Tagged Gregory Miller

Open Source Vote Tally: OSET’s Greg Miller interviewed on KPCC’s All Things Considered

Listen to KPCC on their SoundCloud channel

Listen to KPCC on their SoundCloud channel

This Tuesday, October 30, Nick Roman, KPCC’s host of All Things Considered, interviewed OSET’s Chair & COO, Greg Miller, to discuss the use of the open source VSAP 1.0 system that will be used to tally mail-in ballots for this November’s midterm election in LA County.

The topics range from election security and transparency, open source software development and security, to public confidence in the voting process.

If you missed the broadcast, you can listen to the entire segment on KPCC’s SoundCloud channel (5 min. audio).

A Response to POLITICO: Election Infrastructure as Critical Infrastructure

Below is a letter prepared by co-founders Gregory Miller and John Sebes sent to Tim Starks and Cory Bennett of POLITICO, who cover cyber-security issues.  A formatted version is here.  The signal-to-noise ratio on this subject is rapidly decreasing.  There seems to be some fundamental misunderstandings of the challenges local election officials (LEOs) face; the process by which the equipment is qualified for deployment (albeit decrepit archaic technology by today’s standards); what the vulnerabilities are (and are not); and why a designation of “critical infrastructure” is an important consideration.  We attempt to address some of those points in this response to Tim’s otherwise really good coverage.

Tim Starks
tstarks@politico.com
Morning Cybersecurity Column
POLITICO
1000 Wilson Blvd, 8th Floor,
Arlington, VA, 22209

RE:      11.August Article on Whether to Designate Election Infrastructure as Critical Infrastructure

Greetings Tim

I am a co-founder of the OSET Foundation, a 501.c.3 nonprofit election technology research institute in the Silicon Valley.  I’m writing in response to your article this week in Morning Cybersecurity:

ANOTHER VIEW ON ELECTIONS AS “CRITICAL INFRASTRUCTURE” –
Maybe classifying the election system as part of the nation’s “critical infrastructure” isn’t so wise.

We’ve been on a public benefit mission to innovate electoral technology since 2006.  We’re a group of tech-sector social entrepreneurs bringing years of experience from our former employers like Apple, Facebook, Mozilla, Netscape, and elsewhere to bear on innovating America’s “critical democracy infrastructure” —a term we coined nearly a decade ago.

We’re working with elections officials across the country to develop a publicly owned democracy operating system called ElectOS™ in order to update and upgrade America’s voting systems with innovations that will increase integrity and improve participation for 1/3rd the cost of today’s aging systems.  ElectOS will innovate voting machinery the way Android® has innovated smart phones and mobile devices.  Both are freely available (oropen source”), and like Android, we believe ElectOS will one day enjoy a flourishing commercial market to sustain its continued innovation, deployment, and support.

We’ve been studying the challenges of election administration infrastructure for a decade.  So, we read with great interest your article regarding another viewpoint about making a critical infrastructure designation for our nation’s deteriorating, obsolete, and vulnerable voting infrastructure.  There are elements of your article we agree with (and more specifically comments of Cris Thomas), and there are points that we disagree with because they reveal some misunderstanding of the realities of election administration and the processes of managing the machinery today.  Thus, we were compelled to write you and share these clarifications.

We hope our comments are helpful going forward as you continue to cover this important topic, especially in light of the current election season and the delicate issues being raised by at least one candidate and other media.  Good on you for covering this. Below please find our (hopefully helpful) contributions to your effort.  Relevant portions of your article appear indented in blue.

In recent days, a growing chorus of experts and policy makers have backed a proposal to give elections the same level of federal security protections that the government already grants other so-called critical infrastructure, such as the power grid or financial industry.

First, we believe it’s important to be very clear on what elections infrastructure are we talking about?  We should be discussing voting technology operated by Local Election Officials (“LEOs”), and not web sites and eMail servers run by political NGOs.

Sure, the recent attacks on NGOs are a wake-up call for a variety of potential attacks on real Election Infrastructure (“EI”) and peripheral targets.  But the Critical Infrastructure (“CI”) designation should be for core EI; that is, voting machines and the election administration software and systems that manage voting machinery.

But an old school hacker who was part of the L0pht collective says such a change might do more harm than good.  “Classifying voting computers as critical infrastructure is going to cause a lot of headaches at the local level,” Cris Thomas, aka “Space Rogue,” tells MC [MC = “POLITICO Morning Cybersecurity”].

Critical Election Infrastructure (“CEI”) is not very different than other locally managed CI.  Not all CI is big corporate IT like financial transaction processing systems, or government-operated systems like the ATC, or quasi-public technology like the power grid operated by a variety organizations, but subject to many government regulations.  By contrast, we already have CI that is local, including local government operated.  For example, there are small local water utilities and municipal water treatment organizations.  Local first responders’ infrastructure is CI as well.  So, there is plenty of precedent for giving a CI designation to locally managed assets.

Because elections, even national elections, have been historically treated as a local event; having a federal designation as critical infrastructure will fundamentally change how we have handled our elections for the last 240 years.

CEI designation will not cause a fundamental change in the current situation where U.S. elections are a local matter.  Mr. Thomas is mistaken on this one point.  Local election organizations will have the same responsibilities, plus some new ones for managing CI.  But a county election administrator will still manage elections the day after or even the year after a critical infrastructure designation.  That cannot, should not, and will not change.

Thomas, now a strategist at Tenable Network Security, says the idea misses the point: We need to remain focused on the security concerns of the current system, which fall into two areas. First, many manufacturers are not testing the systems well enough before selling them to municipalities, often using off-the-shelf hardware and software with minimal security and using things like default, hard-coded passwords.

Of course, the existing voting machines have technical security issues—and at the risk of reading like we’re overly defending vendors, what computing system has none?  And of course, it’s also true that a CI designation won’t change these products’ default security posture.

at the same time, the local government certification agencies seldom have the time, resources and knowledge to properly test these computers for vulnerabilities, …

The same is true regarding certification process, although Mr. Thomas is mistaken about that process itself.  There are notlocal certification agencies,” but rather Federal and State organizations that certify the systems local (county) election jurisdictions are authorized to use. Nevertheless a CI designation will not increase the rigor of the certification process, and it won’t increase the capability of LEOs to do technical scrutiny of their own.

and often just accept a manufacturer’s claims of security.

We must also take exception on Mr. Thomas’s last comment.  The idea of certification sometimes amounts to “just accepting vendor security claims” —cannot be, and is not the case.  Although the current certification process isn’t as strong as we’d like, and though nearly all stakeholders want improvement, there are already clear requirements for vendors to demonstrate compliance with security related requirements.  On the other hand, misleading vendor claims about security can sway LEOs when selecting a certified system (and the choices are down to three vendors).

[T]he result is a system that our entire democracy depends on, which is run with minimal, easily bypassed security.

Sure, but its a mistake to focus solely on technical security problems of voting machines, particularly since these systems are not going to be replaced with better technology immediately upon a CI designation.  In the near term, the impact of CEI will be more on people and process, and less on technology itself.  LEOs will need help to build organizational capacity and expertise to manage physical assets as critical infrastructure, with physical security, personnel security, increased operational security processes, and the ability to demonstrate that a variety of kinds of people and process controls are actually being followed rather than merely mandated.

So, improvements in the human aspects and processes are the immediate value of a Critical Election Infrastructure designation.  Such a designation would need to clearly state that our local election officials (LEOs) are custodians of not just critical infrastructure, but infrastructure that is critical to our national security.

That’s never been a responsibility for LEOs, and many LEOs will be dismayed that they will be called upon to operate in ways that they never imagined would be important.  It will require long-term capacity building.  In the short term, there are many improvements in people and process that are possible, although unlikely unless there is a high sense of urgency and importance.  The designation of election infrastructure and critical infrastructure, however, can help create and maintain that urgency.

A better approach, Thomas says, is to increase funding for the National Voluntary Laboratory Accreditation Program run by NIST and the U.S. Election Assistance Commission.

We agree in principle, but this is not mutually exclusive with Critical Infrastructure.  Clearly, there is room for improvement, and NIST and EAC have important roles.  With Critical Election Infrastructure, their roles would need to enlarge, but reasonably so.

We also agree that more funding for these organizations’ election integrity efforts are necessary, but doing so is not an either / or decision in consideration of other aspects of CEI.  If Election Infrastructure is truly “critical” then several things must occur, including, but not limited to the additional support for NIST and EAC that Mr. Thomas is encouraging.

Here are three examples of improvement that a Critical Election Infrastructure designation would enable —though additional funding and expertise would be required.

  1. Do not connect anything relating to ballots, counting, voter check-in, etc. to the Internet, ever—and in many cases no local wireless networking should be allowed.  With CEI, using an Internet connection is no longer a convenience or shortcut in the grey area of safety—it’s a possible vulnerability with national security implications.
  2. Physically secure the election back-office systems.  The typical election management system (EMS) is a nearly decade old Microsoft Windows based application running on Personal Computers no longer manufactured, that are as easy to break into (“black hack”) as any ordinary PC.  Yet, they are the brains of the voting system, and “program” the voting machines for each election.  So put them in locked rooms, with physical access controls to ensure that only authorized people every touch them, and never one person alone.
  3. Perform physical chain of custody really well (i.e., for machines, paper ballots, poll books, precinct operations logs, —everything), with measurable compliance, and transparency on those measurements.  It’s just not reasonable to expect LEO Operations to do excellent physical chain of custody routinely everywhere, if these physical assets are not classed as CI.  They’re not funded or trained to operate physical security at a CI level.  So, there is plenty of room for improvement here, including new responsibility, resources, training, and accountability.  All of this may be low hanging fruit for improvement (not perfection) in the near term, but only if the mandate of CEI is made.

We hope this is helpful.  We’re glad to discuss issues of election integrity, security, and innovation whenever you want.  The co-founders have been in the technology sector for three decades.  Both have worked on critical infrastructure initiatives for the government.  The OSET CTO, John Sebes has been in digital security for over 30-years and is deeply experienced with the policy, protocols, and tools of systems and facilities security.  Our Advisory Board includes former US CTO Aneesh Chopra, digital security expert and CSO of Salesforce.com, Dr. Taher Elgamal, global expert on elections systems integrity, Dr. Joe Kiniry, DHS Cyber-Security Directorate Dr. Douglas Maughan, and several former state election officials.

Respectfully,

Gregory A. Miller
Co-Founder & Chief Development Officer

Showtime: OSET/TrustTheVote Project Appearing at DNC Convention Strategic Forum Event

(This is a x-post from Ms. Voting Matters’ announcement on the OSET Institute’s corporate site.)

We are totally excited about an amazing opportunity tomorrow, Tuesday July 26th, to appear at an event as part of the Democrat National Convention.

The only thing that would make this truly complete is if the Republican National Convention had also invited us (we asked, and although we’re pleased to be working with several in the RNC infrastructure, making something happen was not possible.)

But the New Democrat Network (NDN) and the New Policy Institute did reach out to us and invited us to their premier Strategy Forum now being held at its 4th Democrat National Convention.  So, we’re focused on presenting to an audience estimated to exceed 1,000 per latest projections based on RSVPs as of yesterday (over 900).  This is truly an amazing opportunity for us to spread the story of our work and we’re deeply appreciative of the NDN’s invitation.

The event, “Looking Ahead: Talks on the Future of America and American Politics” is bringing together a collection of amazing thought-leaders on the future and innovation of democracy including experts such as Ari Berman, Alec Ross, Joel Gamble, Jose Antonio Vargas, and others.

The title of our presentation is: “Modernizing Our Election Technology Can Make Our Democracy Better.”

This will not be telecast, although we’re still waiting word about a webcast, video stream, or recording of the sessions.  We’ll update this as soon as we know.

However, part of our presentation will be the launch of a new 2 minute video vignette about the looming problem of obsolete voting machinery and our approach to help bring about innovation which will increase integrity, lower costs, improve participation, and rejuvenate a flagging industry with new technology to innovate the business of delivering finished voting systems. That video will be available on YouTube tomorrow afternoon, and we will add a comment to this post and update it accordingly.

OSET’s Director Citizen Outreach, Meegan Gregg, and the Foundation’s Co-Founder, Gregory Miller will deliver this “Ted-Talk” -like presentation at 12:20pm EDT at the Convention Center in Philadelphia.  It should be a great time and a huge (oops) opportunity.

“Digital Voting”—Don’t believe everything you think

In our most recent blog post we examined David Plouffe’s recent Wall Street Journal forward-looking op-ed [paywall] and rebalanced his vision with some practical reality.

Now, let’s turn to Plouffe’s notion of “digital voting.”  Honestly, that phrase is confusing and vague.  We should know: it catalyzed our name change last year from Open Source Digital Voting Foundation (OSDV) to Open Source Election Technology Foundation (OSET).

Most Americans already use a “digital” machine to cast their ballots, if you mean by “digital” a computer-like device that counts votes electronically, and not by the old pre-2000 methods of punched cards or mechanical levers. What Plouffe probably meant is what elections professionals call iVoting, which is voting via the Internet—and increasingly that implies your mobile device.

Internet voting has not been approved anywhere in the United States for general public use, although Alaska is experimenting in a limited way with members of the military voting in this manner. Norway just stopped its Internet voting experiment. The challenges of iVoting are daunting.

Just think about it: many credit-card companies and several major online merchandisers have been hacked at some point, and all commercial and government web sites face intrusion attempts by the hour. The Department of Defense is continually bombarded by efforts to break-in. And sometimes hackers manage to actually get in and steal stuff. Voting is too important to let it be vulnerable to hacking.

Security of online voting is not yet with us. Sure, a few vendors of online voting technologies will emphatically claim their systems have never been hacked (to their knowledge) and that they use so-called “military grade” security (whatever that actually means).  Members of our technical team have been deeply involved in cyber-security for decades. We can say with confidence that no security on the Internet is absolute, assured, or guaranteed.  So when it comes to moving cast ballots via the Internet, the security issues are real and cannot be hand-waved away.  And elections that are run, in any part, over the public Internet pose just too tempting an opportunity for some predator looking to disrupt or even derail a U.S. election.

But, that doesn’t mean elections technologies can’t be improved or be made more digital, and thereby more verifiable, more accurate, and more transparent. That’s exactly what the TrustTheVote Project is all about.

The open-source software and standards that we are developing and advocating will make online voter registration, digital poll books (used to check you in at your polling place) and (ultimately) casting and counting ballots better, faster, and more auditable.  And our software is designed to run on ordinary computer hardware – whether that is a tablet, a scanner, or laptop computer.  Adopting the TrustTheVote Project technology means there will no longer be a requirement for election administrators to acquire expensive, proprietary software or hardware with long-term costly service contracts.

Importantly, we believe there are many parts of elections administration that can benefit from digital innovations, which may or may not use the Internet in some way.  And we’re focusing on delivering those innovations.

However, for the foreseeable future, ballot casting and counting can be dramatically improved without needing to involve the Internet.

So, we should to be cautious about the phrase “digital voting” in an age when all things digital tend to imply “Internet.”

All that observed, we really like how Plouffe ended his recent Wall Street Journal op-ed: “There are disrupters in every industry… the good ones won’t just apply the best practices of the private sector, but will also innovate and create on their own to meet their unique needs.”

The TrustTheVote Project intends to be one of those disrupters.  We add one tiny nuance: in our case, those “unique needs” are primarily those of our stakeholders—the state, county and city officials who run our elections. We won’t be running elections, they will, but we are thinking as far outside of the typical ballot box as we can when looking for opportunities to make voting easy, convenient, and ideally, a delight.

David Plouffe’s View of the Future of Voting — We Agree and Disagree

David Plouffe, President Obama’s top political and campaign strategist and the mastermind behind the winning 2008 and 2012 campaigns, wrote a forward-looking op-ed [paywall] in the Wall Street Journal recently about the politics of the future and how they might look.

He touched on how technology will continue to change the way campaigns are conducted – more use of mobile devices, even holograms, and more micro-targeting at individuals. But he also mentioned how people might cast their votes in the future, and that is what caught our eye here at the TrustTheVote Project.

Here’s what Plouffe wrote: “More states will inevitably move to online voter registration and perhaps digital voting. There will be resistance…but our voting system won’t remain disconnected forever from the way we are leading the rest of our lives.

His last statement – that the voting system will come to resemble more our mobile-device-dependent world – is probably true in the long run.  But it’s going to take time, probably more time than we all would like.  Even though we can bank, buy coffee, and get a boarding pass for an airplane via our smart phones, voting by smart phone is more complicated—hugely more complicated.

When you’re banking online, the financial institution has to be able, absolutely, to identify and verify it is you who authorized (or didn’t authorize) a particular transaction (such as a purchase with your bank card at Amazon.com).  But in the world of elections, the election administrator has to be sure, absolutely, that they can never identify you as the person who cast a particular ballot. It’s completely opposite of online banking because of the sacred assurances of voter anonymity and the secret ballot.

Sure, elections officials should verify you as the individual who is checking in to cast a ballot, but once you have been authenticated, the connection with a particular ballot must cease to exist.  And doing that by your smart phone (or any other digital device connected to the Internet) is beyond non-trivial; it’s downright near impossible.

So, there’s a privacy and technology challenge there.  In other words, we need security of the ballot, but we also need privacy of the voter.  And in the digital world there is an opposite (we call it “inverse”) relationship between security and privacy.

Think about an airport and TSA check points.  If you want absolute privacy, you should be able to walk straight to your gate uninhibited.  If you want absolute security, you should not be able to do so until everything about you has been identified and verified as that exact person with an authorized ticket  to board a plane.

If you think about how awful it would be if your online bank account got hacked, imagine if your state’s online voting system was compromised. Not only could the result be suspect, the fact that an election was hacked would undermine voters’ confidence in our democracy.

So smartphone voting might be a ways off. But in the here and now and very near future, the TrustTheVote Project is already delivering on some of Plouffe’s other visions.

Online voter registration, for example, is already being implemented in many states and through third party organizations. The TrustTheVote Project helped Rock The Vote develop its “Rocky” core software, which operates that group’s nationwide online registration. TrustTheVote helped Virginia implement its online voter registration and our technology powers the search part of the Virginia site, which lets you know if you’re already registered, are at the right polling place, and that your address is up to date. This was all developed with TrustTheVote Project open-source technology that all states and localities can adopt and adapt.

And we’re underway on other innovations—like apps to help you figure out the best time to go to your polling place and apps to help you “check in” to vote, just like the ones you use to get  like you download and print a boarding pass for your flight.

So to David Plouffe, yes elections and campaigns will change in the future.  But it will come step by step and not by a big bang of smartphone voting.

Money Shot: What Does a $40M Bet on Scytl Mean?

…not much we think.

Yesterday’s news of Microsoft co-founder billionaire Paul Allen’s investing $40M in the Spanish election technology company Scytl is validation that elections remain a backwater of innovation in the digital age.

But it is not validation that there is a viable commercial market for voting systems of the size typically attracting venture capitalists; the market is dysfunctional and small and governments continue to be without budget.

And the challenges of building a user-friendly secure online voting system that simultaneously protects the anonymity of the ballot is an interesting problem that only an investor of the stature of Mr. Allen can tackle.

We think this illuminates a larger question:

To what extent should the core technology of the most vital aspect of our Democracy be proprietary and black box, rather than publicly owned and transparent?

To us, that is a threshold public policy question, commercial investment viability issues notwithstanding.

To be sure, it is encouraging to see Vulcan Capital and a visionary like Paul Allen invest in voting technology. The challenges facing a successful elections ecosystem are complex and evolving and we will need the collective genius of the tech industry’s brightest to deliver fundamental innovation.

We at the TrustTheVote Project believe voting is a vital component of our nation’s democracy infrastructure and that American voters expect and deserve a voting experience that’s verifiable, accurate, secure and transparent.  Will Scytl be the way to do so?

The Main Thing

The one thing that stood out to us in the various articles on the investment were Scytl’s comments and assertions of their security with international patents on cryptographic protocols.  We’ve been around the space of INFOSEC for a long time and know a lot of really smart people in the crypto field.  So, we’re curious to learn more about their IP innovations.  And yet that assertion is actually a red herring to us.

Here’s the main thing: transacting ballots over the public packet switched network is not simply about security.   Its also about privacy; that is, the secrecy of the ballot.  Here is an immutable maxim about the digital world of security and privacy: there is an inverse relationship, which holds that as security is increased, privacy must be decreased, and vice-verse.  Just consider any airport security experience.  If you want maximum security then you must surrender a bunch of privacy.  This is the main challenge of transacting ballots across the Internet, and why that transaction is so very different from banking online or looking at your medical record.

And then there is the entire issue of infrastructure.  We continue to harp on this, and still wait for a good answer.  If by their own admissions, the Department of Defense, Google, Target, and dozens of others have challenges securifying their own data centers, how exactly can we be certain that a vendor on a cloud-based service model or an in-house data center of a county or State has any better chance of doing so? Security is an arms race.  Consider the news today about Heartbleed alone.

Oh, and please for the sake of credibility can the marketing machinery stop using the phrase “military grade security?”  There is no such thing.  And it has nothing to do with an increase in the  128-bit encryption standard RSA keys to say, 512 or 1024 bit.  128-bit keys are fine and there is nothing military to it (other than the Military uses it).  Here is an interesting article from some years ago on the sufficiency of current crypto and the related marketing arms race.  Saying “military grade” is meaningless hype.  Besides, the security issues run far beyond the transit of data between machines.

In short, there is much the public should demand to understand from anyone’s security assertions, international patents notwithstanding.  And that goes for us too.

The Bottom Line

While we laud Mr. Allen’s investment in what surely is an interesting problem, no one should think for a moment that this signals some sort of commercial viability or tremendous growth market opportunity.  Nor should anyone assume that throwing money at a problem will necessarily fix it (or deliver us from the backwaters of Government elections I.T.).  Nor should we assume that this somehow validates Scytl’s “model” for “security.”

Perhaps more importantly, while we need lots of attention, research, development and experimentation, the bottom line to us is whether the outcome should be a commercial proprietary black-box result or an open transparent publicly owned result… where the “result” as used here refers to the core technology of casting and counting ballots, and not the viable and necessary commercial business of delivering, deploying and servicing that technology.

The “VoteStream Files” A Summary

The TrustTheVote Project Core Team has been hard at work on the Alpha version of VoteStream, our election results reporting technology. They recently wrapped up a prototype phase funded by the Knight Foundation, and then forged ahead a bit, to incorporate data from additional counties, provided by by participating state or local election officials after the official wrap-up.

DisplayAlong the way, there have been a series of postings here that together tell a story about the VoteStream prototype project. They start with a basic description of the project in Towards Standardized Election Results Data Reporting and Election Results Reload: the Time is Right. Then there was a series of posts about the project’s assumptions about data, about software (part one and part two), and about standards and converters (part one and part two).

Of course, the information wouldn’t be complete without a description of the open-source software prototype itself, provided Not Just Election Night: VoteStream.

Actually the project was as much about data, standards, and tools, as software. On the data front, there is a general introduction to a major part of the project’s work in “data wrangling” in VoteStream: Data-Wrangling of Election Results DataAfter that were more posts on data wrangling, quite deep in the data-head shed — but still important, because each one is about the work required to take real election data and real election result data from disparate counties across the country, and fit into a common data format and common online user experience. The deep data-heads can find quite a bit of detail in three postings about data wrangling, in Ramsey County MN, in Travis County TX, and in Los Angeles County CA.

Today, there is a VoteStream project web site with VoteStream itself and the latest set of multi-county election results, but also with some additional explanatory material, including the election results data for each of these counties.  Of course, you can get that from the VoteStream API or data feed, but there may be some interest in the actual source data.  For more on those developments, stay tuned!

A Northern Exposed iVoting Adventure

NorthernExposureImageAlaska’s extension to its iVoting venture may have raised the interests of at least one journalist for one highly visible publication.  When we were asked for our “take” on this form of iVoting, we thought that we should also comment here on this “northern exposed adventure.” (apologies to those fans of the mid-90s wacky TV series of a similar name.)

Alaska has been among the states that allow military and overseas voters to return marked absentee ballots digitally, starting with fax, then eMail, and then adding a web upload as a 3rd option.  Focusing specifically on the web-upload option, the question was: “How is Alaska doing this, and how do their efforts square with common concerns about security, accessibility, Federal standards, testing, certification, and accreditation?

In most cases, any voting system has to run that whole gauntlet through to accreditation by a state, in order for the voting system to be used in that state. To date, none of the iVoting products have even tried to run that gauntlet.

So, what Alaska is doing, with respect to security, certification, and host of other things is essentially: flying solo.

Their system has not gone through any certification program (State, Federal, or otherwise that we can tell); hasn’t been tested by an accredited voting system test lab; and nobody knows how it does or doesn’t meet  federal requirements for security, accessibility, and other (voluntary) specifications and guidelines for voting systems.

In Alaska, they’ve “rolled their own” system.  It’s their right as a State to do so.

In Alaska, military voters have several options, and only one of them is the ability to go to a web site, indicate their choices for vote, and have their votes recorded electronically — no actual paper ballot involved, no absentee ballot affidavit or signature needed. In contrast to the sign/scan/email method of return of absentee ballot and affidavit (used in Alaska and 20 other states), this is straight-up iVoting.

So what does their experience say about all the often-quoted challenges of iVoting?  Well, of course in Alaska those challenges apply the same as anywhere else, and they are facing them all:

  1. insider threats;
  2. outsider hacking threats;
  3. physical security;
  4. personnel security; and
  5. data integrity (including that of the keys that underlie any use of cryptography)

In short, the Alaska iVoting solution faces all the challenges of digital banking and online commerce that every financial services industry titan and eCommerce giant spends big $ on every year (capital and expense), and yet still routinely suffer attacks and breaches.

Compared to the those technology titans of industry (Banking, Finance, Technology services, or even the Department of Defense), how well are Alaskan election administrators doing on their shoestring (by comparison) budget?

Good question.  It’s not subject to annual review (like banks’ IT operations audit for SAS-70), so we don’t know.  That also is their right as a U.S. state.  However, the  fact that we don’t know, does not debunk any of the common claims about these challenges.  Rather, it simply says that in Alaska they took on the challenges (which are large) and the general public doesn’t know much about how they’re doing.

To get a feeling for risks involved, just consider one point, think about the handful of IT geeks who manage the iVoting servers where the votes are recorded and stored as bits on a disk.  They are not election officials, and they are no more entitled to stick their hands into paper ballots boxes than anybody else outside a
county elections office.  Yet, they have the ability (though not the authorization) to access those bits.

  • Who are they?
  • Does anybody really oversee their actions?
  • Do they have remote access to the voting servers from anywhere on the planet?
  • Using passwords that could be guessed?
  • Who knows?

They’re probably competent responsible people, but we don’t know.  Not knowing any of that, then every vote on those voting servers is actually a question mark — and that’s simply being intellectually honest.

Lastly, to get a feeling for the possible significance of this lack of knowledge, consider a situation in which Alaska’s electoral college votes swing an election, or where Alaska’s Senate race swings control of Congress (not far-fetched given Murkowski‘s close call back in 2010.)

When the margin of victory in Alaska, for an election result that effects the entire nation, is a low 4-digit number of votes, and the number of digital votes cast is similar, what does that mean?

It’s quite possible that those many digital votes could be cast in the next Alaska Senate race.  If the contest is that close again,  think about the scrutiny those IT folks will get.  Will they be evaluated any better than every banking data center investigated after a data breach?  Any better than Target?  Any better than Google or Adobe’s IT management after having trade secrets stolen?  Or any better than the operators of military unclassified systems that for years were penetrated through intrusion from hackers located in China who may likely have been supported by the Chinese Army or Intelligence groups?

Probably not.

Instead, they’ll be lucky (we hope) like the Estonian iVoting administrators, when the OCSE visited back in 2011 to have a look at the Estonian system.  Things didn’t go so well.  OCSE found that one guy could have undermined the whole system.  Good news: it didn’t happenCold comfort: that one guy didn’t seem to have the opportunity — most likely because he and his colleagues were busier than a one-armed paper hanger during the election, worrying about Russian hackers attacking again, after they had previously shut-down the whole country’s Internet-connect government systems.

But so far, the current threat is remote, and it is still early days even for small scale usage of Alaska’s iVoting option.  But while the threat is still remote, it might be good for the public to see some more about what’s “under the hood” and who’s in charge of the engine — that would be our idea of more transparency.

<soapbox>

Wandering off the Main Point for a Few Paragraphs
So, in closing I’m going to run the risk of being a little preachy here (signaled by that faux HTML tag above); again, probably due to the surge in media inquiries recently about how the Millennial generation intends to cast their ballots one day.  Lock and load.

I (and all of us here) are all for advancing the hallmarks of the Millennial mandates of the digital age: ease and convenience.  I am also keenly aware there are wing-nuts looking for their Andy Warhol moment.  And whether enticed by some anarchist rhetoric, their own reality distortion field, or most insidious: the evangelism of a terrorist agenda (domestic or foreign) …said wing nut(s) — perhaps just for grins and giggles — might see an opportunity to derail an election (see my point above about a close race that swings control of Congress or worse).

Here’s the deep concern: I’m one of those who believes that the horrific attacks of 9.11 had little to do with body count or the implosions of western icons of financial might.  The real underlying agenda was to determine whether it might be possible to cause a temblor of sufficient magnitude to take world financial markets seriously off-line, and whether doing so might cause a rippling effect of chaos in world markets, and what disruption and destruction that might wreak.  If we believe that, then consider the opportunity for disruption of the operational continuity of our democracy.

Its not that we are Internet haters: we’re not — several of us came from Netscape and other technology companies that helped pioneer the commercialization of that amazing government and academic experiment we call the Internet.  Its just that THIS Internet and its current architecture simply was not designed to be inherently secure or to ensure anyone’s absolute privacy (and strengthening one necessarily means weakening the other.)

So, while we’re all focused on ease and convenience, and we live in an increasingly distributed democracy, and the Internet cloud is darkening the doorstep of literally every aspect of society (and now government too), great care must be taken as legislatures rush to enact new laws and regulations to enable studies, or build so-called pilots, or simply advance the Millennial agenda to make voting a smartphone experience.  We must be very careful and considerably vigilant, because its not beyond the realm of reality that some wing-nut is watching, cracking their knuckles in front of their screen and keyboard, mumbling, “Oh please. Oh please.”

Alaska has the right to venture down its own path in the northern territory, but it does so exposing an attack surface.  They need not (indeed, cannot) see this enemy from their back porch (I really can’t say of others).  But just because it cannot be identified at the moment, doesn’t mean it isn’t there.

</soapbox>

One other small point:  As a research and education non-profit we’re asked why shouldn’t we be “working on making Internet voting possible?”  Answer: Perhaps in due time.  We do believe that on the horizon responsible research must be undertaken to determine how we can offer an additional alternative by digital means to casting a ballot next to absentee and polling place experiences.  And that “digital means” might be over the public packet-switched network.  Or maybe some other type of network.  We’ll get there.  But candidly, our charge for the next couple of years is to update an outdated architecture of existing voting machinery and elections systems and bring about substantial, but still incremental innovation that jurisdictions can afford to adopt, adapt and deploy.  We’re taking one thing at a time and first things first; or as our former CEO at Netscape used to say, we’re going to “keep the main thing, the main thing.”

Onward
GAM|out

PCEA Report Finally Out: The Real Opportunity for Innovation Inside

PCEACoverThis week the PCEA finally released its long-awaited report to the President.  Its loaded with good recommendations.  Over the next several days or posts we’ll give you our take on some of them.  For the moment, we want to call your attention to a couple of under-pinning elements now that its done.

The Resource Behind the Resources

Early in the formation of what initially was referred to as the “Bauer-Ginsberg Commission” we were asked to visit the co-chairs in Washington D.C. to chat about technology experts and resources.  We have a Board member who knows them both and when asked we were honored to respond.

Early on we advised the Co-Chairs that their research would be incomplete without speaking with several election technology experts, and of course they agreed.  The question was how to create a means to do so and not bog down the progress governed by layers of necessary administrative regulations.

I take a paragraph here to observe that I was very impressed in our initial meeting with Bob Bauer and Ben Ginsberg.  Despite being polar political opposites they demonstrated how Washington should work: they were respectful, collegial, sought compromise to advance the common agenda and seemed to be intent on checking politics at the door in order to get work done.  It was refreshing and restored my faith that somewhere in the District there remains a potential for government to actually work for the people.  I digress.

We advised them that looking to the CalTech-MIT Voting Project would definitely be one resource they could benefit from having.

We offered our own organization, but with our tax exempt status still pending, it would be difficult politically and otherwise to rely on us much in a visible manner.

So the Chairs asked us if we could pull together a list — not an official subcommittee mind you, but a list of the top “go to” minds in the elections technology domain.  We agreed and began a several week process of vetting a list that needed to be winnowed down to about 20 for manageability  These experts would be brought in individually as desired, or collectively  — it was to be figured out later which would be most administratively expedient.  Several of our readers, supporters, and those who know us were aware of this confidential effort.  The challenge was lack of time to run the entire process of public recruiting and selection.  So, they asked us to help expedite that, having determined we could gather the best in short order.

And that was fine because anyone was entitled to contact the Commission, submit letters and comments and come testify or speak at the several public hearings to be held.

So we did that.  And several of that group were in fact utilized.  Not everyone though, and that was kind of disappointing, but a function of the timing constraints.

The next major resource we advised they had to include besides CalTech-MIT and a tech advisory group was Rock The Vote.  And that was because (notwithstanding they being a technology partner of ours) Rock The Vote has its ear to the rails of new and young voters starting with their registration experience and initial opportunity to cast their ballot.

Finally we noted that there were a couple of other resources they really could not afford to over-look including the Verified Voting Foundation, and L.A. County’s VSAP Project and Travis County’s StarVote Project.

The outcome of all of that brings me to the meat of this post about the PCEA Report and our real contribution.  Sure, we had some behind the scenes involvement as I describe above.  No big deal.  We hope it helped.

The Real Opportunity for Innovation

But the real opportunity to contribute came in the creation of the PCEA Web Site and its resource toolkit pages.

On that site, the PCEA took our advice and chose to utilize Rock The Vote’s open source voter registration tools and specifically the foundational elements the TrustTheVote Project has built for a States’ Voter Information Services Portal.

Together, Rock The Vote and the TrustTheVote Project are able to showcase the open source software that any State can adopt, adapt, and deploy–for free (at least the adoption part) and without having to reinvent the wheel by paying for a ground-up custom build of their own online voter registration and information services portal.

We submit that this resource on their PCEA web site represents an important ingredient to injecting innovation into a stagnant technology environment of today’s elections and voting systems world.

For the first time, there is production-ready open source software available for an important part of an elections official’s administrative responsibilities that can lower costs, accelerate deployment and catalyze innovation.

To be sure, its only a start — its lower hanging fruit of an election technology platform that doesn’t require any sort of certification. With our exempt status in place, and lots of things happening we’ll soon share, there is more, much more, to come.  But this is a start.

There is a 112 pages of goodness in the PCEA report.  And there are some elements in there that deserve further discussion.  But we humbly assert its the availability of some open source software on their resource web site that we think represents a quiet breakthrough in elections technology innovation.

The news has been considerable.  So, yep, we admit it.  We’re oozing pride today.
And we owe it to your continued support of our cause.
Thank you!

GAM | out