Head to head: two software experts duke it out on the merits of online voting

Dismal turnout in the local elections this month prompted various calls to push ahead with online voting trials. We asked two smart cookies on either side of the argument, enthusiast Ben Lynch and sceptic Nigel McNie, to elucidate the issue in an exchange of emails.

online vote

Hi Nigel,

I didn’t vote. In the past three years I’ve moved from Queenstown to Wellington and now to Auckland. I have absolutely no idea where I’m registered to vote and hence I didn’t receive my voting papers.

I had never given much thought to voting up until recently with the media jumping on the bandwagon about low voter turnout. It’s easy to say, “It’s 2016, we can bank online, why can’t we vote online?” Surely that will increase turnout. As you well know, online voting hasn’t been proven conclusively to in fact increase turnout and there are some obvious security hurdles to overcome.

There’s no “one thing” we can do to increase turnout. However, at what point in the future does decreasing voter turnout render an “election” non-binding? Phil Goff for example received 18% of the eligible vote in Auckland. I would imagine even he would say it’s hardly a “mandate” from our biggest city. If a mayor were elected with 5% of the eligible vote, should it stand?

There’s a whole generation of voters now where, in many cases, convenience is more important than privacy. I think voting is one of these cases, particularly local body elections.

We need to challenge our traditional secret ballot, postal vote given the realities of how people live their lives today. Chloe Swarbrick ran a very successful campaign almost entirely online. People that voted for her broadcast the fact very prominently online.

I threw together a very quick “trial” that only ran from for half a week – Chloe received about 64% of the votes for Auckland.

If, for example, an online “unofficial” vote received drastically higher turnout with different winners to the “offical” results then I think we need to ask some serious questions. At the end of the day, people want confidence that the right person was elected with the highest possible turnout. If it turns out people have confidence in an online vote and it has an order of magnitude higher turnout than paper ballot then I think everyone would be satisfied.

Cheers, Ben


Hi Ben,

I knew a man who was suspicious that his girlfriend was seeing someone else. I don’t know if his suspicions were founded, but what I do know is that he hacked his own wifi router, so that when his girlfriend used his internet to log into Facebook, he captured her password so that he could check her messages.

In computer security, everything is broken, and most people have no idea how to protect themselves. It’s the public being unaware that opening attachments in emails is bad. It’s banks being ripped off for a billion dollars through hundreds of hacks by just one hacking gang. It’s voting systems being found to have critical vulnerabilities after 66,000 votes have been cast due to just one mistake.

As a CTO, it’s my job to defend web applications similar in nature to online voting systems from attack. And I’m under no illusions – the work I do raises the bar, but if someone gets sufficiently motivated, it’s just a question of when they’ll get in. And elections – with real power over a country at stake – provide hackers with ample motivation.

The secrecy of your vote is so important that it’s included in Article 21 of the UN Declaration of Human Rights, and we absolutely cannot throw it away for “convenience”. This increases the danger to a broad array of people, from people in abusive relationships, to people who (to analogise) vote for Clinton if Trump wins. I do not want my name attached to my vote, and you shouldn’t either. While proof of concept systems exist, the technology to keep your name and vote separate in a computer system is not what online voting vendors sell, nor does it stop me from attacking the legitimacy of an election by emailing everyone in the country vote.exe.

Cheers, Nigel


Thanks Nigel,

Sure, you’ve raised some valid examples of failures in the past, albeit in almost every case, examples of simple human error.

But I think you’re missing the point of this discussion. Should we trial an online vote? And remember the context – local body elections in New Zealand.

With all due respect to the fine people of Waimate and their new mayor Craig Rowley, the actual reality of a Columbian with a QR encryption code tattooed on the back of his head who’d previously manipulated results across Latin America fiddling with Waimate Council’s big day is nil.

I’m simply proposing we trial an online vote. A trial is a test (of something) to assess its suitability or performance.

Clearly, I’m not proposing we email vote.exe around the country to capture votes. Like you, I’m involved in technology, having previously worked for Xero, EROAD and now via consultancy to banks.

There is absolutely no reason, given a well architected, audited and simple system, we can’t trial online voting in New Zealand at the next local body elections.

Cheers, Ben


Hiya,

I wasn’t proposing we email vote.exe around to capture votes. I am saying that no matter how good an online voting system is, one way to attack the legitimacy of an election is for someone to email vote.exe to all New Zealanders. It doesn’t even have to be an attachment. Someone could send a legitimate looking email with a link to the (unregistered but freely available) local-elections.nz, which could have a valid SSL certificate. The faked site there could steal voting credentials. While those of us in IT may be wary, thousands of people would click this link and be none the wiser.

New Zealand was some way towards a trial, before it was cancelled. One of the requirements for the trial was that the results were verifiable “end to end”, but quoting from the cabinet paper cancelling the trial: “It is unclear whether the concept of end-to-end verifiability has been understood and its importance appreciated.” (Appendix ii).

The CEO of the company providing the trial system helpfully provided his take (from around 17:45 onwards) on end-to-end verifiability: if you wanted to check, go to council offices and ask them to tell you who you voted for. There is an ocean of misunderstanding between this, and the cryptographic end-to-end verifiability that online voting should have.

So, should we (re)trial online voting? Despite the near universal rejection by computer scientists? Despite little evidence it raises turnout, if at all, and no reason to believe NZ is different in this regard? I’d be more optimistic if every single recommendation in that cabinet paper were adopted for next time. But I’d still be super leery – none of that addresses the vote stealing example I outlined before, and nothing really can. Today’s internet is simply not safe enough to risk it.

Nigel


Sure. Good points.

Again though, all your reference articles are in the context of electing Presidents / governments and almost every time the arguments against online voting are theoretical or these things “may or may not happen”.

If NZ was to work on a “trial” for our local body elections, I think it represents a huge opportunity for NZ Inc. to lead the rest of the world in pushing the development of online voting.

Let’s bring back into context what a proposed trial would look like.

I want to vote online for a Mayor in New Zealand. Should we have the same “secret ballot” system that the general election has? Maybe by voting in the “trial” you acknowledge your vote will be recorded with personally identifiable information. I can almost guarantee you, the vast majority of millennials and younger would not care less.

Most of the arguments and concerns I hear are around a vote being identified back to a person. I’d challenge the requirement for this even being included given the context in which I’d like to see a “trial”.

It’s inevitable we’re going to need to come up with an “alternative” method to vote in the medium future. Will NZ Post exist in 15 years time? Certainly not like they do today if at all.

I simply propose we have to start somewhere. Start small, keep the absolute requirements to a minimum and build from there. Who knows? Maybe NZ in 15 years will be exporting the most secure applications to the rest of the world. Instead of seeing all the reasons why you shouldn’t do something, I see it as a great opportunity to lead, to build, test and evolve something in one, if not the most politically stable, least corrupt and innovative countries in the world.

What better place can you think of to start a trial?

Ben


Hiya,

The arguments against online voting are not theoretical. Online systems get hacked or disrupted all the time.

We wouldn’t be leading the world either. Australia, Canada, Estonia, Finland, France and Norway have all tried, and largely failed, to implement online voting securely. Germany has even banned it.

Dropping the secrecy requirement is incredibly dangerous for our democracy, and I would be surprised if you could find any politician who would agree with you. The reason we have secret voting is to prevent voter bribing, coercion, and vote selling – things that make the election appear illegitimate. Implementing a system that empowers only those privileged enough to not be concerned with secrecy isn’t democratic at all – it’s just populism.

Which brings me to the biggest problem I have with online voting. Too often, people don’t look at the problem long enough to understand the context behind it, causing us to rush to solutions that won’t work. Secrecy is a feature, making the election legitimate. The lack of efficiency caused by paper ballots is also a feature. It’s incredibly hard to capture a large enough portion of votes to make a difference with paper. But a computer system, most likely in the control of a private company with no incentive to admit mistakes, connected to the internet, is a much easier target.

New Zealand Post may go away or it may not, but the ability to deliver things to people isn’t going away – people buy stuff on the internet after all. That just leaves the problem of getting the ballots back, and there’s any number of ways to temporarily give people many ways to do that. We have 15 years to figure it out.

My view is that trials should start with understanding the problem being solved.

Nigel


From my perspective I think it’s inevitable we will move to some form of electronic voting in the medium future.

We simply just have to put some effort in and figure out exactly where the risks are and do everything we possibly can to mitigate these.

If we get back to the original purpose of this discussion – Should we trial online voting in NZ? then yes I absolutely think we should start the process now. Even if the “trial” is run as an unofficial vote for the next local body elections alongside the paper vote, it will give NZ the building blocks in a risk free environment to look into the feasibility and understand how and if the public want to engage.

We need to rethink all aspects of our voting and its system as it stands today and be sure that they still meet our requirements in this day and age.

If, for example, we had a referendum and no one wanted anonymity when voting for local body candidates, do we or should we enforce it?

If we don’t make it “easier” or “simpler” to vote then the fact is eventually no one will vote. Should the Mayor of Auckland in 2030 be elected if they got 1% of the eligible vote?

Cheers, Ben


Should we trial online voting in New Zealand?

I’ve explained how computer scientists are almost universally against it, and how attempts to implement it overseas have largely failed. How the available systems compromise voter secrecy, while placing control of the process for transferring real power over our society into the hands of a vendor or government department with no interest of being seen to fail. How truly broken software is, and how incredibly hostile today’s internet environment is as well. This is not the time or place to take risks with core democratic functions.

I also don’t have to wonder how a trial might go, because we already tried one. It started with the Online Voting Working Group – which contained no practising software developers, computer scientists, or information security professionals (like how the flag panel didn’t have any designers – spot the pattern!). It moved on to city councillors making decisions to take part based on almost no decent information, then to an inept implementation which rightly had the plug pulled, with an admonishment from the minister to try harder next time.

There’s also no evidence for your statement that “eventually no one will vote”, while there’s also next to no evidence that online voting raises turnout (this is not disputed by the government). There’s plenty of evidence that a good portion of people don’t vote because they are disengaged, though. I submit that it would be far less risky to start there: let’s make democratic participation a year-round focus for society; let’s do better civics education; let’s use proven psychological methods to boost turnout.

Online voting sounds appealing and fancy, and I too would love the answer to be that easy, but the truth remains: if we want to increase turnout, our princess is in another castle.

Nigel

Ben Lynch is a former developer at Xero and ERO, and founder at jude.io. Nigel McNie is a software developer and partner at Opcode, specialising in the design and build of complex web-based applications.

The Spinoff has turned off comments. If you want to have your say on a story, please head to our Facebook or Twitter – or send a letter to the editor (we publish a selection weekly): info@thespinoff.co.nz. Thanks!