Jeremy Epstein is a senior computer scientist with SRI International in Arlington, Va., where his research topics includes voting system security. Below he writes on this topic for Knight News Challenge: Elections, which asks the question, How might we better inform voters and increase civic participation before, during and after elections? Winners will share in more than $3 million. Apply at newschallenge.org.
Elections are one of the last institutions where computing and the Internet have not made significant inroads for most people. While we bank online, shop online, and even pay our taxes online, some aspects of voting are decidedly offline.
"Knight News Challenge: Elections Mixtape" by Knight Foundation
"Some tips on applying for Knight News Challenge: Elections" by Lucas Hernandez on Knight blog, 03/05/15
"Democracy Works launches new voter tool, expands programs" by Seth Flaxman on Knight blog, 03/04/15
"Balancing technology risks and benefits in elections" by Jeremy Epstein on Knight blog, 03/02/15
"To improve civic participation we need transparency" by Chris Gates on Knight Blog, 02/26/15
"Civic engagement essential to strengthening democracy" by Kelly Born on Knight Blog, 02/25/15
"Knight News Challenge on Elections offers more than $3 million for innovative ideas" - press release, 02/25/15
"Knight News Challenge to focus on Elections" on Knight Blog, 02/12/15
This isn’t an accident; the requirements for privacy and anonymity in elections are fundamentally different than for any other aspect of our lives. And the stakes – our democracy – are among the highest, with a centuries-long history of people interfering with elections proving that the motivation is present to interfere with fair elections. The odds of rapid detection of a successful attack on an election are slim; the Federal Bureau of Investigation and other sources report that most attacks on corporations and government offices aren’t detected until months after they happen, even with the most sophisticated monitoring software and well-qualified staff. State and local elections offices have limited technology budgets, far smaller than banks and insurance companies that are regularly targeted by (and fall victim to) hackers and online thieves.
This renders some options, such as online voting, vulnerable to attacks by domestic or international adversaries who might want to undermine our democracy by changing election results or simply interfering with the secret ballot by disclosing how people voted. What happens if we discover six months after an election that the wrong person was placed in office? What happens if evidence is released claiming that party leaders vote for the opposing party, or for unpopular fringe parties? Among computer scientists, national security experts and especially among computer security experts, there is near unanimity that secure online voting is decades away, if it’s ever possible.
But that doesn’t mean we can’t use technology appropriately and responsibly. Electronic Pollbooks allow faster sign-in on Election Day, reduce lines at the polls, and reduce the potential for someone to cast multiple votes. An increasing number of states are allowing voter registration online, especially when they can cross-check information against Department of Motor Vehicles databases. Some states and localities allow voters to find their polling place online, and sources like Google provide deep information to voters. Data already present in smartphones can be used to automatically report on the line length at polling places, allowing voters who have flexible schedules to choose when to vote.
But at the same time, we need to be cautious to avoid infringing on personal privacy; if the information on Election Day lines is easily accessible, would candidates send “strike teams” to locations with long lines to campaign among voters who are a captive audience, or even to intimidate voters? And we need to ensure that the new technologies don’t create new targets for attackers; while the list of registered voters and when they voted is usually a matter of public record, how do we avoid those sources of data being used by scammers? Some localities are building lists of email addresses for voters; compromise of such a list could be a gold mine for phishing attacks.
Despite the availability of information, voter turnout continues to decline. Targeted information could be useful to voters – but how do we avoid the risk of helpful guidance suggesting that “people who bought blenders and cake mix also voted for candidate Smith”? We need to find the boundaries between relevant information on issues of legitimate interest to voters versus the “creepy” factor.
New technology can allow voters to cast their ballots at any location, given appropriate legal frameworks. This improves convenience for voters, who may be able to vote whenever and wherever they like. But will it disadvantage local candidates who can’t afford to campaign or have staff at polling places outside their district, but where votes may be cast for them?
Poll workers are a central component of all elections. But they are far older than the general population, and in many areas are mostly retired people with flexible schedules and a strong sense of civic engagement. As elections become more technically involved, how do we train a generation that is less comfortable with technology, and how do we encourage younger (and typically more technically-savvy) citizens to participate in the process of our democracy?
Elections are a unique opportunity for all citizens to engage in a common effort. Technology can be used to increase understanding and involvement – but it must balance the needs for security and privacy, and the right to a secret ballot, for everyone.
Jeremy Epstein is currently on loan to the National Science Foundation, where he leads the flagship cybersecurity research program. He has worked in information security for over 25 years, and in election security for a decade. He’s associate editor-in -chief of IEEE Security and Privacy magazine, has advised several state and local governments on election security, and is the Institute of Electrical and Electronics Engineers representative to the Technical Guidelines Development Committee, which establishes federal guidelines for voting systems certification.
The opinions expressed are those of the author, and do not represent those of SRI International or the National Science Foundation.
Knight Foundation is partnering with the Democracy Fund, the William and Flora Hewlett Foundation and the Rita Allen Foundation on Knight News Challenge: Elections, which asks the question, How might we better inform voters and increase civic participation before, during and after elections? The best ideas will share in more than $3 million. Apply at newschallenge.org by 5 p.m. ET March 19. Winners will be announced in June.