If you’re looking for an entertaining and vigorous discussion of Internet voting, don’t look here, but do look to William J. Kelleher, Ph.D’s paper “Internet Voting: the Great Security Scare”, or to the OpenGove web page that is the short form of his argument that “Internet Voting Is Coming” at IdeaScale:
Don’t be by the self-styled “experts on security.” They are just playing on people’s fear for their own self-promotion. They claim that their expertise in reading programming codes makes them Oracles on Internet voting security. In fact, they are engaging in very amateurish social science analysis of cyber crime. … Mature social science thinking about the issues they raise shows that they are fear mongers, bereft of rationality. … Internet voting has the power to make all public officials directly dependent upon the voters. The days of Superrich Domination in US elections are numbered. Internet voting in all US elections is as inevitable today as the rise of the automobile was 100 years ago.
My point for today is the risk that comes from fuzzy thinking of the sort that Kelleher’s paper exemplifies. The rhetoric may be goofy, the thinking may be fuzzy — but once it’s published, it becomes referenced as a published authority. One reason why this can happen, especially with issues touching on Internet security, is that there are many specious arguments that sound sensible to non-technical folks. Eric Rescorla, in his Educated Guesswork blog, does a good job of giving a few examples of Kelleher’s plausible mis-representation and specious argumentation. To encourage you to read Eric’s blog, I’ll provide my favorite bit:
“[Kelleher] … depends on the ever-popular “argument from incredulity” … incredulous that there could ever be widely deployed malware that infects a large number of computers. As it happens, however, not only is this possible, we already have several worked examples in the form of large botnets.”
I bring this to your attention, not to take a position on Internet voting* but to point out how tricky the public discourse on the topic actually can be. It often gets tricky, because of the technical nature of Internet security, and the general lack of understanding of the relevant technologies. And in particular, to my fellow “experts on security”, may I say: please don’t just assume that everybody understands both Internet security technology and how U.S. elections actually work. If you do assume that, your otherwise credible remarks will very often be received as though you were “bereft of rationality.”
* The term “Internet voting” means a lot of things, but in this case I mean: the use of ordinary home or office PCs to run ordinary software tools like web browsers or e-mailers, to compose ballot information and send it over a public data network.