I haven’t been able to find any decent report of the electronic voting trials taking place today in the local council elections, the best is probably Jason Kitcat. I have these comments to make about the principle:
It is not presently (nor in the foreseeable future) possible to construct a secure, Internet-based system for remote electronic voting.
Dr. Rebecca Mercuri, Bryn Mawr College, 2002
The main reason is that you have many conflicting and contradictory requirements. You need to check that the mechanism to vote is actually available; the entitlement of the person to vote; that they vote only once; that privacy is maintained; that no coercion has taken place; that the voter gets positive feedback that their vote has been cast as they directed; and that the candidates and other observers get an unambiguous assurance that count mechanism is accurate and unbiased. Note that some of these are not the same requirements as for commercial transactions; that interaction is deliberately not anonymous (else you won’t get anything delivered nor charged), nor are the requirements for all elections the same.
No voting system is going to meet all these requirements but the added factor in remote electronic systems is the possibility of automation generating sufficient mis-votes to influence the outcome. Proving identity is not done at the ballot box but the attendants are going to notice gross abuse; Privacy is weakened by numbered ballot slips but it takes a manual, obvious and difficult cross reference to trace back each vote, unlike electronic systems where the identity and the vote cast can easily be in the same or linked databases; no one can twist your arm when marking your cross; you put the slip in the locked box personally; representatives of all interested parties can see the count, where the actual voting slips are present laid out on the table and they can oversee any queries that arise.
Introducing the internet into this is to shroud the whole process in a dense fog. You cannot rely on the security of the entry device (home PC) nor the transport mechanism (ISP to global internet). No amount of encryption can compensate for the huge number of home systems that are vulnerable and exposed. It is analogous to leaving ballot boxes unsupervised on street corners for a few days as you have no way to tell how the voting slips arrived. To continue the analogy, how can the voter recognise a genuine ballot box—read “spoofed voter web sites”. Finally, if you get your vote to the correct system, the opportunities for that server, connected to the world, to be attacked are not insignificant. In a recent case, personal details of applicants for NHS positions were exposed alongside their names; this is despite the system requirement to strip off these details before recording the data at all.
There are arguments in favour of electronic polling stations but the systems used must be independently audited (not proprietary black box systems) and provide a printed feedback confirmation of the vote cast which can be deposited in a ballot box in case a manual count is needed e.g. in case of system failure, compromise or dispute.
Dr. Mercuri goes on to say
To say that “it is probably impossible to make any system perfect” and then use this as an excuse to impose a horribly imperfect and flawed process on the voting public, is sorely misguided.
All that is required of a voter is that sometime between 8 am & 10 pm on a specified day, they should walk into their designated polling station and place a cross on a piece of paper. Anyone who cannot or will not do this should be disenfranchised. The vast majority of people could do it if they wanted to.
You could make it even easier by having more polling stations or by allowing people to vote at any station in a district, or even in far distant ones.
If the idea is to make more people vote – then they could try some sticks and carrots. It could be made compulsary. You reduce council tax for those people who vote and increase it for those that don’t.
Proof of identity should be required.
Hi Michael, you make a lot of points here. In general I agree, I don’t see any point in pandering to those who can’t get off their backsides. An alternative mechanism is needed, but only for those who cannot get to the booth for genuine reasons not idleness.
Whether sticks or carrots are needed is another matter—if they don’t vote then they get the government they deserve, which in general they have for a number of decades since.
Identity; Identity; That is always a problem, who am I if I am not among people that know me. There is no easy answer to this one, and especially not in a small comment box.
I am coming round to the idea that we will have to have an identity card. It should just state your name, ID number, year of birth, gender & height. The associated database would just contain that data plus details of how your identity was established. I would start off by issueing them to school leavers & those people getting non-mandatory benefits. That is, not, for instance, to people getting the state pension. Once the system was up and rolling, then you could start issueing them to everyone in age cohorts. At the same time it would become a legal requirement that all financial cards would carry the National ID number. Foreigners would get a card as they arrived at the border. If they were legal entrants that is. These would carry their passport number as they wouldn’t have a National ID number.
The other day I renewed my vehicle tax online. I was quite impressed that it checked my insurance and MOT certificate in about 15 seconds!
Rgds
Michael
Just picking up on one thread in your comment Michael, I hope that you are not proposing that the number be actually used for proving identity in financial transactions. This would promote the same disaster as they have in the USA with the Social Security Number. It is hardly likely to be a secret and so doesn’t establish any identity at all, particularly in “Cardholder Not Present” transactions.
In fact I can’t see that the card as you propose, even with the database behind it, establishes anything at all except that at some time, someone with that description may have applied for it. Associating it with any particular person some time in the future would be impossible.