By Gregory Miller

Announcing the Launch of VoteStream Beta

Over the past three years we have used this space to document our efforts to create a truly open source, standards based election reporting solution: VoteStream.  At each step we have been guided by the needs of election professional and the ideals of the OSET Foundation: that a critical democracy infrastructure should be verifiable, accurate, secure, and transparent (in process).

Today we are excited to take the next step in that process.  In partnership with the Knight Foundation, the TrustTheVote project is launching a round of beta testing for the next version of VoteStream.  This round will continue to focus on the requirements of local election officials and solicit feedback from academics, journalists, and other stakeholders.

In past tests we demonstrated the ability of VoteStream to publish election results in an easily accessible format.  This round will demonstrate the process of converting raw election data to the standard format published by the National Institute of Standards and Technology.

The beta round will be lead by Iain Padley, our new Director of Election Professional Stakeholder Engagement.  Iain comes to OSET with experience in community and political organizing with a special emphasis on education issues.  He has spent much of the past three years working with local and state election officials to leverage public data to drive increased civic engagement among educators.

If you would like to apply for a spot in this beta round please fill out an application form or email Iain directly at [email protected]

Biting the Bitcoin; Reflections on the Latest “Bitvote” Buzz

In those continuing efforts to route around the abysmal state of voting in America, we’re starting to hear an increasing drumbeat about Bitcoin as a basis for reinventing elections.  We’ve been watching this discussion or evangelism unfold in the past few weeks.  We even fielded questions from politicos in the Beltway last week about it (seriously).

As technocrats at heart around here, how can we not have our tails in a slow wag over the potential of Bitcoin technology (specifically the Block Chain)?  Well, a slow wag maybe; getting our tails in a twist over it for voting?  Not so much.  And here’s why.

I’m going to use one particular article that dropped this week as a vehicle for discussion.  Not because we’re picking on this author or his publication by any stretch (besides, publishing technicality, it was only a “contributed piece”).  But rather, this article provides a typical, and as good as any, evangelistic essay on the topic.

To start with, the author makes a fundamental assumption that is wholly inappropriate for U.S. elections administration. Then, several other observations on his part unfortunately reveal a complete lack of understanding of U.S. election law and practices (not that we think he should be an expert in such things, but he probably should have some basic understanding before assuming how Bitcoin might or might not innovate the process of elections).  Author Odell leads with:

The primary problem with the antiquated methods come down to a single fundamental issue, centralization.

Well, actually, that centralization is necessary and it isn’t central, but local — the machinery of U.S. elections are required to be in the control of U.S. local election officials.  It’s a feature not a bug.  His next assertion:

Current voting methods require a large amount of human involvement, from poll workers, to vote counters, to the companies and engineers that design the voting machines.

Yes, yes they do.   And the effort is worth it, for the proper operation of critical democracy infrastructure. You see, the integrity of the process depends on local control of ballots, transparency of the local operations, and a critical dual approach to counting ballots that prevents both sole reliance on people and sole reliance on technology.  Both people and software have fundamental limits in trustworthiness, so it is important to use both, in order to solely trust neither.  Odell continues:

Then you have the oversight groups who employ individuals to oversee the election workers.

Actually, that’s a feature, not a bug.  Election workers’ work should be transparent, but the accountability benefits of transparency only accrue if members of the public and good-government groups are actually watching.  Then the author continues with some assertions that I’ll take list-wise in response.

Current voting methods are …

  • inefficient and expensive
    Well, expensive is a fixable feature of a dysfunctional market for election technology; inefficient is a value judgement not shared by local elections officials, who seek the most efficient way of performing their duties, given the rules, regulations, and resources they have.
  • susceptible to fraud and manipulation
    Yes, by definition, and they always will be, hence the VAST mandate (elections must be delivered that are Verifiable, Accurate, Secure, and Transparent), and hence the model for ballot-count integrity I referred to above.
  • need to be vastly improved
    We agree on this point to the extent there is always room for innovation, but it has to fit with local elections officials’ legally mandated responsibilities.

Odell continues…

Bitcoin technology can provide us with a new and improved voting system built from the ground up, a decentralized and secure alternative.

Decentralized” in this context would mean non-localized.  But that would mean local elections officials relying on a trust management system that they cannot and do not control.  That doesn’t fit current election law and regulations in the vast majority of the jurisdictions in this country.  “Secure” in this context means “local elections officials should trust this decentralized system because its proponents say it is trustworthy.”  At the risk of thinking too practically: that’s just not likely to happen anytime soon.

Odell adds…

Bitcoin is a decentralized and robust ledger secured by computers around the world that run the Bitcoin software.

Indeed it is.  We’re not disputing that characterization, but no local election official in this country is going to swallow a story of, “This crypto is so good it will never break and you can trust it so much that you can outsource to a nebulous global network all the responsibility you have for demonstrating the accuracy of election results.”  Not going to happen, not any time soon.  I’ll pass on even attempting to address “robust” in the author’s assertion about the ledger, as it would apply to voting in America.

Then consider that there is an entire generation of post-Snowden voters coming up who are crypto-luddites, and who believe that any system’s fundamental reliance on crypto is an invitation for central governments’ national security establishments to sneak in.  The most recent example is the Tor Network, which supposedly protects the anonymity of people using the web.  In fact, about 80% of its infrastructure has been compromised, and if someone is unlucky enough to use that 80% while being targeted by national security apparatus, their anonymity will be breached.  Unfortunately perhaps, there’s no reason to suppose that the foreseeable future of Bitcoin is any brighter, and not just because Mark Cuban says so.

I’ll toss in one final thought about the near-term practicality of Bitcoin being the pathway to secure and fraud-free elections.  Bitcoin usage requires at least a basic appreciation of the concept of public-key encryption (“PKI”); specifically the use of public and private keys (as straight forward as some may believe it to be).  We learned long ago from our prior ventures that the public was nowhere near ready (and still not today) for widespread use of technology like digital signatures or public key cryptography.  While Bitcoin transactions are simple enough and do not require a computer scientist to mine bitcoins or make purchases, in order to use Bitcoin technology as a basis for casting and counting ballots, one would need considerably more Bitcoin knowledge.

I’ll leave this critique by observing that at least for the article I chose, the title did state, “How Bitcoin Could Make Voter Fraud and Stolen Elections Impossible.”  The operative word there is “Could.”  And if we simply want to consider the potential of a technology (verses its practicality) then the potential of Bitcoin to provide for a more secure means of voting is acknowledged.  However, I remain convinced it is impractical for American elections as they are conducted and regulated today, and skeptical about the term “Impossible” for anything related to voting security.

How Bitcoin Fits Into Our Innovation Envelope
Now, let me shift from a critique of the current Bitcoin evangelists to a comparison with our charge.  We have had some people complain that as a non-profit election technology R&D organization, we should be spending more time looking over the horizon at everything from the block chain to smartphone Internet-based voting.  We are spending all of our time looking at innovations, with one major important difference: we are an “applied research” organization and not a “basic research” organization.

What that means is we are funded to have an emphasis on discovering, determining, and developing innovations that are likely to find their way into adoption, adaptation and deployment in the foreseeable future, in order to begin shifting elections administration and voting into the 21st century, while respecting laws and regulations as they stand, and process and politics as they exist.

So, where does this leave us with regard to Odell’s (and others’) vision of the Bitcoin blockchain serving as the basis for reinventing how (at least) America votes?  Let’s put it this way:

  • We are focused on election technology innovations that meet the current requirements of U.S. election officials (not necessarily those abroad).
  • That includes voting system technology that requires the typical use of standard encryption for data integrity.
  • Current requirements for voting systems don’t require any further use of crypto, including block chains.
  • We are also working on innovations in election technology that exceed the requirements of U.S. election officials, and improve their ability to deliver on the “VAST” mandate (that elections are Verifiable, Accurate, Secure, and Transparent).
  • In the arena of voting systems, “E2E” (End-To-End) is the crypto-based innovation that is most likely to fit within existing election administration practice (always a requirement) and deliver improvements that election officials can support, and that the public (citizen-voters) can benefit from.
  • E2E ballot verification is technically well known.  In the TrustTheVote Project, we rely on the applied crypto experts that are part of our technical stakeholder community, who are well versed in the application of E2E techniques to voting systems.

The bottom line here is that we didn’t say that there is no room for Bitcoin blockchain technology in future innovations, only that it doesn’t even remotely fit into something that local elections officials can use in the foreseeable future.

Bracing for Inevitable Manipulation

We really haven’t been hiding under a rock, its just the stack of reading all of us have to catch up on while so much is going on has become an archeological project here — well, OK, namely for myself.  And so my comments below about news from earlier this summer regarding Facebook’s manipulating people’s news feeds and some commentary about Facebook’s “I Voted!” button might seem like I’m really behind, but actually it dawned on me this past weekend that an important piece of our work backed by the Knight Foundation has a role in this… where “this” is actually about big data.

Facebook’s use of happy and sad words to research how they affect the mood of people’s news feeds was well covered in the news a couple of months ago.  This “emotional contagion experiment,” raised all sorts of ethical questions about research on subjects who don’t know they’re being tested.

But in the tech and political worlds, people have been equally disturbed about another kind of possible Facebook manipulation—its use, or non-use, of what it calls the “Voter Megaphone.”

What’s the Facebook Voter Megaphone?

FBMegaphoneThe megaphone is the “I Voted!” button that Facebook placed on the top of News Feeds for all U.S. users over age 18 on Election Day in 2010 and 2012. Users could click the button to show their friends they voted and subsequently see which of their friends clicked the button as well.

A study, commissioned by Facebook researchers and published in the journal Nature in September 2012, determined that the “I Voted” button may have boosted 2010 turnout at least by 60,000 voters and as much as 340,000 voters because of the social-media ripple effect. People who saw that their “close” friends had voted were more likely themselves to go out and vote, the study showed.

Across a very big country, 340,000 people may not seem that much, but for campaign consultants, micro-targeters, and turnout specialists, that’s a very big number indeed, especially for 2010, a mid-term election when turnout is always lower.

Facebook did another experiment with an “I Voted!” graphic on the 2012 Election Day. Those results have not been published yet.

So who is upset about this?

Let’s walk through why people are upset at this and why it is important for the TrustTheVote Project.

Micah L. Sifry is a co-founder and the executive editor of the Personal Democracy Forum, an organization that covers the ways technology is changing politics. He’s a pro-Democrat progressive. In a July 3 blog post he spoke to one of the Facebook researchers and pressed him as to whether the Facebook experiments with the Voter Megaphone could have actually helped President Obama in the 2012 election. The researcher’s and Sifry’s conclusion is that it could have.

Here’s how: Facebook users tend to be more female, more urban, and younger. Those are all demographic groups that skew Democratic. If Facebook used its “I Voted” experiment on a random sample of Facebook’s users, and it increased turnout, it could have benefited Barack Obama.

But Sifry wasn’t cheering for his Democratic side. He pointed out that Facebook could just as easily not have offered the “I Voted” button to certain people, or to certain people in certain states and voting districts. That could just as easily lessen turnout for one party or the other. The point is that Facebook could manipulate an election and it would be very hard to tell by outsiders. It’s stealthy manipulation.

Jonathan Zittrain, a professor of law and computer science at Harvard University calls it “digital gerrymandering” and denounced it in a post in in June: “Consider a hypothetical, hotly contested future election,” Zittrain wrote. “Suppose that Mark Zuckerberg personally favors whichever candidate you don’t like. He arranges for a voting prompt to appear within the news feeds of tens of millions of active Facebook users—but unlike in the 2010 experiment, the group that will not receive the message is not chosen at random. Rather, Zuckerberg makes use of the fact that Facebook ‘likes’ can predict political views and party affiliation, even beyond the many users who proudly advertise those affiliations directly. With that knowledge, our hypothetical Zuck chooses not to spice the feeds of users unsympathetic to his views. Such machinations then flip the outcome of our hypothetical election.”

What does this have to do with the TrustTheVote Project?

Here’s why this is relevant to the TrustTheVote Project. Presidential and congressional campaigns today are high-stakes, high-tech efforts with lots of money and sophistication behind them. They have the advantage of “big data” collected from all of their outreach and social media efforts. Facebook, Twitter, other social media platforms, also have that “big data” advantage.

Election administrators, on the other hand, don’t. Well, actually they do, but they don’t have the sophistication and money to do a lot with it. Election administrators have lots of data, historical and recent, on turnout by state, congressional district, county, even down to precinct level, and they have demographic data and vote results data going back a long time.

That’s where TrustTheVote Project’s VoteStream initiative comes in. We are developing, in our Election Results Reporting System, software that local election administrators can use that will give top level and deep granular-level data about how the vote went, indexed by many different variables, down to the precinct level. The general public, not to mention reporters and campaign consultants, could immediately spot anomalies that might be worth looking at closer to see whether there was manipulation, or perhaps just brilliant targeting.

What else will VoteStream do?

votestream_election_metadataVoteStream will help local election officials have a more level playing field with the wealthy “big data” players who can use voting and voter registration data for manipulative purposes. Elections officials can use the big data, instead, to inform.

Here’s another way that VoteStream, and in particular the TrustTheVote Project’s open-source election technologies, can help combat manipulation. Most election administrators are smart enough to predict that Democrats will want to increase turnout in Democratic precincts, and the same for Republican campaigns in Republican precincts. But campaigns have become way more sophisticated in their targeting than that. And these campaigns do not warn election administrators in advance about who or where they are targeting.

A campaign today, or even an outside SuperPac, using social media and other sophisticated get-out-the-vote campaigns, could greatly increase turnout suddenly in a way that local elections officials aren’t prepared for.  Election workers at a few targeted precincts could suddenly be greeted out of nowhere with a huge turnout and have inadequate vote casting and counting machines to cope. Or, a breakdown in the old voting machines combined with an unexpected spike in turnout could suddenly make for a three-hour wait to vote. This is not far-fetched. This is in part what happened in Florida in 2012 in key districts, unexpectedly high turnout which made for long lines.

So, during my archeological content dig this weekend, this connect-the-dots exercise seemed worth sharing if only to point out that lots of our work here has some real potential to help in ways we might not immediately recognize.  File it under the doctrine of unintended windfall benefit.

“Digital Voting”—Don’t believe everything you think

In our most recent blog post we examined David Plouffe’s recent Wall Street Journal forward-looking op-ed [paywall] and rebalanced his vision with some practical reality.

Now, let’s turn to Plouffe’s notion of “digital voting.”  Honestly, that phrase is confusing and vague.  We should know: it catalyzed our name change last year from Open Source Digital Voting Foundation (OSDV) to Open Source Election Technology Foundation (OSET).

Most Americans already use a “digital” machine to cast their ballots, if you mean by “digital” a computer-like device that counts votes electronically, and not by the old pre-2000 methods of punched cards or mechanical levers. What Plouffe probably meant is what elections professionals call iVoting, which is voting via the Internet—and increasingly that implies your mobile device.

Internet voting has not been approved anywhere in the United States for general public use, although Alaska is experimenting in a limited way with members of the military voting in this manner. Norway just stopped its Internet voting experiment. The challenges of iVoting are daunting.

Just think about it: many credit-card companies and several major online merchandisers have been hacked at some point, and all commercial and government web sites face intrusion attempts by the hour. The Department of Defense is continually bombarded by efforts to break-in. And sometimes hackers manage to actually get in and steal stuff. Voting is too important to let it be vulnerable to hacking.

Security of online voting is not yet with us. Sure, a few vendors of online voting technologies will emphatically claim their systems have never been hacked (to their knowledge) and that they use so-called “military grade” security (whatever that actually means).  Members of our technical team have been deeply involved in cyber-security for decades. We can say with confidence that no security on the Internet is absolute, assured, or guaranteed.  So when it comes to moving cast ballots via the Internet, the security issues are real and cannot be hand-waved away.  And elections that are run, in any part, over the public Internet pose just too tempting an opportunity for some predator looking to disrupt or even derail a U.S. election.

But, that doesn’t mean elections technologies can’t be improved or be made more digital, and thereby more verifiable, more accurate, and more transparent. That’s exactly what the TrustTheVote Project is all about.

The open-source software and standards that we are developing and advocating will make online voter registration, digital poll books (used to check you in at your polling place) and (ultimately) casting and counting ballots better, faster, and more auditable.  And our software is designed to run on ordinary computer hardware – whether that is a tablet, a scanner, or laptop computer.  Adopting the TrustTheVote Project technology means there will no longer be a requirement for election administrators to acquire expensive, proprietary software or hardware with long-term costly service contracts.

Importantly, we believe there are many parts of elections administration that can benefit from digital innovations, which may or may not use the Internet in some way.  And we’re focusing on delivering those innovations.

However, for the foreseeable future, ballot casting and counting can be dramatically improved without needing to involve the Internet.

So, we should to be cautious about the phrase “digital voting” in an age when all things digital tend to imply “Internet.”

All that observed, we really like how Plouffe ended his recent Wall Street Journal op-ed: “There are disrupters in every industry… the good ones won’t just apply the best practices of the private sector, but will also innovate and create on their own to meet their unique needs.”

The TrustTheVote Project intends to be one of those disrupters.  We add one tiny nuance: in our case, those “unique needs” are primarily those of our stakeholders—the state, county and city officials who run our elections. We won’t be running elections, they will, but we are thinking as far outside of the typical ballot box as we can when looking for opportunities to make voting easy, convenient, and ideally, a delight.

David Plouffe’s View of the Future of Voting — We Agree and Disagree

David Plouffe, President Obama’s top political and campaign strategist and the mastermind behind the winning 2008 and 2012 campaigns, wrote a forward-looking op-ed [paywall] in the Wall Street Journal recently about the politics of the future and how they might look.

He touched on how technology will continue to change the way campaigns are conducted – more use of mobile devices, even holograms, and more micro-targeting at individuals. But he also mentioned how people might cast their votes in the future, and that is what caught our eye here at the TrustTheVote Project.

Here’s what Plouffe wrote: “More states will inevitably move to online voter registration and perhaps digital voting. There will be resistance…but our voting system won’t remain disconnected forever from the way we are leading the rest of our lives.

His last statement – that the voting system will come to resemble more our mobile-device-dependent world – is probably true in the long run.  But it’s going to take time, probably more time than we all would like.  Even though we can bank, buy coffee, and get a boarding pass for an airplane via our smart phones, voting by smart phone is more complicated—hugely more complicated.

When you’re banking online, the financial institution has to be able, absolutely, to identify and verify it is you who authorized (or didn’t authorize) a particular transaction (such as a purchase with your bank card at  But in the world of elections, the election administrator has to be sure, absolutely, that they can never identify you as the person who cast a particular ballot. It’s completely opposite of online banking because of the sacred assurances of voter anonymity and the secret ballot.

Sure, elections officials should verify you as the individual who is checking in to cast a ballot, but once you have been authenticated, the connection with a particular ballot must cease to exist.  And doing that by your smart phone (or any other digital device connected to the Internet) is beyond non-trivial; it’s downright near impossible.

So, there’s a privacy and technology challenge there.  In other words, we need security of the ballot, but we also need privacy of the voter.  And in the digital world there is an opposite (we call it “inverse”) relationship between security and privacy.

Think about an airport and TSA check points.  If you want absolute privacy, you should be able to walk straight to your gate uninhibited.  If you want absolute security, you should not be able to do so until everything about you has been identified and verified as that exact person with an authorized ticket  to board a plane.

If you think about how awful it would be if your online bank account got hacked, imagine if your state’s online voting system was compromised. Not only could the result be suspect, the fact that an election was hacked would undermine voters’ confidence in our democracy.

So smartphone voting might be a ways off. But in the here and now and very near future, the TrustTheVote Project is already delivering on some of Plouffe’s other visions.

Online voter registration, for example, is already being implemented in many states and through third party organizations. The TrustTheVote Project helped Rock The Vote develop its “Rocky” core software, which operates that group’s nationwide online registration. TrustTheVote helped Virginia implement its online voter registration and our technology powers the search part of the Virginia site, which lets you know if you’re already registered, are at the right polling place, and that your address is up to date. This was all developed with TrustTheVote Project open-source technology that all states and localities can adopt and adapt.

And we’re underway on other innovations—like apps to help you figure out the best time to go to your polling place and apps to help you “check in” to vote, just like the ones you use to get  like you download and print a boarding pass for your flight.

So to David Plouffe, yes elections and campaigns will change in the future.  But it will come step by step and not by a big bang of smartphone voting.

Expanding Our Leadership Assures Our Potential

So, by now you may have seen the news.  We were stoked on Tuesday to announce former Facebook executive Chris Kelly has joined our Foundation’s Board of Directors while the former U.S. CTO Aneesh Chopra has joined as a strategic adviser.  Today, I want to share some more about what this means for us, and for the TrustTheVote Project.

In short, this is a big deal.  In many ways.

chris-kellyLet’s start with Chris Kelly.  I’ve had the pleasure of knowing and working with Chris for years.  Chris is a technocrat for the people.  He understands not just the potential of technology innovation in the digital age, but he “gets” what that can mean — the good, the bad, and yes even the ugly — for all citizens across a range of socioeconomic conditions.  Chris understands the challenges of data privacy and security.  Chris has endeavored to run for public office in the past and may one day do so again.  He intimately understands the process of elections from the viewpoint of a candidate as well as a voter.  But Chris has put his political aspirations on hold while he pursues other projects.

Sure, those “projects” include co-ownership of the NBA Sacramento Kings and the building of their new Arena.  But Chris also believes the TrustTheVote Project has great potential to increase confidence in elections and their outcomes, by reinventing how America votes in order to create a more delightful and engaging experience for voters, as well as a far better solution for elections officials.  Backing that belief up, Chris is putting a significant capital commitment behind the Foundation to accelerate its work for the benefit of elections officials nationwide.  In fact, his backing has significantly accelerated our 2014 fund raising campaign.  That means more talent can be hired and more work can be done.

This really is a big deal.

Aneesh_ChopraThen there is Aneesh Chopra.  Aneesh discovered our project a couple of years ago and has remained intrigued.  As he describes in a recent interview on Vox, he well understands the challenges of elections administration today as a former candidate himself and witnessing the mistakes that can happen as they recently did in the Commonwealth of VA and the District of Columbia.  Aneesh is a pragmatic thought leader with a penchant for detail.  Aneesh has joined our Strategic Advisory Board, joining other government IT, technology policy, and open source visionaries including Bryan Sivak, Joe Hall, and Debra Bryant.

Aneesh will bring significant value to the Foundation with his deep understanding of government IT, public policy, the intersection of technology and government, and many related issues.  His experience as President Obama’s first Chief Technology Officer brings a wealth of practical experience in this regard.  Similarly, since his moving on from the office of U.S. CTO to return to the private sector to work with some exciting commercial technology start-ups, Aneesh appreciates the realities of technology development life cycles.  While we are a non-profit technology project, we bring our own wealth of software industry experience to bear, and Aneesh found the level of professional maturity in our project combined with an unbridled amount of innovative thinking to be attractive and well calibrated to his thinking.  So, we are very stoked to have him on board, and look forward to his advice, insight, and guidance.

This too, is a big deal.

With fresh financial backing plus the thought leadership of these two seasoned executives, we’re maturing our operation and galvanizing a strong management team.  Stay tuned.  We’ll have more announcements coming soon.

A New Name; The Same Mission

Many of you are learning the news, and its true: our Foundation’s name is changing, but the mission remains the same.  Here’s the story.

OSETFoundationI’d like to officially introduce you all to our new name: the Open Source Election Technology Foundation, or as we’re referring to it, the “OSET Foundation” (“Oh-Set”).  And if you haven’t seen our updated Foundation web site, please have a visit and tell us what you think.  But know that what you see there today is an initial site launch to put the Foundation name into circulation, and we’re already hard at work developing an entirely new version of the OSET Foundation site as well as a new home for the TrustTheVote Project and related sites.

I can tell you we’ve selected WordPress as our platform for all of our web sites going forward, thanks to the generous support of Matt Mullenweg, who has generously backed the Foundation before, and is stepping up again, this time with WordPress development resources to help us publish a world class set of sites and resources for our stakeholders (elections officials), supporters, and you.  We deeply appreciate Matt’s support.  But I digress.  Let’s get back to the naming thing.

What’s in a Name?
When we got our start back in late 2006 we chose a name, somewhat intentionally provocative, to reflect what we believed then our mission should be: addressing the pressing need for innovation in machinery used to administer an election.  To us, and many we spoke with in that first year, “digital voting” meant the use of computers in the act(s) of voting.  The cries to rethink DREs (“digital recording electronics”) were reaching a crescendo and we were tired of writing about their woes and decided we should form a team to rethink the machinery… but in a way to bring more transparency at least, and more accuracy, verification and security in the process. So…

“Open Source,” from our experiences in the Silicon Valley (notably the Mozilla Project, as some of us were by then Netscape alumni) was potentially the “jam cracker” to inject innovation into a stagnant industry where there is no business incentive to perform the R&D necessary to address the mandates of verification, accuracy, security and transparency.  Thus we branded ourselves the “Open Source Digital Voting” or “OSDV” Foundation.

Fast forward to 2010 when, during the midst of our battle to earn our tax exempt status, we learned from our PR team that consumer research revealed a startling fact.  In that first 4 years while we were learning the ins and outs of elections administration and related processes, policies, politics, and people, the iPod and iPhone had reshaped popular perception and “digital” now meant “Internet” to many consumers.

Of course, that resulted in a terrible misconception of what we’re doing because our work has nothing to do with Internet Voting — a concept given today’s Internet that is simply not viable by our measure in terms of simultaneously assuring privacy and security of ballot data.

More importantly, our work had progressed to the point that we realized the opportunity to develop an entire elections administration framework, and that to be successful, our cause needs to address the entire voting ecosystem.

So, it became clear that “OSDV” as a name had become obsolete and a new name was required.  That name, a phrase that far more accurately explains what our non-profit mission is about, is the Open Source Election Technology or OSET Foundation.

TTV_400x400Importantly, our flagship effort, the TrustTheVote Project, remains the main thing and vehicle of our mission to bring publicly owned innovation to our Nation’s critical democracy infrastructure.  We have refreshed the TrustTheVote Project brand as you can see to the left here, which can also be seen by visiting either of our Twitter presences @OSET or @TrustTheTheVote.  However, nothing else about the Project has or will change — save a new web site on the way this summer.

In short, we’re pleased to introduce the OSET Foundation with its on-going mission via the TrustTheVote Project to “improve confidence in elections and their outcomes.”

Money Shot: What Does a $40M Bet on Scytl Mean?

…not much we think.

Yesterday’s news of Microsoft co-founder billionaire Paul Allen’s investing $40M in the Spanish election technology company Scytl is validation that elections remain a backwater of innovation in the digital age.

But it is not validation that there is a viable commercial market for voting systems of the size typically attracting venture capitalists; the market is dysfunctional and small and governments continue to be without budget.

And the challenges of building a user-friendly secure online voting system that simultaneously protects the anonymity of the ballot is an interesting problem that only an investor of the stature of Mr. Allen can tackle.

We think this illuminates a larger question:

To what extent should the core technology of the most vital aspect of our Democracy be proprietary and black box, rather than publicly owned and transparent?

To us, that is a threshold public policy question, commercial investment viability issues notwithstanding.

To be sure, it is encouraging to see Vulcan Capital and a visionary like Paul Allen invest in voting technology. The challenges facing a successful elections ecosystem are complex and evolving and we will need the collective genius of the tech industry’s brightest to deliver fundamental innovation.

We at the TrustTheVote Project believe voting is a vital component of our nation’s democracy infrastructure and that American voters expect and deserve a voting experience that’s verifiable, accurate, secure and transparent.  Will Scytl be the way to do so?

The Main Thing

The one thing that stood out to us in the various articles on the investment were Scytl’s comments and assertions of their security with international patents on cryptographic protocols.  We’ve been around the space of INFOSEC for a long time and know a lot of really smart people in the crypto field.  So, we’re curious to learn more about their IP innovations.  And yet that assertion is actually a red herring to us.

Here’s the main thing: transacting ballots over the public packet switched network is not simply about security.   Its also about privacy; that is, the secrecy of the ballot.  Here is an immutable maxim about the digital world of security and privacy: there is an inverse relationship, which holds that as security is increased, privacy must be decreased, and vice-verse.  Just consider any airport security experience.  If you want maximum security then you must surrender a bunch of privacy.  This is the main challenge of transacting ballots across the Internet, and why that transaction is so very different from banking online or looking at your medical record.

And then there is the entire issue of infrastructure.  We continue to harp on this, and still wait for a good answer.  If by their own admissions, the Department of Defense, Google, Target, and dozens of others have challenges securifying their own data centers, how exactly can we be certain that a vendor on a cloud-based service model or an in-house data center of a county or State has any better chance of doing so? Security is an arms race.  Consider the news today about Heartbleed alone.

Oh, and please for the sake of credibility can the marketing machinery stop using the phrase “military grade security?”  There is no such thing.  And it has nothing to do with an increase in the  128-bit encryption standard RSA keys to say, 512 or 1024 bit.  128-bit keys are fine and there is nothing military to it (other than the Military uses it).  Here is an interesting article from some years ago on the sufficiency of current crypto and the related marketing arms race.  Saying “military grade” is meaningless hype.  Besides, the security issues run far beyond the transit of data between machines.

In short, there is much the public should demand to understand from anyone’s security assertions, international patents notwithstanding.  And that goes for us too.

The Bottom Line

While we laud Mr. Allen’s investment in what surely is an interesting problem, no one should think for a moment that this signals some sort of commercial viability or tremendous growth market opportunity.  Nor should anyone assume that throwing money at a problem will necessarily fix it (or deliver us from the backwaters of Government elections I.T.).  Nor should we assume that this somehow validates Scytl’s “model” for “security.”

Perhaps more importantly, while we need lots of attention, research, development and experimentation, the bottom line to us is whether the outcome should be a commercial proprietary black-box result or an open transparent publicly owned result… where the “result” as used here refers to the core technology of casting and counting ballots, and not the viable and necessary commercial business of delivering, deploying and servicing that technology.

The “VoteStream Files” A Summary

The TrustTheVote Project Core Team has been hard at work on the Alpha version of VoteStream, our election results reporting technology. They recently wrapped up a prototype phase funded by the Knight Foundation, and then forged ahead a bit, to incorporate data from additional counties, provided by by participating state or local election officials after the official wrap-up.

DisplayAlong the way, there have been a series of postings here that together tell a story about the VoteStream prototype project. They start with a basic description of the project in Towards Standardized Election Results Data Reporting and Election Results Reload: the Time is Right. Then there was a series of posts about the project’s assumptions about data, about software (part one and part two), and about standards and converters (part one and part two).

Of course, the information wouldn’t be complete without a description of the open-source software prototype itself, provided Not Just Election Night: VoteStream.

Actually the project was as much about data, standards, and tools, as software. On the data front, there is a general introduction to a major part of the project’s work in “data wrangling” in VoteStream: Data-Wrangling of Election Results DataAfter that were more posts on data wrangling, quite deep in the data-head shed — but still important, because each one is about the work required to take real election data and real election result data from disparate counties across the country, and fit into a common data format and common online user experience. The deep data-heads can find quite a bit of detail in three postings about data wrangling, in Ramsey County MN, in Travis County TX, and in Los Angeles County CA.

Today, there is a VoteStream project web site with VoteStream itself and the latest set of multi-county election results, but also with some additional explanatory material, including the election results data for each of these counties.  Of course, you can get that from the VoteStream API or data feed, but there may be some interest in the actual source data.  For more on those developments, stay tuned!

A Northern Exposed iVoting Adventure

NorthernExposureImageAlaska’s extension to its iVoting venture may have raised the interests of at least one journalist for one highly visible publication.  When we were asked for our “take” on this form of iVoting, we thought that we should also comment here on this “northern exposed adventure.” (apologies to those fans of the mid-90s wacky TV series of a similar name.)

Alaska has been among the states that allow military and overseas voters to return marked absentee ballots digitally, starting with fax, then eMail, and then adding a web upload as a 3rd option.  Focusing specifically on the web-upload option, the question was: “How is Alaska doing this, and how do their efforts square with common concerns about security, accessibility, Federal standards, testing, certification, and accreditation?

In most cases, any voting system has to run that whole gauntlet through to accreditation by a state, in order for the voting system to be used in that state. To date, none of the iVoting products have even tried to run that gauntlet.

So, what Alaska is doing, with respect to security, certification, and host of other things is essentially: flying solo.

Their system has not gone through any certification program (State, Federal, or otherwise that we can tell); hasn’t been tested by an accredited voting system test lab; and nobody knows how it does or doesn’t meet  federal requirements for security, accessibility, and other (voluntary) specifications and guidelines for voting systems.

In Alaska, they’ve “rolled their own” system.  It’s their right as a State to do so.

In Alaska, military voters have several options, and only one of them is the ability to go to a web site, indicate their choices for vote, and have their votes recorded electronically — no actual paper ballot involved, no absentee ballot affidavit or signature needed. In contrast to the sign/scan/email method of return of absentee ballot and affidavit (used in Alaska and 20 other states), this is straight-up iVoting.

So what does their experience say about all the often-quoted challenges of iVoting?  Well, of course in Alaska those challenges apply the same as anywhere else, and they are facing them all:

  1. insider threats;
  2. outsider hacking threats;
  3. physical security;
  4. personnel security; and
  5. data integrity (including that of the keys that underlie any use of cryptography)

In short, the Alaska iVoting solution faces all the challenges of digital banking and online commerce that every financial services industry titan and eCommerce giant spends big $ on every year (capital and expense), and yet still routinely suffer attacks and breaches.

Compared to the those technology titans of industry (Banking, Finance, Technology services, or even the Department of Defense), how well are Alaskan election administrators doing on their shoestring (by comparison) budget?

Good question.  It’s not subject to annual review (like banks’ IT operations audit for SAS-70), so we don’t know.  That also is their right as a U.S. state.  However, the  fact that we don’t know, does not debunk any of the common claims about these challenges.  Rather, it simply says that in Alaska they took on the challenges (which are large) and the general public doesn’t know much about how they’re doing.

To get a feeling for risks involved, just consider one point, think about the handful of IT geeks who manage the iVoting servers where the votes are recorded and stored as bits on a disk.  They are not election officials, and they are no more entitled to stick their hands into paper ballots boxes than anybody else outside a
county elections office.  Yet, they have the ability (though not the authorization) to access those bits.

  • Who are they?
  • Does anybody really oversee their actions?
  • Do they have remote access to the voting servers from anywhere on the planet?
  • Using passwords that could be guessed?
  • Who knows?

They’re probably competent responsible people, but we don’t know.  Not knowing any of that, then every vote on those voting servers is actually a question mark — and that’s simply being intellectually honest.

Lastly, to get a feeling for the possible significance of this lack of knowledge, consider a situation in which Alaska’s electoral college votes swing an election, or where Alaska’s Senate race swings control of Congress (not far-fetched given Murkowski‘s close call back in 2010.)

When the margin of victory in Alaska, for an election result that effects the entire nation, is a low 4-digit number of votes, and the number of digital votes cast is similar, what does that mean?

It’s quite possible that those many digital votes could be cast in the next Alaska Senate race.  If the contest is that close again,  think about the scrutiny those IT folks will get.  Will they be evaluated any better than every banking data center investigated after a data breach?  Any better than Target?  Any better than Google or Adobe’s IT management after having trade secrets stolen?  Or any better than the operators of military unclassified systems that for years were penetrated through intrusion from hackers located in China who may likely have been supported by the Chinese Army or Intelligence groups?

Probably not.

Instead, they’ll be lucky (we hope) like the Estonian iVoting administrators, when the OCSE visited back in 2011 to have a look at the Estonian system.  Things didn’t go so well.  OCSE found that one guy could have undermined the whole system.  Good news: it didn’t happenCold comfort: that one guy didn’t seem to have the opportunity — most likely because he and his colleagues were busier than a one-armed paper hanger during the election, worrying about Russian hackers attacking again, after they had previously shut-down the whole country’s Internet-connect government systems.

But so far, the current threat is remote, and it is still early days even for small scale usage of Alaska’s iVoting option.  But while the threat is still remote, it might be good for the public to see some more about what’s “under the hood” and who’s in charge of the engine — that would be our idea of more transparency.


Wandering off the Main Point for a Few Paragraphs
So, in closing I’m going to run the risk of being a little preachy here (signaled by that faux HTML tag above); again, probably due to the surge in media inquiries recently about how the Millennial generation intends to cast their ballots one day.  Lock and load.

I (and all of us here) are all for advancing the hallmarks of the Millennial mandates of the digital age: ease and convenience.  I am also keenly aware there are wing-nuts looking for their Andy Warhol moment.  And whether enticed by some anarchist rhetoric, their own reality distortion field, or most insidious: the evangelism of a terrorist agenda (domestic or foreign) …said wing nut(s) — perhaps just for grins and giggles — might see an opportunity to derail an election (see my point above about a close race that swings control of Congress or worse).

Here’s the deep concern: I’m one of those who believes that the horrific attacks of 9.11 had little to do with body count or the implosions of western icons of financial might.  The real underlying agenda was to determine whether it might be possible to cause a temblor of sufficient magnitude to take world financial markets seriously off-line, and whether doing so might cause a rippling effect of chaos in world markets, and what disruption and destruction that might wreak.  If we believe that, then consider the opportunity for disruption of the operational continuity of our democracy.

Its not that we are Internet haters: we’re not — several of us came from Netscape and other technology companies that helped pioneer the commercialization of that amazing government and academic experiment we call the Internet.  Its just that THIS Internet and its current architecture simply was not designed to be inherently secure or to ensure anyone’s absolute privacy (and strengthening one necessarily means weakening the other.)

So, while we’re all focused on ease and convenience, and we live in an increasingly distributed democracy, and the Internet cloud is darkening the doorstep of literally every aspect of society (and now government too), great care must be taken as legislatures rush to enact new laws and regulations to enable studies, or build so-called pilots, or simply advance the Millennial agenda to make voting a smartphone experience.  We must be very careful and considerably vigilant, because its not beyond the realm of reality that some wing-nut is watching, cracking their knuckles in front of their screen and keyboard, mumbling, “Oh please. Oh please.”

Alaska has the right to venture down its own path in the northern territory, but it does so exposing an attack surface.  They need not (indeed, cannot) see this enemy from their back porch (I really can’t say of others).  But just because it cannot be identified at the moment, doesn’t mean it isn’t there.


One other small point:  As a research and education non-profit we’re asked why shouldn’t we be “working on making Internet voting possible?”  Answer: Perhaps in due time.  We do believe that on the horizon responsible research must be undertaken to determine how we can offer an additional alternative by digital means to casting a ballot next to absentee and polling place experiences.  And that “digital means” might be over the public packet-switched network.  Or maybe some other type of network.  We’ll get there.  But candidly, our charge for the next couple of years is to update an outdated architecture of existing voting machinery and elections systems and bring about substantial, but still incremental innovation that jurisdictions can afford to adopt, adapt and deploy.  We’re taking one thing at a time and first things first; or as our former CEO at Netscape used to say, we’re going to “keep the main thing, the main thing.”