Is Security the Problem for E-Voting?

One of the most vexing frequent issues in e-voting debates is the idea of security vulnerabilities. I don’t think that security is *the* problem with actual e-voting systems, but I do think that in-security concerns are a significant problem with the way many people think about how we do e-voting.

There are many voices in the debate on insecure voting systems, but taking exception to the debate itself is one voice I think is noteworthy: Michael Shamos. For a recent, brief look into his views, see a recent C|net interview "Shamos: Why e-voting paper trails are a bad idea."

In addition to the question "Is paper the solution?" the interview touches on the question "Is security the problem?" You can read for yourself why Shamos says "no" to both, but I wanted to add a (hopefully) simple pair of observations.

1. (In)security is not a fundamental techical issue for voting systems; it is a derived or secondary issue. It’s derived from (as I think Shamos would agree) the fact that some voting systems are poorly engineered and have demonstrated unreliability. Starting there, sure you can assume plenty of potential security vulnerabilities, and easily find a few.

2. Security concerns arise from awareness of flakey voting systems; that awareness (for most people) arises from press coverage, blogging, etc. about incidents of voting machine mishehavior. The concerns get magnified with more coverage of potential security problems with the flakey machines. These concerns are a relevant issue for voting systems. Trust in the election process is critical, and it’s undermined by these concerns, and by the incidents and coverage that drive them.

As Shamos points out, we know that purely paper based systems can be easily subverted. Adding computing to the election system is going to help only if the technology can be trusted at least as well, or better, than pure paper systems. The current market approach has failed there. Adding paper trails to the computers might help with some people’s concerns over transparency — making an important contribution to trust — but it won’t make the existing computers more worthy of public trust, nor will it alleviate security concerns over the use of of those current systems that appear to be unreliable.

So, electronic ballots or paper ballots, electronic systems with or without paper trail, we still need to develop trustworthy election technology. So, I better get back to work!