step in the evolution of electoral processes” Scytl claims on its web site, citing i-voting’s “potential to increase voter turnout rates, facilitate the voting process to citizens and enfranchise voters such as overseas voters, military voters and voters with disabilities.” In August, the FVAP awarded Scytl nine of the 20 states slated to use private vendor systems to deliver blank ballots online to military and overseas voters. It was the largest number of states assigned to any of the six contractors involved.
The argument for technology as a tool to boost participation has already proven successful in paving the way for scandal-ridden DREs (direct-recording electronic voting machines), which were billed as the key to accessibility for voters with blindness and other disabilities. After the 2000 election, “The whole discussion really got hijacked by folks who wanted to go with e-voting for whatever reason and they basically used blind people to do it,” said journalist and blogger Brad Friedman, whose diligent muckraking coverage of election scandals large and small has earned him the distinction as “one of the squeakiest wheels on the subject of voting,” according to CNN. “If you’re against the idea, that means you hate blind people. That’s how they did it. That’s the same scam they are now able to pull with Internet voting. If you’re against Internet voting, it’s because you hate the troops. It’s absolutely perfect and brilliant and despicable all at the same time.”
Some advocates for military and overseas voters share Friedman’s skepticism. “Money and fame are real drivers, even in the election world,” wrote Overseas Vote Foundation (OVF) President and CEO Susan Dzieduszycka-Suinat in an email to Truthout from her base in Munich. “There are vendors who will make a lot of money, or potentially hope to make a lot of money and become celebrated in their circle, by pushing this right now.”
The Department of Defense (DoD) declined to release the dollar amounts of the contract awards granted to the six vendors – Scytl, Everyone Counts, Konnech, Aquilent, Vexcel Corporation and Credence Management Solutions – citing two exceptions to federal acquisition regulations, one of which applies as long as a single contract is not expected to exceed $100,000. The DoD awarded 20 contracts for the project.
The DoD referred Truthout’s inquiries about award amounts to vendors. Scytl Managing Director Hugh Gallagher said his company was under a non-disclosure agreement with the FVAP. Via Business Development Manager Laura Potter, Konnech President Eugene Yu declined to release the figure that company will be paid to deliver blank ballots for Nevada, Montana and New Jersey. The other four vendors did not return calls for comment.
While West Virginia is the only state to enlist private vendors’ technology for ballot casting, the 19 other states that will use their systems to deliver blank ballots arguably provide a toehold for private electioneers’ deeper involvement in future US elections.
If their international ambitions are any indicator, at least two of the six vendors are unlikely to overlook opportunities for expansion. Everyone Counts claims that, combined with modern technology, its innovation “makes it possible to offer secure voting even in developing countries” and promotes its commitment to “eventually expanding this service to overseas citizens of other democratic nations.” In August, Scytl was awarded a five-year contract for Internet elections in India.
Codifying Privatized Elections
The i-voting phenomenon owes much of its momentum to the 2002 Help America Vote Act (HAVA) and the 2009 Military and Overseas Voter Empowerment (MOVE) Acts. In response to the disastrous 2000 presidential election, HAVA – which helped usher in the DRE era – committed $3 billion to upgrading elections systems and, as elections lawyer Candice Hoke and computer scientist David Jefferson wrote in an American Bar Association guide to modern election law, “provided major financial incentives for the shift to computer-based voting” while devoting “far too little attention to the regulatory, managerial and technological infrastructure at both the federal and state levels that was needed to support the dramatic systems shift.” The highly privatized, low-regulation elections climate that HAVA helped foster now threatens to complicate implementation of the MOVE Act, which was intended in part to address logistical delays that can prevent military and overseas votes from reaching officials in time for elections deadlines.
“The statutes do not require the transmission of ballots over the Internet,” Hoke told Truthout. “The agencies seem to be saying that’s what the meaning is, but they have no statutory analysis to support it.” In addition to the MOVE Act and HAVA, Hoke, a Cleveland State University law professor and the director of the Center for Election Excellence, is closely examining several defense appropriations bills that have also been interpreted to contain provisions for Internet voting.
Questions have also been raised about the integrity of Internet voting proponents’ security claims. Voting systems’ vendors frequently tout the “military grade encryption” that they claim makes their products safe.
“I personally think it’s bunk, because what they’re telling you is, ‘We have a data center that’s better than Google,'” said Greg Miller, co-executive director and chief development officer at Open Source Digital Voting (OSDV), which is working with DC on aspects of its i-voting pilot. Google’s network was compromised by hackers in January.
“One of my biggest gripes about the Internet voting proponents is that they fail to understand that the cost and complexity to stand up a data center with the kinds of procedures and protocols and security mechanisms to afford that ballot as much protection as possible is cost prohibitive for 99 percent of the precincts in this nation,” said Miller. “D.C. is a Vatican. They have their own budgets and they are flush.”
Questions about security are not limited to funding capabilities. Following a successful hack during a public testing phase at the end of September, DC suspended the digital ballot return portion of its pilot program and instructed voters to send in their voted ballots via fax or email instead. The suspension went into effect after University of Michigan computer science professor J. Alex Halderman found a weakness in what he called the system’s “brittle” design.
“Within 36 hours of the system going live, our team had found and exploited a vulnerability that gave us almost total control of the server software, including the ability to change votes and reveal voters’ secret ballots,” wrote Halderman in a blog post following the hack.
Halderman’s heist was essentially a benevolent sabotage attempted at the invitation of DC officials. Even if he and the other participating hackers had failed, the test would not have accounted for the concerns of electronic voting expert and computer scientist Dr. Barbara Simons, who thinks the pilots springing up around the country invite a false sense of security that distracts from the problem of scaling them up.
“If I’m going to steal an election, I probably won’t mess with these little pilots,” said Simons, who co-authored the report that led to the cancellation of the 2004 pilot. “I’m going to wait until there’s this groundswell for Internet voting.”
Citing the Google hack, which many suspect originated in China, Simons emphasized that online voting systems are opening up the US to an entire planet of would-be saboteurs. “This is really a national security question,” said Simons, who pointed out that Scytl is headquartered in Spain. “We certainly don’t want other countries determining who runs our government. We also have to think about political parties engaging in mischief. Given how much money is spent on our elections, a small fraction could be used to hire a really good hacker.”
If doubts are raised about election results, the data encryption i-voting systems employ to safeguard ballot secrecy becomes a transparency threat, effectively outsourcing verifiability to experts capable of decrypting voting data.
“I shouldn’t have to trust in a rocket scientist or a computer scientist that the vote was counted accurately and securely,” said Friedman. “Even if every vote is counted absolutely accurately, if there is no way for me, an average citizen, to know that, then you’ve got a 100 percent fail on your hands. It’s more than just having security and accuracy. It’s citizens being able to oversee their own public elections.”
Miller pointed out that the time-consuming decryption process is incompatible with a system of government that requires elected officials to be installed in office in a timely manner. “What the activists are correctly pointing out,” he said, “is that there isn’t even a discussion to be had about probability” of a glitch in an online election. “You still have to deal with the fact that if that risk comes to pass, you’re screwed.”
Numbers on the US’s military and overseas voters indicate that a hack or system failure has game-changing implications even if, as some Internet voting proponents have suggested, the practice is permanently restricted to that population. OVF data show that military members, their families and voters living abroad generally make up about two to three percent of states’ eligible voters and about 2.4 percent nationwide; Alaska has the highest number, with 12.7 percent.
Oversight Still Varies Drastically
The debate around Internet voting also reignites criticisms of HAVA’s attempt at legislating voting equipment standards. The act mandated the creation of federal standards, but made state compliance voluntary. According to a 2009 Election Assistance Commission report, 16 states and four US territories require no observation of the federal standards. One of these states is West Virginia. Another is Florida, where Everyone Counts recently announced it will electronically deliver blank ballots not only to military and overseas voters, but to disabled voters as well.
The disabled rights community eventually came out against DREs when it became clear that the same systems purported to improve accessibility for voters also compromised the transparency of election results. It remains to be seen if troops, overseas citizens and their advocates would do the same.
Even before the DC hack and despite his organization’s role in the capitol’s pilot, OSDV’s Miller was unequivocal about the opportunity the controversial program presents for i-voting detractors:
“Use this as a public forum to go out and make your case for why it’s a bad idea. Somebody start the initiative to seek legislative abolition of the Internet for voting data and I will support it.”