May 26, 2020

Emergency Motion to Stop Internet Voting in NJ

with Penny Venetis

On May 4th, 2020 a press release from mobilevoting.org announced that New Jersey would allow online voting in a dozen school-board elections scheduled for May 12th. On May 11, the Rutgers International Human Rights Clinic filed an emergency motion to stop internet voting in New Jersey. During a conference on May 18 with Superior Court Judge Mary Jacobson, the State notified the court that it had abandoned its plans to use internet voting for the upcoming July 7 primary election. 

The Clinic, led by Rutgers Law School professor Penny Venetis, argued that the Democracy Live online voting system (that New Jersey planned to use) violated a broad court order issued in March 2010 by Judge Linda Feinberg.  That order was issued in the Clinic’s case Gusciora v. Corzine, which challenged paperless voting machines as unconstitutional.  

The March 2010 court order stated clearly and unequivocally that no part of any New Jersey voting system could be connected to the internet, under any circumstance.  New Jersey has a continuing obligation to ensure that the order is followed, and that all voting-related software is “hardened” on a regular basis.

Democracy Live’s voting portal permits voters to transmit their cast ballot, via the internet, to county election officials, for tabulation.  Despite the state’s assertions to the contrary, it is an internet-based system that violates the 2010 order in Gusciora.  Princeton Professor Andrew Appel filed a certification (for the emergency motion) discussing the overwhelming scientific consensus that internet based voting is insecure.  The IHR Clinic also provided the court with scientific reports, a US Department of Homeland Security report, and a letter from the US House of Representatives Homeland Security Committee.  Those documents all discussed the insecurity of the Democracy Live system (or any system with online ballot return).  Susan Greenhalgh of Free Speech for People, participated in negotiations with the State.  The Washington Post covered the lawsuit favorably on May 14th.  Common Cause, the Brennan Center, and Verified Voting wrote New Jersey Governor Phil Murphy on May 15th, in support of the IHR Clinic’s position.  

In the hearing on May 18th with Judge Jacobson, the State agreed not to use online voting in the July 7th primary elections, but did not commit to abandoning Democracy Live’s online portal for the November 2020 Presidential election.

Judge Jacobson ordered the IHR Clinic and the NJ Attorney General’s office to file a joint document by June 8, 2020 that lays out the resolution of the May 11th court filing.    As a result, the court will keep the IHR Clinic’s matter open, in the event it needs to issue a ruling to enforce the 2010 order that bans internet use for voting in New Jersey.

Fair Elections During a Crisis

Even before the crisis of COVID-19, which will have severe implications for the conduct of the 2020 elections, the United States faced another elections crisis of legitimacy: Americans can no longer take for granted that election losers will concede a closely fought election after election authorities (or courts) have declared a winner.

Along with two dozen other scholars (in Tech, Law, Political Science, and Media), I joined an ad-hoc working group convened by Professor Rick Hasen of the U.C. Irvine Law School, to make recommendations on steps that American election administrators (and others) can take this year to deal with these two overlapping crises. Our report has just been released:

Fair Elections During a Crisis: Urgent Recommendations in Law, Media, Politics, and Tech to Advance the Legitimacy of, and the Public Confidence in, the November 2020 U.S. Elections.

We make 14 specific recommendations. In Law: regarding absentee ballots, emergency plans, COVID-19, vote-counting dispute-resolution protocols. Media: how media can provide accurate information to voters about the election process, expectations for timing of election results (slower this year than before). Politics and Norms: Funding for COVID-19 costs, bipartisan Election Crisis Commission, principles for fair elections, responsibilities of social media. Tech: paper ballots and audits, resilient election infrastructure, .gov domains for election officials, monitoring and auditing of voter-registration databases.

Can Legislatures Safely Vote by Internet?

It is a well understood scientific fact that Internet voting in public elections is not securable: “the Internet should not be used for the return of marked ballots. … [N]o known technology guarantees the secrecy, security, and verifiability of a marked ballot transmitted over the Internet.

But can legislatures (city councils, county boards, or the U.S. Congress) safely vote by Internet? Perhaps they can. To understand why, let’s examine two important differences between legislature votes and public elections:

  1. Public elections require the secret ballot; legislatures can vote by public roll-call vote.
  2. Internet voting requires digital credentials; the U.S. has no effective way to distribute digital credentials to the public, but it is feasible to provide credentials to members of a legislature.

The cyberthreats facing any kind of Internet voting include:

  • (A) hackers impersonating a voter,
  • (B) hackers exploiting server vulnerabilities to fraudulently change the software that counts votes,
  • (C) hackers exploiting (voter’s phones and laptops) client vulnerabilities to fraudulently change the software that transmits votes, and
  • (D) Other attacks, such as denial of service: prevent some legislators from acccessing the Internet.

(Blockchain can’t solve these problems; see pages 103-105 )

But suppose a legislative body wished to avoid meeting in person during a pandemic. Could these threats be mitigated sufficiently?

(A) It is feasible to distribute security tokens to the 15 members of a county commission or the 435 members of the House of Representatives, in a way that’s not feasible for 235 million registered voters. Even without security tokens, a Member who is personally known to the clerk of the legislature could vote by video chat, in an emergency. (Caveats: Security tokens are highly secure but not perfect; video chat could be subject to deep fakes; but see below for mitigations.)

(B,C) Attacks that compromise the client or server computers can be detected and corrected, if everyone’s vote is displayed on a “public bulletin board.” That is, each member of the legislature would transmit his or her vote, then must check the public roll-call display to make sure the vote was reported and recorded accurately.

Checking the public roll-call display isn’t so simple, since hackers could alter the member’s client device (e.g., laptop computer or phone) to make it lie about what’s downloaded from the roll-call display. A Member should check the roll-call from a variety of devices in a variety of locations, or (perhaps) coordinate with other Members to make sure they’re getting a consistent report.

This remote workaround would not be simple and easy. Careful protocols must be designed to limit the amount of time for members to contest their vote; one must consider what happens if Members game the system (by falsely claiming their vote was altered); one must consider what happens if lobbyists are literally sitting next to the member during voting (which is less likely when the member is gathered in a public place for a traditional vote). What do the legislatures quorum rules mean in this context? And many legislatures prefer to take many votes by “voice vote” where each member’s individual vote is not recorded.

And just because Internet roll-call votes may be feasible to secure, that doesn’t mean they’re automatically a good idea, or legal: see this report by the Majority staff of the House of Representatives.

Conclusion: we know that Internet voting by the public is impossible to secure, and thus we must not vote by Internet even during the COVID-19 epidemic. But Internet voting by legislatures is not necessarily impossible to secure, and could reasonably be considered. If legislative bodies desire to meet and vote remotely, there is still plenty of work to do to actually secure the process. And that’s difficult to do in a hurry.