E-voting is still the wrong answer to the wrong question
Here we go again. There's been an election in Australia, so once more, with all the regularity of a cuckoo clock, politicians and pundits alike are proposing that electronic voting is the answer.
So, here we go again, explaining why it's a bad idea.
First, if e-voting is the answer, what is the actual question? Here's what troubles people this time.
Latest Australian news
"We're a grown-up democracy, it shouldn't take eight days to find out who's won," said Malcolm Turnbull, who is likely to continue as prime minister. "[E-voting is] something we must look at", he said. "[It's] been a passion or interest of mine for a long time."
Labor leader Bill Shorten said something similar, that consideration of e-voting was "long overdue".
"We can't afford to have our nation drift for eight days after an election. In the 21st century, we're a leading democracy, we should be able to find out who won and who lost in a quicker time than we've seen," Shorten said.
The Australian Information Industry Association (AIIA) is also buying into the argument, with their website currently dominated by a huge Australian flag and a headline containing the word "embrace".
"Under today's archaic system, votes can still be miscounted, misread, or even simply misplaced," said AIIA head Rob Fitzpatrick in a statement.
"Money invested in a universal electronic voting system would be returned very quickly in savings, the money saved could be better spent elsewhere on making our economy more productive, such as technology infrastructure for schools," Fitzpatrick alleges without evidence.
So what do we have so far?
We have the assumption that old is bad, and that using computers is new and good, but modernity isn't a required feature of voting systems.
We have a presumed need for speed, but apart from impatient news media and lawmakers who over-estimate their importance to the day-to-day running of the country, does it really matter if we have to wait a few days?
After all, we wait weeks between sessions of parliament, and if a true emergency emerges, well, Turnbull is still prime minister until the new parliament is sworn in. Can't people get on with something else?
And we have the assumption that computers will make things cheaper and bett... look sorry, I can't stop laughing now.
Broadly speaking, there's two kinds of e-voting: voting over the internet, and voting in person at polling stations where votes are recorded on computers rather than paper ballots.
Whichever kind of e-voting we're talking about, it has to solve a conundrum. How do we provide the complete transparency of process needed to eliminate fraud, while still maintaining the secrecy of individuals' votes?
As I wrote in 2011, transparency is the tricky bit.
"Our paper voting system is easy to understand. Anyone with working eyesight and who can read and count can scrutineer the process. No special skills are required," I wrote.
"With electronic voting, whether online or on stand-alone voting machines, everything happens inside the invisible cave of computer memory. It's impossible to see what's going on at the time the votes are tallied. How can you know that the votes were counted correctly? You just have to trust the system."
That trust is hard to ensure. In the US, we've seen systems that allocated votes incorrectly, as well as security flaws and maybe even corruption that only became public thanks to a whistleblower.
As I wrote in 2013, even if the voting software is made public, there are still at least four problems.
"One, how do you know the published software was actually the software in the machines on election day? Two, how do you know the tally hasn't been altered in some other way, such as through malware manipulating the computers' memory? Three, how can the process be scrutineered by anyone without specialist -- and quite rare -- digital forensics skills? Four, can you even be sure the software does what you think it does?", I wrote.
On that last point, check out the 2004 demonstration by Stanford University's Daniel Horn. Software that looked like it tallied votes properly secretly defrauded the election.
Dr Vanessa Teague is a cryptographer at the University of Melbourne who studies the cryptographic protocols used by electronic voting systems. She summarised the state of the art of internet voting for the Corrupted Nerds podcast in 2013.
"There isn't a secure solution for voting over the internet. There isn't a good way of authenticating voters, that is making sure that the person at the other end of the connection is the eligible voter they say they are. There isn't an easy usable way of helping voters to make sure that the vote they send is the vote they wanted, even if their PC is infected with malware, or administered by someone who wants to vote differently," Teague said.
"Although there are some techniques for providing evidence that encrypted votes have been properly decrypted and tallied, it's hard to scale those techniques to large Australian elections."
As Teague details in the podcast, and as I've already described, many of the same problems exist for stand-alone voting systems.
In November 2015 I spoke with Teague again, asking her whether anything has changed.
"Not really," she said.
"If anything, we've had some specific examples that back up the argument I was making about the importance of transparency, and the importance of making sure that the system really does guarantee that people can verify that it gets the right answer."
One of those examples was the iVote system trialled in the New South Wales state election in early 2015. Teague and her colleague J Alex Halderman, director of Michigan's Center for Computer Security and Society, tore it apart.
The NSW Electoral Commission, and in particular their then chief information officer Ian Brightwell, downplayed the concerns and questioned Teague and Halderman's motives. But personally I'm not convinced, especially given that the mathematics at the core of their criticisms wasn't disproved.
Finally, my response to anyone who suggests that Blockchain technology will solve the e-voting problem. Go watch Steve Wilson's AusCERT presentation Blockchain -- The Hype Machine, along with his slides [PDF], and then have a bit of a lie down.
In 2010 I spoke with Jan Meier, a Norwegian digital identity specialist who worked on the Netherlands' first large-scale internet-based election.
"I would say that the only system that really lives up to the expectations of transparency and anonymity, that is really the old paper analogue system," he said.
There are those with different opinions. Do please read the argument for e-voting by David Glance, director of the Centre for Software Practice at the University of Western Australia.
But for mine, trustworthy e-voting means solving subtle issues of trustworthy software, trustworthy hardware, and trustworthy human-run processes. When they're all solved, come back to me.
Until then, my message to proponents of e-voting is simple.
Hands off my pencil.