Tagged digital democracy

Poster and Slides from OSDV at NIST Workshop on Common Data Format Standards

Many thanks to the engaged audience for OSDVer Anne O’Flaherty’s presentation yesterday at National Institute of Standards and Technology (NIST), which hosted a workshop on Common Data Formats (CDFs) and standards for data interchange of election data.

We had plenty to say, based on our 2012 work with Virginia State Board of Elections (SBE), because that collaboration depends critically on CDFs. Anne and colleagues did a rather surprising amount of data wrangling over many weeks to get things all hooked up right, and the lessons learned are important for continuing work in the standards body, both NIST and the IEEE group working on CDF standards.

As requested by the attendees, here are online versions of the poster and the slides for the presentation “Bringing Transparency to Voter Registration and Absentee Voting.”


Download Slides


View Full-Size Poster

Public Benefit from Online Voter Registration?

Some feedback on a couple recent blogs showed that I didn’t do such a great job on defining how our OVR work creates public benefit. So let me try again, with thanks to a canny reader who pointed out the subtlety involved.

But first, let me restate what our OVR work is: online voter registration assistance technology for NGOs like RockTheVote and government organizations like state and local boards of election. Through our work with RockTheVote, a large and expanding number of good government groups and other NGOs can quickly get an OVR system of their own, without deploying software or operating computers; and some can take advantage of options to largely re-work the appearance of the OVR web application, and/or integrate with mobile clients and social media. We’re also helping drive registrants to the government organizations as well, for those states with a strong online voter registration systems, who have requested that the Rocky OVR system give users the option of registering with the state board of elections. Then, out at the bleeding edge, it is even possible for local or state election officials to piggyback on the OVR system to have their own 100% election-official-managed online voter registration assistance system, with the same look and feel as other county or state web sites, and all without any procurement or deployment.

So, fair enough, we’re the technology provider in a mix of many organizations who either want to help people register to vote (NGOs) or are have a basic mission of helping people register — county registrars and state election officials. So where is the public benefit? And where is the subtlety that I mentioned? Many people would say that in a broad way, the public as a whole benefits when more eligible voters are registered and participate in elections — but not all. In fact, that is a political issue that we at OSDV want to steer clear of, especially given the political conflicts between some, who wish to aggressively register people in droves and who are more concerned about participation than eligibility, and others who are concerned about possible fraud and are more concerned about eligibility that participation. The debate about voter registration practices goes from one extreme where an election is tainted if it seems that a single eligible voter was barred from participation, to the the other extreme where an election is tainted if there is a suspicion about a single ineligible person having cast a ballot.

So where do public benefits arise separately from these political issues? In a word: access, from a citizen perspective; and duty, from an election official perspective. Every eligible citizen deserves and is entitled to access to elections. It is the duty of election officials to provide that access to the eligible citizens who demand access, and to fairly and expeditiously assess every request for eligibility. Whether or not one is a fan of voter registration drives, or of voter roll purging, there is this shared value: eligible citizens who are trying to participate in elections should not have the access blocked by election officials. Yet in many cases that does occur because well-meaning public officials simply lack the resources, staff, or budget to be responsive to citizen needs. In OSDV’s wheel-house, the lack that we address is lack of  election technology, or lack of an effective way to acquire and deploy relevant technology.

And the technology angle is particularly important for younger citizens, who have been using computers and smart phones for practically everything for their whole lives. And network and mobile technology is in fact appropriate for registration and all manner of other voter services — unlike voting which has unique anonymity and integrity requirements — and so people expect it. Many election officials use technology to help them more effectively carry out their duties, meeting those expectations —  including those relating to voter registration. But for other election officials, there is gap between what they need, and what they are actually able to do within limitations of budget, procurement, staff; or products that simply don’t provide the functions appropriate to their jurisdiction. So the gap has multiple dimensions, but across them all, government officials are doing less than they could, in performance of their duties to provide election access to those who are actively seeking it and are eligible.

So when we or anyone else helps to fill that gap with new or better or more available technology, then we have enabled public benefit: election officials can do more in spite of having less resources every year; entitled voters can vote; and thirdly and often overlooked, good government groups and watchdog agencies have more visibility to assess how well the election officials really are doing their job. And that third factor is quite important. Just look at the horror-show of suspicion, vituperation, conspiracy theory, litigation, and Internet-speed dis- or mis-information that spun up recently in Talahassee and Memphis and elsewhere, over removal of people from voter rolls. It may be that nefarious people really were rigging the poll books, or it may be the electronic voter records are in significant dis-array, or it may be voter record databases are antique and prone to administrative error. But we’ll never really know. Resource constrained election organizations, that run old election technology with demonstrated flaws, and little or no self-record-keeping, find it extremely difficult to demonstrate to interested and entitled observers, exactly what is going on inside the computers, when one of these election year firestorms brews up.

And when the firestorm is big enough, it essentially prevents election officials from delivering on a fundamental duty: performing accurate and trustworthy elections. In other words, those firestorms are also a detriment to public confidence in elections. We, in addition to helping election officials perform their duties, are also passionate about delivering technology that can help with the transparency that’s part of firestorm prevention, and reducing their public detriment.

And lastly that brings me to a related point for another day: how the technology that we’re developing now can help deliver that transparency, along with the improvement in the technical infrastructure for U.S. elections. The next chunk is still in the oven, but I really look forward to sharing it here, when it is fully baked.


Movement to Bring Open Source to Government Being Reorganized


Just a quick post to suggest an interesting report out this afternoon on the TechPresident blog.  The move to consolidate the efforts of Civic Commons (home of Open311.org) and Code For America (CfA), notwithstanding the likely trigger being Civic Common’s leader, Nick Grossman moving on, actually makes sense to us.  CfA’s  Jennifer Pahlka‘s write up is here.

Recently in a presentation, I was asked where our work fits in to the whole Gov 2.0 movement.  It seems to us that we are probably a foundational catalyst to the movement; related, but only tangentially.  To be sure, we share principles of accuracy, transparency, verification and security in government information (ours being elections information).  But Gov 2.0 (and its thought leaders such as CfA) is a considerably different effort from ours at the TrustTheVote Project.  That’s mainly because the backbone of the Civic Commons, Open311.org, and CfA efforts is Web 2.0 technology (read: the social web and related mash-up tools).  There is nothing wrong with that; in fact, its downright essential for transparency.

But to keep the apples in their crate and the oranges elsewhere, our work is about a far heavier lifting exercise.  Rather than liberating legacy government data stores to deliver enlightened public information sites, or to shed sunlight on government operations, we’re building an entirely new open source elections technology stack from the OS kernel up through the app layer, with particular emphasis on an open standards common data format (more news on that in coming posts).

Ours is about serious fault tolerant software architecture, design and engineering with stuff built in C++, Objective C, even dropping down to the machine-level, potentially as far as firmware if necessary, but at the app layer higher level programming tools as well including frameworks like Rails, and UX/UI delivery vehicles like HTML5 and AJAX (to the extent of browser-based or iOS5-based applications).

And that point is the segue to my closing comment:  the Gov 2.0 movement is smartly delivering Government information via the web; the social web in particular.  That’s huge.  By contrast, remember that a good portion of our work is focused on purpose-built, application-specific devices like Optical Scanners to “read” ballots, devices to mark a ballot for printing and processing, or mobile tablets to serve as digital poll books.  Sure, the web is involved in some voter facing services in our framework, like voter registration.  But unlike the Gov 2.0 effort, we have no plans leverage the web or Internet in general for anything (save a blank ballot delivery or voter registration update).

So by contrast, we’re in the rough, while Code for America is on the putting green.  And as such, you should have a look at the TechPresident article today.

King’s Mighty Stream, Re-Visited

As I often do, I had a thoughtful Martin Luther King Day — as you can see from my still pondering a couple days later. But I think I now have something to share. Last time I wrote on MLK, I likened two unlikely things:

  • King’s demand for social justice and peace, using Isaiah’s prophetic words that “Justice shall roll down like water, and righteousness like a mighty stream.”
  • My vision of really meaningful election transparency, stemming from a mighty torrent of data that details everything that happened in a county’s conduct of an election, published in a form anyone can see, and can use to check whether the election outcomes are actually supported by the data.

ybg_web_3Still a bit of a stretch, no doubt, because since my little moment by the waterfalls of the MLK memorial in San Francisco,
I’ve had rather mixed success in explaining why this kind of transparency is so difficult. Among the reasons are the complexity of the data, and the very inconvenient way it is locked up inside voting system products and proprietary data formats.

RubeGoldbergOlafBut perhaps more important, it is just a vexingly detailed and complicated process to administer elections and conduct voting and counting — paradoxically made even more complex with the addition of new technology. (Just ask a New York state election admin person about 2010.) In some cases, I am sure that local election officials would not take umbrage at the phrase “Rube Goldberg Machine” to describe the whole passle of people, process, and tools.

So, among my new year’s resolutions, I am going to try to communicate, by example, a large part of the scope of data and transparency that is needed in U.S. elections. It will take some time to do in small digestible blogs, but I hope the example will serve to illustrate several things:

  • What election administration is really like;
  • What kinds of information and operations are used;
  • How a regular process of capturing and exposing the information can prevent some of the mishaps, doubts, and litigation you’ve often read about here.
  • Last but not least, how the resulting transparency connects directly to the nuts-and-bolts election technology work that we are doing on vote tabulation and on digital pollbooks.

One challenge will be keeping the example at an artificially small scale, for comprehensibility, while still providing meaningful examples of the data and the election officials’ work to use it. On that point especially, feedback will be particularly welcome!


How Digital Pollbooks Can Ease the Voter ID Challenge

OSDV_pollbook_100709-1Some of you have heard the rumors and rumblings. Yes, an exciting new project in our open source elections technology framework is in the works.  And yes, it is an important tool for the front lines of democracy: election polling places.

We’ll have a  bunch more to officially say about our digital poll book project shortly.

But first, a thought about how this tool can help the Voter ID challenge.

The Progressive States Network recently posted a call for participation in a teleconference to discuss fighting a rising wave of renewed interest in compulsory photo identification at the Polls.  They note in part:

With a shift of control of state legislatures and governorships across the country taking shape this month, many conservative lawmakers are pushing laws that would require photo identification for all voters at the polls.  While these laws are touted as a catchall way to prevent voter fraud, in reality they only address voter impersonation, an extremely rare form of fraud.  More importantly they will cost states money that could be better spent in these difficult economic times and serve primarily to disenfranchise hundreds of thousands of voters.

Maybe so, maybe so.  But we’ll sidestep that argument for a moment to point out that our newest framework project—the Digital Poll Book—can help address this problem, and is but one of several reasons the Digital Poll Book (as envisioned and being designed by the TrustTheVote Project) is a near imperative piece of election technology—open source, of course!

[Ed Note: watch for a post in the near future to provide a more proper overview of this exciting 2011 project—something we think will easily outshine work in 2009 on voter registration systems and work in 2010 on ballot design and generation.]

So, let’s have a look at some concerns people have about Voter ID, and where digital Poll books can help.

Concern #1: It’s a bad idea to have to trust poll workers
It’s a bad idea to trust poll workers to accurately and honestly perform the check for each voter that the ID document they present is valid, and that the document contains ID information that matches voter ID information in the poll book.  Erroneous or mendacious poll workers can incorrectly reject valid ID, or perform a false negative on the match of ID with poll book records, or just take enough extra time during check in to intimidate some people, and force longer lines at polling places.

Our Response:

  • That’s a valid concern—but about the proper performance of ID checks, rather than the ID check itself.
  • Digital poll books can ameliorate these concerns when combined with digital capture of ID.  Here’s how:  Increasingly, States’ driver’s licenses and state ID cards are card-reader ready (i.e., they can be swiped through a device to pick up or “read” the vital data encoded into the card.)  Such a swipe can be the basis for a digital poll book looking up a valid voter matching voter record, without reliance on the poll worker.  In other states an even simpler method of voter ID has the same effect—the Board of Elections issue single-purpose voter-ID cards, including bar code that can be scanned to provide the voter ID information.

Concern #2: A Registered Voter may not have a valid State ID
Not every registered voter has valid state ID, and for some people it is a physical or financial hardship to obtain state-verified identification.

Our Response:

  • That may well be true for a small population of people, but the statement assumes that State ID is the only valid voter ID. BoEs can choose to adopt alternatives, for example  BoE-issued voter-ID cards as used in some states today. Sending these to voters can be as easy as current routine BoE-voter interaction, along with sample ballot mail-outs, with no cost or effort to the voter.

Concern #3: The alternative of provisional voting in absence of valid ID is disenfranchising.
If a voter arrives at the Polling Place without valid ID where such is required, then at best they have to vote provisionally—which is potentially disenfranchising given the inconsistencies of counting provisional ballots.

Our Response:

  • It is true that many provisional voters do not have their ballot counted because of errors on or legibility of the provisional affidavit.  However, digital poll books can help by providing a provisional affidavit form helper that collects all of the required information, and prints a complete, correct, and legible affidavit for the voter.
  • It is also true that some people believe that provisional votes are often not counted. Notwithstanding the accuracy of claims of uncounted provisional ballots, sunshine is the best remedy for these concerns.  Digital poll books can help by capturing—for subsequent aggregation and publication—accurate information about provisional voters and affidavits, for members of the public to verify whether the number of counted provisional ballots matches the number that should have been counted.

Concern #4: Voter ID requirements are inconsistent with vote-by-mail.
Voter ID has little deterrence value for voter impersonation fraud, because of the option of voting by mail without voter ID. For voters that might be intimidated by an ID check at a polling place, voter ID shifts participation to vote-by-mail, where voters have additional risk (compared to in person voting) of not having their vote counted due to errors in preparing vote-by-mail materials.

Our Response:

  • The comparison of voter-ID in person, vs. vote-by-mail without ID, is a valid comparison in general, but varies by State — both in States’ use of vote-by-mail, and in States’ methods of identifying or authenticating absentee voters.  In a state with no-fault absentee, permanent absentee, permanent vote-by-mail, and similar practices, it may well be fruitless to impose voter-ID requirements on the minority of participating voters who vote in person.
  • However, other States have more limited and controlled use of absentee voting, with the large majority of voters voting in person.  In those cases, digital poll books can help ameliorate some of the above concerns and help enable voter ID benefits in States where such benefits are sought.

We think the Voter ID issue is thorny.  We also believe people should get involved with this debate as its likely to have a real impact in how America votes (where the Polling Place remains the epicenter of that civic duty).  We also believe that the elimination of paper-based poll books and reducing if not removing the related issues that can run with their people-based processes is an equally important part of this issue.  Our newest elections technology framework project for 2011 is the open source digital poll book.  Its truly exciting, and we envision it being based on some highly desirable, easy to use and insanely great technology.

Stay tuned for a briefing on the project.


Recapping The OSCON O’Reilly Radar Conversation

A couple of weeks ago I presented at OSCON and during the conference had an opportunity to sit down with Mac Slocum, Managing Editor for the O’Reilly Radar.  We had about a half an hour conversation, for which we covered ~20 minutes of it on camera.  You can find it here if you want to watch me jaw.  But perhaps simpler below, I’ve listened to the tape, and captured the essence of my answers to Mac’s questions about what the Foundation is about and working on and the like.  I promised Matt Douglass, our Public Relations Director I’d get this up for interested followers; apologize it took me a couple of weeks.

So, here it is; again not an official transcript, but a compilation of my answers after watching and listening to the video interview about a dozen times (so you don’t have to) combined with my recollection as close as I recall my remarks – expressed and intended.

O’Reilly: How are voting systems in the U.S. currently handled?  In other words, where do they come from; procurement process; who decides/buys; etc.?

Miller: Voting systems are currently developed and delivered by proprietary systems vendors, and procured by local election jurisdictions such counties and townships. The States’ role is to approve specific products for procurement, often requiring products to have completed a Federal certification process overseen by the EAC.  However, the counties and local elections jurisdictions make the vast majority of elections equipment acquisition decisions across the country.

O’Reilly: So how many vendors are there?  Or maybe more to the point, what’s the state of the industry; who are the players; and what’s the innovation opportunity, etc.?

Miller: Most of the U.S. market is currently served by just 3 vendors.  You know, as we sit here today, just two vendors control some 88% of America’s voting systems infrastructure, and one of them has a white-knuckled grip on 75% of that.  Election Systems and Services is the largest, after having acquired Premier Systems from its parent company, Diebold.  The DoJ interceded on that acquisition under a mandatory Hart-Scott-Rodino Act review to consider potential anti-trust issues.  In their settlement with ES&S, the Company dealt off a portion of their technology (and presumably customers) to the Canadian firm Dominion Systems.  Dominion was a small player in the U.S. until recently when it acquired those technology assets of Premier (as part of the DoJ acquisition, and acquired the other fomer market force, Sequoia.  And that resulted in consolidating approximately 12% of the U.S. market. Most of the remaining U.S. market is served by Hart-Intercivic Systems.

On the one hand, I’d argued that the voting systems marketplace is so dysfunctional and malformed that there is no incentive to innovate, and at worst, there is a perverse disincentive to innovate and therefore really not much opportunity.  At least that’s what we really believed when we started the Foundation in November 2006.  Seriously, for the most part any discussion about innovation in this market today amounts to a discussion of ensuring spare parts for what’s out there.  But really what catalyzed us was the belief that we could inject a new level of opportunity… a new infusion of innovation.  So, we believe part of the innovation opportunity is demonstrated by the demise of Premier and Sequoia and now the U.S. elections market is not large or uniform enough to support a healthy eco-system of competition and innovation.  So the innovation opportunity is to abandon the proprietary product model, develop new election technology in a public benefits project, and work directly with election officials to determine their actual needs.

O’Reilly: So what is the TrustTheVote Project, and how does that relates to the Foundation?

Miller:  The Open Source Digital Voting Foundation is the enabling 501.c.3 public benefits corporation that funds and manages projects to develop innovative, publicly owned open source elections and voting technology.  The TrustTheVote Project is the flagship effort of the Foundation to design and develop an entirely new ballot eco-system.

What we’re making is an elections technology framework built on breakthrough innovations in elections administration and management and ballot casting and counting that can restore trust in how America votes.  Our design goal is to truly deliver on the four legs of integrity in elections: accuracy, transparency, trust, and security.

The reason we’re doing this is simple: this is the stuff of critical democracy infrastructure – something far too much of a public asset to privatize.  We need to deliver what the market has so far failed to deliver.  And we want to re-invent that industry – based on a new category of entrants – systems integrators who can take the open source framework, integrate it with qualified commodity hardware, and stand it up for counties and elections jurisdictions across the country.

We’re doing this with a small full time team of very senior technologists and technology business executives, as well as contractors, academia, and volunteer developers.

We’re 4 years into an 8 year undertaking – we believe the full framework will be complete and should be achieving widespread adoption, adaptation, and deployment by the close of 2016 – done right it can impact the national election cycle that year.  That said, we’re under some real pressure to expedite this because turns out that a large number of jurisdiction will be looking to replace their current proprietary systems over the next 4 years as well.

O’Reilly:  How can open source really improve the voting system?

Miller:  Well, open source is not a panacea, but we think it’s an important enabler to any solution for the problems of innovation, transparency, and cost that burden today’s elections.  Innovation is enabled by the departure from the proprietary product model, including the use of open-source licensing of software developed in a public benefits project. Transparency, or open-government features and capabilities of voting systems are largely absent and require innovation that the current market does not support. Cost reduction can be enabled by an open-source-based delivery model in which procurements allow system integrators to compete for delivery license-free voting systems, coupled with technical support that lacks the vendor lock-in of current procurements. Open source software doesn’t guarantee any of these benefits, but it does enable them.

I should point out too, that one of our deepest commitments is to elections verification and auditability (sic).  And our framework, based on an open standards common data format utilizing a markup language extension to XML called EML is the foundation on which we can deliver that.  Likewise, I should point out our framework is predicated on a durable paper ballot of record… although we haven’t talked about the pieces of the framework yet.

O’ReillyWell our time is limited, but you must know I can’t resist this last question, which is probably controversial but our audience is really curious about.  Will online voting ever be viable?

Miller: Well, to be intellectually honest, there are two parts to that loaded question.  Let me leave my personal opinion and the position of the Foundation out of it at first, so I just address the question in a sterile light.

First, online voting is already viable in other countries that have these 3 policy features: [1] a national ID system, [2] uniform standards for nationwide elections, and [3] have previously encouraged remote voting by mail rather than in-person voting. These countries also fund the sophisticated centralized IT infrastructure required for online voting, and have accepted the risks of malware and other Internet threats as acceptable parts of nationwide online voting.   For a similar approach to be viable in the U.S., those same 3 policy features would likely require some huge political innovations, at the 50-plus state level, if not the Federal level.   There really isn’t the political stomach for any of that and particularly national ID although arguably we already have it, or creating national elections and voting standards, let alone building a national elections system infrastructure.  In fact, the National Association of State Secretaries recently passed – actually re-upped an earlier resolution to work to sunset the Federal Elections Assistance Commission.  In other words, there is a real Federalist sense about elections.  So, on this first point of socio-political requirements alone I don’t see it viable any time soon.

But letting our opinion slip into this, the Foundation believes there is a more important barrier from a technical standpoint.  There are flat out technical barriers that have to be cleared involving critical security and privacy issues on the edge and at the core of a packet-switched based solution. Furthermore, to build the kind of hardened data center required to transact voting data is far beyond the financial reach of the vast majority of jurisdictions in the country.  Another really important point is that online elections are difficult if not impossible to audit or verify.  And finally, there is a current lack of sophisticated IT resources in most of the thousands of local elections offices that run elections in the U.S.

So, while elections remain a fundamentally local operation for the foreseeable future, and while funding for elections remains at current levels, and until the technical problems of security and privacy are resolved, nationwide online voting seems unlikely in the U.S.

That said, we should be mindful that the Internet cloud has darkened the doorstep of nearly every aspect of society as we’ve moved from the 2nd age of industrialism to the 3rd age of digitalism.  And it seems a bit foolish to assume that the Internet will not impact the conduct of elections in years to come.  We know there is a generation out there now who is maturing having never known any way to communicate, find information, shop, or anything other than online.  Their phones exist in an always-on society and they expect to be able to do everything they need to interact with their government online.  Whether that’s a reasonable expectation I don’t think is the issue.

But I think it will be important for someone to figure out what’s possible in the future – we can’t run and hide from it, but I believe we’re no where near being able to securely and verifiably use the Net for elections.  There is some very limited use in military and overseas settings, but it needs to be restricted to venues like that until the integrity issues can be ironed out.

So, we’re not supporters of widespread use of the Internet for voting and we don’t believe it will be viable in the near future on a widespread basis.  And honestly, we have too much to do in just improving upon ballot casting and counting devices in a polling place setting to spend too many cycles thinking about how to do this across the Internet.


OSCON Shows the Movement is Growing

One of our Executive Directors, Gregory Miller, had the opportunity to attend the O’Reilly Media’s Open Source Conference this week in my home town of Portland, Oregon (his too, in fact).  Summer is in full swing here, although no major heat waves so far; we’ve been enjoying cool morning marine layer followed by a pleasant upper 70s low 80s by mid afternoon lingering into an evening ideal for Portland’s many sidewalk cafes.  This was a perfect setting for a conference that continues to grow.  But maybe its just that people prefer to visit Portland in the summer more than struggle with the congestion of the Silicon Valley… and this year that included a considerable international presence of attendees.

The OSDV Foundation was invited to host a panel session on the role of open source in elections and voting systems.  Here is a copy of Gregory’s presentation from that well attended session yesterday.

We were equally fortunate to have a couple of other opportunities to share our story and work: a gracious mention of us during Tim O’Reilly’s keynote by Bryan Sivak, the CTO of the District of Columbia, and a 20 minute interview with Gregory and O’Reilly Radar Managing Editor Mac Slocum.

In another post by Greg himself he’ll provide the questions and his answers (as best as he can recall) from that interview for those more interested in skimming the text rather than sitting through the video replay.

We appreciate Tim O’Reilly’s growing interest in our work to create publicly owned critical democracy infrastructure for elections administration and voting.  And we thank him for the opportunity to participate.

Director, Communications & Outreach

E-mail Voting, Complexity, and Trust

Some of the feedback on my internet/email voting post can be summed up this way:

Is email voting really that bad? Sure, emailed ballots can be snooped, tampered, or diverted en route, but so can paper vote-by-mail ballots – yet we still use them. So what, specifically, is so much worse about emailed ballots?

First off, I have to say: “great question!” because it is asking about a comparison between two voting methods that appear to be very similar, but differ fundamentally, as Pito said in his blog post comparing vote-by-mail with atoms and vote-by-mail with bits.  I can shed some light on the technological differences, in my laundry list below. But first I should point out the most important difference between the risks faced by the vote-by-mail (VBM) paper ballots en-route from voter to destination, and the analogous risks for email return.

The difference is, in a word, comprehension by voters. The threats to paper VBM are well-understood, relatively simple to state, and currently accepted as a trade-off for the ability to vote from overseas. Sure, an unknown number of postal workers in an unknown chain of national postal services, all can find VBM ballots, and mess with them or help other to do so. We know that, we’re not keen on it, but it beats not voting all all if you live overseas.

But if you really want to claim that the risks of email are comparable to postal mail, then you have to appreciate a set of broader and more complex technological threats to emailed ballots. Here are some of those threats, that perhaps not everyone is familiar with, including not only a wide variety of technology that can mess with the ballots, and but also a wide variety of people with access to ballots.

  • The email ballot’s first step is in the telephone company of the place where the overseas voter lives. From the voter’s computer, the email passes through telco equipment such as dial-up modems, digital subscriber link access modules (DSLAMs) for DSL service, or coax/cable service equivalents. Telco staff with access to this equipment have access to the ballot.
  • The next step is transport onward from the telco to the voter’s local Internet Service Provider (ISP), using a variety of network switches and routers and firewalls operated by the telco or the ISP. Again, everyone with access to these devices — including remote access via the network — has access to the ballot. The voter has to trust their immediate ISP to not read or tamper or block the email – not to be taken lightly for some overseas voters living in countries where the government actively intercepts Internet traffic.
  • The next steps consist of more transport, via several ISPs along the way to the ISP of the voter’s email service provider. A variety of protocols may be used, but Post Office Protocol (POP3) is fairly common, and the ISPs often have visibility on the POP3 sessions. Again, the voter has to trust these ISPs, and all the people with access to the network gear.
  • The voter also has to similarly trust their email service provider, and the staff with access to the POP3 servers or similar, as well as the SMTP servers that move the mail onward towards it destination.
  • Onward from the voter’s email service provider, there is more transport via more ISPs, and as before the voter is typically not aware of which or how many ISPs, and how many routers and email servers are involved. From an overseas voter’s home PC, it would not be unusual for an email to transit 5 ISPs, 4 mail servers, and 50 hops on the 3 phases of transport. (Those phases are: (1) from voter to their SMTP server, (2) thence to the BOE’s SMTP server, and (3) then from the BOE’s SMTP server to the email’s destination.)
  • At some point the email arrives on the SMTP server for the email address that the voter sent their email to — hopefully, the SMTP for the BOE. From there onward, the email goes from the BOE’s SMTP server to wherever the email finally arrives. In this 3rd phase, the email is accessible in the same way as in the first phase, but in reverse order: all the servers and routers and all the people with local or remote access to them, at these organizations: BOE’s email service provider, the service provider’s ISP, and the telco systems that deliver the BOE’s ISP’s traffic to the BOE computer that is the final destination of the email.
  • And all that is assuming that the email actually arrives – which is not guaranteed, and can’t be verified! Even a confirmation reply email can be easily forged.

Is all that different enough from postal threats? Sure, those overseas postal people can misbehave, but they have to first find a paper VBM ballot, then physical access to it, and time and space to work on the ballot, without significant risk of observation. With email, by contrast:

  • There is a wide array of technology and systems and people with access to them.
  • The access includes remote access where the people don’t have to be physically proximate to the computer or the email data passing through it.
  • And that’s just the insiders, the people with legitimate access to these systems. But let’s not forget the risks that some of these computers or systems have been compromised by purely digital adversaries — a threat made all the more real by successful attacks on Google and several other top-tier technology companies.

I’m pretty sure that most overseas voters and most election officials do have a good understanding of paper vote-by-mail and its risks. I may be wrong, but I expect most of them do not have a similar understanding of this complex set of digital threats to emailed ballots en route, and have not assessed those risks to be at parity with the risks of paper VBM en route. Until and unless that understanding and assessment actually happens, then internet/email voting cannot fairly be said to parallel paper vote-by-mail as an equitable solution.


Setting a Technology Agenda for Overseas Voting

I have arrived in Munich, reached my hotel and actually caught a nap.  It was a sloppy slushy day here from what I can tell; about 30 degrees and some wet snow; but spring is around the corner.  On the flight over the Pole last evening (I’m a horrible plane sleeper) I worked on final preparations for our Technology Track at this year’s UOCAVA Summit (which I wrote about yesterday).  I thought I’d share some more about this aspect of the Conference.  This is another long post, but for those who cannot be in Munich at this conference, here are the details.

Historically, as I see it, the Summit has been primarily a policy discourse.  While the Overseas Vote Foundation always has digital services to show off in the form of their latest Web facilities to support overseas voters, Summit has historically been focused on efforts to comply, enforce, and extend the UOCAVA (Uniformed and Overseas Citizens Absentee Voting Act).  This year, with the passage of the MOVE Act (something I also wrote about yesterday), a new tract of topics, discussion, (and even debate) has surfaced, and it is of a technical nature.  This is in principle why the Overseas Vote Foundation approached the OSDV Foundation about sponsorship and co-hosting.  We thought about it, and agreed to both.

Then came the task of actually putting together an agenda, topics, speakers, and content.

I owe a tremendous “thank you” to all of the Panelists we have engaged, and to Dr. Andrew Appel of Princeton, our Chief Technology Officer John Sebes, and our Director of Communications, Matthew Douglass, for their work in helping produce this aspect of Summit.  Our Director of Outreach Strategy, Sarah Nelson should be included in here for her logistics and advance work in Munich.  And of course, I would be remiss if I left out the fearless and brilliant leader of the OVF, Susan Dzieduszycka-Suinat, for all of her coordination, production work, and leadership.

A quick note about Andrew:  I’ve had the privilege of working with Professor Appel on two conferences now.  Many are aware that one of our tract productions is going to be a debate on so-called “Internet Voting” and that Dr. Appel will give the opening background talk.  I intend to post another article tomorrow on the Debate itself.  But I want to point out something now that certain activists may not want to hear (let alone believe).  While Andrew’s view of Internet-based voting systems is well known, there can be no doubt of his interest in a fair and balanced discourse.  Regardless of his personal views, I have witnessed Andrew go to great lengths to examine all sides and build arguments for and against public packet switched networks for public ballot transactions.  So, although several are challenging his giving the opening address, which in their view taints the effort to produce a fair and balanced event, I can state for a fact, that nothing is further from the truth.

Meanwhile, back to the other Track events.

We settled on 2 different Panels to advance the discussion of technology in support of the efforts of overseas voters to participate in stateside elections:

  1. MOVE Act Compliance Pilot Programs – titled: “Technology Pilots: Pros and Cons, Blessing or Curse
  2. Technology Futures – titled: “2010 UOCAVA Technology Futures

Here are the descriptions of each and the Panelists:

Technology Pilots: Pros and Cons, Blessing or Curse

The title is the work of the Conference Sponsor, OVF, but we agree that the phrase, “Technology Pilots” trips wildly different switches in the minds of various UOCAVA stakeholders.  The MOVE Act requires the implementation of pilots to test new methods for U.S. service member voting.  For some, it seems like a logical step forward, a natural evolution of a concept; for others pilots are a step onto a slippery slope and best to avoid at all costs. This panel will discuss why these opposing views co-exist, and must continue to do so.

  • Paul Docker, Head of Electoral Strategy, Ministry of Justice, United Kingdom
  • Carol Paquette, Director, Operation BRAVO Foundation
  • Paul Stenbjorn, President, Election Information Services
  • Alec Yasinsac, Professor and Dean, School of Computer and Information Sciences University of South Alabama

John Sebes, Chief Technology Officer, TrustTheVote Project (OSDV Foundation)

2010 UOCAVA Technology Futures

UOCAVA is an obvious magnet for new technologies that test our abilities to innovate.  Various new technologies now emerging and how they are coming into play with UOCAVA voting will be the basis of discussion.  Cloud computing, social networking, centralized database systems, open source development, and data transfer protocols: these are all aspects of technologies that can impact voting from overseas, and they are doing so.

  • Gregory Miller, Chief Development Officer, Open Source Digital Voting Foundation
  • Pat Hollarn, President, Operation BRAVO Foundation
  • Doug Chapin, Director, Election Initiatives, The Pew Center of the States
  • Lars Herrmann, Redhat
  • Paul Miller, Senior Technology and Policy Analyst, State of Washington
  • Daemmon Hughes, Technical Development Director, Bear Code
  • Tarvi Martens, Development Director at SK, Demographic Info, Computer & Network Security, Estonia

Manuel Kripp, Competence Center for Electronic Voting

The first session is very important in light of the MOVE Act implementation mandate.  Regardless of where you come down on the passage of this UOCAVA update (as I like to refer to it), it is now federal law, and compliance is compulsory.  So, the session is intended to inform the audience of the status of, and plans for pilot programs to test various ways to actually do at least two things, and for some (particularly in the Military), a third:

  1. Digitally enable remote voter registration administration so an overseas voter can verify and update (as necessary) their voter registration information;
  2. Provide a digital means of delivering an official blank ballot for a given election jurisdiction, to a requesting voter whose permanent residence is within that jurisdiction; and for some…
  3. Examine and test pilot digital means to ease and expedite the completion and return submission of the ballot (the controversy bit flips high here).

There are, as you might imagine, a number of ways to fulfill those mandates using digital technology.  And the latter (3rd) ambition raises the most concern.  Where this almost certainly involves the Internet (or more precisely, public packet-switched networks), the activists against the use of the Internet in elections administration, let alone voting, are railing against such pilots, preferring to find another means to comply with the so-called “T-45 Days” requirement of placing an official ballot in the hands of an overseas voter, lest we begin the slide down the proverbial slippery slope.

Here’s where I go rogue for a paragraph or two (whispering)…
First, I’m racking my brain here trying to imagine how we might achieve the MOVE Act mandates using a means other than the Internet.  Here’s the problem: other methods have tried and failed, which is why as many as 1 in 4 overseas voters are disenfranchised now, and why Sen. Schumer (D NY) pushed so hard for the MOVE Act in the first place.  Engaging in special alliances with logistic companies like FedEx has helped, but not resolved the cycle time issues completely.  And the U.S. Postal Service hasn’t been able to completely deliver either (there is, after all, this overseas element, which sometimes means reaching voters in the mountainous back regions of say, Pakistan.)  Sure, I suppose the U.S. could invest in new ballot delivery drones, but my guess is we’d end up accidentally papering innocent natives in a roadside drop due to a technology glitch.

Seriously though (whispering still), perhaps a reasonable way forward may be to test pilot limited uses of the Internet (or hec, perhaps even Military extensions of it) to carry non-sensitive election data, which can reach most of the farther outposts today through longer range wireless networks.  So, rather than investing ridiculous amounts of taxpayer dollars in finding non-Internet means to deliver blank ballots, one proposal floating is to figure out the best, highest integrity solution using packet-switched networks already deployed, and perhaps limit use of the Internet solely for [1] managing voter registration data, and [2] delivering blank ballots for subsequent return by means other than eMail or web-based submission (until such time as we can work out the vulnerabilities on the “return loop.”)  While few can argue the power of ballot marking devices to avoid under-voting and over-voting (among other things), there is trepidation about even that, let alone digital submission of the completed ballot. As far as pilots go, it would seem like we can make some important headway on solving the challenges of overseas voter participation with the power of the Internet without having to jump from courier mule to complete Internet voting in one step.  That observed, IMHO, R&D resulting in test pilots responsibly advances the discussion.

Nevertheless, the slippery slope glistens in the dawn of this new order.  And while we’ll slide around a bit on it in these panels, the real sliding sport is the iVoting Debate this Friday — which I will say more about tomorrow.

OK, back from rogue 😉

So, that this is where the first Panel is focused and where those presentations and conversations are likely to head in terms of Pilots.  In my remaining space (oops, I see I’ve gone way over already, sorry), let me try to quickly comment on the second panel regarding “technology futures.”

I think this will be the most enjoyable panel, even if not the liveliest (that’s reserved for the iVoting Debate).  The reason this ought to be fun is we’ll engage in a discussion of a couple of things about where technology can actually take us in a positive way (I hope).  First, there should be some discussion about where election technology reform is heading.  After all, there remain essentially two major voting systems commercial vendors in the industry, controlling some 88% of the entire nation’s voting technology deployment, with one of those two holding a ~76% white-knuckled grip market share.  And my most recent exposure to discussions amongst commercial voting vendors about the future of voting technology suggest that their idea of the future amounts to discussing the availability of spare parts (seriously).

So, I’m crossing my fingers that this panel will open up discussions about all kinds of technology impact on the processes of elections and voting – from the impact of social media, to the opportunities of open source.  I know for my 5 minute part I am going to roll out the TTV open source election and voting systems framework architecture and run through the 4-5 significant innovations the TrustTheVote Project is bringing to the future of voting systems in a digital democracy.  Each speaker will take 5 minutes to rush their topic, then our moderator Manuel will open it wide up for hopefully an engaging discussion with our audience.

OK, I’ve gone way over my limit here; thanks for reading all about this week’s UOCAVA Summit Technology Tract in Munich.

Now, time to find some veal brätwurst und ausgezeichnet bier.  There is a special meaning for my presence here; my late parents are both from this wonderful country, their families ended up in Munchen, from which both were forced out in 1938.   Gute nacht und auf wiedersehen!


Internet Voting, Google, and the China Syndrome

Thanks again to David Jefferson for his post yesterday on the lessons for Internet voting of the Google/China news (NYT: In Rebuke of China, Focus Falls on Cybersecurity). To answer some follow-up questions, I’ll explain a bit about the term vote servers that David referred to.

Let’s start with a little background on Internet voting. Many peoples’ cybersecurity concerns about i-voting have a focus on the vulnerability of the voter’s Internet-connected computer, on which a Web browser is used for i-voting. The browser  communicates with an i-voting Web server (or vote server), displays ballot items, allows the user to make vote selections, and so on (very similar to what many people do with surveymonkey and similar services on the Internet today). The security concerns are valid, whether the client computer is a home PC or a special-purpose kiosk system in a physically controlled polling place set up in a military base overseas.

But just as important is the “server side” of i-voting – the Internet-connected vote server, the Web server front-end, the database it uses, and all the other datacenter infrastructure. That infrastructure is one basket with all the eggs – the data that is used to create an election result. So of course there is concern over that basket being a target itself. After, why trouble with renting botnet time, crafting malware to distribute to already-hacked PCs, and the other work required to tamper with some of the i-ballots at the source? Why bother, if you can tamper with all of the ballots’ votes at the single destination? Good question, and the typical answer is that attacking the source is much easier, if you assume that an i-voting datacenter uses “industry best practices” for security, as is the common claim of i-voting vendors and service providers.

But as the continuing Google/China news shows us,  dedicated, politically motivated adversaries have been quite able to penetrate the defenses of the I.T. plant of some of the biggest most tech-savvy companies with some of the best I.T. and security staff in the world. That being the case, why should anyone blithely accept any claim that a i-voting datacenter is sufficiently defended to protect the vote data and the election itself?

Now, nobody is suggesting that the Chinese government would try to hack Internet elections for real U.S. government offices. But now look at it from the point of view of a responsible election official, pondering the offers of for-profit vendors of proprietary i-voting solutions, who have indeed run a few election pilots and would like to have the business of running full elections out of their data-centers using their i-voting systems. The vendors claim that they have spent “enough” time, money, and effort on security. The question is whether …

…  some small company that has run a few election pilots has any chance of locking down its vote servers so tightly that it can withstand a similarly determined “highly sophisticated and targeted attack” when Google and these other big company’s cannot?

That’s not a rhetorical question! The vendors are probably not the right judges about “enough” but there are several U.S. election officials who are currently mulling i-voting for overseas and military voters; they are the ones who need to weigh the risks and benefits, the required security and controls — hopefully with the advice from some of several the election technology and security experts at work on election tech or policy today.