David Plouffe’s View of the Future of Voting — We Agree and Disagree
Gregory Miller
David Plouffe, President Obama’s top political and campaign strategist and the mastermind behind the winning 2008 and 2012 campaigns, wrote a forward-looking op-ed [paywall] in the Wall Street Journal recently about the politics of the future and how they might look.
He touched on how technology will continue to change the way campaigns are conducted – more use of mobile devices, even holograms, and more micro-targeting at individuals. But he also mentioned how people might cast their votes in the future, and that is what caught our eye here at the TrustTheVote Project.
Here’s what Plouffe wrote: “More states will inevitably move to online voter registration and perhaps digital voting. There will be resistance…but our voting system won’t remain disconnected forever from the way we are leading the rest of our lives.”
His last statement – that the voting system will come to resemble more our mobile-device-dependent world – is probably true in the long run. But it’s going to take time, probably more time than we all would like. Even though we can bank, buy coffee, and get a boarding pass for an airplane via our smart phones, voting by smart phone is more complicated—hugely more complicated.
When you’re banking online, the financial institution has to be able, absolutely, to identify and verify it is you who authorized (or didn’t authorize) a particular transaction (such as a purchase with your bank card at Amazon.com). But in the world of elections, the election administrator has to be sure, absolutely, that they can never identify you as the person who cast a particular ballot. It’s completely opposite of online banking because of the sacred assurances of voter anonymity and the secret ballot.
Sure, elections officials should verify you as the individual who is checking in to cast a ballot, but once you have been authenticated, the connection with a particular ballot must cease to exist. And doing that by your smart phone (or any other digital device connected to the Internet) is beyond non-trivial; it’s downright near impossible.
So, there’s a privacy and technology challenge there. In other words, we need security of the ballot, but we also need privacy of the voter. And in the digital world there is an opposite (we call it “inverse”) relationship between security and privacy.
Think about an airport and TSA check points. If you want absolute privacy, you should be able to walk straight to your gate uninhibited. If you want absolute security, you should not be able to do so until everything about you has been identified and verified as that exact person with an authorized ticket to board a plane.
If you think about how awful it would be if your online bank account got hacked, imagine if your state’s online voting system was compromised. Not only could the result be suspect, the fact that an election was hacked would undermine voters’ confidence in our democracy.
So smartphone voting might be a ways off. But in the here and now and very near future, the TrustTheVote Project is already delivering on some of Plouffe’s other visions.
Online voter registration, for example, is already being implemented in many states and through third party organizations. The TrustTheVote Project helped Rock The Vote develop its “Rocky” core software, which operates that group’s nationwide online registration. TrustTheVote helped Virginia implement its online voter registration and our technology powers the search part of the Virginia site, which lets you know if you’re already registered, are at the right polling place, and that your address is up to date. This was all developed with TrustTheVote Project open-source technology that all states and localities can adopt and adapt.
And we’re underway on other innovations—like apps to help you figure out the best time to go to your polling place and apps to help you “check in” to vote, just like the ones you use to get like you download and print a boarding pass for your flight.
So to David Plouffe, yes elections and campaigns will change in the future. But it will come step by step and not by a big bang of smartphone voting.
“but once you have been authenticated, the connection with a particular ballot must cease to exist.”
I am new in this area but why is that so?
There would actually be a lot to gain by keeping this link: this would allow the voter to check that the vote was registered correctly.
What must be avoided is for third parties to know what the ballot is. And this may be done via encryption, for instance. I may be naive but let us imagine the following:
– an independent entity (a program on a server) generates a pair of keys for each voter.
– the public key is transmitted to the voter via a portal similar to what you find when you go shopping
– the vote takes place and is encrypted before transmission, back to the portal where it is stored, for later access if the voter wants a validation.
– it is then transmitted back to the initial server where it is decrypted.
Anyone working from the portal will have no way to know the vote, as long as the encryption is secure enough. It would also be possible to store the vote only for a short period of time, or to make fine tunings.
Again, that may be a very naive view, but what would be so wrong with this approach?
Lionel-
Thanks for your comment. You are not being naive, and perhaps we should be a bit more clear. In general, it must be impossible for anyone (other than the voter) to connect a cast ballot with the voter who cast it.
We concur that for personal audit purposes having an ability to verify you cast a ballot and at some point (i.e., before turning in said ballot for counting) that you have an opportunity to review the ballot as marked to ensure it is marked correctly… is a very important capability.
Your proposal for an encryption means to facilitate this is one that has been proposed before and continues to be debated by elections experts. One of the several hurdles to such an approach remains the usability of encryption services (i.e., user-friendliness for those with no technical understanding of encryption). We learned those challenges years ago at Netscape.
So, there is nothing wrong with your idea, save an implementation approach that would make public key encryption services thoroughly user friendly (and frankly, fool-proof). And yes, the only person in the chain of custody of the ballot that should know who the ballot was cast by is the voter who cast that ballot. Sorry, if that was unclear in the assertion.