Editor’s note: This commentary is by Montpelier City Clerk John Odum, who sits on the advisory board of the Cyber Policy Initiative at the University of Chicago’s Harris School of Public Policy.
In the coming Iowa presidential caucus, Democratic Party officials are trying a novel (but perhaps inevitable) strategy to keep what can be a chaotic process running smoothly. They are deploying a mobile device app for relaying voting results to a central location for compiling. The party has assured people repeatedly that the system is secure, and there is no reason to doubt their sincerity or the quality of the actual technology.
But the fact is that mobile systems are vulnerable. Proponents of the new approach will remind you that we already do much of our business through mobile systems, such as banking apps. But poor password protocols, unsafe use of public Wi-Fi, lack of updates filling security holes – all these things have made banking apps vulnerable – and hackable. After all, this is part of why banks have procedures to protect customers if breaches do occur. You wouldn’t need such procedures if your system was literally unhackable.
This kind of hack doesn’t necessarily happen a lot, but it doesn’t take much if we’re talking about impacting an election which may be decided by a small margin. Don’t forget, paper ballots only work as a backup if you know you need to recount. A good hacker would try to make their tampering unnoticeable in the first place – that’s why good, secure procedures and protocols are critical at all levels. We can’t just rest on the fact we have paper backup and let ourselves get sloppy.
And that’s not even the biggest concern. After all, party officials can be trained to a higher standard than most. The bigger problem is that, by some estimates, prominent malware lives in up to 1.3 billion android phones (yes, billion – that’s not a typo). It’s the malware-driven hijacking of the mobile device itself – whether Android or iPhone – that creates the biggest concern.
Finally, the party (and the Republican Party is working on their own apps) has kept information about the development and developers of their election app secret. The idea here is to keep them from becoming a target. The problem is that this flies in the face of the fundamental election principle of transparency. Rather than push back on that principle to justify the implementation, it’s instead more appropriate to admit that if your system can’t withstand transparency, your system is just too vulnerable in the first place.
Technology is obviously developing every day and insinuates itself into all aspects of our life. It’s also a tool. Using technology to make improvements in our lives is obviously a good thing so long as we answer a fundamental question: Is it the right tool for the right job.
And available technology doesn’t have to be the newest thing to be the best thing or we wouldn’t still be riding around on wheels. Consider that. In Vermont, we currently use optical ballot scanners that date back nearly 30 years. Yet at a recent hacking conference I attended where computer hackers probed, poked, and prodded all manner of voting machines looking for vulnerabilities, the participants I spoke with unanimously agreed that the machines used in Vermont were the most secure in the room (at least so long as they aren’t networked, which they aren’t).
An ideal example is blockchain technology – very much the newest shiny thing on the market, which many are talking about using for internet, mobile-app based voting (something already being used in some contexts). While a blockchain itself is a very secure and transparent construct, there are still those billion-plus potentially compromised phones. You can also add more and more authentication factors on the user end, but at some point you create a new “digital divide” that separates those comfortable with what their phones can do versus those working with more limited understandings.
VTDigger is underwritten by:
It’s also important to note that elections are more complex than an online currency system like blockchain. The fact is that we still lack some fundamental building blocks in mathematics and information theory to make a top-to-bottom online voting system work the way it should.
But that’s not to say there aren’t uses for blockchain technology. Quite the contrary, it has enormous potential in an elections context. Here in Montpelier, we are implementing a pilot demonstration on a blockchain system to further protect the voting data itself from tampering. This use of the tech stays away from voting itself, but creates a robust, high-tech alarm system to warn us if anyone is trying to mess with voter information (such as checklists), allowing us to take emergency measures. This system doesn’t replace current, already robust security systems – it enhances them.
Technology is and always will be a part of our elections, as it should be. The danger is getting so excited by the potential of the new shiny thing that we sprint to it as fast as we can in any and all contexts – in the process losing sight of that fundamental question; is that shiny new thing the right tool for the job?