Does Ontario need videogame democracy?
I read Queen’s Park columnist Martin Regg-Cohn’s opinion of on-line voting in the Toronto Star. I like Martin Regg-Cohn, and respect the insight he brings to his political commentary. When we’ve played hockey together, he also back checks, and as his goaltender, I like that too. He believes in on-line voting. I do not. It’s the wrong response to declining voter turnout. I suspect that most people who have worked in political organization, networking and software development will see the great risks in on-line voting as well.
On August 1, 2013, the Toronto Star published a guest column I wrote about on-line voting. You can see it by clicking here.
Along with your birth certificate and your passport, which are “foundation” documents, a vote is a “foundation” activity in a democracy. So is marriage. In all cases, you have to show up to get the document, and you should have to show up cast a ballot and be united in marriage. On-line voting advocates assume away the very considerable risks and expense, and the certainty of abuse, that on-line voting will bring. Let’s examine a few of them.
There is no audit trail in an on-line vote. Right now, the ballot box at every poll is sealed in the presence of physical witnesses. If the outcome remains in doubt, the individual ballots can be recounted, and looked at to determine the voter’s intention in marking the ballot. The sheer number of human beings physically present and watching as voters turn up makes the integrity of the ballot box very, very difficult to breach. Nonetheless, people try to cheat every election.
Far from being as visible as paper ballots and public polling places, hackers thrive in the four years (give or take) of dark time between scheduled elections. While proponents of on-line voting point to the ubiquitous use of on-line banking and other daily transactions, the fundamental and critical difference is that those other systems are used, debugged, watched, backed up and stress-tested each and every day by experts who know them inside out.
A determined hacker looks for an open software “port” to be able to gain access to information inside a computer system. Password lists can be decrypted with enough determination. Gradually, a skilled and determined hacker can (and in this case almost certainly will) gain “root” access to the system, with all the rights and privileges of a full administrator, which includes for example:
- The ability on election day to lock out any or all authorized users;
- The ability to introduce malware into the system that might, for example, cause every vote (or every third or fourth vote) for one party to be cast for another party, or to simply cause every vote to be recorded for a specific party, in some ridings or all ridings;
- The ability to prevent the system from ever working during the writ period;
- The ability to register and record votes before the writ period starts;
- The ability to lock out the results from being posted;
- Anything else you can dream up, and a lot you likely can’t.
Whether gaining access to the software’s root, which enables a hacker to take complete control of the system on election day, or wilfully corrupting the process or the outcome, the first and only chance voters would have to see what damage might be done to their democracy would be on election day. Want to see what Elections Ontario and its once-every-four-years software is up against? Click here for just a small example.
Global cybercrime is estimated by the Norton division of Symantec at nearly $400 billion annually, more than the annual global market for marijuana, cocaine and heroin combined! Symantec estimated Canadian cybercrime costs victims in this country some $1.4 billion. Among the prominent on-line businesses that operate every day, all the time, and have been hacked are: Linked-In, eHarmony, a number of larger U.S. banks; and American Express.
An Ontario on-line voting would be used just once every four years. It is not like a bank or a retailer, where your system is in continuous use all the time. There is no opportunity to properly debug the system when it goes awry on election day, or to properly debug it between elections, or to stress-test the system to determine if it would stand up to the load on the servers, or to outside events. As an example, Enersource’s web servers could not handle the traffic influx this summer when the July rain storm knocked out power across much of the GTA. People got their information on-line from Facebook and Twitter.
If a voter casts a ballot in person, and at about the same time, an on-line vote in that person’s name is made, the latency of removing that person from the list of voters who have cast their ballot almost certainly means that both votes will count. How does a software system that’s used just once every 1,470 days anticipate that problem? It doesn’t. What happens if Mr. and Mrs. Ontario show up at the polls, only to be told by the returning officer that they’ve already voted on-line, and kick up a fuss? They will be allowed to vote in person, in the traditional way, and both votes will count, including the on-line ballots presumably cast by someone who may have hacked their authentication and authorization data.
On-line votes would instantly become a negotiable commodity. What are a voter’s user ID and password (or whatever else serves to authenticate and authorize an on-line ballot) worth? Are they worth a beer? Ten or twenty bucks? Maybe more? Planning to be at work, out-of-town on business or on vacation on election day? No problem. Just provide your information to your favourite party, and they’ll ensure you vote. For them, of course. And what happens when cynical voters give their authentication and authorization information to everyone who asks? How do you deal with mass rallies which, after some extended, fact-challenged and pressure-packed propaganda, exhort voters to take out their phones and vote right then and there, on the spot? There is no stepping back, no fact-checking or sober second thought with such an on-line ballot.
Concerts for young people at which the voting “pitch” comes partway into the program; televangelist-type late-night TV that make the pitch after an hour-long harangue; open-mouth radio whose host(s) deliver the pitch after days of ragging on any particular individual or party. “Pick up your phone,” they will say. “Make that call. Our operators will take your information, and cast that ballot for you.”
At stake is not somebody’s savings account, what classes they might take, or how they use their affinity points on a credit card. The reward for cheating in on-line voting is to get your hands on the levers of a $125 billion budget and to govern 13 million people. That’s a powerful motivator. Starting with the present-day election turnout of about half the eligible voters, the theoretical upside of the turnout is 150 percent, assuming everyone who wants to manipulate the system, for whatever their ends may be, ensures that every eligible Ontarian votes on-line, whether that voter knows he or she cast an on-line ballot or not. And what happens if, on election day, a party that has never elected a single member in Ontario election history forms a strong majority government based on a voter turnout of 115 percent of the electorate?
For about ten years, I was part of a Microsoft program called Most Valuable Professional, or MVP. One day, I asked the VP then in charge of Windows development, which then employed 7,000 people, how they made on-time decisions to keep product development moving forward. “Decisions,” he said, “are made by people who show up.”
I’m an MPP, and I have pushed the Ontario Legislature hard to use information technology in more areas, and use it better. But as an elected representative, I am raising serious issues about the potential for abuse, and about the lack of integrity of on-line voting. I have not even begun to discuss the difficulty and expense of developing a computer hardware-and-software system that is used once every four years, and then gathers dust and obsolescence while hackers burrow into it for the next election. Elections Ontario head Greg Essensa met with me, one-on-one, and we talked about the election and voting process at length. My advice to Greg Essensa was simple: don’t do it! The great risks far outweigh the few perceived benefits. Mine is not a video game democracy. I agree with Microsoft. Democratic decisions in Ontario should continue to be made by people who show up.