Grateful to web software developer Nigel McNie for his permission to reproduce this speech to Wellington City Council. Nigel also writes on IT security at at https://medium.com/@nigelmcnie. He has written a recent mythbuster against online voting and his thought provoking submission to the Justice & Elections Select Committee’s inquiry into the 2014 New Zealand general election is there as well.
This speech was given on the occasion of Wellington Council’s urgent special council meeting called, at short notice, and without prior consultation to meet the central government timetable to decide whether to sign up to the Department of Internal Affairs ‘trial’ of internet voting which may be held at the 2016 local council elections. The council voted to participate by 8 votes to 6.
Mayor Wade-Brown, Councillors, thank you for this opportunity.
I jointly run software development firm Opcode, which has half a million
dollars revenue, and clients in NZ, the US, and the UK. For one of our clients,
we write an online system containing the medical records of thousands of UK
citizens. For several clients, our code and infrastructure have been subjected
to penetration testing by security professionals.
Given this experience, I have a lot to say on the subject of online voting. As
such, I was deeply surprised to read in the agenda for this meeting, the note
that “no consultation is required for this decision”. This is at odds with the
DIA report on online voting, which says “it is advisable to engage in
meaningful public consultation both on the concept of online voting and the
sort of system envisaged”. If this meeting is it, then this is not enough.
The benefits of online voting have not been shown. The DIA report itself
concludes there is no good evidence that online voting raises turnout. Yet in
return, online voting opens the election up to massive new risks that don’t
apply to postal voting.
Hacking is a risk. Consider the Ashley Madison hack. Like the Death Star, one
small hole destroyed the entire website. And there have been hundreds of hacks
this year alone. The Walmart hack, the Sony hack, the US Govt OPM hack, the
Carbonic heists… these are big names!
Phishing is a risk – that’s emailing people links, for example to fake websites
that LOOK real – like what happened to immigration.govt.nz recently. The danger
there is that during election time, everyone could be emailed directing them to
a fake site where they could be tricked into entering their credentials.
Hackers could then cast real votes on behalf of the tricked people.
Malware is also a risk, and could be used to manipulate people’s votes before they
even arrived at the online voting system. No matter how perfect the system is,
such manipulation can be done in undetectable ways.
These problems are all unique to online voting, and they are caused by the
structure of the internet as it exists today. That same structure also means
these problems can be exploited by people anywhere in the world – which is not
true of postal voting.
In 2004, internationally renowned security expert Bruce Schneier said: “Building
a secure Internet-based voting system is a very hard problem, harder than all
the other computer security problems we’ve attempted and failed at. I believe
that the risks to democracy are too great to attempt it.”
Nevertheless, a bunch of countries have tried – and the results have been poor.
Out of the 12 studied in the DIA report, 6 have either discontinued their
systems, or in the case of the Netherlands, has banned online voting entirely.
And of the remaining six, none of them have provided good evidence of increased
turnout.
I understand that Wellington wants to be seen as a hi-tech, progressive city,
but rushing into a politically binding rollout of online voting without
adequate consultation does not send that message. Councillors have a
responsibility to carefully tend our democratic functions, and it makes no
sense to be guinea pigs in a system with such massive risks when no benefit has
been shown.
I urge you to vote ‘no’ to this proposal, at least to allow community
consultation to occur.
I agree with Nigel that any change to election system should be the subject of robust public debate. For the WCC to hold one poorly promoted meeting then make an arbitrary and technically uninformed decision is scandalous. That said, turnouts in NZ local body elections are so low that Councils scarcely have a democratic mandate as it is. Testing online voting in these can hardly make the situation any worse, and is much more sensible than testing it in a general election.
With all due respect for Nigel and his credentials, he totally undermines his argument in his very first paragraph. If it’s safe to put highly sensitive information like ” the medical records of thousands of UK citizens” into an online system which is online all year round, surely the same level of security could protect a system which is only online for a short window, once every three years? Yes, hacking happens, but we still have online medical records, and internet banking, and all sorts of other functions which could have catastropic impacts on people’s lives if they got hacked.
Referencing Bruce Schneier’s comments from 2004 lends no credibility to his argument either. Things that have been invented since 2004; YouTube, GMail, and FaceBook (ok GM and FB were *launched* in 2004), GIT, Android, DuckDuckGo, WikiLeaks, LiquidFeedback, Loomio, DemocracyOS, and most significantly for online security, BitCoin and blockchain encryption! He might as well be quoting comments from 1904, for all the relevance they have to internet security *now*.
Personally, I welcome the online voting experiments in the local body elections, and I’m curious to see what systems are used, and what penetration testing is done. Perhaps Nigel’s competitors in the UK will even get some work out of it 😉
Daniel, thanks for your comment and apologies for the delay in clearing it.
You raise some interesting points. The issues that concerned me most were: the undemocratic nature and short time scale for the meeting; the recent assessment of the Australian Parliamentary enquiry into the 2013 election which concluded that “Australia is not in a position to introduce any large-scale system of electronic voting in the near future without catastrophically compromising our electoral integrity.” http://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Electoral_Matters/2013_General_Election/Second_Interim_Report;
the additional risks associated with the need to separate identity check with anonymity which Nigel mentions; that perception of fraud – rather than actual fraud will invalidate election results and create great instability and finally the number of respected voices within the IT industry who have spoken out about their concerns.