E-Voting Is Very Different From E-Banking

from the paper-trail dept

Catching up on my reading, I recently came across this post from the University of Chicago's Saul Levmore about the merits of touchscreen voting. Levmore thinks that "the future is surely with the touch-screen or some other form of online voting." Levmore doesn't go into any detail about why he thinks this; I assume he's simply not familiar with the many e-voting problems we've covered here at Techdirt. He may not know, for example, that voting machines are susceptible to viruses that can allow a single person to corrupt every machine in a county or even an entire state. Levmore makes an interesting analogy to automatic teller machines. He points out that we've been using ATMs without any serious problems for decades, and wonders why we can't use the same technologies for voting machines.

What Levmore is missing is that the security model of an ATM is totally different from the security model of a voting machine. The most important line of defense against ATM fraud is not the machines themselves, but the fact that they produce a lengthy paper trail. If a hacker breaks into a bank's network and transfers funds from someone else's account to his own, two important things will happen. First, the victim will notice an unauthorized transaction and complain. And second, the perpetrator will need to pick up the money somehow, which will create a paper trail that will help the police find him. For example, a hacker trying to physically steal the cash from an ATM has to be physically present to pick up the cash, which increases the risk that he'll be caught in the act -- especially if he tries to knock off several machines in a row. It is the likelihood that fraud will be detected and punished, not the inherent unhackability of the machines themselves, that makes ATMs secure. In contrast, nobody knows what the "right" election outcome is supposed to be, so there's no one in a position to object if the results get altered. And because peoples' votes have to be kept secret, voting machines can't create the same kind of personally-identifiable paper trails that ATMs do. Unlike stolen cash, a stolen election doesn't need to be physically delivered to the beneficiary, so there's no way to trace the loot to find the perpetrator. That means that even if election fraud is detected, there's not going to be any straightforward way to figure out either who did it or what the result should have been. We can be pretty sure, for example, that something went wrong in the 2006 election in Sarasota County, but we have no way to be sure if foul play might have been involved or if (as seems more likely) the software was just flaky.

There's a more fundamental issue that should be especially familiar to the folks at the University of Chicago: banks have much stronger incentives to get things right than election officials. If a criminal succeeds in knocking off an ATM machine, the bank that owns that ATM machine stands to lose a lot of money. As a result, the bank has a strong incentive to take the steps necessary to secure the ATM, or to not deploy the ATM at all if it thinks that securing it would be too difficult. Banks have both the incentives and the resources to hire computer security experts to advise them on fixing potential problems with their ATM machines. In contrast, state officials have only a weak incentives to get voting machine security right. A stolen election will be a rare occurrence even with insecure voting machines, and if it does occur, state officials can easily shift blame to other people -- county election officials, vendors, poll workers. It's not surprising, therefore, that states have rushed to deploy electronic voting systems that virtually every computer securit expert on the planet says are insecure. Without strong accountability, election officials tend to be swayed by the superficial impression that computerized processes are inherently better than older technologies, or even by lobbying by voting machine vendors. Peoples' opposition to e-voting is not, as Levmore seems to think, a result of knee-jerk opposition to new technologies. It's a recognition that the e-voting problem is much harder than is generally supposed, and it's better to err on the side of caution until e-voting technology has had a chance to mature.

Filed Under: e-banking, e-voting, saul levmore


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Alex, 19 Mar 2008 @ 2:36am

    Re: Defining the problem wrong

    Hans: You say that the prospect of Internet voting would "scare silly those that control the existing political voting system". Well, where I live (the UK) it's the government politicians and officials who are all gung-ho about "modernizing" the electoral process, and it's grassroots campaign groups (like the Open Rights Group, http://www.openrightsgroup.org/2007/01/16/taking-the-lid-off-e-voting/) who are making warning noises about the difficulties involved in it. From what I can tell it's much the same in the US. The political establishment want to appear "modern", so rush to implement e-voting without thinking about whether it works, or even of whether it's actually of any use.


    We aren't using "1700s processes", if we were then people would be declaring their vote in public by standing on one side or the other of a hall (that's how all elections used to be conducted). The secret ballot actually is an invention of the mid-19th century. Having Internet voting from home would violate the secret ballot. We don't have ballot boxes and voting booths because of some quaint old tradition or because the voting process is out of touch with modern times. It is because of the need to ensure that votes are cast *in secret*. If votes can be cast from home, or anywhere else other than a supervised voting environment, then there is no way of preventing coercion or vote-buying. You can make the voting process as technically secure as you like, but no scrutiny is possible over the circumstances under which the vote was cast.

    Being able to "see" your votes in a "voting account" would also violate the secret ballot. If you have no way of seeing how you voted, then you have no way of proving to anyone else how you voted, and that is the most effective way of preventing vote-buying.

    Letting people see how their vote affects the result immediately is also a BAD idea, because it would give an advantage to people who vote later (as they will know better how their vote is going to affect the result). Making sure that the result is not known until every vote is collected and counted means that everyone is voting based on the same knowledge of the electoral situation --- i.e. they know the opinion polls from the day before, but the rest is a guess.

    Trusting someone with your money is very different from trusting someone with your vote. Banking secrecy is very different from voting secrecy: your bank needs to know about your financial affairs, but NO-ONE SHOULD BE ABLE TO KNOW about how you voted. The way youtalk about lodging complaints about irregularities in your "voting account" suggest that you entirely misunderstand the secret ballot. The vote is not a private right that only affects the individual. It is a PUBLIC right. A voting irregularity affects much more than the individual whose vote was lost or wrongly cast --- it affects the integrity of the entire election. The sort of mechanisms you talk about inevitably mean that someone --- whoever runs the auditing --- can find out how you voted, and that is unacceptable, whoever it is.

    Finally, my experience is that the people who tend to go on about how old-fashioned our voting process is in the "21st century" tend to be technical ignoramuses --- they're the sort of people who are starry-eyed but pig-ignorant anout technology. While those who urge caution tend to be technically minded people --- especially security professionals --- who actually understand the real issues involved.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.