August 14, 2020

Archives for April 2020

Fair Elections During a Crisis

Even before the crisis of COVID-19, which will have severe implications for the conduct of the 2020 elections, the United States faced another elections crisis of legitimacy: Americans can no longer take for granted that election losers will concede a closely fought election after election authorities (or courts) have declared a winner.

Along with two dozen other scholars (in Tech, Law, Political Science, and Media), I joined an ad-hoc working group convened by Professor Rick Hasen of the U.C. Irvine Law School, to make recommendations on steps that American election administrators (and others) can take this year to deal with these two overlapping crises. Our report has just been released:

Fair Elections During a Crisis: Urgent Recommendations in Law, Media, Politics, and Tech to Advance the Legitimacy of, and the Public Confidence in, the November 2020 U.S. Elections.

We make 14 specific recommendations. In Law: regarding absentee ballots, emergency plans, COVID-19, vote-counting dispute-resolution protocols. Media: how media can provide accurate information to voters about the election process, expectations for timing of election results (slower this year than before). Politics and Norms: Funding for COVID-19 costs, bipartisan Election Crisis Commission, principles for fair elections, responsibilities of social media. Tech: paper ballots and audits, resilient election infrastructure, .gov domains for election officials, monitoring and auditing of voter-registration databases.

Can Legislatures Safely Vote by Internet?

It is a well understood scientific fact that Internet voting in public elections is not securable: “the Internet should not be used for the return of marked ballots. … [N]o known technology guarantees the secrecy, security, and verifiability of a marked ballot transmitted over the Internet.

But can legislatures (city councils, county boards, or the U.S. Congress) safely vote by Internet? Perhaps they can. To understand why, let’s examine two important differences between legislature votes and public elections:

  1. Public elections require the secret ballot; legislatures can vote by public roll-call vote.
  2. Internet voting requires digital credentials; the U.S. has no effective way to distribute digital credentials to the public, but it is feasible to provide credentials to members of a legislature.

The cyberthreats facing any kind of Internet voting include:

  • (A) hackers impersonating a voter,
  • (B) hackers exploiting server vulnerabilities to fraudulently change the software that counts votes,
  • (C) hackers exploiting (voter’s phones and laptops) client vulnerabilities to fraudulently change the software that transmits votes, and
  • (D) Other attacks, such as denial of service: prevent some legislators from acccessing the Internet.

(Blockchain can’t solve these problems; see pages 103-105 )

But suppose a legislative body wished to avoid meeting in person during a pandemic. Could these threats be mitigated sufficiently?

(A) It is feasible to distribute security tokens to the 15 members of a county commission or the 435 members of the House of Representatives, in a way that’s not feasible for 235 million registered voters. Even without security tokens, a Member who is personally known to the clerk of the legislature could vote by video chat, in an emergency. (Caveats: Security tokens are highly secure but not perfect; video chat could be subject to deep fakes; but see below for mitigations.)

(B,C) Attacks that compromise the client or server computers can be detected and corrected, if everyone’s vote is displayed on a “public bulletin board.” That is, each member of the legislature would transmit his or her vote, then must check the public roll-call display to make sure the vote was reported and recorded accurately.

Checking the public roll-call display isn’t so simple, since hackers could alter the member’s client device (e.g., laptop computer or phone) to make it lie about what’s downloaded from the roll-call display. A Member should check the roll-call from a variety of devices in a variety of locations, or (perhaps) coordinate with other Members to make sure they’re getting a consistent report.

This remote workaround would not be simple and easy. Careful protocols must be designed to limit the amount of time for members to contest their vote; one must consider what happens if Members game the system (by falsely claiming their vote was altered); one must consider what happens if lobbyists are literally sitting next to the member during voting (which is less likely when the member is gathered in a public place for a traditional vote). What do the legislatures quorum rules mean in this context? And many legislatures prefer to take many votes by “voice vote” where each member’s individual vote is not recorded.

And just because Internet roll-call votes may be feasible to secure, that doesn’t mean they’re automatically a good idea, or legal: see this report by the Majority staff of the House of Representatives.

Conclusion: we know that Internet voting by the public is impossible to secure, and thus we must not vote by Internet even during the COVID-19 epidemic. But Internet voting by legislatures is not necessarily impossible to secure, and could reasonably be considered. If legislative bodies desire to meet and vote remotely, there is still plenty of work to do to actually secure the process. And that’s difficult to do in a hurry.