Tuesday, June 30, 2009

Guest Blogger Kirk Schmidt on On-line Voting

Nation, from time-to-time it may become necessary to have someone else cover issues on this blog as their expertise dictates. Certainly, in the case of on-line voting, it's a much better idea to have someone who understands the technology involved to give their opinion than it is to have an Enlightened Savage who can just BARELY handle html try to tell you what is and isn't possible on the cutting edge of technology.

Today, we're going to hear from former candidate for the Parliament of Canada Mr. Kirk Schmidt. His text begins... now.

[this post has been updated, and is available at this link]


Anonymous said...

Enlightened Savage is really Kirk Schmidt and trying to prove he is not by pretending Kirk wrote that guest blog for him.

Only, Enlightened Savage really has a split personality and doesn't know he is Kirk Schmidt because when he is Kirk Schmidt he can't remember that he is Enlightened Savage.

I'm on to you!!!

Anonymous said...

Should this come to pass, I can the Harperites pulling a Florida George Bush to ensure Harper gets his majority.

The Pundits' Guide said...

Kirk, this is an excellent post, and thanks to the Enlightened Savage for hosting it.

I'm not sure I believe that the inability to vote online is the major cause of turnout declines, but in any event it would be terrible if something conceived of as a solution to this problem, if not properly implemented, wound up undermining confidence in the whole process.

The Chief Electoral Officer's proposed timeline, unless considerable work has been done on the methodology already, does seem optimistic I fear.

Alberta Altruist said...

I think to add this as an option and secure it, even if they know my identity as well as how I voted would be fine, especially if the information could only be acessed by the chief electoral office.
I am sure many people do not care who knows how they vote and this may cure some of the voter apathy. They already have all of my info in the system, give me a pin# and I would submit electronically.

Kirk Schmidt said...

Thanks everyone for your comments.

@Alberta_Altruist: As much as I believe there are a number of people who agree with you, there are going to be many who are not.

The other problem comes in when someone in the CEO does breach security. Good security experts never play the game of, "it's never been a problem before," or, "it likely won't be a problem." For good reason.

Not that I ever expect it to happen, but what would happen if political parties got this information and used it to achieve their means. I am ever thankful that we live in a place where we can vote freely and without fear, but allowing someone (anyone) to have access to who-voted-for-whom is a door opening. Again, I wouldn't expect it to happen, but I also cannot condone a course of action that would make this information available.

Again, there are cryptographic schemes and papers that address this. The problem is with every other piece of computer security around it. That security includes the social engineering around it.

Here's a good read on some social engineering work:

Imagine what were to happen if something similar were to happen where the voting DB is stored.


In other news, I was reading some of the abstracts for the next Black Hat conference - there's things there from using voltmeters and power line leakage to sniff keystrokes (scary!), to using binary SMS (text messages) to take root control of someone's iPhone.

Frankly, these security experts are on the leading edge of breaking systems. We could put our democracy in a lot of risk by not taking the necessary time to build this properly.

And then when we look at the cost to do that, one has to wonder whether it was better to put that money into more polling stations, alternate ways to get votes, etc.

Anonymous said...

As a self admitted techno-luddite, I am one who is whole heartedly in favor of online registration, but not voting. I would urge that registration not be limited to online. There remains a large portion of the population that avoid putting personal information into/onto the Interweb (with due respect to Brent Butt) or, for one reason or another, do not have regular access to it. Voting should remain the domain of a verifiable, tangible method, meaning get off your fat behinds, trudge down to the local school, church, community hall and mark your "X".

Oh yeah, and I'm an old time campaigner who, in this age of so many mediums of communication, can't figure or fathom those who can't take the time to make themselves aware of the issues, the policies of the candidates (or better still, let the candidates know what yours are!) and make a selection.

The Roundhouse said...

The issue of voting online is one I have been giving a lot of thought to over the past year. Given that more and more of the logistics of our daily lives is moving online voting would seem to be a logical step. That said the issues it raises are unique, and I think this post does an excellent job of laying them out.

For myself I enjoy the ritual of voting in the company of my fellow citizens, and it may be that this is also the simplest way to maintain the (relative) security of the process.

Taylor Gunn said...

It is likely that online voting will only draw in those already inclined to vote, like advanced polls, and the record number of votes we hear they receive every election - while turnout keeps going down.

Most worrisome to me is what happens in the home on a family computer, when the privilege of anonomity is not gauranteed.

The polling booth is one of the few places left - I hope - where you are truly alone and can mark or not mark your ballot any way you like. The booth is a protected space; from family/partner scrutiny, social pressure, etc. Home computers or whatever else we may use are not.

Online voting is not the answer to the challenges in our democracy. People need to be interested and informed to care enough to vote, and have faith that their participation is worth their time.

As well, most elections, like BC's recently passed, have several days of voting to make it more convenient to those 'too busy' on election day. BC had 5 days of voting immediately preceding EDay of May 12th.

Anonymous said...

Cheers to a fellow UWaterloo Math/Comp.Sci. grad.

Picking up on Taylor Gunn's comment, one of my bigger fears outside of the technology questions has to do with physical privacy.

The ballot box system ensures that we can vote without people wanting to "supervise" the way we mark our ballots.

If people are allowed to vote remotely, without being observed (from a distance) by Elections Canada staff, there is substantial potential for abuse.

It doesn't take much imagination to see various organizations or individuals offering to "help" people vote correctly. This "help" could include pressure to cast votes in a particular way -- pressure that could either be overt or subtle.

And with someone you perceive to have power over you standing over your shoulder, would your vote be as free?

Kirk Schmidt said...

While I agree with the above comments about "supervision" of ballot, this likely raises a very large question - what about special ballots?

When I worked as a campaign manager in 2004 (Provincial), I was asked by the RO to deliver special ballots to individuals at their homes, and return it upon completion (sealed, of course). While I ensured that I was not anywhere close to them voting, there's nothing to say that another member of the household could not be there.

This could be the case for anyone whose mobility is highly reduced, or other disabled individuals. In this case, one could essentially "vote for another."


The supervision aspect also brings up, not just what happens at home, but what happens at the workplace. In situations where techs have the ability to RDP into one's computer remotely, essentially, one could *watch* another one voting without even being physically present.