While I am not a fan of electronic voting in the House of Commons, it would be possible to design a system that would mitigate potential risks, whereas it is not possible to design a system that will adequately mitigate the risks of Internet voting in a public election. Comparing the two may be illustrative.
Voting in the House of Commons
A decision on a motion before the House can be made with no dissenting voices, in which case the motion is adopted and no division is taken. When there are dissenting voices, a vote (or division) is taken. This can be either a voice vote or a recorded vote where the House is called upon to divide into the “yeas” and the “nays”.
above from House of Commons Procedure and Practice – Decisions of the House
When consensus isn’t heard on a voice vote, votes are cast by individual Members of Parliament (I think this is sometimes called “on division”). The vote is cast by MPs standing one-by-one and saying their vote out loud.
Three key things about these votes:
- they are not anonymous
- they are not secret
- they can be coerced
Because an individual MP stands up and states their vote in front of everyone, their votes are not anonymous or secret. Because of that, their vote can additionally be coerced, which is to say they can be incentivized to vote a particular way, and then rewarded or punished once they cast their vote (the Canada the system of whipped votes, with a Party Whip, is the very definition of coerced votes).
Designing Electronic Voting in the House of Commons
Technologically this is straightforward. Each MP should be able to vote once and only once. Everyone should be able to see the individual votes. It should be hard to vote the opposite of how you intend. Preferably the MP should be physically present in the House, ideally at their seat. No other MP should be able to cast a vote on another’s behalf.
The obvious way to do this is low-technology. Have voting buttons at each MP’s seat. Have them well-designed, ideally physically separated with different shapes and colours to distinguish the yes vote from the no vote, so that you don’t press the wrong button by accident. You could have e.g. a round green yes button on the left hand of the seat, and a red octagonal no button on the right hand side of the seat.
In case you think people can’t make mistakes:
In May 2010, however, [Paula] Fletcher accidentally voted against a proposal to install bike lanes on University Avenue in downtown Toronto. The proposal failed on a 15-13 vote. She said she had intended to vote in favour of the proposal and cited fatigue and city hall technology for her mis-vote.
above from Wikipedia – Paula Fletcher
Now, the question becomes whether MPs still vote one-by-one or whether they now all vote simultaneously. One-by-one is much better as you get much more time for everyone involved to check that the vote was cast as expected. But this doesn’t save much time over standing to vote. The inclination will be for simultaneous votes. In this case, there would ideally be a display (e.g. red and green lights, right and left) at each MP’s station to show how they just voted, plus a screen listing each MP and their vote, plus a summary screen, plus possibly a line display in front of the MP displaying either YES/OUI or NO/NON back to them. This is so that individual MPs can verify their vote was cast as intended and also so that MPs can check on one another.
In case you think MPs won’t be tempted to vote for absent members, watch this US video of representatives voting for absent members:
So the system should have individual member voting buttons activated if they are (at least) physically in the chamber and (ideally) physically at their desk. This means a lot of monitoring who goes in and out. And there needs to be frequent testing of the buttons. And they should be hard-wired and electro-mechnical, with a sensory and possibly audible click when pushed, in addition to lighting up.
Hard-wired is to make them impossible to tamper with from outside. Electro-mechanical is because you want them to last a really long time, which means they have to be outside the very rapid technology obsolence cycle of computing devices. You do still need some central counting and display technology, but it should also be very very simple.
You need to make sure that the final vote tallies match the individual votes as cast. Preferably through both verification in the House as well as after-the-fact spot checks (independent audits) by third parties checking the votes cast against the tallies.
When casting a vote, you want a mechanical click, because you want intentionality.
This has nothing to do with technology, it’s about humans.
Standing and speaking your vote is a very strong human statement. It is a physical risk, it is a social statement. It’s a very deep part of how humans behave. “Stand and be counted” is an expression for a reason. Standing up and making a statement requires a very deliberate choice.
It’s very hard to capture that level of accountability and deliberation in any kind of electronic voting situation. The best I can do is to have the voting system be physical with feedback, so that you have to be quite deliberate about pushing the button.
What you absolutely don’t want is iPads with wifi.
What they will want to do is iPads with wifi. Because innovation! progress!
iPads with wifi is terrible on many many fronts. In brief:
- it introduces the risk that the voting system can be attacked from outside
- it introduces a constant cycle of technological maintenance and upgrades, with associated never-ending costs and ever-escalating risks
- it introduces the risk that MPs can vote without being physically in the chamber
- it introduces the risk that MPs can vote for other members
- it removes the physical intention that standing to vote embodies
- it moves the vote into a noisy distraction space where people are used to clicking without consequences: to buy things, to select news headlines, to play music, etc.
- it introduces a huge potential distraction in front of MPs, unless the iPad is extremely locked-down in terms of its features
To mitigate this you could physically wire the iPads into the desks and have the vote only possible to be cast by transmission over the iPad connector, but there is pretty much zero chance they would design it this way.
If it’s not iPads with wifi, the temptation will be to use “clickers” because they are easy to procure. However clicker systems break down all the time.
The error was caused by the electronic clickers used in voting, said General Synod Chancellor David Jones.
above from Anglican Journal – Voting error reveals Anglican same-sex marriage motion passed after all
All of the voting data would have to be published as open data (which it already is), ideally with analysis ongoing to check for anomalies.
Summary of Electronic Voting in the House of Commons
In summary, it is possible to design a system because you can have visible indicators and checks. Each individual MP can check that their vote was properly cast and counted, and the House as a whole can observe the votes and validate them against expectations. Because the vote is not secret and not anonymous, it’s possible for multiple individuals and groups to validate the vote.
I’m not saying it’s a good idea. I’m saying you could design it to mitigate risks.
My ideal system would have:
- one-by-one voting
- clear indication of how each member has voted, with cross-checking
- design that limits the possibility of accidentally voting the wrong way
- design that forces you to be very intentional and physically aware of your vote
The current stand-and-speak division voting has these properties, but a very-well-designed electromechanical system could come close.
Internet Voting in a Public Election
Internet voting (or voting in a public election in general) is very different from voting in the House of Commons. Voting is secret. If only the Elections Act said it that clearly. Oh wait, it does:
163 The vote is secret.
above from Canada Elections Act
Sidebar: The Canada Elections Act is beautiful. Readable and extremely well-designed to mitigate risks to voting. END Sidebar
Not only is the vote secret, but individual voters are not permitted to share how they voted, in order to limit coercion.
- Secrecy at the poll
(2) Except as provided by this Act, no elector shall
- (a) on entering the polling station and before receiving a ballot, openly declare for whom the elector intends to vote;
- (b) show his or her ballot, when marked, so as to allow the name of the candidate for whom the elector has voted to be known; or
- (c)before leaving the polling station, openly declare for whom the elector has voted.
above from Canada Elections Act
Votes used to be cast by individual voters stating their vote out loud (the exact system that is still in use in the House of Commons). This led to voters being coerced in many different ways. You can see more about the history of how we ended up with secret ballots in Andrew Appel’s presentation and my presentation.
Therefore in order to meet the same standards we have for paper ballots, the Internet vote in a public election must be
- difficult to coerce
It is, simply put, not possible to do this with Internet voting systems today. It may never be possible. The risks can’t be mitigated in the way that they can for the very different requirements of non-secret, non-anonymous, possible-to-coerce electronic voting in the House.
In case you’re wondering why this discussion comes up now, electronic voting in the House is proposed in the March 2017 document Reforming the Standing Orders of the House of Commons.