Election integrity advocates recently launched a campaign to block a bill, SB908, that would have introduced email voting for Californians living overseas. We fought it for several reasons.
First, paperless voting itself is dangerous because there is no independent way to check the results claimed by the machines, and no way to recover when something goes wrong, and it will. Voting across the Internet is worse, because it opens up the voting system to several more types of attack, from anywhere in the world, all of them dangerous. Voting by email attachment is even worse, because no attempt is made to encrypt the ballot as it travels from computer to computer across the globe on the way to its destination.
Any of these computers is quite capable of “photoshopping” or simply blocking any ballot that passes through. A ballot sent from Afghanistan could pass through computers in China, Iran, Russia, or any other country interested in “fixing” ballots headed for California. This is only one of several severe vulnerabilities in Internet voting.
Secondly, world class computer security experts have repeatedly and emphatically stated that Internet voting is dangerous. Nevertheless, Washington DC insisted on running a pilot Internet voting project last fall. DC officials prudently opened a “secured” pilot system up to red team (hack) testing. It took University of Michigan “wolverines” less than 36 hours to take complete control of everything – ballots, encryption codes, passwords, voter records, emails, the tabulator, operating system, network – everything. This was a “hardened” system using encryption that the officials were going to put into real use. What the pilot project did was put a huge exclamation point on the message that the best Internet voting system is none at all.
Thirdly, the most pernicious vulnerability comes from the people that can control the systems that collect and count the votes. Vendors program and install the voting systems. Election officials have insider access to them. Then there is the lone company that makes the uninspected and regularly “updated” operating system that runs on almost all the machines, Microsoft; plus the Chinese companies actually manufacturing the computers and the all-important chips.
Finally, if you add the Internet into the mix, we have hackers who can attack from anywhere in the world. Any of these individuals or companies have the possibility of rigging elections, and with that, decisions about how trillions of dollars are spent, and issues of war, peace, and justice. Rigging elections existed in America since long before the arrival of computers. This is not new. What is changing is the capability of fewer people to rig ever more elections from within an increasingly centralized, more powerful, and essentially invisible electronic system.
An Internet voting bill in California concerns the entire country. What happens in California does not stay in California. As an example, the republican primary looks like it will be hotly contested, and close. Everybody would like to know that the vote for delegates here was fair and accurate. If California ever introduces Internet voting, we will not have that assurance. As a prime example, there are at the very least 10,000 overseas voters registered in one county alone, Los Angeles. That’s more than enough to make it worthwhile for someone to “fix” the ballots before or after they arrive at the single county server.
San Diego, with its large military vote, is another likely target. Nothing may happen during the primaries. We would probably not know, because there is no independent way of double-checking the electronic ballots. If we discovered that something actually did happen, it would be too late to recover because there is no paper record to recount.
Email voting is an effort to get a toe in the door. They are trying to spread it state by state, 19 so far. Then they will ask: if Pete can vote from Paris, why can’t Linda in LA? And a highly technical issue will be hard to explain in the face of unrelenting propaganda. Their ultimate goal is paperless voting from your cell phone. The code for this is “meeting the expectations of young voters”. I’ve heard this phrase used in Washington, and coming out of official meetings in Los Angeles. I write mobile apps. Reliable voting from a cell phone, while a cool idea, is decades away. So this well-meaning push for paperless Internet voting represents a threat to democracy everywhere.
While we knew that the people pushing Internet voting would not stop, we thought that California would be immune. Debra Bowen opposes email voting, and that should be enough to stop any right thinking individual from even introducing an email-voting bill in California. Well, someone did, and it sailed through the Senate, 23 to 11, with little opposition. This came as a surprise. A small but dedicated network of advocates including the Voting Rights Task Force and Verified Voting, working with Bowen’s office, organized opposition to the bill.
We built information pages on the web, here and here. We got a clear, concise, compelling message out using email and Facebook groups. Technical experts wrote to the committee staff a week ahead of the meeting. This resulted in a staff report that reflected the dangers of email voting. At the same time, we met with assemblymembers and their staff. The result was that on July 5th, the Assembly Elections Committee blocked the email voting bill. This time it only got 2 “aye” votes. This was a great way to celebrate Independence Day.
What can you do?
1) SB908 is not totally dead. We’ve started a Facebook group, the “Calif. Election Integrity Network”, for alerts and discussion.
2) On the national scene, you can go to http://www.VerifiedVoting.org to sign up for E-Mail Alerts about election legislation across the country.
3) You can find much more information about election integrity issues starting at www.CountedAsCast.com
4) If you have a chance, talk with your legislators about the dangers of paperless Internet voting, especially the following Senators who voted in favor of the bill : Alquist, Anderson, Blakeslee, Calderon, Correa, De León, Dutton, Fuller, Gaines, Harman, Huff, Lieu, Padilla, Price, Rubio, Runner, Simitian, Steinberg, Vargas, Walters, Wright, Wyland, Yee.
News flash: “Pentagon admits suffering major cyber attack“. This is the point. No computers involved in elections are safe from attack over the Internet.
There has been a long struggle to establish fair and accurate elections in the United States, and it’s not over. California has been at the forefront of maintaining countable paper ballots as the basis of those elections. We must keep it that way.
Jim Soper is a senior software consultant and author of CountedAsCast.com. He is also co-chair of the Voting Rights Task Force in the San Francisco East Bay, which has been very active in voting systems issues since 2005.