On today's BradCast: Debunking the myth of "secure" Internet Voting schemes --- even with "blockchain" technology --- as West Virginia allows overseas military voters to use their mobile phones to vote for the first time in a general election. What could possibly go wrong? [Audio link to show follows below.]
But first up today, plenty is already going wrong for voters hoping to participate in midterm elections, whether via hand-marked paper ballot or, as in Georgia, where early voting began this week, on 100% unverifiable touchscreen voting systems at the polling place. We've been closely following voting in the Peach State recently, given the many voter suppression schemes that have come to light in the state this year, such as the recent purging of hundreds of thousands of voters from the rolls, the suspensions of more than 50,000 registrations for failing to exactly match names or addresses, down to the letter or punctuation, and an abnormally high rate of rejected absentee mail-in ballots.
Thus, it was disturbing to see a busload of elderly African-Americans from a county-run senior center blocked from voting on Monday (someone didn't like the "Black Voters Matter" bus they were using) in Jefferson County, and three-hour long lines to vote near Atlanta, on just the third official day of advance voting in the state. While some may see the reportedly huge early turnout as good news, there are also reasons to be concerned that state election officials, led by Republican Sec. of State and Gubernatorial candidate Brian Kemp, are under-prepared for what could be enormous turnout on Election Day. Several new lawsuits have now been filed against Kemp charging racially discriminatory election practices, as his race for Governor against Democrat Stacey Abrams, an African-American, is believed to be very tight.
Meanwhile, in North Dakota, Native American voting rights advocates say they will be posted outside of polling places with laptop computers in hand, ready to assign official addresses and new Tribal IDs to thousands of Native Americans who will now not otherwise be allowed to vote. The effort is in response to a U.S. Supreme Court ruling last week which permitted a last minute change to ID requirements sought by state Republicans hoping to unseat Democratic U.S. Senator Heidi Heitkamp this year. Some 5,000 voters who live on tribal reservations using P.O. boxes, rather than street addresses, are now blocked from voting under the new law, enacted in the wake of Heitkamp's 2012 victory by less than 3,000 votes.
But in West Virginia, officials believe they've got a sure-fire way to make sure overseas military voters are able to cast votes this year: Internet Voting via smartphone! The state is the first in the nation to allow such voters to cast a ballot via smartphone --- on a mobile app called Voatz, created by a private Boston-based technology firm --- in a live (and crucial!) general election. But, don't worry! The state and the Voatz company are quick to claim that their scheme is completely secure, since it "employs blockchain technology to ensure that, once submitted, votes are verified and immutably stored on multiple, geographically diverse verifying servers."
Blockchain, in short, is a widely distributed public ledger, or database, that is used to track Bitcoin and other cryptocurrencies. But, as long time voting system expert and Internet Voting critic DR. DAVID JEFFERSON of Livermore National Laboratory and of Verified Voting explains on today's show, the technology solves none of the many problems with using the Internet to cast votes in American elections, as he recently detailed at the non-partisan Verified Voting site.
Jefferson, an internationally recognized expert on voting systems and elections technology, has spent much of the past two decades advising five successive California Secretaries of State on voting technology. He has also been instrumental in helping to block a number of attempted Internet Voting schemes, including one he helped analyze (and stop in its tracks) as devised by the Pentagon during the George W. Bush era.
Today, he explains why use of blockchain technology, which he describes as a "fad", fails to make the Internet any more secure or auditable when it comes to American democratic elections. "All of the most serious threats to Internet voting occur before the ballot even ever gets back to the database or the blockchain," he tells me, detailing how malware on smartphones can change votes, how the authentication of the voter is also endangered by the use of such schemes and how, despite claims to the contrary by advocates of such technologies, the accuracy of results based on votes cast via the Internet can never be audited by the public after an election.
He's hardly the only technologist to decry the scheme. TechCrunch for example, recently called the Voatz app "a terrible, horrible, no-good, very bad idea", and Vanity Fair cited experts who describe the plan as a "horrifically bad idea". But, none of that has stopped either WV or Voatz from pressing ahead, even with this year's midterms (and potentially control of the U.S. House and Senate) on the line.
"The blockchain back end of it doesn't do anything more to secure an election than any of the other technologies do," Jefferson argues. "It doesn't even play a role until the very last stage of balloting --- after you've authenticated yourself, after you've made your ballot choices, after you've transmitted them back, only then does the blockchain play any role." And by then, he says, your vote may have been tampered with, and it's unlikely that you or anybody else would ever know.
"What if there is malware on the phone or the computer that the person is voting from? Malware that is exposing the person's vote to some third party, or is modifying the vote, or is just throwing the vote away without telling the voter, making him think he's voted but he hasn't voted. That malware is not affected by, and cannot be detected by, the blockchain or the back end at all."
"That vote may be blocked or thrown away, or otherwise disturbed by a denial of service attack, for example, on the server. A blockchain server is no more invulnerable to a denial of service attack than any other service," he warns, adding "there just isn't any possibility of auditability in any online voting system, and blockchains don't change that fact."
Jefferson's preferred technology for elections: "Hand-marked paper ballots." He details why on today's program, and also notes that newer technologies, such as Ballot Marking Devices (BMDs) that require voters to use touchscreen computers to print out their selections on a paper ballot --- which many jurisdictions (including Los Angeles, the largest in the nation) are moving towards --- present similar dangers when it comes to the authentication and public auditability of election results.
"I endorse your idea that if you're going to vote in person at the precinct, the best system is to use is hand-mark a paper ballot," he explains near the end of our conversation, allowing --- as I do --- that some voters may need assistive technology to vote, but that most voters do not. And worse, as we saw today at early voting cites near Atlanta, when computers are needed to vote, it can result in long lines and suppressed votes at the precinct.
"Only three or four voters per precinct can be voting simultaneously when you only have three or four ballot marking devices. With hand-marked paper ballots, you can get twenty voters voting in parallel if you have cardboard privacy booths around, and twenty cheap pencils. There are far fewer lines built up, and the cost is so radically reduced."
Finally today, a word or two from some older voters who would really REALLY prefer if young people did not bother to vote at all this year...
(Snail mail support to "Brad Friedman, 7095 Hollywood Blvd., #594 Los Angeles, CA 90028" always welcome too!)