If the Internet is magic, why can't we vote on it

By Scott Bradner

Regular as clockwork - just after an election which generated far too many stories of people waiting far too long to vote (and far too many local election officials saying that everything went fine and that there were no problems) - come the calls for voting via the Internet. The press wonders if we are a third world country, politicians posture and most security experts say 'don't go there.'

Some examples, a headline in the Washington Post was "Estonia gets to vote online. Why can't America." (http://www.washingtonpost.com/blogs/ezra-klein/wp/2012/11/06/estonians-get-to-vote-online-why-cant-america/) New Jersey tells people they can vote via email. (http://www.cnn.com/2012/11/05/tech/web/new-jersey-voting-email/index.html) Famed Russian computer security expert is quoted by the BBC saying that "the lack of well-established online voting systems is a real threat to the democratic nations of the Western world" (because kids will not vote if they can't do it on line). (http://www.bbc.co.uk/news/technology-17846185)

Anyone who has not been comatose these past few years already knows why we don't vote over the Internet. Most vendors of electronic systems are generically incapable of producing a secure system. Just Google 'voting machine security' for many examples and if that is not enough try "SCADA security."

Most of the articles that ask why we are not doing Internet voting answer their own question. Estonia can do Internet voting because everyone has a government issued scannable ID - the U.S> does not have such a thing. Apparently the voters in Estonia trust the government to not figure out who voted for whom - I kinda doubt that the U.S. population would be so trusting of their governments.

An article in the New York Times on the topic of Internet voting (http://bits.blogs.nytimes.com/2012/11/11/disruptions-casting-a-ballot-by-smartphone/) quoted MIT's Ron Rivest observing that "One of the main goals of the election is to produce credible evidence to the loser that he's really lost." A hackable system, as an electronic voting system would inevitably be, would not be able to produce such credible evidence.

Last night I watched the ending of the History Channel's overly dramatic but still very interesting " The Men who Built America" series. One of the threads in the episodes shown last night concerned the 1896 U.S. Presidential election between William Jennings Bryan and William McKinley. Bryan had spent a lot of time campaigning against monopoly businesses and the exploitation of workers. Among his targets were J.P. Morgan, John D. Rockefeller and Andrew Carnegie - the main subjects of the series. Morgan, Rockefeller and Carnegie decided that they needed a President that was on their side so proceeded to essentially buy the election for McKinley.

Buying a President took some work and money in those days. It would not take much of either to buy a President in an environment were we were using Internet voting equipment manufactured by the current sent of vendors, who seem to have anti-clue when it comes to security, to select our President.

Fixing the far too long lines at some polls would be a good thing to do but not at the expense of making it probable that some 13 year old kid in eastern Europe decides who gets elected.

disclaimer: Many people at Harvard worry about the fairness of elections but I have not heard that any of them have expressed an opinion on hackable elections so the above view is mine.