Tagged secret ballot

Money Shot: What Does a $40M Bet on Scytl Mean?

…not much we think.

Yesterday’s news of Microsoft co-founder billionaire Paul Allen’s investing $40M in the Spanish election technology company Scytl is validation that elections remain a backwater of innovation in the digital age.

But it is not validation that there is a viable commercial market for voting systems of the size typically attracting venture capitalists; the market is dysfunctional and small and governments continue to be without budget.

And the challenges of building a user-friendly secure online voting system that simultaneously protects the anonymity of the ballot is an interesting problem that only an investor of the stature of Mr. Allen can tackle.

We think this illuminates a larger question:

To what extent should the core technology of the most vital aspect of our Democracy be proprietary and black box, rather than publicly owned and transparent?

To us, that is a threshold public policy question, commercial investment viability issues notwithstanding.

To be sure, it is encouraging to see Vulcan Capital and a visionary like Paul Allen invest in voting technology. The challenges facing a successful elections ecosystem are complex and evolving and we will need the collective genius of the tech industry’s brightest to deliver fundamental innovation.

We at the TrustTheVote Project believe voting is a vital component of our nation’s democracy infrastructure and that American voters expect and deserve a voting experience that’s verifiable, accurate, secure and transparent.  Will Scytl be the way to do so?

The Main Thing

The one thing that stood out to us in the various articles on the investment were Scytl’s comments and assertions of their security with international patents on cryptographic protocols.  We’ve been around the space of INFOSEC for a long time and know a lot of really smart people in the crypto field.  So, we’re curious to learn more about their IP innovations.  And yet that assertion is actually a red herring to us.

Here’s the main thing: transacting ballots over the public packet switched network is not simply about security.   Its also about privacy; that is, the secrecy of the ballot.  Here is an immutable maxim about the digital world of security and privacy: there is an inverse relationship, which holds that as security is increased, privacy must be decreased, and vice-verse.  Just consider any airport security experience.  If you want maximum security then you must surrender a bunch of privacy.  This is the main challenge of transacting ballots across the Internet, and why that transaction is so very different from banking online or looking at your medical record.

And then there is the entire issue of infrastructure.  We continue to harp on this, and still wait for a good answer.  If by their own admissions, the Department of Defense, Google, Target, and dozens of others have challenges securifying their own data centers, how exactly can we be certain that a vendor on a cloud-based service model or an in-house data center of a county or State has any better chance of doing so? Security is an arms race.  Consider the news today about Heartbleed alone.

Oh, and please for the sake of credibility can the marketing machinery stop using the phrase “military grade security?”  There is no such thing.  And it has nothing to do with an increase in the  128-bit encryption standard RSA keys to say, 512 or 1024 bit.  128-bit keys are fine and there is nothing military to it (other than the Military uses it).  Here is an interesting article from some years ago on the sufficiency of current crypto and the related marketing arms race.  Saying “military grade” is meaningless hype.  Besides, the security issues run far beyond the transit of data between machines.

In short, there is much the public should demand to understand from anyone’s security assertions, international patents notwithstanding.  And that goes for us too.

The Bottom Line

While we laud Mr. Allen’s investment in what surely is an interesting problem, no one should think for a moment that this signals some sort of commercial viability or tremendous growth market opportunity.  Nor should anyone assume that throwing money at a problem will necessarily fix it (or deliver us from the backwaters of Government elections I.T.).  Nor should we assume that this somehow validates Scytl’s “model” for “security.”

Perhaps more importantly, while we need lots of attention, research, development and experimentation, the bottom line to us is whether the outcome should be a commercial proprietary black-box result or an open transparent publicly owned result… where the “result” as used here refers to the core technology of casting and counting ballots, and not the viable and necessary commercial business of delivering, deploying and servicing that technology.

NJ Election Officials, Displaced Voters, Email Ballots, and more

There’s plenty of activity in the NY/NJ area reacting to voters’ difficulties because of Super-Storm Sandy, including being displaced from their homes or otherwise unable to get to polling places. As always, the role of technology captured my attention.

But first, the more important points. Some displaced people are having trouble even finding a place to shelter temporarily, so extra special kudos to those that manage to vote, whatever the method of voting they use. Likewise, extra praise for NJ and NY election officials putting in the extra extra-hours to be available to voters in advance of the election, inform them about changed polling places, and equip them to get the word out to their neighbors. The amount of effort on both sides is a great indicator of how seriously people take this most important form of civic activity.

Next, the technology, and then the policy. On the technology front, Gov. Christie of NJ announced an emergency (and I hope temporary) form of voting for displaced voters: sending an absentee ballot via email. That’s a bad idea in the best of circumstances — for several reasons including the vulnerability of the email data in transit and at rest, and the control of the e-ballot by people who are not election officials — and these are not the best of circumstances. For example, I doubt that in every county elections office in NJ, somebody has a complete list of the people with access to the email server and the ability to view and modify data on it.  But while you can see that Christie’s heart in the right place, there are several issues beyond these, as described in a NJ news report here.

And this is only one of the emergency measures. In both NJ and NY people can cast a provisional ballot at any polling location — see NJ’s announcement here, and if you have the similar one for NY, please provide it as a comment!

Finally, on the policy side, it’s not even clear what these ballots represent, and that’s the policy problem. My legal and policy colleagues here at TTV, and in the legal side of the election integrity community, certainly know more, but I don’t! Are the provisional ballots cast under these emergency rules required to be processed exactly the same as non-emergency provisional ballots? Are the e-mailed ballots provisional ballots or absentee ballots? If so, what serves as the affadavit? Do the email ballots have to be followed up with the paper hardcopy that the voter scanned and faxed? (The NJ Lt. Gov. office has issued some seemingly inconsistent statements on that.) If not, what happens in a recount? If so, why email the ballot at all, rather than just emailing a “my ballot is coming soon” message?

I could go on and on, but I think you get the idea. The general issue is that in the case of a close election (most likely a local election, but state house or congress, you never know!) there will be some of these not-exactly-your-regular ballots involved, and the potential for real disputes — starting with concerns over dis-enfranchisement of people mis-informed about how to do a “displaced vote”, and going all the way to dispute about whether counted ballots should have been counted, and whether uncounted ballots should be counted. But let’s hope that it does not in fact get that messy in NY and NJ, and that every voter is able to make the extra efforts for their ballot to be cast and counted.

— EJS

Doug Jones on the Secret Ballot

[Today I want to share some eloquent writing about the right to a secret ballot. Though Doug Jones’ October 2008 remarks are about an issue that arose a couple years ago, his words remain extremely relevant, especially in the context of the current discussion of e-mail voting. The discussion with Doug started with an issue in which there was a trade-off between a well-meaning attempt to streamline polling place operations on the one hand, and the chance that as a result, a single ballot in the polling place might become attributable to a voter. With the latter being highly unlikely, should we really forego a chance to reduce opportunity for errors in polling place operations? Over to Doug ….]

If this were the only threat to the right to a secret ballot, I would not be too worried.  The problem is, if you look across the current voting system landscape, you find that the right to a secret ballot is being downplayed again and again.

  • The crypto-voting folks are anxious to put serial numbers on our ballots.
  • The proliferation of different ballot styles in some states creates a high likelihood that a significant number of voters in each precinct will each be the only voter using some particular ballot style in that precinct.
  • Ballot tracking systems for vote-by-mail elections create the possibility that voters will be able to identify the particular batch of ballots that their ballot was in, with a high likelihood that theirs is the only ballot of some particular style that got into that batch.

In each case, the argument is that this is not a significant threat. In sum, we are at risk of losing the right to a secret ballot.

I agree that many voters today do not greatly value the right to a secret ballot.  Most of us feel free from threat of coercion, and most of our votes aren’t for sale.

However (as I said to the editor of the National Review recently), we shouldn’t ask what is good enough for us, given current conditions, but what defenses will we have in place in the event that we elect a corrupt government; and also, what example do we set for corrupt governments that we’d like to urge on the path to democracy.  If we allow a weakened right to a secret ballot, how can we ask other countries to set higher standards, and what will we do if the crooks do end up in control of our elections?

It’s important to recall that it was not too long ago that big city political machines routinely violated people’s right to a secret ballot.  I would propose that the abuses of this were sufficiently severe that the right to a secret ballot would be a reasonable benchmark for election integrity — if some threat is more serious than the loss of the right to a secret ballot, then it is a very serious threat.  If some threat model discounts threats to secret ballots as negligible, then the threat model is probably wrong.

[A closing remark … Yes, there are several competing interests in election administration and election management, as the email debate shows. But it does seem that we need to keep a special eye on ballot secrecy, or it might might get lost in the shuffle. Even as election practices continue to evolve, as they have throughout U.S. history, we need to look for opportunities to strengthen ballot secrecy, and vigorously pursue those opportunities.

— EJS]

Tales From Real Life: Judging Absentee Ballots

In another of our Tales From Real Life series, I direct you to Luther Weeks’ account of a day as an absentee ballot moderator, which involves making judgements about whether absentee ballots should be counted, and when (and when not) to rely on the results of counting machines. Perhaps you didn’t know that this volunteer work was part of the absentee voting process? Then read Luther’s story to learn the other 90% of details of vote by mail that you probably also don’t know. The detail and intricacy of the process are humbling, both to the election volunteer, and to the technologist try to make systems that help, and save money, and deliver transparency.

— EJS