Our Insecure Democracy

I happen to be a rather political person, but I try to keep my politics out of my work in the security and privacy arena because these issues must transcend politics. Our democracy in many ways depends on some basic level of computer security and personal privacy. In no place is this more obvious than the security and privacy of the voting booth.

With the 2016 US election fast approaching, it’s important to call attention to the sorry state of affairs that is the US voting infrastructure. There are plenty of other problems with the US election system, but there’s hardly anything more fundamental to our democracy than the method by which we vote. (I’ll be focusing on the US election system, but these principles should apply to any democratic voting system.)

At the end of the day, the basic requirements are as follows (adapted from this paper):

  1. Every eligible voter must be able to vote.
  2. A voter may vote (at most) one time.
  3. Each vote is completely secret.
  4. All voting results must be verifiable.

The first requirement may seem obvious, but in this country it’s far from guaranteed. For many reasons, many eligible and willing voters either cannot vote or have serious obstacles to voting: inability to get registered, lack of proper ID, lack of nearby voting sites, lack of transportation, hours-long waits at polling places, inability to get out of work, and so on. Voting should be as effortless as possible. Why do we vote on a Tuesday? We should vote on the weekend (Saturday and Sunday). For people that work weekends, they should be given as much paid time off as necessary to vote. We should also have early voting and support absentee voting.

The second requirement has become a hot-button political issue in this country, though in reality, in-person voter fraud has been proven again and again to be effectively non-existent. We’ve got this covered, folks. We don’t need voter ID laws and other restrictions – they’re fixes for a problem that doesn’t exist, and they end up preventing way more valid voters from voting than allowing invalid voters to vote (see requirement #1).

Now we get to the meat of the matter, at least in terms of security and privacy. The third requirement is that every vote is completely secret. Most people believe this is about protecting your privacy – and to some extent, this is true. You should always be able to vote your conscience without worrying how your boss, your friends, or your spouse would react. You should be to tell them or not, lie or tell the truth – there should be no way for them to know. However, the real reason for a secret ballot is to prevent people from selling their vote and to prevent voter intimidation. If there is no way to prove to someone how you voted, then that vote can’t be verifiably bought or coerced. I think we had this pretty well figured out until smartphones came along. What’s to prevent you from taking a picture of your ballot? Depending on what state you live in, it may be a crime – but as a practical matter, it would be difficult to catch people doing this. However, I’m guessing this isn’t a big problem in our country – at least not yet.

Which brings us to the fourth and final requirement: verifiability. This is really where the current US voting system falls flat. In many states, we have voting systems that are extremely easy to hack and/or impossible to verify. We live in the era of constantly connected smartphones and tablets – a touchscreen voting system just seems like a no-brainer. But many electronic voting systems leave no paper trail – no hard copy of your vote that you can see, touch, feel and verify, let alone the people actually counting and reporting the vote tallies. The electronic records could be compromised, either due to a glitch or malicious tampering, and you probably wouldn’t even know that it happened. But regardless of how you enter your vote, every single vote placed by a voter must generate a physical, verifiable record. That may seem wasteful in this digital age, but it’s the only way. There must be some sort of hard copy receipt that the voter can verify and turn in before leaving the polling place. Those hard copy records must be kept 100% safe from tampering – no thefts, no ballot box stuffing, no alterations. And every single election result should include a statistical integrity audit – that is, a sampling of the paper ballots must be manually counted to make sure the paper results match the electronic ones. If there is any reason to doubt the electronic results, you must be able to do a complete manual recount. That’s the key.

Unfortunately, according to that same MIT paper, we have a hodge-podge of voting systems across the country, many of which have at least some areas where they use electronic voting systems (Direct Reporting by Electronics, or DRE) without a paper trial (Voter Verified Paper Audit Trail, or VVPAT).

voting systemsThis map pretty much says it all to me. It’s time that we adopt national standards for our voting infrastructure. You can leave it up to each state to implement, if you’re a real “states rights” type, but honestly I think we should just hand this over to the Federal Election Commission and have a single, rock solid, professionally-vetted, completely transparent, not-for-profit, non-partisan voting system. Of course, we’d need to revamp the current FEC – give it the budget, independence and expertise they need to do their job effectively. It should be staffed with non-political commissioners (never elected to office and no direct party affiliation) and they should be completely free from political and financial influence. This is much easier said than done, but if we can just agree that our democracy is more important than any party or ideology, just long enough to do this, then maybe we can make it happen. Of course, there’s no way any of this will happen before this year’s elections, but we should be able to get this in place for 2018 if we start now.

What can YOU do? As always, get educated and get involved. Write your congress person and vote for people that have vowed to reform our election and voting systems. If nothing else, give money to organizations that are doing the right things, and ask your friends and family to do the same. I’ve given some examples below for you to consider. Note that it’s very hard to find completely unbiased organizations because these issues have been so politicized and our country right now is very polarized. But whatever your political leanings, you can’t have a true democracy if you can’t have fair, open, and verifiable elections.

If you’re interested, here are a couple more good articles to check out.

UPDATE: Another interesting story on the security of our voting system.