Tag: USA

evaluation of Predicting the Future – online voting

I want to give credit to Andrew Weinreich for the first two of his three Predicting the Future online voting podcasts.

Episode 7 (Online Voting episode 1): Can online voting defeat the broken Electoral College?

Episode 8 (Online Voting episode 2): Hacking elections, DDoS attacks, and online voting around the world

What I liked is that he gives people time and space to talk, in particular in episode 8 there is lots of time given to Dan Wallach, enabling Dr. Wallach to clearly articulate his positions around online voting.  As well, David Dill has an opportunity to provide his position.

(Both Dr. Wallach and Dr. Dill are on my list of Internet voting computer security experts.)

You can listen to this podcast and learn a lot about the computer science perspective, which isn’t often the case.  (In a similar vein of presenting computer science expertise well, consider Reveal’s podcast Internet voting is a bad idea.)

You know there’s a “but” coming, right…

Expert Assessment of Risk

Where things run into problems in the Predicting the Future podcast, particularly in episode 8 about hacking elections, are in the weighing of risk and in the summation of the computer science expertise.

I have seen similar disconnects in discussions about municipal online voting.  Basically what happens is the computer scientist says there are risks, and the counter-argument that is presented is that there are also benefits, but this misunderstands scientific communication.

What the computer scientists are saying is not that there are risks (everything has risks) but that it is not possible with current technology to adequately mitigate those risks.   Basically this is a problem of estimative language, and it’s why national security agencies have entire systems to describe what they mean when they say something.

Here’s an an example of estimative language from the Canadian Communications Security Establishment (Annex A of Cyber Threats to Canada’s Democratic Process).

CSE Annex A Estimative Language

You can see similar language in Annex B of US Intelligence report ICA 2017-01D.

What computer scientists are saying is that compromise of online voting is Very Likely, and that there is no way to mitigate the risk below Very Likely.

There is simply no benefit that outweighs an 80% or more possibility that your election results can be hacked.  And that would be even if Internet voting were implemented with all possible best practices, but the evidence is it almost certainly wouldn’t be.  There have been examples time and again of election technology security falling somewhere between lax and incompetent.

Sometimes I cite this language from the Utah iVote Advisory Committee Final Report (April 2015):

Given that sufficiently secure Internet voting systems do not yet exist, they would need to be built.
Of course, some systems, like a stone bridge to the moon, are impossible to build. Others, like a stone bridge to Hawaii, are so exorbitantly expensive as to remain a fool’s errand.

which is to say, there are some things that are either currently not possible or beyond the realm of affordability.  This is based on expert assessments.  You may not want to believe the assessments, but that doesn’t make them untrue.  Sometimes truth is inconvenient.

We are talking about adding a lot of additional security risks, unnecessarily

Security threats not found in current Canadian federal paper election system
(above from Table 1: Security threats to elections not found with in-person, hand-counted paper voting in Canadian online voting report, citing Dr. Essex)

Political System Issues and Turnout

Fundamentally, the goal of the podcast is to explore turnout.  But only from a technology lens.  Which is, basically, solutionism.  Technology is not always a solution, and it’s definitely not always the best solution.

I am ill-placed to comment on turnout in the United States, but there are two lenses one could apply.  One is process design.  For this I look to The epic journey of American voters.

Fix the process burdens described in the Center for Civic Design’s report, and a big part of voting will have improved.

Just as one example, in many countries, the state actively tries to ensure that voters are registered.  For Canadian federal elections, they used to literally go door to door to ensure people were registered, in a process called enumeration.  Now, checking a single box on your Canadian federal tax return ensures you’re registered to vote.

The second lens is what I would call voting constraints.  The US elections are not an unconstrained system in which the only thing preventing voting is convenience.  There are two significant constraints imposed that could be addressed through a combination of technological and political measures: one is the (to non-Americans) absurd level of gerrymandering of districts (enabled to a large part by what one could consider misuse of technology in order to microtarget the district designs) and the other is the deliberate attempts to suppress turnout through various measures (an evolution of the Jim Crow era, in which there were constraints like voting literacy tests).

If you want to talk cost/benefit, then fixing the process, removing gerrymandering and eliminating voter suppression would be (in my non-American opinion) far more impactful than online voting.  Make sure you’re solving the important problems, not just the technologically interesting ones.

So there are real problems, and real solutions.

Now let’s come to turnout.  Turnout is very complex.  It depends on lots of factors including the issues, the candidates, and the political culture.  It can vary from election to election in the same location.  Trying to compare across countries that have very different cultures and issues is a bit of a mess.  And trying to compare across vastly different sizes of elections is also a mess.  The evidence is that offering online voting just causes people to shift voting channels, it doesn’t bring in new voters.  I have blogged about this many times before, e.g. online voting doesn’t increase turnout.

I do want to mention three countries specifically however:

  1. Canada
  2. Estonia
  3. Switzerland


There is only online voting in municipal elections in Ontario and Nova Scotia.  Voting in Ontario was extensively studied and the result is a maximum effect of 3% increase in voter turnout.

Goodman, Nicole and Stokes, Leah C, Reducing the Cost of Voting: An Empirical Evaluation of Internet Voting’s Effect on Turnout (October 6, 2016). Available at SSRN: https://ssrn.com/abstract=2849167

As you will recall, I earlier assessed risks to online voting as “Very Likely” (80% or greater potential for compromise).

So if you want to do an apples to oranges comparison, you’re basically looking at 3% turnout increase in exchange for adding massive risks to the integrity of your voting system (in the shift from paper ballots to online voting).


Let’s be blunt: Estonia is a small country.  The total population is about 1.3 million.

The idea that we can trivially generalise from Estonia to Canada (30 times the population) or the US (300 times the population) is at best dubious.

In any case, Estonia provides all of its turnout numbers.  This gets presented in different ways according to the biases of the presenter.  I can, for example, use the numbers to say that after 8 years, less than a third of Estonians use online voting.  I can also say that Estonia’s turnout, with the magical boost of online voting was… only up 2.3% over 8 years and was lower than Canada’s completely paper-based turnout in 2015.

Statistics about Internet Voting in Estonia

Plus which, let’s be concrete about what less than a third means in real numbers of voters in Estonia.  It means approximately 176,000 votes cast online.

Do we seriously think countries are so interchangeable and voting cultures so universal that we can generalise from about 176,000 online votes in Estonia to about 128,000,000 votes in the last US Presidential election?  This is not about scaling up, this is a mouse and an elephant.  They’re not comparable.

And that’s setting aside the fact that the Estonian e-voting is not secure and that it relies on a every citizen having a national digital ID, which is spectacularly unlikely to ever be the case in the US.

As the only country with national online voting, I understand why Estonia comes up again and again, but let’s be realistic about the fact we’re talking about a system that 70% of the country’s voters don’t use, and that only represents 176,000 votes cast anyway.


Switzerland has voting in some municipalities in some cantons (not national or even state-level voting by any stretch).  Switzerland also has no culture of voting privacy (traditionally voting was done by show of hands, and in fact in many municipalities this is still the norm) and it has much more frequent votes on more things.  We are again talking about a small number of votes cast online (less than 300,000).  And we’re talking again about less than 25% of voters choosing to vote online.  And, as always, it doesn’t increase turnout anyway.  And in Switzerland one of the systems had to be removed because it was determined to be insecure.

How many ivoters in Switzerland

For more on Switzerland:

Country Examples Summary

Mostly we have small examples.  Without exception, the increases in turnout are between miniscule and nonexistent.  These are based on long-term, serious, analytical academic studies.  The evidence is in.  Online voting does not increase turnout.


I give lots of credit to Andrew Weinreich for doing really diligent and comprehensive research and for letting his guests clearly express their opinions.

Where I disagree is in the reframing following the computer science speakers, where Weinreich says (starting at 23:29 into the Hacking elections episode)

“Leading computer science academics are deeply sceptical of Internet voting and are actively campaigning against its utilisation, not because theoretically they don’t think it’s a solvable problem, but because they don’t think it’s worth solving.”

This misrepresents the computer science position (which is incidentally a consensus position of the 96,000+ member Association of Computing Machinery).  The computer science position is that based on known risks and known results (including the cases I have presented above), the risk is too high and the benefits are minimal at this time.  And that the properties of paper ballots cannot be replicated online.  This is an expertise and evidence-based conclusion.

The computer science position is that this is an interesting problem, and one worth continuing to research.  And indeed there is active research on online voting in many different computer science departments and organisations around the world, in part because it is such an interesting and difficult problem.  But we are nowhere near having a solution, so in the same way we aren’t trying to solve electricity problems by promising a Mr. Fusion in every house tomorrow, we shouldn’t creating the expectation that online voting will be workable any time soon.

And keep in mind the computer science conclusions about security were drawn long before the recent incidents of nation-state cyberattacks, which take the risk to an entirely new level.  You can mitigate against an amateur attack, and even against a moderately professional attack.  You cannot mitigate against a nation-state funded expert attack.  If the NSA wants to get into your system, they will.  That’s the level of threat we now know we face.

And that’s just the risks on the technical side, that doesn’t even touch on the possibility of coercion or online guided voting.  Vote online says Mark Zuckerberg.  How far from that to “Facebook has voted for you based on your preferences”?  (And to Weinreich’s credit again he explores some of the possible disruptions that online voting would cause for campaigns and advertising.)

Online voting doesn’t solve any of the very real problems of voter turnout.  In fact it’s so low down the list of potential solutions that when the City of Calgary wrote a 2017 report on increasing turnout (PFC2017-0259 Election Outreach) online voting was rejected deep down in an Appendix (Section 2.1 Internet voting in Attachment 3, to be precise).

I admire when people want to improve their democracy, want to increase turnout, want to improve the experience of voting.  But online voting is not the solution.  Solve the real problems instead.  They are big, and they are hard, and they are mostly political.

video – An Uninvited Security Audit of the U.S. Presidential Election

Computer security researchers J. Alex Halderman and Matt Bernhard report on US voting computer security and the attempts to conduct comprehensive audits of the 2016 election results (recounts) in Wisconsin, Michigan and Pennsylvania.

Video also available (including for download) at https://media.ccc.de/v/33c3-8074-recount_2016_an_uninvited_security_audit_of_the_u_s_presidential_election#video

Halderman and Bernhard were presenting at the hacker conference Chaos Communication Conference (CCC) on December 28, 2016.

The slides may become available on the presentation page https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8074.html

Matt Bernhard tweets @umbernhard

You can find more about J. Alex Halderman in my list of computer security experts https://papervotecanada2.wordpress.com/2016/11/19/internet-voting-and-computer-security-expertise/#JAlexHalderman

Election Infrastructure declared critical by US Dept of Homeland Security

Election infrastructure is vital to our national interests, and cyber attacks on this country are becoming more sophisticated, and bad cyber actors – ranging from nation states, cyber criminals and hacktivists – are becoming more sophisticated and dangerous.

Statement by [US Department of Homeland Security] Secretary Jeh Johnson on the Designation of Election Infrastructure as a Critical Infrastructure Subsector – January 6, 2017

There was also a joint statement from US intelligence agencies about  Foreign Cyber Threats to the U.S. issued on January 5, 2017

Despite ever-improving cyber defenses, nearly all information, communication networks, and systems will be at risk for years to come from remote hacking to establish persistent covert access, supply chain operations that insert compromised hardware or software, malicious actions by trusted insiders, and mistakes by system users. In short, the cyber threat cannot be eliminated. Rather, cyber risk must be managed in the context of overall business and operational risk. At present, however, the risk calculus some private and public sector entities employ does not adequately account for foreign cyber threats or systemic interdependencies between different critical infrastructure sectors.

(Emphasis mine.)
The report concludes that things are only going to get worse.

Over the next five years, technological change will only accelerate the intersection of cyber and physical devices, creating new risks. Adversaries are likely to further explore cyber-enabled psychological operations and may look to steal or manipulate data to gain strategic advantage or undermine confidence.

Joint Statement for the Record on Foreign Cyber Threats to the U.S. to the Senate Armed Services Committee – January 5, 2017

I am less interested in the details of specific events and specific actors, but nevertheless, on January 6, 2017 the US Office of the Director of National Intelligence released a joint CIA, FBI, NSA report: ICA 2017-01D “Assessing Russian Activities and Intentions in Recent US Elections”

We assess Moscow will apply lessons learned from its Putin-ordered campaign aimed at the US presidential election to future influence efforts worldwide, including against US allies and their election processes.

(Emphasis mine.)
ICA 2017-01D Assessing Russian Activities and Intentions in Recent US Elections – January 6, 2017