Complexifying Elections: Technological Wishful Thinking over Accountability and Demonstration

Via ACM TechNews, Computerworld’s Lucas Mearian reports MIT researchers say mobile voting app piloted in U.S. is rife with vulnerabilities. 

There is a fundamental tension between having secrecy of ballots and a desire for auditability and detection/prevention of fraudulent manipulation of the voting system.

The TL;DR: The most important question concerning electronic/internet technical mediation of a voting system is this: When the system is determined to fail or corrupted on election day, what fall-back is in place for swift and certain recovery?

The next question is, what provisions are there for detecting such an incident is occurring or has occurred?

The Quandary

Insistence by researchers that paper ballots be the best choice has to do more with avoiding additional vulnerabilities and exploits that can be invisible, massive, difficult to audit, and not subject to the usual verification of chains of custody and handling between the means of submission (polling places and mail/drop systems) and current means of authenticating the registered voter and/or the unopened ballot.  Paper-ballot systems  limit the varieties of attack and their potential absence of detection.  Integrity of the system is grounded on human activity and the transparency of election administration. 

The paper ballot provides the best case of privacy, with the only connection being the handover of a ballot to a registered voter or the receipt of a sealed ballot before removal and introduction into processing.  The secrecy of the voter’s balloting is established at that point.

It is also the case that widespread fraud against voting systems has never been demonstrated, as much as it is feared by those who are contemptuous of voters not like themselves.  The small numbers of cases tend to be more pathetic than any serious rigging, such as the greater impact of voter suppression and distortion of choice through gerrymandering.

In some sense, those current manual-system provisions and safeguards do not go away.  Adding technological solutions is more complex and requires much more understanding, preparation, and dependence on specialized skills and appropriate conceptual models not possessed by polling place workers, those in election headquarters, and the management/administration, however well-intentioned. 

Advocates of technological fixes are on a death-spiral starting with the abandonment of paper ballots and continual fix and repair, adding complexification without addressing the importance of standard security requirements and especially risk management that applies to the delivery of invisible technology. 

A particular problem with citizen-facing voting technology is that it is not possible to have the normal cycles of learning and improvement.  It has to work the first time and every other time.  Furthermore, adversaries are not obligated to reveal their ability to penetrate and manipulate a system until it is too late. 

There is nothing new here in the difficulty of creating and deploying technical systems in which there are critical privacy and security requirements.  What is new is the impact on an area that is much more fragile in the face of disruption and breakdowns and the lost of trust inevitable breakdowns invite.  If the producers of technical components resist transparency for whatever reason, one must presume defects, not believe perfection with no evidence, only wishful thinking.