Jason Kitcat

Right idea Bridget…

Imagine that instead of referring to postal voting our Elections Minister, Bridget Prentice was referring to electronic voting:

“Democracy is not only about having the choice to vote but also about having confidence in the integrity of the system […] These [postal voting] measures will improve security and introduce deterrents against fraud so that people have confidence that their vote will be cast and counted fairly.” (BBC News Online)

I would agree that confidence in the integrity of our elections is much more important than choice. So why the rush for e-voting?

US e-voting certifiers Ciber Labs barred

The film Hacking Democracy raised some serious doubts about the quality and independence of Ciber's testing of e-voting systems. The New York Times reports that the Federal Election Assistance Commission has temporarily barred Ciber from approving new machines since summer 2006. Disturbingly this news has only just emerged with details that Ciber's quality control and documentation was lacking.

Council of Europe meeting to review e-voting developments

I've not had a chance to read all the presentations but a fine bunch of European civil servants presented their countries' status regarding e-voting. The presentations are all online so should make interesting reading, the UK slides just confirm their dedication to the cause of pushing e-voting.

Tick, tock; tick, tock. That's the sound of 2007 fast approaching. What are the good elections people of the Department for Constitutional Affairs doing? I haven't the foggiest.

They haven't updated their website since 19th October. But the timetable they published in the prospectus for the 2007 pilots said that decisions would be made on applications by 7th December.

Speaking to the BBC, the minister responsible Bridget Prentice said that she would make a decision within a month or so of an interview broadcast 26th November. So this implied that that they were behind the published timetable but could still make an announcement in 2006. But it isn't to be.

The published timetable was already ridiculously tight but now with slips like this the time available for implementation is bordering on the insane. About the same as the previous e-voting pilots then!

2007 looks to be a rather interesting year for e-voting in the UK. A very Happy New Year to all!

• Italy: Both Chambers of the Italian Parliament have now ordered recounts
  Thanks for the tip Emanuele

• Bruce Schneier: Vote Early, Vote Often
  In another column for Wired News Schneier examines the problems of recounts where e-voting has been used, and the challenges of re-running an election instead.

• USA: With Some Electronic Voting Systems, Not All Votes Count
  The Electronic Privacy Information Centre provide a good summary of the e-voting situation over the pond.

Voting is not a government service, e-voting is not e-government. Voting is the most obvious and most powerful single act we do as a society to collectively keep democracy going in our country.

Voting is something we, as citizens, do to maintain the democratic process. Voting alone isn't democracy, but it holds politicians to account as we express our will. My vote isn't just important to me, it could potentially effect us all if it is the one which tips the balance one way or the other. So unlike a bank transaction, where it's improbable to affect so many others if the bank makes an error, voting is a societal action which doesn't just change politician's lives but ours also.

While we delegate the administration of elections to our local and national government, we as a society are still involved by volunteering at polling stations, observing counts and of course by paying the taxes which fund this process.

But when we bring technologies like touchscreen voting machines and Internet voting into our elections process, election administrators do not have the knowledge or resources to manage all this themselves. So they use commercial suppliers who inevitably have to be motivated by making a profit as much as by providing a service.

What we have seen again and again in the US, UK, Ireland, Canada, Netherlands and so on is the huge dependence election officials have had to put in the suppliers. They cannot run elections without the companies' help, it's in Electoral Commission reports or watch the veteran Elections Supervisor, Ion Sancho explain his dependency on vendors when running elections for Leon County, Florida (MPG video). After letting his machines be tested and shown to be hackable, ALL the major vendors refused to supply him with the new machines he was legally obliged to purchase.

This is but a hint of the power of the vendors. When the elections cannot be run without private suppliers (who are all operating on a for-profit basis) then the elections are privatised. Privatisation has not been an unblemished success, while British Telecom's privatisation has eventually worked thanks to very strict deregulation, other examples are much less rosy which is why former World Bank Senior Vice President and Chief Economist Joseph Stiglitz thinks privatisation doesn't work. When choice and competition are difficult or impossible to provide, such as with our elections or railway network, we see what a mess privatisation creates.

As a voter I have no choice over who provides my “voting service”, it is predetermined by government. So I don't have a choice. So far in the UK, local authorities have not had a choice either, as central government has imposed one of a small number of suppliers on them. These suppliers, foreign companies like election.com (now Accenture), VoteHere, ES&S, Online Assessment Company and Nedap (aka PowerVote) are out of our control making profit from our democratic process.

People we can't hold to account are making profit out of a democratic right which we have no choice but to use if we want to maintain our democracy. That's privatisation through and through. At least with the railway system problems, such as derailings, are visible but with e-voting problems and abuse are undetectable.

Electronic voting is the privatisation of our elections. It's not right.

Emilis Dambauskas reports that the President, Parliament and Electoral Commission are all pushing hard for the use of Internet Voting in the next possible election. They are rather weakly claiming as justification the growth of the Internet, EU e-government obligations (no! voting isn't government, it's democracy) and also Council of Europe work on e-voting.

The proposed model is Internet only, seemingly inspired by past Estonian pilots. But because Lithuania does not have an e-signature infrastructure banking authentication systems are being proposed for voter authentication. This is wrong on so many levels: Are people without bank accounts at a disadvantage? Are people working for banks going to have access to privileged information? Will bank worked be able to create new authentication credentials?

Emilis, who works for a bank, has been an election worker and is also a coder noticed the announcement and has got some press coverage for those opposed to Internet voting. He published a paper on his site, which he summarised in English as:

In my paper I state 4 main concerns:

1. Citizens will not be sure if the election results are legal, because “experts” will be used instead of ordinary spectators (which can be anyone)
2. One of the main cornerstones of democracy will become dependent on big business (usually foreign capital) and IT expert influence
3. It would be easier to do election fraud
4. There will appear a big risk of disclosing information on how people voted (which should be secret under our Constitution).

I support these concerns with 4 main groups of arguments:

1. System based on advanced technology will never be understandable and transparent enough for the great majority of Lithuanian people
2. A centralized system is in essence less secure than the current decentralized (we have 2000 voting districts with 400 – 6000 voters in them).
3. The system described in the concept is not secure, because: a. the voter votes at home, and there can be both influence with force, or bribery b. the security of the voters computer (think Windows viruses, trojans, botnets) is not taken into account c. bank personell can sell identification date to interested parties (that would definately be a crime, but very hard to trace — I support it by also stating that I currently work at a bank) d. the SSL certificate for the i. voting server would be either issued by foreign company (like Verisign), or not supported on users computers (Aidas Kasparas http://kasparas.net/, though he is in favour of i. voting helped me with this argument — he's a real expert of networking and server administration) e. noone can really guarrant total security of the i. voting server (think about hidden virtual machines underneath the OS, hardware that secretly copies data and so on) — that would be James Bond difficult, but if you can own a country by doing that it surely pays off.
4. I stress that goverment institutions most probably don't have enough technology competence for such a project (I point to the mistake with private and public keys in the concept, approved by both NEC and the parliament; I also use the examples of Diebold in USA and the Dutch hack of the voting machines)

I do hope Emilis and others succeed in bringing some sense to those pushing for Internet Voting in Lithuania. The Internet isn't well suited for voting, but it is for collaborating so I know that throughout Europe activists will be supporting each other as issues like this arise.

With build-up to the 2007 pilots in full sway, I've been looking over details from the 2003 pilots. A few days ago, when fixing a link, a small error in an Electoral Commission table briefly caught my eye. I assumed I had copied it down wrong and went on to something else.

But when someone asked me to send them a link to my 2003 turnout analysis I checked the table again. I had copied the table correctly, one number had been calculated incorrectly. So I checked a few more… only to find that the change in turnout had been calculated incorrectly for 4 of the remote e-voting pilots and 1 of the kiosk pilots. The errors had, overall, made the drop in turnout appear smaller than it was.

Being the curious sort I then tried to find some source figures for the turnout figures used, just to check these were correct. The best source I could find were the Electoral Commission's local authority-specific pilot reports. And what can I say… 12 out of 13 remote pilots had figures which were either slightly or very different. Ipswich was the worst change with the change in turnout going from -0.3% to -7.01% with the new figures. Some changes are due to rounding of some numbers, but not something like Ipswich.

Overall, for remote e-voting pilots, the new figures resulted in a 23.9% fall in the average turnout from -0.71% using the published changes to -0.88%.

See all the figures and more in my updated 2003 turnout analysis

The Independent and The Guardian are both reporting on how an at least partial recount of the Italian general election will be started in January.

Controversy first began when Berlusconi claimed rigging had cost him the election and it seemed like he might refuse to concede to Romano Prodi. The Italian legal system confirmed Prodi's coalition as the winners by around 27,000 votes. Hence the new Italian president, Giorgio Napolitano, let Prodi form a government.

Then left-wing journalists released a DVD included with a magazine which alleged that Berlusconi had rigged the election using expertise from the USA (a new American export?) to change results during the electronic collation of regional results. In particular the number of blank (spoiled) ballots shows discrepancies when compared with the number and distributions seen in previous elections.

So the Senate elections committee has ordered a sample to be recounted. The Guardian reports that 700,000 ballots will be re-examined but that the process will not be completed until the end of Mr Prodi's term in 2011 – can it really take that long?

In the meantime, as previously noted, Italy has ruled out the further use of e-voting machines in elections.

The US National Institute of Standards & Technology (NIST) has a long history of examining voting technology dating back to Roy Saltman’s important reports highlighting the problems with punch-card ballots onwards.

At the moment NIST are working in helping to develop future voting standards for the US Election Assistance Commission.

A recent technical paper written as part of this process has been put on their site. The paper states that:

“NIST does not know how to write testable requirements to make DREs secure, and NIST’s recommendation to the [committee] is that the DRE [Direct Recording Electronic voting machine] in practical terms cannot be made secure.”

The paper takes an interesting approach to examining voting system accuracy using a concept of ‘Software-Independence in Voting Systems’. Their definition:

“A voting system is software-independent if a previously undetected change or error in its software cannot cause an undetectable change or error in an election outcome.”

I think this is a helpful concept for thinking about voting systems as it requires that a system’s accuracy can be checked, such as through a voter verifiable paper trail. As I’ve mentioned before, bolting a paper trail onto an electronic voting machine is less than ideal and creates a whole range of possible problems particularly in terms of usability. But given the situation in the US it was an understandable fix to ask for, certainly much better than having just touchscreens with no audit trail at all.

The paper identifies three readily available software-independent systems:

1. Optical scanner using manually marked paper ballots
2. Optical scanner using an electronic ballot marker which can produce a richer user interface for accessibility and alternative languages
3. Electronic voting machines with a voter-verifiable paper audit trail.

I have reservations about the security of optical scanners but they have the obvious benefit of providing a voter verified ballot for recounts and audits. The authors of the paper seem to have major doubts about option 3 but put much of the debate beyond the scope of their work.

This paper is a useful contribution, their views on the problems with voting machines confirm those of the computer security community who have been working for years to make the failings of e-voting clear to all.

Read the paper [PDF]

More about this:
InternetNews
Brad Blog
Ed Felten
Associated Press

(via The Open Rights Group)

The Italian Minister of the Interior, Giulano Amato has announced that following pilots the government has decided not to pursue electronic voting any further.

“We decided to stop the electronic voting machine […] During the 2006 elections we experimented with the machines as a voting system, and not a system that counts the sections, without any reference to the legally valid votes. Now that we arrived at the point in which we decide to continue, passing from the experimental phase to the implementation, using the machines for the counting as well, it is obvious: we decided to stop. It is a suggestion that came from the ministerial offices, I presented it to Prodi expressing my opinion as well, the Premier agreed. It will be the triumph of our ancestors, but for someone of my generation it isn't unpleasant either. Let's stick to voting and counting physically because less easy to falsify” (Source)

This is fantastic news for Italians and for all of us around the world trying to prevent the introduction of e-voting. In the space of a month the Canadian province of Quebec has introduced an indefinite moratorium on e-voting, the Netherlands have withdrawn all of a specific model e-voting machine and now Italy have called a halt to e-voting. Is the tide turning?

Following up on the earlier claims that the Italian general election could have been rigged, the journalists behind the allegations are now being investigated for publishing false information. Whether the allegations themselves are being properly investigated isn't clear – there seems to be a lot of recrimination at the moment and little in the way of facts.

(Thanks to Emanuele and The Open Rights Group for the links)